Splunk Enterprise

itsi episodes count updating though resolved

iamvinaykumar
Engager

Hi Community ,

We have integrated our itsi cluster to servicenow and tickets are creating fine.  but recently observed a strange behavior from splunk itsi  that . episodes generated in episode review will create servicenow incident . once issue resolves episode will get resolved .

 

But when the same issue happens with same node  , resolved episode count gets increased , instead of creating new notable event and a new episode. itsi logs  doesnot provide much details about this , please help check why .

 

Best regards

Vinay

vi323056@wipro.com

Labels (2)
0 Karma

iamvinaykumar
Engager

Thanks !! found a way to resolve it 🙂

0 Karma

seths
New Member

1. Try moving the event to closed state instead of the Resolved.
2. You can even check your actions rules for the breaking of episode it should have the states mentioned to break the episode.

3. Also check if the CorrelationID it should change for new Episodes.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...