Splunk IT Service Intelligence

Correlation searches not creating episodes

khusain_splunk
Splunk Employee
Splunk Employee

Splunk Version:7.2.6 --> SH cluster with 3 nodes
ITSI Version: 4.2.0

Issue:
Sometimes the episodes are not generating with NEAP and showing duplicate episodes

Tags (2)
0 Karma

khusain_splunk
Splunk Employee
Splunk Employee

Hi,

This is a known issue. Please refer below link:

  • Implemented the workaround to fix the episode generation:

https://docs.splunk.com/Documentation/ITSI/4.2.0/ReleaseNotes/Knownissues

  • Implemented below workaround to fix the itsi rule engine:

1) Open or create a local copy of "commands.conf" at $SPLUNK_HOME/etc/apps/SA-ITOA/local.
2) Add the following stanza:

[itsirulesengine]
command.arg.1=-J-Xmx1024M # reduced to 1024MB for 32 bit JDK/JRE

https://docs.splunk.com/Documentation/ITSI/4.4.0/ReleaseNotes/Knownissues#Notable_Events

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...