Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Correlation searches not creating episodes

khusain_splunk
Splunk Employee
Splunk Employee
‎10-31-2019 11:12 AM

Splunk Version:7.2.6 --> SH cluster with 3 nodes
ITSI Version: 4.2.0

Issue:
Sometimes the episodes are not generating with NEAP and showing duplicate episodes

Tags (2)
0 Karma
Reply

khusain_splunk
Splunk Employee
Splunk Employee
‎10-31-2019 11:14 AM

Hi,

This is a known issue. Please refer below link:

  • Implemented the workaround to fix the episode generation:

https://docs.splunk.com/Documentation/ITSI/4.2.0/ReleaseNotes/Knownissues

  • Implemented below workaround to fix the itsi rule engine:

1) Open or create a local copy of "commands.conf" at $SPLUNK_HOME/etc/apps/SA-ITOA/local.
2) Add the following stanza:

[itsirulesengine]
command.arg.1=-J-Xmx1024M # reduced to 1024MB for 32 bit JDK/JRE

https://docs.splunk.com/Documentation/ITSI/4.4.0/ReleaseNotes/Knownissues#Notable_Events

0 Karma
Reply
Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...