Splunk IT Service Intelligence

Defining threshold values in Descending order ( Possible Defect?)

satyab
Observer

Here is what I found in case you were wondering what I am asking for. Point 2# looks like ITSI doesn’t understand 0 as its lower value?)
1. If we are defining threshold values in Ascending order- We are good as ( example Error Rate Threshold, where anything above 60% is Critical, while we start from 0- Normal, 10-Low,20-Medium, 40- High, So ITSI know that any number above 60 will be marked as Critical.
2. If we are defining threshold values in Descending order – We need to make sure we end up with 0. As its lowest value . Normal -6 , Low-5,Medium-4,High-3,Critical-2 ( I can’t do this , as If I have value as 1 it will say default Severity Not Critical), While I m anticipating it to know that anything below 2 until 0 should be critical .

Fix - I have to say Critical-0. Then model is reflecting/report correctly as Critical failure.

So, Can the model just like in Ascending case where it know its 100% max.Can it have a boundary defination for 0 is Minimum for Descending Values?

Thanks
Satya

Labels (2)
0 Karma

satyab
Observer

@splunk Team,
For a fact I know this is happening and only way I could avoid by defining lowest value as "0" for the threshold? Other wise it is using Default value as expected.

0 Karma

satyab
Observer

So, can this be fixed 🙂

0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...