Splunk IT Service Intelligence

Defining threshold values in Descending order ( Possible Defect?)

satyab
Observer

Here is what I found in case you were wondering what I am asking for. Point 2# looks like ITSI doesn’t understand 0 as its lower value?)
1. If we are defining threshold values in Ascending order- We are good as ( example Error Rate Threshold, where anything above 60% is Critical, while we start from 0- Normal, 10-Low,20-Medium, 40- High, So ITSI know that any number above 60 will be marked as Critical.
2. If we are defining threshold values in Descending order – We need to make sure we end up with 0. As its lowest value . Normal -6 , Low-5,Medium-4,High-3,Critical-2 ( I can’t do this , as If I have value as 1 it will say default Severity Not Critical), While I m anticipating it to know that anything below 2 until 0 should be critical .

Fix - I have to say Critical-0. Then model is reflecting/report correctly as Critical failure.

So, Can the model just like in Ascending case where it know its 100% max.Can it have a boundary defination for 0 is Minimum for Descending Values?

Thanks
Satya

Labels (2)
0 Karma

satyab
Observer

@splunk Team,
For a fact I know this is happening and only way I could avoid by defining lowest value as "0" for the threshold? Other wise it is using Default value as expected.

0 Karma

satyab
Observer

So, can this be fixed 🙂

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...