Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Export episodes from ITSI to CSV

mathtronix
New Member
‎02-10-2021 07:09 AM

Hello SPLUNK Community!

I need to do some Excel analysis on the Episodes in ITSI, breaking them up by various parameters. I might be able to create a SPLUNK dashboard to do this sort of thing, but I think management is going to want it in Excel ultimately.

Making a report off of raw searches is a cake walk, but is there any way to make a report of the EPISODES in ITSI? Basically what I am doing now is literally highlighting and copying the episodes off our ITSI Episode Review and pasting them into excel, getting me all the data from the columns like assignee, time/date, etc. I know there is a way to do this more programmatically

Or am I barking up the wrong tree here? Do I need to generate reports for each correlation search instead?

Thanks in advance!

Labels (1)
Labels
0 Karma
Reply

lperini_splunk
Splunk Employee
Splunk Employee
‎02-15-2021 03:06 AM

you can start by checking out the itsi_grouped_alerts. This is the index for episodes. 
If you want to check the notables, go to itsi_tracked_alerts.

If you want to get the information that you see in the Episode Review, you might want to use the itsi_grouped_alerts

index=itsi_grouped_alerts sourcetype="itsi_notable:group"
| table itsi_group_id itsi_group_title itsi_group_description owner itsi_group_count

This is a starting point, you can go further and adding more fields as you like. 

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...