Splunk IT Service Intelligence

Glass table is not returning proper aggregation value?


While checking for the historical data for one of the KPI's in one of my glasstable 's  , it showed the latest alert_value for the global time range selected ,   tile is a single value visualization.

but my itsi_summary has multiple Alert_value values, which is updated by my KPI base search running every 5 min . 

my global time range : 1 hour.

glasstable tile is showing latest alert_value value from the 55 min to 60 min run data.  but idealy it should aggregate all the alert value according to service on alert_value and show final value in the tile (single value)

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...