How to define the filtering criteria to exclude th...

ManjunathN · ‎09-29-2022

Hi,

We have created the aggregation policies and configure the action rules to create a ticket.

We have a requirement to prevent the ticket getting created for few of the hosts.

How to define the filtering criteria to exclude the hosts so that the ticket will bot be created for them?

and will the episodes get created in this case? Please clarify. Thanks.

lperini_splunk · ‎09-29-2022

I think you can limit the hosts in the Action Rules, something like that AND the number of events on the episode = 1 then trigger the create servicenow incident

ManjunathN · ‎10-10-2022

@lperini_splunk we tried to use the below option but ticket creation got stopped for the entire kpi and for other hosts too ,then we had to revert it back. So we could not understand what was the mistake made.

Host must be a field from the correlation search right? and do we need to give fqdn of the server as host value or just a server name or ip address is enough?

also please let us know if there are any other option.

Thanks!

How to define the filtering criteria to exclude the hosts so that the ticket will bot be created for them?

using ITSI

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!