I have some strange problems with ITSI and first i would like confirm that java version which i'm using is recommended one.
My setup is Windows 2016, SPlunk 8.0 and ITSI 4.4.1 and current java is:
I have warnings like this:
Unable initialize modular input itsi_license_checker defined in the app "SA-ITSI-Linceschecker":
Also we cannot create any episode via aggregation policy. Smart mode analyze cannot find any results/fields.
Could you share with me which version of ITSI and which version of java is working for sure?
I tested with another java Version, i.e. the Oracle java 8
java version "1.8.0_241" Java(TM) SE Runtime Environment (build 1.8.0_241-b07) Java HotSpot(TM) 64-Bit Server VM (build 25.241-b07, mixed mode)
This now works, no more error messages, and Episodes are now grouped
I guess it a problem of splunk parsing the java version string correctly
I see similar problems:
When opening an existing or adding a new Aggregation Policy, I get:
Java version installed on this search head does not support Aggregation Policies, Java version 1.8 or greater is required.
I can still define Aggregation policies, but notable events are not beeing grouped into episodes
This is on splunk 8.0.1, ITSI 4.4.1 on a linux machine running this java version:
openjdk version "11.0.6" 2020-01-14
OpenJDK Runtime Environment (build 11.0.6+10-post-Debian-1deb10u1)
OpenJDK 64-Bit Server VM (build 11.0.6+10-post-Debian-1deb10u1, mixed mode, sharing)
MLTK 5.0.0 is installed and python.version=python3
According to the ITSI 4.4.1docs, this should all be fine