Splunk IT Service Intelligence

ITSI Service health ignores entities defined.

t2793js
New Member

I've defined my entities to have servers named wdlrp. The system finds 10 such servers.
I define the KPI's i'm interested in and create the service (DC Web_Servers_Health):
No dependencies.

The generated search seems to have the entities (servers)I want:
alt text

When i view health of the service, The service health dis-regards my entity list (notice the missing wldrp servers) and includes all entities in the server farm that contain the KPI.

alt text

I have a few questions:
1) how can I have the service analyzer entities scoped to the entities I defined up front?
2) if #1 cant be achieved, is the service health showing the health based on my defined entities?
Thanks,
Jim

0 Karma

t2793js
New Member

Thanks, It's a pain because you get one chance a day to see if the thing works, which creates delays.

0 Karma

mfscully
Explorer

I continue to have a similar issue that corrects itself over 24 hours. The effected Kpis are both base search and cloned. I have put in support tickets against this issue. I will let you know if anything comes of it.

0 Karma

t2793js
New Member

The scope now has "fixed" itself. I suspect that it was a timing issue where waiting 24 hours from changes made yesterday in the core search filtered out the unwanted entities.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!