Splunk IT Service Intelligence

Is there a way to configure correlation search for multiple services for Maintenance Windows?

kecarste99
New Member

Is there a way to be able to configure Maintenance Windows for Services to include all Episodes without adding each service to “Association” in the correlation search? The problem with doing that is every Service in the Association appears in the Episode under “IMPACTED SERVICES AND KPIS”.

We need to be able to do the following:

  1. Have a correlation search include notable events for multiple services
  2. Configure Maintenance Windows for Services and have Episodes for the service included in the maintenance window
  3. Not have to ‘Associate’ each service in the correlation search that includes multiple services
0 Karma

skoelpin
SplunkTrust
SplunkTrust

Another approach you can take.. You can add the extra logic in your aggregation policy which looks for the in_mm field and if it has a value of 1 then automatically break episodes. So you would still create notable events during a MM window, but they would not roll up into episodes or be visible by your end users. Once that in_mm field goes back to zero then episodes will then start to roll up

0 Karma

dlm
New Member

We are having the same issue.  We have a nagios correlation search for multiple teams. Each team have about 20+ services. There are Parent services but I was told the parent service won't include the children. So how do you put the services on the correlation search. That's over 100 services... I saw where you talked about doing the NEAP. What do you need to add to the correlation search to get the in_maintenance or this said in_mm field to show as a field so you can have it available to use in the NEAP.

 

Thanks

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...