Splunk IT Service Intelligence

Is there a way to configure correlation search for multiple services for Maintenance Windows?

kecarste99
New Member

Is there a way to be able to configure Maintenance Windows for Services to include all Episodes without adding each service to “Association” in the correlation search? The problem with doing that is every Service in the Association appears in the Episode under “IMPACTED SERVICES AND KPIS”.

We need to be able to do the following:

  1. Have a correlation search include notable events for multiple services
  2. Configure Maintenance Windows for Services and have Episodes for the service included in the maintenance window
  3. Not have to ‘Associate’ each service in the correlation search that includes multiple services
0 Karma

skoelpin
SplunkTrust
SplunkTrust

Another approach you can take.. You can add the extra logic in your aggregation policy which looks for the in_mm field and if it has a value of 1 then automatically break episodes. So you would still create notable events during a MM window, but they would not roll up into episodes or be visible by your end users. Once that in_mm field goes back to zero then episodes will then start to roll up

0 Karma

dlm
New Member

We are having the same issue.  We have a nagios correlation search for multiple teams. Each team have about 20+ services. There are Parent services but I was told the parent service won't include the children. So how do you put the services on the correlation search. That's over 100 services... I saw where you talked about doing the NEAP. What do you need to add to the correlation search to get the in_maintenance or this said in_mm field to show as a field so you can have it available to use in the NEAP.

 

Thanks

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...