Splunk IT Service Intelligence
Highlighted

Is there a way to configure correlation search for multiple services for Maintenance Windows?

New Member

Is there a way to be able to configure Maintenance Windows for Services to include all Episodes without adding each service to “Association” in the correlation search? The problem with doing that is every Service in the Association appears in the Episode under “IMPACTED SERVICES AND KPIS”.

We need to be able to do the following:

  1. Have a correlation search include notable events for multiple services
  2. Configure Maintenance Windows for Services and have Episodes for the service included in the maintenance window
  3. Not have to ‘Associate’ each service in the correlation search that includes multiple services
0 Karma
Highlighted

Re: Is there a way to configure correlation search for multiple services for Maintenance Windows?

SplunkTrust
SplunkTrust

Another approach you can take.. You can add the extra logic in your aggregation policy which looks for the in_mm field and if it has a value of 1 then automatically break episodes. So you would still create notable events during a MM window, but they would not roll up into episodes or be visible by your end users. Once that in_mm field goes back to zero then episodes will then start to roll up

0 Karma