Splunk IT Service Intelligence

Splunk IT Service Intelligence: Are notable event aggregation policies stored in a .conf file?

earlhelms
Path Finder

Are Splunk IT Service Intelligence (ITSI) notable event aggregation policies stored in a .conf file? If so, where is it? the only thing that I see documented is how to view via the GUI.

0 Karma
1 Solution

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

ITSI Notable Event Aggregation Polices are stored in the KVStore. Collection related stanza is [itsi_notable_event_aggregation_policy] in
SPLUNK_HOME/etc/apps/SA-ITOA/default/collections.conf.

View solution in original post

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

ITSI Notable Event Aggregation Polices are stored in the KVStore. Collection related stanza is [itsi_notable_event_aggregation_policy] in
SPLUNK_HOME/etc/apps/SA-ITOA/default/collections.conf.

Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...