Splunk IT Service Intelligence

Splunk IT Service Intelligence: Are notable event aggregation policies stored in a .conf file?

earlhelms
Path Finder

Are Splunk IT Service Intelligence (ITSI) notable event aggregation policies stored in a .conf file? If so, where is it? the only thing that I see documented is how to view via the GUI.

0 Karma
1 Solution

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

ITSI Notable Event Aggregation Polices are stored in the KVStore. Collection related stanza is [itsi_notable_event_aggregation_policy] in
SPLUNK_HOME/etc/apps/SA-ITOA/default/collections.conf.

View solution in original post

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

ITSI Notable Event Aggregation Polices are stored in the KVStore. Collection related stanza is [itsi_notable_event_aggregation_policy] in
SPLUNK_HOME/etc/apps/SA-ITOA/default/collections.conf.

Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...