Splunk IT Service Intelligence

Splunk ITSI - Netcool Integration (kvstore_to_json.py question)

lloydknight
Builder

Hello Splunkers,

So I'm planning to follow the Splunk Blog link below:
https://www.splunk.com/blog/2018/05/17/ingest-netcool-alerts-into-splunk-itsi-event-analytics.html

Already checked the prerequisites.
My questions are:

  1. Has anybody tried the link and encountered any issue?
  2. So kvstore_to_json.py is involved. It says in the blog that:

6.b. Restore the aggregation policy on the ITSI server via the kvstore_to_json.py command line utility. When prompted for the version of the backup, enter 2.6.

I'm just concerned on this part as I have already encountered an issue in upgrading Splunk ITSI before from the earliest version up to 3. Filed a ticket and the ticket was actually not resolved.

How does this restore aggregation policy work? Are there any possible impact or risk on this?

Much appreciated!

-Lloyd

0 Karma

mwiser_splunk
Splunk Employee
Splunk Employee

Lloyd - the restore basically auto-creates the agg policy for you from the backup. If I read your question correctly and you already have unresolved KV store issues - I would prioritize fixing those or creating a manual aggregation policy based on the guidance here https://docs.splunk.com/Documentation/ITSI/4.3.1/Configure/HowtocreateAggregationPolicies rather than doing the KV store import.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...