Splunk ITSI

How to direct users to the ITSI Episode Review dashboard from the drill-down link?

m_kostiew
Engager

I have a "normal" dashboard created that pulls together some ITSI data for my end users. In the table of the dashboard, I want to make it so the drill-down link will direct users to the ITSI Episode Review dashboard instead of the usual, traditional search, and for the specific grouped notable event, not just the dashboard itself.

I've used the event_identifier_hash, service ID(s), and the event_id values from the notables, in many variations of the URL; I can't seem to get the URL pinned down to that unique event/notable.

Is it even possible?

Thanks!

Labels (1)
0 Karma

Fouad
Loves-to-Learn Lots

same problem here, any updates?

0 Karma

wsveum
Explorer

I suppose you have found a solution to this by now. But if not, here is how i solved it by using the itsi_group_id field from index=itsi_grouped_alerts:

https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result....

I used this to make a link from ServiceNow directly to the episode in ITSI Alerts and Episodes.

In the Configure Action part of the Create/update ServiceNow Incident in the NEAP, i put the following in Custom Fields to make the link:

comments=[code]<a href="https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result.itsi_group_id$" target="_blank">Link to Splunk ITSI Alerts and Episodes<br></a>[/code]

 

0 Karma

skramp
SplunkTrust
SplunkTrust

If you have the episodeID, you can link directly to it:

https://YOURSPLUNKSERVER:8000/en-US/app/itsi/itsi_event_management?earliest=-7d%40h&latest=now&form....

Please be aware of the time span, if episode is older than 7d it won't be found because in THIS link -7d is set.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...