Splunk ITSI

How to direct users to the ITSI Episode Review dashboard from the drill-down link?

m_kostiew
Engager

I have a "normal" dashboard created that pulls together some ITSI data for my end users. In the table of the dashboard, I want to make it so the drill-down link will direct users to the ITSI Episode Review dashboard instead of the usual, traditional search, and for the specific grouped notable event, not just the dashboard itself.

I've used the event_identifier_hash, service ID(s), and the event_id values from the notables, in many variations of the URL; I can't seem to get the URL pinned down to that unique event/notable.

Is it even possible?

Thanks!

Labels (1)
0 Karma

Fouad
Loves-to-Learn Lots

same problem here, any updates?

0 Karma

wsveum
Explorer

I suppose you have found a solution to this by now. But if not, here is how i solved it by using the itsi_group_id field from index=itsi_grouped_alerts:

https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result....

I used this to make a link from ServiceNow directly to the episode in ITSI Alerts and Episodes.

In the Configure Action part of the Create/update ServiceNow Incident in the NEAP, i put the following in Custom Fields to make the link:

comments=[code]<a href="https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result.itsi_group_id$" target="_blank">Link to Splunk ITSI Alerts and Episodes<br></a>[/code]

 

0 Karma

skramp
SplunkTrust
SplunkTrust

If you have the episodeID, you can link directly to it:

https://YOURSPLUNKSERVER:8000/en-US/app/itsi/itsi_event_management?earliest=-7d%40h&latest=now&form....

Please be aware of the time span, if episode is older than 7d it won't be found because in THIS link -7d is set.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...