Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to direct users to the ITSI Episode Review dashboard from the drill-down link?

m_kostiew
Engager
‎11-25-2019 07:41 AM

I have a "normal" dashboard created that pulls together some ITSI data for my end users. In the table of the dashboard, I want to make it so the drill-down link will direct users to the ITSI Episode Review dashboard instead of the usual, traditional search, and for the specific grouped notable event, not just the dashboard itself.

I've used the event_identifier_hash, service ID(s), and the event_id values from the notables, in many variations of the URL; I can't seem to get the URL pinned down to that unique event/notable.

Is it even possible?

Thanks!

Labels (1)
Labels
0 Karma
Reply

Fouad
Loves-to-Learn Lots
‎09-23-2020 01:09 AM

same problem here, any updates?

0 Karma
Reply

wsveum
Explorer
‎01-03-2024 01:00 AM

I suppose you have found a solution to this by now. But if not, here is how i solved it by using the itsi_group_id field from index=itsi_grouped_alerts:

https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result....

I used this to make a link from ServiceNow directly to the episode in ITSI Alerts and Episodes.

In the Configure Action part of the Create/update ServiceNow Incident in the NEAP, i put the following in Custom Fields to make the link:

comments=[code]<a href="https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result.itsi_group_id$" target="_blank">Link to Splunk ITSI Alerts and Episodes<br></a>[/code]

 

0 Karma
Reply

skramp
SplunkTrust
SplunkTrust
‎01-30-2024 12:22 AM

If you have the episodeID, you can link directly to it:

https://YOURSPLUNKSERVER:8000/en-US/app/itsi/itsi_event_management?earliest=-7d%40h&latest=now&form....

Please be aware of the time span, if episode is older than 7d it won't be found because in THIS link -7d is set.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...