Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to direct users to the ITSI Episode Review dashboard from the drill-down link?

m_kostiew
Engager
‎11-25-2019 07:41 AM

I have a "normal" dashboard created that pulls together some ITSI data for my end users. In the table of the dashboard, I want to make it so the drill-down link will direct users to the ITSI Episode Review dashboard instead of the usual, traditional search, and for the specific grouped notable event, not just the dashboard itself.

I've used the event_identifier_hash, service ID(s), and the event_id values from the notables, in many variations of the URL; I can't seem to get the URL pinned down to that unique event/notable.

Is it even possible?

Thanks!

Labels (1)
Labels
0 Karma
Reply

Fouad
Loves-to-Learn Lots
‎09-23-2020 01:09 AM

same problem here, any updates?

0 Karma
Reply

wsveum
Explorer
‎01-03-2024 01:00 AM

I suppose you have found a solution to this by now. But if not, here is how i solved it by using the itsi_group_id field from index=itsi_grouped_alerts:

https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result....

I used this to make a link from ServiceNow directly to the episode in ITSI Alerts and Episodes.

In the Configure Action part of the Create/update ServiceNow Incident in the NEAP, i put the following in Custom Fields to make the link:

comments=[code]<a href="https://<your_splunk_instance>/en-GB/app/itsi/itsi_event_management?earliest=-24h&episodeid=$result.itsi_group_id$" target="_blank">Link to Splunk ITSI Alerts and Episodes<br></a>[/code]

 

0 Karma
Reply

skramp
SplunkTrust
SplunkTrust
‎01-30-2024 12:22 AM

If you have the episodeID, you can link directly to it:

https://YOURSPLUNKSERVER:8000/en-US/app/itsi/itsi_event_management?earliest=-7d%40h&latest=now&form....

Please be aware of the time span, if episode is older than 7d it won't be found because in THIS link -7d is set.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...