How to suppress Notable Events in ITSI?

ManjunathN · ‎08-23-2022

Hi,

How to suppress the notable events in Splunk itsi ?

And when an episode breaks will the related notable events gets cleared?

And when an new episode gets created the related notable events count will be a fresh count from the time of episode creation or it will be a accumulated from the previous count. Please clarify. Thanks!

lperini_splunk · ‎08-23-2022

How to suppress the notable events in Splunk itsi ?

Configuration > Correlation Searches > Open the Correlation Search > Advanced Options
For more information:

https://docs.splunk.com/Documentation/ITSI/4.14.0/EA/ConfigCS#Advanced_Options

And when an episode breaks will the related notable events gets cleared?

No, the notables are not cleared. What happens is: a new episode is created, and the new notables are going to this new episode. So the notables that came before this "break" are kept in the previous episode.

https://docs.splunk.com/Documentation/ITSI/4.14.0/EA/FilteringCriteria#Break_episode

when an new episode gets created the related notable events count will be a fresh count from the time of episode creation or it will be a accumulated from the previous count.

It will be a fresh count from the time of the episode creation.

How to suppress Notable Events in ITSI?

using ITSI

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

Out of the Box to Up And Running - Streamlined Observability for Your Cloud ...

Splunk Smartness with Brandon Sternfield | Episode 3