How to suppress Notable Events in ITSI?

ManjunathN · ‎08-23-2022

Hi,

How to suppress the notable events in Splunk itsi ?

And when an episode breaks will the related notable events gets cleared?

And when an new episode gets created the related notable events count will be a fresh count from the time of episode creation or it will be a accumulated from the previous count. Please clarify. Thanks!

lperini_splunk · ‎08-23-2022

How to suppress the notable events in Splunk itsi ?

Configuration > Correlation Searches > Open the Correlation Search > Advanced Options
For more information:

https://docs.splunk.com/Documentation/ITSI/4.14.0/EA/ConfigCS#Advanced_Options

And when an episode breaks will the related notable events gets cleared?

No, the notables are not cleared. What happens is: a new episode is created, and the new notables are going to this new episode. So the notables that came before this "break" are kept in the previous episode.

https://docs.splunk.com/Documentation/ITSI/4.14.0/EA/FilteringCriteria#Break_episode

when an new episode gets created the related notable events count will be a fresh count from the time of episode creation or it will be a accumulated from the previous count.

It will be a fresh count from the time of the episode creation.

How to suppress Notable Events in ITSI?

using ITSI

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?