Splunk ITSI

ITSI Entity alias filtering

rom1btn
Engager

Hi all,

I'm using ITSI V3.0.0, I have some strange results that I'll try to explain here.

I've got 2 entities
A

  • Info: type=application
  • alias: application_code=X

B

  • info: type=application
  • alias: foo=bar

I've linked a service with entities A & B by filtering on type=application
Splunk found both entities

I created a KPI and I moved 'Filter to Entities in Service' to 'Yes' and selected 'application_code' as the Entity Filter Field and 'application_code' as the Entity Alias Filtering.
When I look at the generated search and particularly at the rest command:
| rest splunk_server=local "/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter?service_id=a967bd3c-8bec-4142-9d5e-92b8f8225e6e&entity_id_fields=application_code&entity_alias_filtering_fields=application_code&search_type=adhoc"

It returns:
application_code="X" OR application_code="bar"

It's the same when I change the 'entity_filtering_fields parameter' to 'DO_NOTHING' and it seems that this parameter is not used for filtering the alias of entities as explained in the documentation: Entity alias filtering

Can somebody confirm me this behaviour ?
Has I done something wrong ?
It sounds like an issue in that version.

Thanks

esnyder_splunk
Splunk Employee
Splunk Employee

It was discovered that entity alias filtering wasn't doing what it should have been doing, so it was removed in version 4.2.0. Please see https://docs.splunk.com/Documentation/ITSI/4.2.0/ReleaseNotes/Removedfeatures

sylbaea
Communicator

I realised yesterday I do have similar issue. Have you resolved your problem ?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...