Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ITSI - Episode Review - 1 KPI

arthurva
Explorer
‎02-21-2019 04:58 PM

I'm very new to Splunk and ITSI. We have created a service for VMware VMs. The Service has several KPIs like memory and CPU. A few of the VMs have CPUs in Critical status. Episode Review shows 0 episodes. Is it possible to have the specific servers show up in Episode Review?

0 Karma
Reply

arthurva
Explorer
‎02-22-2019 08:50 AM

I'm stuck doing something on the first link.

...but we’re going to wind up modifying it slightly so we’ll duplicate the existing rule and make our modifications to the copy...

How do you duplicate it? I don't see that option.

0 Karma
Reply

szhou_splunk
Splunk Employee
Splunk Employee
‎03-02-2019 07:29 PM

There is an "Edit" dropdown in "Actions" column and you can click "Clone" from the dropdown to duplicate it.
Generally, in order to show these events in Episode Review, you need to create some of correlation searches that generate the events, and use Notable Event Aggregation Policy (Under Configuration dropdown manual) to include these events for that Policy, then you will see these events(got grouped into Episode by similarity) in Episode Review.

0 Karma
Reply

arthurva
Explorer
‎02-21-2019 05:05 PM

I'll start reading them. Thank you.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...