Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

ITSI Episodes Data Inconsistent

krunoslav
Engager
‎09-01-2020 06:09 AM

Hello,

When fetching the episodes from ITSI via REST (https://hostname:8089/servicesNS/fsspl06/itsi/event_management_interface/notable_event_group?filter={"status":"1","severity":{"$gte":"3"}}) a list of several episodes with status "New" is obtained. However, in the ITSI GUI, in the Episode Review tab, a search for all new episodes over all time returns no results. How is this possible? Any clues on how to debug this? Thanks

Labels (2)
Labels
Tags (2)
0 Karma
Reply

eduncan
Splunk Employee
Splunk Employee
‎09-02-2020 07:24 AM

If you are sure that even in the itsi_summary index that the groupid's for the ones retrieved via rest are NOT there, then I'd open a support case.

0 Karma
Reply

eduncan
Splunk Employee
Splunk Employee
‎09-01-2020 09:55 AM

Need more info on your filter.  What is set for Status Filter and Severity Filter?

0 Karma
Reply

krunoslav
Engager
‎09-01-2020 11:41 PM

In ITSI GUI the Status is set to New and the severity is not set

0 Karma
Reply

eduncan
Splunk Employee
Splunk Employee
‎09-01-2020 10:23 AM

Also if you search the. index=itsi_grouped_alerts do you see the groupID of the same episodes you got from the REST API?

 

0 Karma
Reply

krunoslav
Engager
‎09-01-2020 11:49 PM

No, the episodes returned via REST are not found in the index.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...