Re: ITSI - exclusion of an entity from a service

ayomotukoya · ‎04-10-2025

We have a service for a location 102. we preface entities that correlate with that service with a 102 in their entity name for example a location 102 entity can be name "102AP_M1" for an AP, the number before the device type is the location "102" in this instance. We use the aliases entity_name and name to map entities to this alias. Due to our bad naming conventions we have another entity named "100AP_M102" that is showing up as an entity mapped to service 102. I put in an alias of "name NOT 100AP_M102" but this didnt remove the entity from this service. I tried similar aliases but no luck.

We use a base search to identify these APs and dont want to remove this base search because there are other dependencies. Any ideas on how to get this AP off this service?

skramp · ‎04-29-2025

Yes, you should edit your Entity Search by implementing a new Info field like "location" which is filled ie by rex.

Esky73 · ‎04-10-2025

Can you add an information field to the entity you don't want in the service and then add an exclusion for that information field in the entity filter?

ITSI - exclusion of an entity from a service

troubleshooting

using ITSI

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?