Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ITSI - exclusion of an entity from a service

ayomotukoya
Explorer
‎04-10-2025 12:17 PM

We have a service for a location 102. we preface entities that correlate with that service with a 102 in their entity name for example a location 102 entity can be name "102AP_M1" for an AP, the number before the device type is the location "102" in this instance. We use the aliases entity_name and name to map entities to this alias. Due to our bad naming conventions we have another entity named "100AP_M102" that is showing up as an entity mapped to service 102. I put in an alias of "name NOT 100AP_M102" but this didnt remove the entity from this service. I tried similar aliases but no luck. 

 

We use a base search to identify these APs and dont want to remove this base search because there are other dependencies. Any ideas on how to get this AP off this service?

Labels (2)
Labels
0 Karma
Reply

skramp
SplunkTrust
SplunkTrust
‎04-29-2025 12:02 AM

Yes, you should edit your Entity Search by implementing a new Info field like "location" which is filled ie by rex.

0 Karma
Reply

Esky73
Builder
‎04-10-2025 03:10 PM

Can you add an information field to the entity you don't want in the service and then add an exclusion for that information field in the entity filter?

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...