Re: Is it possible that Splunk cannot collect cert...

bas28 · ‎09-20-2023

Hello,

I have installed Splunk ITSI several times on various types of infrastructure, and I am observing this behavior for the first time. The latencies all have zero values as if they are not being reported. I have adjusted the collection interval, but it hasn't made any difference. What I don't understand is that this issue concerns latencies of virtual machines, ESXi servers, and datastores, while all other KPIs are okay. Is it possible that Splunk cannot collect certain values even though others are being collected? Do you have any idea about the root cause of this error?

IT Service Intelligence
Version :
4.17.0

Splunk Enterprise
Version :
9.0.5

srauhala_splunk · ‎10-09-2023

HI @bas28!

"Is it possible that Splunk cannot collect certain values even though others are being collected?" No. In my experience it is aways something missing between the entity filtering per service, entity definition in the KPI searches and or some issue with the field normalisation (metric) of the KPI base search.

Double check that those things are alright. Last thing to check could be ingest delay and that data is arriving in time for the KPI search to pick it up.

/Seb

Is it possible that Splunk cannot collect certain values even though others are being collected?

troubleshooting

using ITSI

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?