Splunk ITSI

Splunk IT Service Intelligence: Is there a way to customize Group Severity when configuring a Notable Event Aggregation Policy?

noybin
Communicator

I would like to know if there is a way to customize the "Group Severity" when configuring a Notable Event Aggregation Policy.

I see two options: "Same as first event" and "Static Value".

I would like to set as group severity the most critical severity of the events in the group.

I looked at the "Action Rules" tab, but couldn't find the way neither.

This is very important and it would be ok for me if the solution implies modifying .js files or whatever is needed.

Thank you very much.

1 Solution

hjauch_splunk
Splunk Employee
Splunk Employee

The Group Severity can only be set to "Same as the first event" or "Static Value".

This sounds like a really good use case. I could submit your request as a feature request.

View solution in original post

hjauch_splunk
Splunk Employee
Splunk Employee

The Group Severity can only be set to "Same as the first event" or "Static Value".

This sounds like a really good use case. I could submit your request as a feature request.

noybin
Communicator

Please, It would be great if you could submit the request.

It is very important and I'm sure it will be useful for other teams.

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

Hi @noybin, just for future reference:
For a feature request, you can create a support ticket: http://www.splunk.com/r/bugs
And choose the "All enhancement requests" under "Splunk installation is" section.

I'm sure hjauch has got your back in regards to this request though 🙂 Thank you!

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...