Re: Who created Services in ITSI

Reddi694325 · ‎08-05-2019

In my ITSI environment already some Services and KPIs are configured. Wanted to know by whom created those Services and KPIs.

Thanks in Advance

PowerPacked · ‎08-22-2019

Hi Reddi694325

ITSI default installation comes with modules like Application server module, database module, operating system module, etc.

These modules have the services, entities, KPIS created for generic use so that you can use or duplicate them according to your use case.

You can always delete these Services, entities, kpis, from Configure section in ITSI UI app, or completely removing these modules from service side.

Thanks

Reddi694325 · ‎08-06-2019

Thanks for the reply. I don't have access to _internal index. Is there any other way to find it?

Azeemering · ‎08-06-2019

Good question...hard to answer as they aren't exactly like knowledge objects.
What I did find is that when I create a service and then check in Splunk own's internal logging I see a match:

index = _internal sourcetype=itsi_internal_log component="itsi.services" objecttype=service method=create

Reddi694325 · ‎08-06-2019

Thanks for your answer. But I don't have access to _internal index. Is there any other way?

Azeemering · ‎08-06-2019

The only other thing you can look at is the kvstore / lookups that might give you and indication who created them. But I cannot see a 1 to 1 relation between those and a created service.

Who created Services in ITSI

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?