I would like to add a clickable link inside of the Description of a grouped notableevent.
When creating a notableevent policy, you have the option of statically naming the description of the g...
I have a correlation search creating notableevents.
In the index=itsi_tracked_alerts, I see one event for a given event_id.
But on the Episode review, I see the event being member of several E...
Intermittently some notables have been missing over time where ITSI runs in a SHC env, ITSI 4.2.1 + Splunk 7.2.8 in SHC + Multisite Indexer Cluster.
There are times when correlation searches do N...
Hi,
How to suppress the notableeventsin Splunk itsi ?
And when an episode breaks will the related notableevents gets cleared?
And when an new episode gets created the r...
...dex=itsi_notable_audit acknowledged
I will get events like:
{ [-]
activity: admin acknowledged notableevent group
activity_type: NotableEvent Group Update
event...
Hi ,I've created the correlation search for problem notifications and defined/enabled the entities in the search also defined the entities in the service. The search is generating notableevents. H...
What are the actual $result.fieldname$ tokens that are available inITSINotableEvents for the Send to Email action. I'm trying to access the notableevent title, description, and whatever other f...
Is it possible to merge the notableevents from Splunk IT Service Intelligence (ITSI) and Splunk Enterprise Security (ES)? Ideally, I'd like to create a single location where our analysts can r...
I am testing throttling/suppression on ITSI and would like to clear out the notables generated so far. Is this as simple as clearing them from index=itsi_tracked_alerts, or are there other cleanup t...
Are Splunk IT Service Intelligence (ITSI) notableevent aggregation policies stored in a .conf file? If so, where is it? the only thing that I see documented is how to view via the GUI.