I would like to add a clickable link inside of the Description of a grouped notableevent.
When creating a notableevent policy, you have the option of statically naming the description of the g...
I have a correlation search creating notableevents.
In the index=itsi_tracked_alerts, I see one event for a given event_id.
But on the Episode review, I see the event being member of several E...
Hi,
How to suppress the notableeventsin Splunk itsi ?
And when an episode breaks will the related notableevents gets cleared?
And when an new episode gets created the r...
What are the actual $result.fieldname$ tokens that are available inITSINotableEvents for the Send to Email action. I'm trying to access the notableevent title, description, and whatever other f...
I am testing throttling/suppression on ITSI and would like to clear out the notables generated so far. Is this as simple as clearing them from index=itsi_tracked_alerts, or are there other cleanup t...
Our ITSI is showing some "Detected Anomaly" for the kpi "Index Usage". Where and how can I find the notableevents for those "Detected Anomaly"? I didn't find then inindex=itsi...
...een created. Multiple aggregation policies can be created with filtering criteria that capture the same set or subset ofevents. If the same notableevents are captured by more than one policy, the a...
In Splunk Enterprise I have alerts. Now I want to create Servicenow incidents by adding the alert action using ITSINotableEvents.
Following are my questions:
Whether the above approach is d...
...bsp;
Q2 After configuring #splunk_itsi correlation search as described here , i wasn't able to see notableevents created in the episode review. I have already configured the search in...