I configured two aggregation rules :by entity and by service,
This is because our system group needs to see host-based alerts, but the business group wants to see service-based alerts.
In the configur...
Hi,
I'm trying to configure a NEAT that would send one email / raise one SNOW incident for each episodes.
I tried a few different ActionRules:
Number of events inepisode >= 1 --> t...
...ails, it will be 1163.
Users want to be alerted if the value increases (goes from 1162 to 1163) and want to keep receiving alerts until the events are acknowledged. After acknowledgement, users no l...
I have a "normal" dashboard created that pulls together some ITSI data for my end users. In the table of the dashboard, I want to make it so the drill-down link will direct users to the ITSIEpisode...
Hi,
InITSI > Notable Event Aggregation Policies > ActionRules, "Run a script" can no longer be executed.
The work that triggered the event to occur - Splunk Core Version Up (8.2.7 > 9...
I created a custom alert actionin Splunk Enterprise. When I try to use that actioninITSI for a correlated search, I don't see it as an option. How do I utilize my customer alert actioninside ITSI?
InITSI Aggregation policy, I set up custom actions on certain conditions. (email, or scripted alerts to a third party api ...)
When I am running action on all events of group, why has it not p...