Hi Splunk Gurus, We have a splunk ITSI search head with version 4.4.3 build 14 running on Splunk version 7.2.10 I have created correlation searches. Some of which run every minute. Event t...
The Splunk documentation for setting up Predictive Analytics Alerting has you create a correlation PER Service that Predictive Analytics is setup on. Has anyone tried to create a single c...
I would like to add a clickable link inside of the Description of a grouped notable event.
When creating a notable event policy, you have the option of statically naming the description of the g...
I have a 3 node setup, 1 indexer and 2 search heads. one search head has ITSI (ITSI is also on the indexer). The index is the one that's giving me all these skipped ratios Under the User Management C...
...nd Services logs" select View and enable "Show Analytic and Debug logs".
When looking at the eventlog properties, they show the name as "AD FS 2.0 Tracing/Debug"
I paste that name into the i...
I have a correlation search creating notable events.
In the index=itsi_tracked_alerts, I see one event for a given event_id.
But on the Episode review, I see the event being member of several E...
Hi,
How to suppress the notable events in Splunk itsi ?
And when an episode breaks will the related notable events gets cleared?
And when an new episode gets created the r...
I've noticed an issue with the documentation and configuration for DA-ITSI-OS. https://docs.splunk.com/Documentation/ITSI/4.13.1/IModules/OSmoduleconfiguration Firstly, the documentation s...
Hello, I'm just having a bit of difficulty differentiating between Splunk Enterprise, ITSI, SOAR, UBA, and Enterprise Security. It seems like they all do similar things. Do they a...