I would like to add a clickable link inside of the Description of a grouped notableevent.
When creating a notableevent policy, you have the option of statically naming the description of the g...
Intermittently some notables have been missing over time where ITSI runs in a SHC env, ITSI 4.2.1 + Splunk 7.2.8 in SHC + Multisite Indexer Cluster.
There are times when correlation searches do N...
I have a correlation search creating notableevents.
In the index=itsi_tracked_alerts, I see one event for a given event_id.
But on the Episode review, I see the event being member of several E...
Hi,
How to suppress the notableeventsin Splunk itsi ?
And when an episode breaks will the related notableevents gets cleared?
And when an new episode gets created the r...
...dex=itsi_notable_audit acknowledged
I will get events like:
{ [-]
activity: admin acknowledged notableevent group
activity_type: NotableEvent Group Update
event...
Hi ,I've created the correlation search for problem notifications and defined/enabled the entities in the search also defined the entities in the service. The search is generating notableevents. H...
What are the actual $result.fieldname$ tokens that are available inITSINotableEvents for the Send to Email action. I'm trying to access the notableevent title, description, and whatever other f...
Is it possible to merge the notableevents from Splunk IT Service Intelligence (ITSI) and Splunk Enterprise Security (ES)? Ideally, I'd like to create a single location where our analysts can r...
I am testing throttling/suppression on ITSI and would like to clear out the notables generated so far. Is this as simple as clearing them from index=itsi_tracked_alerts, or are there other cleanup t...
Hi, I have installed and configured the Add-on for ServiceNow. Integration with notableevents are working, incidents are created in Service Now. But I would like to have the fields auto populated f...