Found the answer, it seems it was a bug in ITSI 4.0, where if you are trying to create Entity and entity count is in couple of hundreds (300+) then you will face the same issue. I solved it by restricting entity counts and then repeating entity creation in batch. I know it is tiresome.. but its only way. (Looks like it is fixed in next version)
... View more
Need help in understanding Notable event, I am using correlation search to create Notable event, where my search has “time_range and schedule as 5min” which return single result(ie single event)
However I am able to see 2 event_id within itsi_tracked_alerts index for same search thus resulting into Notable event count 2 in Episode review in ITSI.
index=itsi_tracked_alerts sourcetype="itsi_notable:event" project=”abc” :- 2 event with 2 different event_id.
Correlation serach:---- generates only 1 event.
I am not sure why 2 event are created in “itsi_tracked_alerts” for project “abc”. Where according to correlation serach it should only generate 1 event id.
Please help
... View more
Hello,
I need help with ITSI Entity Import, I am trying to Import Entity with saved search, However i get message "Entity Import in Progress" but no Entity is imported even after waiting for more than couple of hours.
Has any one faced same kind of issue. could you Please shed some light on issue causing this and fix.
... View more