I've been trying out options as a workaround, the most suggested of which is the use of a lookup table. However the problem with the lookup is what to do when we know a search result falls on a public holiday. When a result is on a public holiday, you would assume we would exclude/ignore the event. This would produce a null result for the KPI. The biggest problem with this is that a lack of events returned is also a platform level indexing issues that are possible within Splunk... so public holidays and index performance issues would trigger the same KPI thresholds as each other (i.e. null = 0, and 0 equals bad).
Given ITSI is a tool aimed at service health monitoring, and that services are directly impacted by public holidays, it would seem this is critical functionality currently missing from the product.
... View more