Hi, I'm new to correlation searches and I want to create a correlation search that: searches for episodes with the same service_ids, serviceid and where alert_type matches "KPI alert" and checks the status of the most recent episode. If it finds that the most recent episode matching those fields is "normal" status, then it generates new events with the severity "info" with a new key and value like close_episode=yes and all the needed information to add this event to the right episode. The purpose being that if we have an episode for entity 1 that is critical from 1-1:30pm then episode 2 for entity 1 that is normal from 1:30-2pm I want to be able to create a rule in our NEAP that finds that says if episode 2 for the same entity has returned to normal than close episode 1. For further context i've including the filtering criteria we are using within our NEAP and the correlation search we are relying on to create alerts.   ... View more

Greetings all,     Is anyone using the alerting and episode's function? I would love to pick your brain to better understand how to implement it within my own environment. The main issue I'm having is within the first page of an episode the entity data doesn't show and I'm unsure why that is? When I look in the itsi_summary index we don't have that entity data so I'm wondering where the data for the entities is pulled for alerts? ... View more

My question is 2 pronged:   1. When we receive an alert sometimes it will appear in the "Critical and High Episodes" section of the incorrect service. Why is that and how do i fix it? 2. I as an admin am able to see these alerts, but another admin is unable too. When I check his roles and capabilities, they are the same as mine so what could be the issue? ... View more