Splunk ITSI
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

ITSI Entity alias filtering

rom1btn
Engager
‎04-19-2018 06:05 AM

Hi all,

I'm using ITSI V3.0.0, I have some strange results that I'll try to explain here.

I've got 2 entities
A

  • Info: type=application
  • alias: application_code=X

B

  • info: type=application
  • alias: foo=bar

I've linked a service with entities A & B by filtering on type=application
Splunk found both entities

I created a KPI and I moved 'Filter to Entities in Service' to 'Yes' and selected 'application_code' as the Entity Filter Field and 'application_code' as the Entity Alias Filtering.
When I look at the generated search and particularly at the rest command:
| rest splunk_server=local "/servicesNS/nobody/SA-ITOA/itoa_interface/generate_entity_filter?service_id=a967bd3c-8bec-4142-9d5e-92b8f8225e6e&entity_id_fields=application_code&entity_alias_filtering_fields=application_code&search_type=adhoc"

It returns:
application_code="X" OR application_code="bar"

It's the same when I change the 'entity_filtering_fields parameter' to 'DO_NOTHING' and it seems that this parameter is not used for filtering the alias of entities as explained in the documentation: Entity alias filtering

Can somebody confirm me this behaviour ?
Has I done something wrong ?
It sounds like an issue in that version.

Thanks

Reply

esnyder_splunk
Splunk Employee
Splunk Employee
‎10-22-2019 03:52 PM

It was discovered that entity alias filtering wasn't doing what it should have been doing, so it was removed in version 4.2.0. Please see https://docs.splunk.com/Documentation/ITSI/4.2.0/ReleaseNotes/Removedfeatures

Reply

sylbaea
Communicator
‎05-02-2018 07:19 PM

I realised yesterday I do have similar issue. Have you resolved your problem ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...