Splunk® App for Content Packs

Release Notes

This documentation does not apply to the most recent version of Splunk® App for Content Packs. For documentation on the most recent version, go to the latest release.

New features in the Splunk App for Content Packs

The Splunk App for Content Packs version 2.0.0 was released on July 13, 2023.

Version 2.0.0 of the Splunk App for Content Packs contains updates in these content packs:

New feature or enhancement Description
Deactivated the saved searches of all content packs Saved searches are deactivated by default on upgrade and install of Splunk App for Content Packs 2.0 to avoid negative impact on ITSI performance and to provide more control for users to enable saved searches only for in-use content packs To activate the saved searches, refer to the Install and Configure documentation of the required content pack.


If you're upgrading from a previous version of the Splunk App for Content Packs, be sure to go through the important steps mentioned in Upgrade Splunk App for Content Packs to version 2.0.

Mapping for the service_name field in the itsi_summary index is now driven by SPL command rather than by automatic lookup from the content pack for ITSI Monitoring and Alerting Automatic lookup responsible for returning the service_name field for the itsi_summary index is removed when users upgrade to Splunk App for Content Packs 2.0.0. This change to service name field mapping protocol in Service and Episode Monitoring Correlation Searches improves data reliability by eliminating the previous requirement for refreshing automatic lookup periodically to ensure that the service_name field populated for all records in the itsi_summary index.

If you rely on the service_name field, this change affects you.

To obtain the service_name for a given serviceid, use an SPL (Search Processing Language) lookup command. In order to search, filter or report on service_name from the itsi_summary index, you must add the following lookup after your initial search:
|lookup service_kpi_lookup _key AS serviceid OUTPUT title AS service_name

By executing this SPL command, you can retrieve the service_name field from the service_kpi_lookup file.


Example code snippet for updated search: 

index=itsi_summary 
| lookup service_kpi_lookup _key AS serviceid OUTPUT title AS service_name
| search service_name="*Web*"

You must incorporate the lookup command into your own SPL queries to obtain the service_name field.

Updated content packs This version of the Splunk App for Content Packs contains updates to the following content packs:

For fixed issues, see Fixed issues for the Splunk App for Content Packs.

For known issues, see Known issues for the Splunk App for Content Packs.

To get started with the app, see Install the Splunk App for Content Packs.

Last modified on 02 February, 2024
  Fixed issues in the Splunk App for Content Packs

This documentation applies to the following versions of Splunk® App for Content Packs: 2.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters