Known issues in Splunk IT Service Intelligence
IT Service Intelligence (ITSI) version 4.11.6 has the following known issues and workarounds.
Backup/Restore and Migration Issues
| Date filed | Issue number | Description |
|---|---|---|
| 2021-10-13 | ITSI-19215 | Customer is getting a lot of errors related to "Could not find object id=itsi_entity_dashboard_drilldown" after installation of IT Essentials Work Workaround: Upgrade to ITE-Work version 4.12 and later |
Notable Events
| Date filed | Issue number | Description |
|---|---|---|
| 2022-12-20 | ITSI-27751 | Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios Workaround: Avoid using brackets (), extra whitespaces, the operator !=, and double quotes "" in the search filter |
Glass Table
| Date filed | Issue number | Description |
|---|---|---|
| 2023-06-11 | ITSI-30879 | Glass table is much slower after upgrade from ITSI 4.9.2 to 4.11.6 Workaround: No workaround available. |
KPI Search Calculation
| Date filed | Issue number | Description |
|---|---|---|
| 2022-04-28 | ITSI-23284 | Deleted KPI lanes still showing in deep dive when the URL is refreshed. |
Service Analyzer
| Date filed | Issue number | Description |
|---|---|---|
| 2023-02-17 | ITSI-28826 | Changes to health score color values in threshold_labels.conf do not appear in the service analyzer. |
Uncategorized issues
| Date filed | Issue number | Description |
|---|---|---|
| 2023-01-09 | ITSI-27961 | Bidirectional Ticketing Correlation Search hits "subsearch limit of 50000 reached" when the collection itsi_notable_event_ticketing has more than 50000 entries Workaround: # Navigate to ITSI -> Configuration -> Correlation Searches
{noformat}| datamodel Ticket_Management Incident search | rename All_Ticket_Management.ticket_id as ticket_id | join ticket_id [search sourcetype="snow:incident" index="<snow_index>" | where _indextime > now() - <max_lookback_time>] | lookup itsi_notable_event_external_ticket tickets.ticket_id as ticket_id OUTPUTNEW tickets.ticket_system event_id | where isnotnull(event_id) | rename tickets.* as * | eventstats values(event_id) as group_id last(ticket_system) as ticket_system by ticket_id | fields - dv_* | table * | makemv group_id | mvexpand group_id | eval bidirectional_ticketing=1, snow_hash = number + "!" + group_id + "!" + sys_updated_on | search NOT [| search index="itsi_tracked_alerts" | fields snow_hash] | dedup snow_hash{noformat} Change the placeholders {{<snow_index>}} and {{<max_lookback_time>}} in the above search with values according to the customer's requirements |
| 2021-09-01 | ITSI-18709 | ITSI redirects to suite_redirect 500 Internal Server Error - because of python library isolation between apps Workaround: Step 1: Identify all the splunklib directories within the splunk apps directory using command find . -name 'splunklib' | xargs -r ls -lah.
Step 2: For each directory listed in step 1, check if file Step 3: Copy the Step 4: Clean the cached files using Step 5: Restart Splunk on the ITE Work or ITSI search head. |
| Fixed issues in Splunk IT Service Intelligence | Removed features in Splunk IT Service Intelligence |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.6
Download manual
Feedback submitted, thanks!