Splunk® IT Service Intelligence

Event Analytics Manual

Splunk IT Service Intelligence (ITSI) version 4.12.x reached its End of Life on January 22, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.

Overview of episode ticketing integrations in ITSI

An episode ticketing integration exchanges ticket data between your IT Service Intelligence (ITSI) instance and a third-party system.

Episode ticketing integration have the following advantages:

  • Establishing a ticket number that provides a unique key between systems.
  • Synchronizing the systems so that notifications can be triggered.
  • Transforming data for more uniform processing.
  • Tracking ticket activity for accurate reporting.

After performing the necessary integration steps, you can create tickets in an external system when certain trigger conditions are met. For information about all the episode actions shipped with ITSI, see Configure episode action rules in ITSI.

For example, you might want to create a ServiceNow incident every time an episode in ITSI is created. You can configure an aggregation policy action rule that defines the fields for the newly created ServiceNow incident, including the state and assignment group. The alert can then be routed to the appropriate ServiceNow team so the incident can be triaged and addressed.

The level of data and the direction of the data that is exchanged categorizes the integration as unidirectional or bidirectional. In a unidirectional integration, your episode passes data to a third-party system, and receives a ticket ID back as confirmation. In a bidirectional integration, episode data is exchanged, synchronized, and updated while data is sent between the systems.

ITSI offers integrations with the following third-party tools:

Unidirectional episode ticketing integrations

Action Configuration instructions
BMC Remedy Requires the Splunk Add-on for Remedy. For configuration information, see Integrate ITSI with BMC Remedy.
Splunk On-Call Requires Splunk On-Call (VictorOps). For configuration information, see Integrate ITSI with Splunk On-Call (VictorOps).
Phantom Requires the Phantom App for Splunk. For configuration information, see Integrate ITSI with Splunk Phantom.

Bidirectional episode ticketing integrations

Action Configuration instructions
ServiceNow Requires the Splunk Add-on for ServiceNow. For configuration information, see Integrate ITSI with ServiceNow.
Splunk Infrastructure Monitoring Requires that you integrate ITSI with Splunk Infrastructure Monitoring. For configuration information, see About the Splunk Infrastructure Monitoring entity integration in ITSI in the Entity Integrations manual.
Last modified on 21 June, 2023
Modify episode fields through the REST API   Integrate ITSI with ServiceNow

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters