Splunk® IT Service Intelligence

Release Notes

This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.

Known issues in Splunk IT Service Intelligence

This version has the following known issues and workarounds.

Adaptive Thresholding

Date filed Issue number Description
2023-04-26 ITSI-29672 KPI preview fails to render sometimes

Workaround:
NA
2022-08-23 ITSI-25903 Threshold Template Sync Fails with Empty Alert Values in threshold template

Backup/Restore and Migration Issues

Date filed Issue number Description
2022-09-15 ITSI-26204 ITSI Default Scheduled Backup taking hours to complete after upgrade to 4.11.5 (it used to be minutes)

Workaround:
* Run the below curl command to delete the entry in the collection Template:Itsi migration status

{noformat}curl -ku admin https://localhost:8089/servicesNS/nobody/SA-ITOA/storage/collections/data/itsi_migration_status -X DELETE{noformat}

Notable Events

Date filed Issue number Description
2023-06-29 ITSI-31192 All Events tab does not render default columns if they are not present in NEAP JSON definition

Workaround:
# Use the latest ITSI Backup file to edit the NEAP JSON definition and remove the property Template:All events columns and restore the backup.
  1. Go to Episode Review page and add back all the desired columns
2023-01-16 ITSI-28046 Alert action configuration UI not loaded in ITSI when the count of alert actions exceed 30

Workaround:
Keep the count of alert actions in the instance below 30
2022-12-20 ITSI-27751 Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios

Workaround:
Avoid using brackets (), extra whitespaces, the operator !=, and double quotes "" in the search filter

Glass Table

Date filed Issue number Description
2022-12-20 ITSI-27743 Drilldown and URL link in Glass Table may open double tabs/windows
2022-07-29 ITSI-25262 Font size adjustments and drilldowns for text are not working properly for glass tables after upgrading to ITSI 4.13.1

Workaround:
Issue 1: The font size is not adjustable.

Font size can be adjusted in splunk.markdown at some level with use of the H button from the UI.

# Heading level 1 ## Heading level 2 ### Heading level 3

Issue 2: Drilldown is not supported.

A custom URL can be used in splunk.markdown in place of the drilldown.

KPI Base Searches

Date filed Issue number Description
2022-10-05 ITSI-26497 app/itsi/kpi_base_searches_lister error

Workaround:
N/A
2022-08-23 ITSI-25903 Threshold Template Sync Fails with Empty Alert Values in threshold template
2022-08-16 ITSI-25834 Not able to create KPIs from Metric Based KPI Base Search

Workaround:
Need to create KPI with metric based search instead of metric based KPI Base Search.

KPI Search Calculation

Date filed Issue number Description
2022-12-16 ITSI-27721 KPI title surrounded with double quotes throws an error while running a KPI Generated Search
2022-08-16 ITSI-25834 Not able to create KPIs from Metric Based KPI Base Search

Workaround:
Need to create KPI with metric based search instead of metric based KPI Base Search.

Performance

Date filed Issue number Description
2023-04-26 ITSI-29672 KPI preview fails to render sometimes

Workaround:
NA

Service Analyzer

Date filed Issue number Description
2023-02-17 ITSI-28826 Changes to health score color values in threshold_labels.conf do not appear in the service analyzer.
2022-02-17 ITSI-22146 Different users with same role itoa_team_admin cannot modify saved service analyzer.

Workaround:
Upgrade ITSI to version 4.13.x or 4.15.0

Service Templates

Date filed Issue number Description
2022-08-23 ITSI-25903 Threshold Template Sync Fails with Empty Alert Values in threshold template

Uncategorized issues

Date filed Issue number Description
2023-03-20 ITSI-29133 Episode Review dashboard panel for Noise reduction should not show "Missing property: majorValue"
2023-01-09 ITSI-27961 Bidirectional Ticketing Correlation Search hits "subsearch limit of 50000 reached" when the collection itsi_notable_event_ticketing has more than 50000 entries

Workaround:
# Navigate to ITSI -> Configuration -> Correlation Searches
  1. Click on Bidirectional Ticketing
  2. Paste the following search in the Search field and then click on Save. Also enable the CS if it has been disabled

{noformat}| datamodel Ticket_Management Incident search | rename All_Ticket_Management.ticket_id as ticket_id | join ticket_id [search sourcetype="snow:incident" index="<snow_index>" | where _indextime > now() - <max_lookback_time>] | lookup itsi_notable_event_external_ticket tickets.ticket_id as ticket_id OUTPUTNEW tickets.ticket_system event_id | where isnotnull(event_id) | rename tickets.* as * | eventstats values(event_id) as group_id last(ticket_system) as ticket_system by ticket_id | fields - dv_* | table * | makemv group_id | mvexpand group_id | eval bidirectional_ticketing=1, snow_hash = number + "!" + group_id + "!" + sys_updated_on | search NOT [| search index="itsi_tracked_alerts" | fields snow_hash] | dedup snow_hash{noformat}

Change the placeholders {{<snow_index>}} and {{<max_lookback_time>}} in the above search with values according to the customer's requirements

2022-10-11 ITSI-26585 Entities status is getting "Unstable" from "Active" when installing SA4CP 1.7.0 with ITEW

Workaround:
# Go to Settings → Searches, Reports, and Alerts
  1. Select App → Content Pack for ITSI Monitoring and Alerting (DA-ITSI-CP-monitoring-alerting)
  2. Select Owner → All
  3. Click on the saved search → ITSI Import Objects - itsi_entity_name_normalizer
  4. Edit the search to → | inputlookup itsi_entities | eval entity_name=title
  5. Save the saved search
2022-07-12 ITSI-24964 ITSI Searches ("Date Range", "Date & Time Range") do not honor auto-generated values; new Real-time search option fails (tstats not supported in a real-time search)

Workaround:
For Date & Time selections: manually enter/replace any portion of the auto-filled date for both start and end dates (even if replacing with the same value); or, select date from the calendar dropdown.

For Date selection only: No workaround found so far.

2022-07-11 ITSI-24902 ITSI entity management functionality flags previously detected entities as unstable after upgrade to newer versions.

Workaround:
Delete the existing entities and let the existing entities be re-discovered during next run of the discovery search.
2021-09-01 ITSI-18709 ITSI redirects to suite_redirect 500 Internal Server Error - because of python library isolation between apps

Workaround:
Step 1: Identify all the splunklib directories within the splunk apps directory using command find . -name 'splunklib' | xargs -r ls -lah.

Step 2: For each directory listed in step 1, check if file six.py is present.

Step 3: Copy the six.py from an existing splunklib directory into all the missing directories.

Step 4: Clean the cached files using find . -name "*.pyc" -delete

Step 5: Restart Splunk on the ITE Work or ITSI search head.

2019-05-30 ITSI-3322 If you add a correlation search in ITSI which contains a sub-search returning into an eval, you get a message "Invalid search string: This search cannot be parsed when parse_only is set to true."

Workaround:
You can't use a sub-search returning into an eval in a correlation search. As a workaround, create and save a basic correlation search with all of the information you want outside of the search. Then as an admin user, go to Settings > Searches, reports, and alerts and open the correlation search you just created. Add the sub-search you were trying to add there.
Last modified on 17 January, 2024
Fixed issues in Splunk IT Service Intelligence   Removed features in Splunk IT Service Intelligence

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.14.1 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters