Known issues in Splunk IT Service Intelligence
This version has the following known issues and workarounds.
Adaptive Thresholding
Date filed | Issue number | Description |
---|---|---|
2023-04-26 | ITSI-29672 | KPI preview fails to render sometimes Workaround: NA |
2022-08-23 | ITSI-25903 | Threshold Template Sync Fails with Empty Alert Values in threshold template |
Backup/Restore and Migration Issues
Date filed | Issue number | Description |
---|---|---|
2022-09-15 | ITSI-26204 | ITSI Default Scheduled Backup taking hours to complete after upgrade to 4.11.5 (it used to be minutes) Workaround: * Run the below curl command to delete the entry in the collection Template:Itsi migration status {noformat}curl -ku admin https://localhost:8089/servicesNS/nobody/SA-ITOA/storage/collections/data/itsi_migration_status -X DELETE{noformat} |
Notable Events
Date filed | Issue number | Description |
---|---|---|
2023-06-29 | ITSI-31192 | All Events tab does not render default columns if they are not present in NEAP JSON definition Workaround: # Use the latest ITSI Backup file to edit the NEAP JSON definition and remove the property Template:All events columns and restore the backup.
|
2023-01-16 | ITSI-28046 | Alert action configuration UI not loaded in ITSI when the count of alert actions exceed 30 Workaround: Keep the count of alert actions in the instance below 30 |
2022-12-20 | ITSI-27751 | Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios Workaround: Avoid using brackets () , extra whitespaces, the operator != , and double quotes "" in the search filter |
Glass Table
Date filed | Issue number | Description |
---|---|---|
2022-12-20 | ITSI-27743 | Drilldown and URL link in Glass Table may open double tabs/windows |
2022-07-29 | ITSI-25262 | Font size adjustments and drilldowns for text are not working properly for glass tables after upgrading to ITSI 4.13.1 Workaround: Issue 1: The font size is not adjustable. Font size can be adjusted in splunk.markdown at some level with use of the H button from the UI.
Issue 2: Drilldown is not supported. A custom URL can be used in splunk.markdown in place of the drilldown. |
KPI Base Searches
Date filed | Issue number | Description |
---|---|---|
2022-10-05 | ITSI-26497 | app/itsi/kpi_base_searches_lister error Workaround: N/A |
2022-08-23 | ITSI-25903 | Threshold Template Sync Fails with Empty Alert Values in threshold template |
2022-08-16 | ITSI-25834 | Not able to create KPIs from Metric Based KPI Base Search Workaround: Need to create KPI with metric based search instead of metric based KPI Base Search. |
KPI Search Calculation
Date filed | Issue number | Description |
---|---|---|
2022-12-16 | ITSI-27721 | KPI title surrounded with double quotes throws an error while running a KPI Generated Search |
2022-08-16 | ITSI-25834 | Not able to create KPIs from Metric Based KPI Base Search Workaround: Need to create KPI with metric based search instead of metric based KPI Base Search. |
Performance
Date filed | Issue number | Description |
---|---|---|
2023-04-26 | ITSI-29672 | KPI preview fails to render sometimes Workaround: NA |
Service Analyzer
Date filed | Issue number | Description |
---|---|---|
2023-02-17 | ITSI-28826 | Changes to health score color values in threshold_labels.conf do not appear in the service analyzer. |
2022-02-17 | ITSI-22146 | Different users with same role itoa_team_admin cannot modify saved service analyzer. Workaround: Upgrade ITSI to version 4.13.x or 4.15.0 |
Service Templates
Date filed | Issue number | Description |
---|---|---|
2022-08-23 | ITSI-25903 | Threshold Template Sync Fails with Empty Alert Values in threshold template |
Uncategorized issues
Date filed | Issue number | Description |
---|---|---|
2023-03-20 | ITSI-29133 | Episode Review dashboard panel for Noise reduction should not show "Missing property: majorValue" |
2023-01-09 | ITSI-27961 | Bidirectional Ticketing Correlation Search hits "subsearch limit of 50000 reached" when the collection itsi_notable_event_ticketing has more than 50000 entries Workaround: # Navigate to ITSI -> Configuration -> Correlation Searches
{noformat}| datamodel Ticket_Management Incident search | rename All_Ticket_Management.ticket_id as ticket_id | join ticket_id [search sourcetype="snow:incident" index="<snow_index>" | where _indextime > now() - <max_lookback_time>] | lookup itsi_notable_event_external_ticket tickets.ticket_id as ticket_id OUTPUTNEW tickets.ticket_system event_id | where isnotnull(event_id) | rename tickets.* as * | eventstats values(event_id) as group_id last(ticket_system) as ticket_system by ticket_id | fields - dv_* | table * | makemv group_id | mvexpand group_id | eval bidirectional_ticketing=1, snow_hash = number + "!" + group_id + "!" + sys_updated_on | search NOT [| search index="itsi_tracked_alerts" | fields snow_hash] | dedup snow_hash{noformat} Change the placeholders {{<snow_index>}} and {{<max_lookback_time>}} in the above search with values according to the customer's requirements |
2022-10-11 | ITSI-26585 | Entities status is getting "Unstable" from "Active" when installing SA4CP 1.7.0 with ITEW Workaround: # Go to Settings → Searches, Reports, and Alerts
|
2022-07-12 | ITSI-24964 | ITSI Searches ("Date Range", "Date & Time Range") do not honor auto-generated values; new Real-time search option fails (tstats not supported in a real-time search) Workaround: For Date & Time selections: manually enter/replace any portion of the auto-filled date for both start and end dates (even if replacing with the same value); or, select date from the calendar dropdown. For Date selection only: No workaround found so far. |
2022-07-11 | ITSI-24902 | ITSI entity management functionality flags previously detected entities as unstable after upgrade to newer versions. Workaround: Delete the existing entities and let the existing entities be re-discovered during next run of the discovery search. |
2021-09-01 | ITSI-18709 | ITSI redirects to suite_redirect 500 Internal Server Error - because of python library isolation between apps Workaround: Step 1: Identify all the splunklib directories within the splunk apps directory using command find . -name 'splunklib' | xargs -r ls -lah .
Step 2: For each directory listed in step 1, check if file Step 3: Copy the Step 4: Clean the cached files using Step 5: Restart Splunk on the ITE Work or ITSI search head. |
2019-05-30 | ITSI-3322 | If you add a correlation search in ITSI which contains a sub-search returning into an eval, you get a message "Invalid search string: This search cannot be parsed when parse_only is set to true." Workaround: You can't use a sub-search returning into an eval in a correlation search. As a workaround, create and save a basic correlation search with all of the information you want outside of the search. Then as an admin user, go to Settings > Searches, reports, and alerts and open the correlation search you just created. Add the sub-search you were trying to add there. |
Fixed issues in Splunk IT Service Intelligence | Removed features in Splunk IT Service Intelligence |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.14.1 Cloud only
Feedback submitted, thanks!