This documentation does not apply to the most recent version of Splunk® IT Service Intelligence.
For documentation on the most recent version, go to the latest release.
Known issues in Splunk IT Service Intelligence
This version of IT Service Intelligence (ITSI) has the following known issues and workarounds.
Adaptive Thresholding
| Date filed | Issue number | Description |
|---|---|---|
| 2024-09-04 | ITSI-37270 | Use Recommended Thresholding Configuration cannot use all backfilled events Workaround: While backfilling the KPI customer can set the fill data gaps option other than Template:Last available value and after backfill completes successfully they can switch the option to Template:Last available value. |
| 2024-04-12 | ITSI-35070 | On few KPIs using adaptive threshold, the results from the scheduled overnight run seem very different from the preview adaptive threshold results Workaround: Add {{| where not isnull(alert_value)}} before Template:Applyat command in the AT search to remove the empty Template:Alert value events. |
Backup/Restore and Migration Issues
| Date filed | Issue number | Description |
|---|---|---|
| 2024-02-08 | ITSI-34394 | Backup job "Default Scheduled Backup" fails. Error: 'transforms' Workaround: Turn off the Include .conf files option for the Default Scheduled Backup, or when the user creates a full backup. |
| 2024-01-11 | ITSI-33748 | When restoring objects in ITSI, the restore page does not display the macros of another app used in ITSI searches. Workaround: * Give the Template:All apps Template:Read Template:Write permission to macro and re-triggered the restore |
| 2024-01-09 | ITSI-33724 | Backup is not getting restored when custom saved searches are used in the service Workaround: * re-triggered the restore without any changes. |
Bulk Import
| Date filed | Issue number | Description |
|---|---|---|
| 2024-01-11 | ITSI-33751 | Incorrect count of entities created/updated/skipped is reported when importing entities via search Workaround: Not needed |
Entities
| Date filed | Issue number | Description |
|---|---|---|
| 2023-12-04 | ITSI-33264 | Switching the Studio Dashboards or changing the global time range picker resets the token to the default value Workaround: # Modify the tokens after syncing the global time range picker, if you need to modify the global time range. |
| 2023-09-11 | ITSI-32014 | On Windows type entity_detail page, for the Process Monitoring Info table within Modal, after adjusting the column width, if we move the mouse, the height and width of the column changes Workaround: To resize a column, press Tab until the focus is on the column resize button handle, then use arrow left/right to resize. |
Entity Rules
| Date filed | Issue number | Description |
|---|---|---|
| 2024-05-06 | ITSI-35571 | New entities are not added to linked services even if they match the filter conditions |
Notable Events
| Date filed | Issue number | Description |
|---|---|---|
| 2024-06-25 | ITSI-36467 | Investigate the ConcurrentModificationException in rules engine process Workaround: Update the below changes *on each SH* to disable async execution of actions in Rules Engine.
{noformat}rules_engine_feature_disabled_list = POLICY_EXECUTOR_ASYNC_SUB_ACTORS, POLICY_EXECUTOR_STATE_RECOVERY, SORT_NOTABLE_EVENTS, RUN_ACTION_ASYNC{noformat}
|
| 2024-06-20 | ITSI-36397 | Actions are not performed if the event is breaking the episode based on the timebased criteria and grouping into a new group. Workaround: Reset Template:Policy rules check frequency delay to 60000 under Template:$SPLUNK HOME/etc/apps/SA-ITOA/local/itsi rules engine.properties OR Update the action rules in the new to perform the action when Template:Number of events in this episode is less than or equals to 2 if the action is Template:Number of events in this episode is == 1 |
| 2024-06-10 | ITSI-36103, ITSI-36215 | NEAP action rules triggers false alert emails even though the conditions are not satisfied |
| 2024-02-13 | ITSI-34430 | Groups Restore in rules engine should not be done based on the bidirectional ticketing events |
| 2024-02-08 | ITSI-34393 | BDT event should not satisfy 'if episode is broken' action rule for inactive episodes |
| 2023-10-27 | ITSI-32723 | Newlines are converted to spaces when posting a comment to an Episode |
| 2023-09-21 | ITSI-32156 | preview results not working while NEAP creation in windows setup |
| 2023-06-19 | ITSI-31057 | host field value not visible to Rules Engine |
Notable Event Aggregation Policies
| Date filed | Issue number | Description |
|---|---|---|
| 2024-06-25 | ITSI-36467 | Investigate the ConcurrentModificationException in rules engine process Workaround: Update the below changes *on each SH* to disable async execution of actions in Rules Engine.
{noformat}rules_engine_feature_disabled_list = POLICY_EXECUTOR_ASYNC_SUB_ACTORS, POLICY_EXECUTOR_STATE_RECOVERY, SORT_NOTABLE_EVENTS, RUN_ACTION_ASYNC{noformat}
|
| 2024-06-20 | ITSI-36397 | Actions are not performed if the event is breaking the episode based on the timebased criteria and grouping into a new group. Workaround: Reset Template:Policy rules check frequency delay to 60000 under Template:$SPLUNK HOME/etc/apps/SA-ITOA/local/itsi rules engine.properties OR Update the action rules in the new to perform the action when Template:Number of events in this episode is less than or equals to 2 if the action is Template:Number of events in this episode is == 1 |
| 2024-06-10 | ITSI-36103, ITSI-36215 | NEAP action rules triggers false alert emails even though the conditions are not satisfied |
| 2024-02-13 | ITSI-34430 | Groups Restore in rules engine should not be done based on the bidirectional ticketing events |
| 2024-02-08 | ITSI-34393 | BDT event should not satisfy 'if episode is broken' action rule for inactive episodes |
| 2023-10-27 | ITSI-32723 | Newlines are converted to spaces when posting a comment to an Episode |
| 2023-09-21 | ITSI-32156 | preview results not working while NEAP creation in windows setup |
| 2023-06-19 | ITSI-31057 | host field value not visible to Rules Engine |
Service Analyzer
| Date filed | Issue number | Description |
|---|---|---|
| 2024-05-01 | ITSI-35514 | For KPI configured with fill data gaps with null values and set severities for null value to be other than unknown, alert_value is not present in metric index results into service analyzer does not display lane for those KPIs Workaround: For the problematic KPI change the fill data gaps with Template:N/A to have some custom value or set the Template:Threshold level for the null value to Template:Unknown |
| 2024-02-08 | ITSI-34391 | Sidepanel in Service Analyzer does not update KPI values |
Service Definition
| Date filed | Issue number | Description |
|---|---|---|
| 2024-09-10 | ITSI-37299 | Discrepancy in the "Per-Entity Threshold Value" graph |
| 2024-04-22 | ITSI-35260 | Entities not displaying entity_types correctly in Service Definition page |
| 2024-01-23 | ITSI-34074 | Unable to create a service when opening the create service modal before the service template API call is done |
| 2024-01-12 | ITSI-33754 | Simulated Health Score is not working as expected when service dependencies is add to service Workaround: After saving the service, Simulated Health Score calculation work as expected |
Service Health Score
| Date filed | Issue number | Description |
|---|---|---|
| 2024-01-15 | ITSI-33760 | Service health score is not getting calculated properly for 'itsi_summary_metrics' index after changing the importance of KPIs Workaround: # Replace the Template:Reorganize metrics healthscore results macro's definition with {noformat}rename itsi_kpi_id AS kpiid, itsi_service_id AS serviceid | fields kpiid, serviceid, urgency, alert_level, alert_name, service, is_service_in_maintenance, kpi{noformat}
{noformat}| mstats latest(alert_level) AS alert_level WHERE `get_itsi_summary_metrics_index` AND
`service_level_max_severity_metric_only` by itsi_kpi_id, itsi_service_id
| lookup kpi_alert_info_lookup alert_level OUTPUT severity_label AS alert_name | `mark_services_in_maintenance`
| `join_kpi_info(itsi_kpi_id)` | `reorganize_metrics_healthscore_results` | gethealth | `get_info_time_without_sid`
| lookup service_kpi_lookup _key AS itsi_service_id OUTPUT sec_grp AS itsi_team_id
| fields - alert_severity, color, kpi, kpiid, serviceid, severity_label, severity_value
| rename health_score AS service_health_score | eval is_null_alert_value=if(service_health_score="N/A", 1, 0),
service_health_score=if(service_health_score="N/A", 0, service_health_score){noformat} |
| 2024-01-12 | ITSI-33754 | Simulated Health Score is not working as expected when service dependencies is add to service Workaround: After saving the service, Simulated Health Score calculation work as expected |
Service Templates
| Date filed | Issue number | Description |
|---|---|---|
| 2024-02-09 | ITSI-34402 | Service Template editor unresponsive after upgrade to 4.18.0 |
Uncategorized issues
| Date filed | Issue number | Description |
|---|---|---|
| 2024-06-06 | ITSI-36019 | Discrepancy in time in the user_access_interface.log file |
| 2024-04-26 | ITSI-35428 | Customer wants to know whether Index references needs to be changed in scripts for default ITSI indexes. |
| 2024-03-26 | ITSI-34841 | Unable to initialize modular input "service_sandbox_sync_minder" defined in the app "SA-ITOA": Unable to locate suitable script for introspection |
| 2024-03-14 | ITSI-34680, ITSI-32474 | Browser tab title does not get updated after switching to a different saved Episode Review. Workaround: Reload the Episode Reviev page after the save to reload the Event management state |
| 2024-02-29 | ITSI-34551 | Breaking event does not trigger breaking action rules |
| 2024-02-07 | ITSI-34352 | Python runtime error occurs when upgrading glass table definitions in 4.18.0. Workaround: Created a script to apply the workaround. Waiting for the approvals. |
| 2024-01-12 | ITSI-33757 | stack "xerox" is missing "service sandbox" and "Custom Threshold Windows" from UI Workaround: If user has modified the navigation bar before the upgrade then it has created an entry in the Template:Local/data/ui/nav/default.xml and after the upgrade also Splunk will take the data from the local folder as it has the higher precedence even though it has the updated entry in the Template:Default/data/ui/nav/default.xml with new options. To fix this issue manually add the options from {{settings -> User interface -> Navigation menus}} and select default for the itsi app and add missing entry for the options from Template:Default/data/ui/nav/default.xml |
| 2024-01-09 | ITSI-33715 | Recommender returns same threshold value for different severity in case of difference in data in decimal points |
| 2024-01-04 | ITSI-33656, ITSI-33634 | Broken KPIs link after deleting service template in Service Sandbox |
| 2024-01-02 | ITSI-33632 | The ping host action shows "Failed" in header activity detail |
| 2023-12-22 | ITSI-33539 | Closing an Episode when Rules Engine is disabled does not break the Episode |
| 2023-12-21 | ITSI-33527 | ELM Policy is executed at a different time then the time shown in the UI after changing the time zone. |
| 2023-12-20 | ITSI-33491 | 'index', 'splunk_server' and 'splunk_server_group' can not be added by 'Add Column' functionality on episode review page |
| 2023-12-07 | ITSI-33278 | Cannot create a correlation search with all special character |
| 2023-10-09 | ITSI-32420 | Retired entities are automatically restored again and marked retirable. |
| 2023-10-09 | ITSI-32413, ITSI-32000 | Wrong activity message while running action, when configured Hybrid Action Dispatch |
| 2023-09-04 | ITSI-31923 | After Changing Splunkd Custom Management Port, the Remedy Action is not working on Windows Instance |
Last modified on 18 October, 2024
| Fixed issues in Splunk IT Service Intelligence | Removed features in Splunk IT Service Intelligence |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.18.0
Download manual
Feedback submitted, thanks!