Troubleshoot the Content Pack for ITSI Monitoring and Alerting
Follow these troubleshooting tips for the Content Pack for ITSI Monitoring and Alerting if you are experiencing errors or it is otherwise not working as you expect.
Notable Event Aggregation Policy (NEAP) isn't working as expected
Problem
The filter criteria for the below Notable Event Aggregation Policies (NEAP) isn't working as expected:
- Episodes by Alarm
- Episodes by Alert Group
- Episodes by ITSI Service
- Episodes by Src
Cause
The definition of the NEAPs use this filter criteria:
"config": { "field": "itsi_policy_id", "operator": "=", "value": "<uuid>" }
In previous versions of the content pack the uuid was hard coded. Ideally, the value for the itsi_policy_id field is the ID of the NEAP.
Solution
Follow these steps to update the value of the itsi_policy_id field to use the ID for the NEAPs:
- Log in into the Splunk instance with ITSI.
- Go to the IT Service Intelligence app.
- Go to Configuration > Notable Event Aggregation Policies.
- For each NEAP follow these steps:
- Select a NEAP, and select the Filter Criteria and Instructions tab.
- Under include the events if, replace the value in the itsi_policy_id field as per this table:
NEAP Existing itsi_policy_id New itsi_policy_id Episodes by Alarm cef5eec4-2dcc-11eb-8ffb-0671d5072164 da-itsi-cp-monitoring-alerting-episodes-by-alarm Episodes by Alert Group e3ec489a-04b1-11ea-8567-021bca2da03d da-itsi-cp-monitoring-alerting-episodes-by-alert-group Episodes by ITSI Service 48a35d46-0557-11ea-9716-021bca2da03d da-itsi-cp-monitoring-alerting-episodes-by-itsi-service Episodes by Src 76073f1c-303c-11eb-8ffe-0671d5072164 da-itsi-cp-monitoring-alerting-episodes-by-src
- Select on Preview results to preview the results for the new NEAP filter criteria.
- Select Save.
View and manage episodes with the Content Pack for ITSI Monitoring and Alerting | About the correlation searches in the Content Pack for ITSI Monitoring and Alerting |
This documentation applies to the following versions of Content Pack for ITSI Monitoring and Alerting: 2.0.2, 2.0.3
Feedback submitted, thanks!