Content Pack for ITSI Monitoring and Alerting

Content Pack for ITSI Monitoring and Alerting

Release Notes for the Content Pack for ITSI Monitoring and Alerting

Version 2.3.0 of the Content Pack for ITSI Monitoring and Alerting was released on July 13, 2023. Here's what to expect from this version.

New features

New features of the Content Pack for ITSI Monitoring and Alerting include the following. If no new features table is listed, this is a maintenance release.

New feature or enhancement Description
Mapping for the service_name field in the itsi_summary index is now driven by SPL command rather than by automatic lookup from the content pack for ITSI Monitoring and Alerting Automatic lookup responsible for returning the service_name field for the itsi_summary index is removed when users upgrade to Splunk App for Content Packs 2.0.0. This change to service name field mapping protocol in Service and Episode Monitoring Correlation Searches improves data reliability by eliminating the previous requirement for refreshing automatic lookup periodically to ensure that the service_name field populated for all records in the itsi_summary index.

If you rely on the service_name field, this change affects you.

To obtain the service_name for a given serviceid, use an SPL (Search Processing Language) lookup command. In order to search, filter or report on service_name from the itsi_summary index, you must add the following lookup after your initial search:
|lookup service_kpi_lookup _key AS serviceid OUTPUT title AS service_name

By executing this SPL command, you can retrieve the service_name field from the service_kpi_lookup file.
Example code snippet for updated search:

index=itsi_summary 
| lookup service_kpi_lookup _key AS serviceid OUTPUT title AS service_name
| search service_name="*Web*"
Enhanced support for itsi_instruction in itsi_kpi_attributes lookup This improves the accessibility of instructions for KPI or SHS notable events. By incorporating the itsi_instruction field into the itsi_kpi_attributes lookup, customers have a designated location to provide and retrieve instructions, facilitating easier utilization of this important information.
Update entity normalizer search to support a new status tracking field This enhancement introduces a more efficient approach for handling unstable entities in the normalizer discovery search. By using a new flag, the search can exclude its contribution to overall entity status, improving the accuracy of status calculation.
Support for a new KPI, 'Incoming Alerts by Monitoring Tool,' in ITSI Alert Analytics Service With this KPI incorporated into service templates and the default Alert Monitoring service, customers gain visibility into the sources of incoming alerts, aiding them in optimizing their alert management workflows.

Fixed issues

This version of the Content Pack for ITSI Monitoring and Alerting has these reported fixed issues. If no fixed issues are listed in the following table, no issues have been reported.

Date resolved Issue number Description
June 26, 2023 ITOPA-3 Update ITSI Alert and Episode Monitoring Aggregation Policy to exclude events from other itsi_policy_ids
June 26, 2023 ITOPA-50 Update Episode Monitoring alerts to specify now() for _time to better support param.is_use_event_time configuration in alert_actions.conf.
June 26, 2023 ITOPA-52 The episode_contact_map and episode_contact_detail fields are accidentally being removed for Episode Monitoring - Set Episode to Highest Alarm Severity notables.

Known issues

This version of the Content Pack for ITSI Monitoring and Alerting has the following reported known issues and workarounds. If no issues appear below, no issues have yet been reported.

Last modified on 12 July, 2023
About the Content Pack for ITSI Monitoring and Alerting   Obtain service_name

This documentation applies to the following versions of Content Pack for ITSI Monitoring and Alerting: 2.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters