Splunk® IT Service Intelligence

Administration Manual

Splunk IT Service Intelligence (ITSI) version 4.11.x reached its End of Life on December 6, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.

notable_event_commonality.conf

The following are the spec and example files for notable_event_commonality.conf.

notable_event_commonality.conf.spec

# This file contains possible attribute/value pairs for blacklisting 
# notable event fields from the Common Fields section of episodes.
#
# There is a notable_event_commonality.conf in $SPLUNK_HOME/etc/apps/SA-ITOA/default/.
# To set custom configurations, place a notable_event_commonality.conf in
# $SPLUNK_HOME/etc/apps/SA-ITOA/local. You must restart Splunk software to enable
# configurations.
#
# To learn more about configuration files (including precedence) please see
# the documentation located at
# http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles

[common_event_fields]

black_list_fields = <comma-separated list>
* A list of field names in a notable event that will not appear in the 
  Common Fields section of an episode.
* By default, ITSI blacklists fields that are not core to the raw event
  itself, or ones that are mainly used internally. 
* Add fields here that you don't necessarily care about, but that you know
  will probably appear in most of your events.

notable_event_commonality.conf.example

No example
Last modified on 16 September, 2021
notable_event_actions.conf   notable_event_correlation.conf

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters