Splunk® IT Service Intelligence

Release Notes

Splunk IT Service Intelligence (ITSI) version 4.12.x reached its End of Life on January 22, 2024. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.

Known issues in Splunk IT Service Intelligence

This version has the following known issues and workarounds.

Adaptive Thresholding

Date filed Issue number Description
2022-08-23 ITSI-25903 Threshold Template Sync Fails with Empty Alert Values in threshold template

Backup/Restore and Migration Issues

Date filed Issue number Description
2022-09-15 ITSI-26204 ITSI Default Scheduled Backup taking hours to complete after upgrade to 4.11.5 (it used to be minutes)

Workaround:
* Run the below curl command to delete the entry in the collection Template:Itsi migration status

{noformat}curl -ku admin https://localhost:8089/servicesNS/nobody/SA-ITOA/storage/collections/data/itsi_migration_status -X DELETE{noformat}

Notable Events

Date filed Issue number Description
2022-12-20 ITSI-27751 Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios

Workaround:
Avoid using brackets (), extra whitespaces, the operator !=, and double quotes "" in the search filter
2022-01-25 ITSI-21269 The grouping of Bidirectional Ticketing events sets the episode KV store state to faulty values

KPI Base Searches

Date filed Issue number Description
2022-08-23 ITSI-25903 Threshold Template Sync Fails with Empty Alert Values in threshold template

KPI Search Calculation

Date filed Issue number Description
2022-04-28 ITSI-23284 Deleted KPI lanes still showing in deep dive when the URL is refreshed.

Service Analyzer

Date filed Issue number Description
2023-02-17 ITSI-28826 Changes to health score color values in threshold_labels.conf do not appear in the service analyzer.

Service Templates

Date filed Issue number Description
2022-08-23 ITSI-25903 Threshold Template Sync Fails with Empty Alert Values in threshold template

Uncategorized issues

Date filed Issue number Description
2023-01-09 ITSI-27961 Bidirectional Ticketing Correlation Search hits "subsearch limit of 50000 reached" when the collection itsi_notable_event_ticketing has more than 50000 entries

Workaround:
# Navigate to ITSI -> Configuration -> Correlation Searches
  1. Click on Bidirectional Ticketing
  2. Paste the following search in the Search field and then click on Save. Also enable the CS if it has been disabled

{noformat}| datamodel Ticket_Management Incident search | rename All_Ticket_Management.ticket_id as ticket_id | join ticket_id [search sourcetype="snow:incident" index="<snow_index>" | where _indextime > now() - <max_lookback_time>] | lookup itsi_notable_event_external_ticket tickets.ticket_id as ticket_id OUTPUTNEW tickets.ticket_system event_id | where isnotnull(event_id) | rename tickets.* as * | eventstats values(event_id) as group_id last(ticket_system) as ticket_system by ticket_id | fields - dv_* | table * | makemv group_id | mvexpand group_id | eval bidirectional_ticketing=1, snow_hash = number + "!" + group_id + "!" + sys_updated_on | search NOT [| search index="itsi_tracked_alerts" | fields snow_hash] | dedup snow_hash{noformat}

Change the placeholders {{<snow_index>}} and {{<max_lookback_time>}} in the above search with values according to the customer's requirements

2022-12-20 ITSI-27741 When closing episodes in bulk, episodes with different statuses display as closed but aren't actually closed.

Workaround:
During the bulk update of the episodes from the UI, make sure that all the Episodes selected for the bulk update at a time have same Status.
2022-10-13 ITSI-26687 Vital metric sorting has a small caveat while filtering with entity Dimension filter on the Infrastructure overview page
2021-09-01 ITSI-18709 ITSI redirects to suite_redirect 500 Internal Server Error - because of python library isolation between apps

Workaround:
Step 1: Identify all the splunklib directories within the splunk apps directory using command find . -name 'splunklib' | xargs -r ls -lah.

Step 2: For each directory listed in step 1, check if file six.py is present.

Step 3: Copy the six.py from an existing splunklib directory into all the missing directories.

Step 4: Clean the cached files using find . -name "*.pyc" -delete

Step 5: Restart Splunk on the ITE Work or ITSI search head.

Last modified on 03 August, 2023
Fixed issues in Splunk IT Service Intelligence   Removed features in Splunk IT Service Intelligence

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.12.2 Cloud only

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters