Customize episode severities in ITSI
An episode's severity in IT Service Intelligence (ITSI) is determined by the severities of the individual notable events within the episode. If you configure additional severities in the itsi_notable_event_severity.conf configuration file, those severities also apply to the available severities in correlation searches and aggregation policies.
The following default severities are available for episodes:
| Severity level | Color |
|---|---|
| Critical | 
|
| High | 
|
| Medium | 
|
| Low | 
|
| Normal | 
|
| Info | 
|
Edit episode severities
An episode's severity is determined by the severities of the individual notable events within the episode. You can customize episode and event severities to match an existing workflow in your organization. In the configuration file below that governs episode severities, "color" is the default color displayed in Episode Review, while "light color" applies to prominent mode.
Prerequisites
- Only users with file system access, such as system administrators, can edit episode and event severities using configuration files.
- Review the steps in How to edit a configuration file in the Splunk Enterprise Admin Manual.
- You can have configuration files with the same name in your default, local, and app directories. Read Where you can place (or find) your modified configuration files in the Splunk Enterprise Admin Manual.
Never change or copy the configuration files in the default directory. The files in the default directory must remain intact and in their original location. Make changes to the files in the local directory.
Steps
- Open or create a local itsi_notable_event_severity.conf file at
$SPLUNK_HOME/etc/apps/SA-ITOA/local. - Add, modify, or remove severities as necessary depending on the existing workflow in your organization.
[1] color = #AED3E5 lightcolor = #E3F0F6 label = Info default = 1 [2] color = #99D18B lightcolor = #DCEFD7 label = Normal [3] color = #FFE98C lightcolor = #FFF4C5 label = Low [4] color = #FCB64E lightcolor = #FEE6C1 label = Medium [5] color = #F26A35 lightcolor = #FBCBB9 label = High [6] color = #B50101 lightcolor = #E5A6A6 label = Critical
| Customize episode statuses in ITSI | Modify episode fields through the REST API |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1, 4.19.0, 4.19.1
Download manual
Feedback submitted, thanks!