Related Answers
Download topic as PDF
Known issues in Splunk IT Service Intelligence
This version has the following known issues and workarounds.
Adaptive Thresholding
| Date filed | Issue number | Description |
|---|---|---|
| 2023-04-26 | ITSI-29672 | KPI preview fails to render sometimes Workaround: NA |
| 2022-08-23 | ITSI-25903 | Threshold Template Sync Fails with Empty Alert Values in threshold template |
Backup/Restore and Migration Issues
| Date filed | Issue number | Description |
|---|---|---|
| 2022-09-15 | ITSI-26204 | ITSI Default Scheduled Backup taking hours to complete after upgrade to 4.11.5 (it used to be minutes) Workaround: * Run the below curl command to delete the entry in the collection Template:Itsi migration status {noformat}curl -ku admin https://localhost:8089/servicesNS/nobody/SA-ITOA/storage/collections/data/itsi_migration_status -X DELETE{noformat} |
Notable Events
| Date filed | Issue number | Description |
|---|---|---|
| 2023-06-29 | ITSI-31192 | All Events tab does not render default columns if they are not present in NEAP JSON definition Workaround: # Use the latest ITSI Backup file to edit the NEAP JSON definition and remove the property Template:All events columns and restore the backup.
|
| 2023-01-16 | ITSI-28046 | Alert action configuration UI not loaded in ITSI when the count of alert actions exceed 30 Workaround: Keep the count of alert actions in the instance below 30 |
| 2022-12-20 | ITSI-27751 | Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios Workaround: Avoid using brackets (), extra whitespaces, the operator !=, and double quotes "" in the search filter |
| 2022-10-25 | ITSI-26829, ITSI-26828 | Episode Review timeline search does not filter by event fields. |
| 2022-10-25 | ITSI-26825 | Episode Review timeline search is triggered even when summary dashboard is closed which wastes resources. |
Glass Table
| Date filed | Issue number | Description |
|---|---|---|
| 2022-12-20 | ITSI-27743 | Drilldown and URL link in Glass Table may open double tabs/windows |
KPI Base Searches
| Date filed | Issue number | Description |
|---|---|---|
| 2022-10-05 | ITSI-26497 | app/itsi/kpi_base_searches_lister error Workaround: N/A |
| 2022-08-23 | ITSI-25903 | Threshold Template Sync Fails with Empty Alert Values in threshold template |
Performance
| Date filed | Issue number | Description |
|---|---|---|
| 2023-04-26 | ITSI-29672 | KPI preview fails to render sometimes Workaround: NA |
Service Definition
| Date filed | Issue number | Description |
|---|---|---|
| 2022-10-11 | ITSI-26591 | Thresholding radio button selecting "Use Thresholding Template" instead of "Set Custom Thresholds" |
Service Templates
| Date filed | Issue number | Description |
|---|---|---|
| 2022-08-23 | ITSI-25903 | Threshold Template Sync Fails with Empty Alert Values in threshold template |
Uncategorized issues
| Date filed | Issue number | Description |
|---|---|---|
| 2023-11-16 | ITSI-33121 | Upgrade is stuck while upgrading from ITSI-4.13.3 to ITSI- 4.14.2 Workaround: Upgrade ITSI to higher version than 4.14.2 will fix this issue |
| 2023-03-20 | ITSI-29133 | Episode Review dashboard panel for Noise reduction should not show "Missing property: majorValue" |
| 2023-02-13 | ITSI-28792 | Fix the entity_type data type for replace conflict resolution - 4.15.1 |
| 2023-01-09 | ITSI-27961 | Bidirectional Ticketing Correlation Search hits "subsearch limit of 50000 reached" when the collection itsi_notable_event_ticketing has more than 50000 entries Workaround: # Navigate to ITSI -> Configuration -> Correlation Searches
{noformat}| datamodel Ticket_Management Incident search | rename All_Ticket_Management.ticket_id as ticket_id | join ticket_id [search sourcetype="snow:incident" index="<snow_index>" | where _indextime > now() - <max_lookback_time>] | lookup itsi_notable_event_external_ticket tickets.ticket_id as ticket_id OUTPUTNEW tickets.ticket_system event_id | where isnotnull(event_id) | rename tickets.* as * | eventstats values(event_id) as group_id last(ticket_system) as ticket_system by ticket_id | fields - dv_* | table * | makemv group_id | mvexpand group_id | eval bidirectional_ticketing=1, snow_hash = number + "!" + group_id + "!" + sys_updated_on | search NOT [| search index="itsi_tracked_alerts" | fields snow_hash] | dedup snow_hash{noformat} Change the placeholders {{<snow_index>}} and {{<max_lookback_time>}} in the above search with values according to the customer's requirements |
| 2022-12-20 | ITSI-27744 | Delays in Splunk web GUI when editing ITSI metric and changing calculation options |
| 2022-10-13 | ITSI-26687 | Vital metric sorting has a small caveat while filtering with entity Dimension filter on the Infrastructure overview page |
| 2019-05-30 | ITSI-3322 | If you add a correlation search in ITSI which contains a sub-search returning into an eval, you get a message "Invalid search string: This search cannot be parsed when parse_only is set to true." Workaround: You can't use a sub-search returning into an eval in a correlation search. As a workaround, create and save a basic correlation search with all of the information you want outside of the search. Then as an admin user, go to Settings > Searches, reports, and alerts and open the correlation search you just created. Add the sub-search you were trying to add there. |
|
PREVIOUS Fixed issues in Splunk IT Service Intelligence |
NEXT Removed features in Splunk IT Service Intelligence |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.14.2 Cloud only
Feedback submitted, thanks!