Related Answers
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence.
Click here for the latest version.
Download topic as PDF
Known issues in Splunk IT Service Intelligence
This version of IT Service Intelligence (ITSI) has the following known issues and workarounds.
Highlighted issues
| Date filed | Issue number | Description |
|---|---|---|
| 2022-09-07 | ITSI-26097 | Entities and vital metrics are not populating on federated search setup Workaround: # Workaround for enabling entity discovery with federated search setup: Change Alternatively, you can make the change through the IT Service Intelligence interface by selecting *Settings > Searches, reports and alerts*, and then searching for the saved search name on the Searches, Reports, and Alerts page. For example, to discover *nix entities, you need go to '*ITSI Import Object - OS*' and revise '|*makeresults*' to become '|makeresults | head 1' 2. Workaround to ensure that vital metrics populate with federated search setup: a. Change '|makeresults' to '|makeresults | head 1' in the following two macros i. |
Adaptive Thresholding
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-21 | ITSI-29200 | Change in the threshold value of a KPI in a service template does not update in the services linked to it. Workaround: In the threshold editor, create a new temporary time policy, save, and select *Replace all KPI thresholds.* This will force the propagation of all time policies to all linked services. After this occurs, you can also delete the extra policy. |
Entities
| Date filed | Issue number | Description |
|---|---|---|
| 2022-09-07 | ITSI-26097 | Entities and vital metrics are not populating on federated search setup Workaround: # Workaround for enabling entity discovery with federated search setup: Change Alternatively, you can make the change through the IT Service Intelligence interface by selecting *Settings > Searches, reports and alerts*, and then searching for the saved search name on the Searches, Reports, and Alerts page. For example, to discover *nix entities, you need go to '*ITSI Import Object - OS*' and revise '|*makeresults*' to become '|makeresults | head 1' 2. Workaround to ensure that vital metrics populate with federated search setup: a. Change '|makeresults' to '|makeresults | head 1' in the following two macros i. |
Notable Events
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-23 | ITSI-29214 | Episode Detail Panel does not display full name of user correctly |
| 2023-03-14 | ITSI-29095 | Episode Detail Dashboard does not show updated token values |
| 2023-01-16 | ITSI-28046 | Alert action configuration UI not loaded in ITSI when the count of alert actions exceed 30 Workaround: Keep the count of alert actions in the instance below 30 |
| 2022-12-20 | ITSI-27751 | Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios Workaround: Avoid using brackets (), extra whitespaces, the operator !=, and double quotes "" in the search filter |
| 2022-12-06 | ITSI-27595 | Actions Rules field names in UI not keeping the upper case upon save |
Notable Event Aggregation Policies
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-23 | ITSI-29214 | Episode Detail Panel does not display full name of user correctly |
| 2023-03-14 | ITSI-29095 | Episode Detail Dashboard does not show updated token values |
| 2023-01-16 | ITSI-28046 | Alert action configuration UI not loaded in ITSI when the count of alert actions exceed 30 Workaround: Keep the count of alert actions in the instance below 30 |
| 2022-12-20 | ITSI-27751 | Episode Review arbitrary search filter with AND & OR conditions fail to match events under certain scenarios Workaround: Avoid using brackets (), extra whitespaces, the operator !=, and double quotes "" in the search filter |
| 2022-12-06 | ITSI-27595 | Actions Rules field names in UI not keeping the upper case upon save |
Glass Table
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-09 | ITSI-29073 | ITSI Glass Table tableFormat rowBackgroundColors - not coloring all the rows background |
| 2023-01-05 | ITSI-27886 | splunk.markdown adds unexpected background colour and text colour when leading spaces are used in text |
| 2022-12-20 | ITSI-27743 | Drilldown and URL link in Glass Table may open double tabs/windows |
| 2021-12-17 | ITSI-20748 | Service Swapping weirdness on Glass Table |
Maintenance Window
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-12 | ITSI-29078 | Retired Entities not being filtered out of Maintenance Window List of Entities |
Service Analyzer
| Date filed | Issue number | Description |
|---|---|---|
| 2023-02-17 | ITSI-28826 | Changes to health score color values in threshold_labels.conf do not appear in the service analyzer. |
Service Templates
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-21 | ITSI-29200 | Change in the threshold value of a KPI in a service template does not update in the services linked to it. Workaround: In the threshold editor, create a new temporary time policy, save, and select *Replace all KPI thresholds.* This will force the propagation of all time policies to all linked services. After this occurs, you can also delete the extra policy. |
| 2022-10-18 | ITSI-26757 | Refresh queue is overriding base service template object while linking the service to it for more than 15 concurrent service creation. |
Threshold Templates
| Date filed | Issue number | Description |
|---|---|---|
| 2023-03-21 | ITSI-29200 | Change in the threshold value of a KPI in a service template does not update in the services linked to it. Workaround: In the threshold editor, create a new temporary time policy, save, and select *Replace all KPI thresholds.* This will force the propagation of all time policies to all linked services. After this occurs, you can also delete the extra policy. |
Uncategorized issues
| Date filed | Issue number | Description |
|---|---|---|
| 2023-02-17 | ITSI-28829 | The timebased breaking event replaces the episode information fields. |
| 2023-02-15 | ITSI-28820, ITSI-28804 | ITSI Service created from ITSI Template with filter field defined but filter condition not defined will cause the Service to load all entities. Workaround: Disabled all the services that had Entity filter rule set to matchesblank to blank value. Or Have a valid filter rule defined in the services with values in the values field. |
| 2023-01-02 | ITSI-27863 | Vital metrics show up as N/A for individual entities in Entity Overview Page Workaround: The macro has the id field which is getting used in all entity types and saved searches. Remove the id field from the vital metrics SPL and split by fields, or rename this field. |
| 2022-12-20 | ITSI-27741 | When closing episodes in bulk, episodes with different statuses display as closed but aren't actually closed. Workaround: During the bulk update of the episodes from the UI, make sure that all the Episodes selected for the bulk update at a time have same Status. |
| 2022-12-08 | ITSI-27623 | Episode reviews page shows Access Denied for filters with objects no longer existed |
| 2022-12-07 | ITSI-27599 | Status 414 when attempting to retire 12000 entities Workaround: Try to retire entities in batch of 7000 entities. |
| 2022-11-22 | ITSI-27450, ITSI-27449, ITSI-27451 | is_partial_data=0 is not working as Documented for maintenance_services_interface/<object_type>/<_key> Workaround: Use Template:Is partial data= to use it as Template:Is partial data=0 |
| 2022-11-22 | ITSI-27449, ITSI-27450 | The is_partial_data=0 is not working as Documented for itoa_interface/<object_type>/<_key> POST call Workaround: Use Template:Is partial data= to use it as Template:Is partial data=0 |
| 2022-10-11 | ITSI-26585 | Entities status is getting "Unstable" from "Active" when installing SA4CP 1.7.0 with ITEW Workaround: # Go to Settings → Searches, Reports, and Alerts
|
| 2022-07-11 | ITSI-24902 | ITSI entity management functionality flags previously detected entities as unsable after upgrade to newer versions. Workaround: Delete the existing entities and let the existing entities be re-discovered during next run of the discovery search. |
| 2021-09-01 | ITSI-18709 | ITSI redirects to suite_redirect 500 Internal Server Error - because of python library isolation between apps Workaround: Step 1: Identify all the splunklib directories within the splunk apps directory using command find . -name 'splunklib' | xargs -r ls -lah.
Step 2: For each directory listed in step 1, check if file Step 3: Copy the Step 4: Clean the cached files using Step 5: Reload the ITE Work app. |
| 2019-05-30 | ITSI-3322 | If you add a correlation search in ITSI which contains a sub-search returning into an eval, you get a message "Invalid search string: This search cannot be parsed when parse_only is set to true." Workaround: You can't use a sub-search returning into an eval in a correlation search. As a workaround, create and save a basic correlation search with all of the information you want outside of the search. Then as an admin user, go to Settings > Searches, reports, and alerts and open the correlation search you just created. Add the sub-search you were trying to add there. |
All ITSI Modules
| Publication date | Issue number | Description |
|---|---|---|
| 2017-03-21 | ITOA-7585 | When you bulk add services and an error caused by the racing condition occurs, the incorrect message "itsi_module does not exist" is displayed. |
| 2017-03-07 | MOD-979 | KPIs do not have consistent backfill settings across all modules. |
| 2017-01-17 | MOD-452 | The Analyze KPI button on the Service Details page is broken. |
| 2017-01-17 | MOD-402 | The Export to PDF option does not work in the drilldown to a module. |
| 2017-01-17 | MOD-296 | The extendable tab XML generator REST endpoint is located in DA-ITSI-OS instead of in common components where it can be used by all modules. |
| 2017-01-17 | MOD-591 | ITSI displays a misleading error message when a KPI template contains a field that cannot be resolved. |
| 2017-01-17 | MOD-498 | There is no upper limit to the number of characters a KPI title or description can contain. Long strings can negatively affect performance. |
| 2017-01-17 | MOD-309 | The Gruntfile.js included in ITSI modules uses double quotes instead of single quotes, which does not conform to the standard for all JavaScript files. |
| 2017-04-17 | MOD-2002 | When you drilldown from the Events tab, an "Invalid earliest_time" error occurs.
|
| 2017-01-17 | MOD-439 | Some modules do not have descriptions for saved searches. |
Application Server Module
| Publication date | Issue number | Description |
|---|---|---|
| 2017-01-27 | MOD-492 | If you reuse the same panel within a dashboard, the duplicate panel does not display any event data. |
Cloud Services Module
There are no known issues for this release.
Database Module
| Publication date | Issue number | Description |
|---|---|---|
| 2017-01-17 | MOD-586 | When a lookup is not configured for TA-Microsoft-SqlServer, ITSI displays a misleading error message on the server drilldown page. |
End User Experience Module
There are no known issues for this release.
Load Balancer Module
| Publication date | Issue number | Description |
|---|---|---|
| 2017-01-27 | MOD-492 | If you reuse the same panel within a dashboard, the duplicate panel does not display any event data. |
Operating System Module
| Publication date | Issue number | Description |
|---|---|---|
| 2017-04-13 | MOD-555 | The Storage Free Space % base search runs every minute while the Linux df command runs every 5 minutes. This causes data gaps. |
| 2017-04-10 | MOD-1964 | Windows data for memory free space is collected at different intervals than the Memory Free % KPI. |
| 2017-01-17 | MOD-1398 | Line, stack, and area charts do not display a metric gap when no metrics are available during a time period. |
Storage Module
There are no known issues for this release.
Virtualization Module
There are no known issues for this release.
Web Server Module
| Publication date | Issue number | Description |
|---|---|---|
| 2017-03-17 | MOD-320 | Some KPI ad hoc searches transform data with the stats command and do not retain time fields. The KPIs do not render anything and do not show thresholding details.
|
| 2017-03-17 | MOD-538 | When you add a new tab with panels and refresh the page, the page breaks. |
Last modified on 27 March, 2023
|
PREVIOUS Fixed issues in Splunk IT Service Intelligence |
NEXT Removed features in Splunk IT Service Intelligence |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.15.0
Feedback submitted, thanks!