Splunk® IT Service Intelligence

Administration Manual

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF


The following are the spec and example files for itsi_team.conf.


# This file contains attributes and values for uploading ITSI teams 
# to the KV store. By default, only the Global team ships with ITSI.
# There is an itsi_team.conf in $SPLUNK_HOME/etc/apps/SA-ITOA/default. 
# To set custom configurations, place an itsi_team.conf in
# $SPLUNK_HOME/etc/apps/SA-ITOA/local/. You must restart Splunk software to 
# enable configurations.
# To learn more about configuration files (including precedence) please see
# the documentation located at
# http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles
# CAUTION: You can drastically affect your Splunk installation by changing these settings.  
# Consult technical support (http://www.splunk.com/page/submit_issue) if you are not sure how 
# to configure this file.


# Use the [default] stanza to define any global settings.
#  * You can also define global settings outside of any stanza, at the top
#    of the file.
#  * Each .conf file should have at most one default stanza. If there are
#    multiple default stanzas, attributes are combined. In the case of
#    multiple definitions of the same attribute, the last definition in the
#    file wins.
#  * If an attribute is defined at both the global level and in a specific
#    stanza, the value in the specific stanza takes precedence.


title = <value>
* The name of the team.
* Duplicate team names are allowed, but be aware of other team names 
  and use naming conventions to avoid confusion.

description = <value>
* A meaningful description of the team.

_immutable = <boolean>
* Whether users can edit the team.
* If "1", the team cannot be edited.
* If "0", the team can be edited.
* Default: 0

acl = <dictionary>
* An Access Control List (ACL) associating ITOA roles with permissions
  within that team. 
* Assign read or write access to the listed ITOA roles as appropriate. 
  If a role has write permissions for a team, a user with this role can 
  create and modify services in the team. The user can't delete a service
  in the team unless the role has the delete capability for a service. 


disabled = <boolean>
* Use this setting to turn off Role-Based Access Control (RBAC) for Episode
  Review only. 
* If you set this flag to "1", all users will be able to see all events 
  within Episode Review, regardless of their team. 
* If "1", RBAC is disabled for Episode Review.
* If "0", RBAC is enabled for Episode Review. 
* Default: 0


No example
Last modified on 28 April, 2023

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.16.0 Cloud only

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters