This documentation does not apply to the most recent version of Splunk® IT Service Intelligence.
For documentation on the most recent version, go to the latest release.
notable_event_commonality.conf
The following are the spec and example files for notable_event_commonality.conf.
notable_event_commonality.conf.spec
# This file contains possible attribute/value pairs for blacklisting # notable event fields from the Common Fields section of episodes. # # There is a notable_event_commonality.conf in $SPLUNK_HOME/etc/apps/SA-ITOA/default/. # To set custom configurations, place a notable_event_commonality.conf in # $SPLUNK_HOME/etc/apps/SA-ITOA/local. You must restart Splunk software to enable # configurations. # # To learn more about configuration files (including precedence) please see # the documentation located at # http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles
[common_event_fields]
black_list_fields = <comma-separated list> * A list of field names in a notable event that will not appear in the Common Fields section of an episode. * By default, ITSI blacklists fields that are not core to the raw event itself, or ones that are mainly used internally. * Add fields here that you don't necessarily care about, but that you know will probably appear in most of your events.
notable_event_commonality.conf.example
No example
Last modified on 10 April, 2023
| notable_event_actions.conf | notable_event_correlation.conf |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.17.0
Download manual
Feedback submitted, thanks!