Related Answers
Download topic as PDF
Known issues in Splunk IT Service Intelligence
This version of IT Service Intelligence (ITSI) has the following known issues and workarounds.
Backup/Restore and Migration Issues
| Date filed | Issue number | Description |
|---|---|---|
| 2023-04-19 | ITSI-29586 | Unable to restore default scheduled backup Workaround: Download the Default Scheduled Backup and restore the downloaded backup |
Entities
| Date filed | Issue number | Description |
|---|---|---|
| 2023-08-23 | ITSI-31855 | API entity_discovery_searches Failed to return discovery searches post upgrade Workaround: Once all the discovery searches related to the entity ran once, this issue will not exist. If the problematic search is 'disabled' and not intended to run anymore, can utilize the clean up command to clean this search out. ([1] ) If the problematic search simply has a run time that is much further in the future, then, you can change the cron schedule and let it run sooner and then change the time back. this way, you force the search to run again so the new status format gets saved. |
| 2023-08-14 | ITSI-31723 | Error modal appears when user attempts to filter entities with a parenthesis in the name on entity management page Workaround: Use backslash before the special character. To search for "myhost(" try "myhost\(" |
| 2023-04-19 | ITSI-29586 | Unable to restore default scheduled backup Workaround: Download the Default Scheduled Backup and restore the downloaded backup |
Notable Events
| Date filed | Issue number | Description |
|---|---|---|
| 2023-11-26 | ITSI-33166 | Rules Engine process gets enabled after Splunk restart even if it is disabled Workaround: Enable High Scale EA Modular input under{{ Setting -> Data Inputs -> IT Service Intelligence High Scale Event Analytics Modular Input}} |
| 2023-09-21 | ITSI-32156 | preview results not working while NEAP creation in windows setup |
| 2023-08-04 | ITSI-31559 | The Preview Mode is not showing results when smart mode is turned on Workaround: We can replace the below Template:Itsicorrelationsearch stanza in Template:Apps/SA-ITOA/package/local/commands.conf {noformat}[itsicorrelationengine] type = custom command.arg.1=-J-Xmx8192M command.arg.2=-Dlog4j.configurationFile=../default/log4j_correlation_engine.xml command.arg.3=-J-XX:+UseG1GC command.arg.4=-DitsiCorrelationEngine.configurationFile=../default/itsi_correlation_engine.properties command.arg.5=-Dfile.encoding=UTF-8 run_in_preview = false chunked = true{noformat} and disable and enable the Template:Itsi event grouping search job ( restart the rules engine process) |
Notable Event Aggregation Policies
| Date filed | Issue number | Description |
|---|---|---|
| 2023-11-26 | ITSI-33166 | Rules Engine process gets enabled after Splunk restart even if it is disabled Workaround: Enable High Scale EA Modular input under{{ Setting -> Data Inputs -> IT Service Intelligence High Scale Event Analytics Modular Input}} |
| 2023-09-21 | ITSI-32156 | preview results not working while NEAP creation in windows setup |
| 2023-08-04 | ITSI-31559 | The Preview Mode is not showing results when smart mode is turned on Workaround: We can replace the below Template:Itsicorrelationsearch stanza in Template:Apps/SA-ITOA/package/local/commands.conf {noformat}[itsicorrelationengine] type = custom command.arg.1=-J-Xmx8192M command.arg.2=-Dlog4j.configurationFile=../default/log4j_correlation_engine.xml command.arg.3=-J-XX:+UseG1GC command.arg.4=-DitsiCorrelationEngine.configurationFile=../default/itsi_correlation_engine.properties command.arg.5=-Dfile.encoding=UTF-8 run_in_preview = false chunked = true{noformat} and disable and enable the Template:Itsi event grouping search job ( restart the rules engine process) |
KPI Search Calculation
| Date filed | Issue number | Description |
|---|---|---|
| 2023-09-13 | ITSI-32031 | itsi_at_search_kpi_minus7d Missing field alert_value at time |
| 2023-06-11 | ITSI-30887 | Alerts should not be generated when user run KPI generated search Manually. |
Role Based Access Controls
| Date filed | Issue number | Description |
|---|---|---|
| 2023-05-04 | ITSI-30017 | A user in itoa_user role cannot open ITSI homeview in SHC. Workaround: We have to add the list_search_head_clustering capability to the default authorize.conf. |
Service Analyzer
| Date filed | Issue number | Description |
|---|---|---|
| 2023-10-02 | ITSI-32214 | Service analyzer link for service does not show up |
| 2023-06-07 | ITSI-30580 | when dbconnect app is installed, ITSI non admin users cannot access their homeview page but are routed to app_upgrade page. Workaround: We have to add the Template:Db connect read app conf capability to the custom user with a non-admin role or can enable that capability in the default Template:Authorize.conffile. |
Uncategorized issues
| Date filed | Issue number | Description |
|---|---|---|
| 2023-11-09 | ITSI-33057 | The loadjob search is failing when adding "Event Fields" filter on episode review page |
| 2023-10-19 | ITSI-32657 | Events not being indexed into itsi_tracked_alerts if SSL in not enabled Workaround: Go to Data Inputs -> HTTP Event Collector -> "Enable SSL" checkbox → Enable It |
| 2023-09-05 | ITSI-31978 | Correlation search edit page malfunctions when time range set to "All Time" Workaround: *Workaround 1*
{noformat}dispatch.earliest_time = 0
dispatch.latest_time = now{noformat} |
| 2023-09-04 | ITSI-31923 | After Changing Splunkd Custom Management Port, the Remedy Action is not working on Windows Instance |
| 2023-09-01 | ITSI-31904 | In upgrade scenario, the "Entity Discovery Searches" feature does not list the discovery search identifying entity. |
| 2023-08-02 | ITSI-31555, ITSI-31464 | the ITSI integration create SNOW tickets with SPL instead of INC prefix when using Episode Action with custom endpoints with ServiceNow_TA version 7.6.0 Workaround: Until bug in service now ADDON 7.6 bug (ADDON-64098 & ADDON-63502 ) are resolved, to avoid the issue, in ITSI, do not specify a custom endpoint in the action setup, keep the field empty. |
|
PREVIOUS Fixed issues in Splunk IT Service Intelligence |
NEXT Removed features in Splunk IT Service Intelligence |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.17.1
Feedback submitted, thanks!