Splunk® IT Service Intelligence

Release Notes

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

New features in Splunk IT Service Intelligence

This version has these new and changed features.

Data Integrations

New feature or enhancement Description
Deactivated the saved searches of all content packs Saved searches are deactivated by default on upgrade and install of Splunk App for Content Packs 2.0 to avoid negative impact on ITSI performance and to provide more control for users to enable saved searches only for in-use content packs To activate the saved searches, refer to the Install and Configure documentation of the required content pack.

If you're upgrading from a previous version of the Splunk App for Content Packs, be sure to go through the important steps mentioned in Upgrade Splunk App for Content Packs to version 2.0.

Mapping for the service_name field in the itsi_summary index is now driven by SPL command rather than by automatic lookup from the content pack for ITSI Monitoring and Alerting Automatic lookup responsible for returning the service_name field for the itsi_summary index is removed when users upgrade to Splunk App for Content Packs 2.0.0. This change to service name field mapping protocol in Service and Episode Monitoring Correlation Searches improves data reliability by eliminating the previous requirement for refreshing automatic lookup periodically to ensure that the service_name field populated for all records in the itsi_summary index.

If you rely on the service_name field, this change affects you.

To obtain the service_name for a given serviceid, use the following SPL (Search Processing Language) lookup command:
lookup service_kpi_lookup _key AS serviceid OUTPUT title AS service_name

By executing this SPL command, you can retrieve the service_name from the service_kpi_lookup file.

You must incorporate the lookup command into your own SPL queries to obtain the service_name field.

Infrastructure Overview

New feature or enhancement Description
Entity status remediation and root-cause analysis The Entity Discovery Searches page allows you to gain visibility into the searches that discover your entities and contribute to the entity status calculation. You can now use this page to troubleshoot issues with discovery searches, better understand why entities display an inactive or unstable status, and view remediation steps. For more information, see Understand entity status and search data in ITSI.
Entity status cleanup Use the cleanupentitydiscoverysearches command to find and remove searches that are no longer discovering data for your entities. For more information, see Run a search command to clean up obsolete searches.

Service Insights

New feature or enhancement Description
Outlier exclusion for adaptive thresholds You can toggle the Enable outlier exclusion button for KPIs configured with adaptive thresholding in order to identify and exclude historical data outliers from adaptive thresholding calculations, ensuring more accurate KPI threshold values and service health scores. For more information, see Detect and remove outliers in adaptive thresholds.
Sparkline display enhancement The sparkline on the ITSI Service Analyzer has been enhanced to display interpolated, more accurate values and minimize load times.

Event Analytics

New feature or enhancement Description
Enhancements to episode dashboards You can now add a custom Dashboard Studio or Simple XML formatted dashboard to display in each episode grouped by an aggregation policy. For more information, see Add an episode dashboard.


New feature or enhancement Description
ITSI support for federated search As of version 4.16.0, ITSI supports the Splunk Federated search transparent mode option. In order to configure transparent mode, see About standard and transparent mode. You also need to complete the workaround steps from ITSI-26097 in Known issues in Splunk IT Service Intelligence to enable ITSI support for federated search.
Internet Protocol version 6 compatibility ITSI version 4.17.0 is Internet Protocol version 6 (IPv6) compatible. For more information, see Configure Splunk Enterprise for IPv6.

What's new in the docs

New feature or enhancement Description
New ITSI scenarios Two new ITSI scenarios are published with this release. These scenarios provide an overview about how ITSI helps accomplish business goals, such as monitoring service degradation or grouping related alerts to reduce noise. For more information, see:
Last modified on 06 September, 2023
Fixed issues in Splunk IT Service Intelligence

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.17.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters