Splunk® IT Service Intelligence

Event Analytics Manual

Event Analytics Audit dashboard

The Event Analytics Audit dashboard is designed to provide high-level insight into the notable events coming into your ITSI deployment. This dashboard shows a count of events over the time range you select, along with alert trends, acknowledgements and resolution statistics, and real-time event information and updates.

In release 4.19.0, this dashboard was converted from SXML to UDF. SXML versions of this dashboard are no longer being updated.

Dashboard panels

Panel Description
Episode Ownership and Status by User The number of episodes that were resolved and acknowledged by each user within the selected time range.
Episodes Acknowledged A raw count of episodes that were acknowledged within the last hour.
Mean Time to Acknowledge Episodes The average amount of time between when an episode appears in Episode Review and when it is acknowledged by a user. Calculated over the last 24 hours.
Maximum Time to Acknowledge Episodes The longest time it took to acknowledge an episode in Episode Review. Calculated over the last 24 hours.
Mean Time To Resolve Episodes The average amount of time between when an episode appears in Episode Review and when it is resolved by a user. Calculated over the last 24 hours.
Raw Event Count The number of events that ITSI ingests into the itsi_tracked_alerts index over the selected time range.
Episodes The number of episodes created in Episode Review during the selected time range.
Noise Reduction The percentage of noise reduction produced by event grouping.
Episodes Linked to Tickets The number of episodes linked to external tickets during the selected time range.
Episodes by Severity A count of episodes according to severity level.
Top 5 Longest Time To Acknowledge Episodes The five episodes that took the longest time to acknowledge.
Top 5 Longest Time To Resolve Episodes The five episodes that took the longest time to resolve.
Top Five Noisiest Hosts A line graph showing the five hosts producing the most notable events within the selected time range.
Total Alerts A line graph showing the total number of notable events over a given time period.
Service Health Scores Correlated to Critical/High Episodes Service health scores correlated to the number of episodes over a given time period.

Configure the Event Analytics Audit dashboard

You need to configure the threshold values of the following panels in the Event Analytics Audit dashboard based on your specific ITSI deployment:

    • Episodes
    • Noise Reduction
    • Episodes Linked to Tickets
    • Episodes Acknowledged

The colors corresponding to the values in each panel will differ based on the number of notable events being indexed on your deployment. You can manually edit the dashboard to configure these threshold values.

  1. Click Edit.
  2. Click Format Visualization in one of the panels listed above.
    FormatViz.png
  3. Select Color in the side bar.
  4. Adjust the ranges (in minutes) for each severity color.
  5. Repeat steps 2-4 for the other panels listed above.
  6. Click Save.

Quirks of the Event Analytics Audit dashboard

  • You cannot embed custom Javascript into the dashboard.
  • The trendValue in the Episodes panel only displays an arrow when the trend value is not 0.
  • Table content does not wrap within cells.
  • Table height and width adjusts to data automatically unless Absolute Layout is in effect.
  • While font color in XML versions of the dashboard automatically adjusts to contrast with background (such as by using white text to contrast with a green background), font color is a single uniform shade for UDF versions of the dashboard.
Last modified on 13 June, 2024
Configure the Rules Engine to handle indexer cluster rolling restarts and upgrades   Event Analytics Monitoring dashboard

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.19.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters