Customize Episode Review in ITSI
You can customize different properties of a saved Episode Review dashboard to better suit your organization's needs and accelerate triage and investigation. Use the View Settings to customize the look and feel of Episode Review, set the refresh rate, add or remove columns, or configure other default settings.
By default, read and write permissions are granted to all roles for a newly created view of Episode Review. To restrict permissions, see Modify analyst permissions within Episode Review in ITSI.
Change the viewing mode
By default, each Episode Review dashboard is in Standard mode, which means the severity color is only displayed to the right of the episode row. You can change the viewing mode to Prominent to fill the entire row with the severity color.
The following image shows the difference between Standard and Prominent modes:
Turn episode view on or off
By default, Episode Review displays episodes rather than notable events. Depending on what kind of issues your organization deals with, you might want to view individual notable events rather than episodes.
Change the episode view default tab
By default, when you select an episode, the Impact tab is displayed in the details panel. Depending on the types of issues you're investigating, you might want to display a more relevant tab, such as the Events Timeline or Common Fields. You can modify the default tab that's selected on a per-dashboard basis. In other words, all episodes within that Episode Review saved view will have the same tab selected by default.
After making the change, click through several episodes to make sure the default tab changed.
Set the auto refresh period
The auto refresh rate determines how often Episode Review is refreshed to display new episodes and events. By default the refresh period is set to Off, which means it never automatically refreshes and you need to refresh your browser to update the dashboard. You can change the refresh period to 1 minute, 5 minutes, 30 minutes, 60 minutes, or 24 hours.
Add and remove columns
Each row in Episode Review displays a default set of columns: Title, Time, Owner, Severity, Status, and Description. You can add, remove, or rearrange columns based on which fields are important to your investigation. For example, you might add an All Tickets column to display any ticket linked to each episode.
Specify the Episode Review time format
You can specify the time format for time-related columns such as
First Event Time, and
Last Event Time. Choose from one of the default time formats or define a custom time string. The time format applies to specific Episode Review saved views.
For a full reference of variables you can use to define time formats, see Date and time format variables in the Search Reference manual. The time format you choose applies to any places in Episode Review where a timestamp is displayed, such as comment time, similar episodes time, and activity time.
Take action on an episode in ITSI
Modify analyst permissions within Episode Review in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2