Splunk® IT Service Intelligence

Release Notes

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of ITSI. Click here for the latest version.
Acrobat logo Download topic as PDF

Known issues in Splunk IT Service Intelligence

IT Service Intelligence (ITSI) version 4.9.2 has the following known issues and workarounds.

Adaptive Thresholding

Date filed Issue number Description
2021-11-05 ITSI-19663 Updating a KPI threshold policy within a service template causes the thresholds of all existing KPIs that use adaptive thresholds to get reset

Workaround:
Temporary workaround to avoid false alerts:
# Put services that are linked to the service template into maintenance mode
# Make KPI threshold changes within the service template and push out
# Wait to make sure all services are synced
# Manually run the itsi_at_search_kpi_minusXd to recreate the adaptive threshold models
# Disable maintenance mode for false alerts
2021-07-28 ITSI-17991 AdaptiveThresholding: KPI calculated thresholdValues get overwritten

Bulk Import

Date filed Issue number Description
2021-07-03 ITSI-17629, ITSI-17628 Entity Import: Recurring import saved with "role" instead of user name for 'Owner'
2021-06-09 ITSI-17178 Some ITSI Import Objects saved searches fail to merge entities with the host field and may create duplicate entities.

Workaround:
#Disable ITSI Import Objects - VMware VM.
  1. Copy the ITSI Import Objects - VMware VM saved search, but change the entity_merge_field attribute to host.
  1. Enable the updated ITSI Import Objects - VMware VM search.

Entity Rules

Date filed Issue number Description
2021-10-18 ITSI-19304 Newly created entities are not reflected on the service analyzer

Notable Events

Date filed Issue number Description
2021-12-07 ITSI-20343 Impacted Services and KPIs do not appear in Episode Review when using Teams functionality
2021-10-20 ITSI-19415 On Windows server, more than 1 rules engines processes are spawned at a time.

Workaround:
The root cause is the splunk phased_execution_mode. Edit the limits.conf file and add the line: 

[search] phased_execution_mode = auto
2021-09-16 ITSI-18910 For fresh ITSI install, populate installed_version and old_version values
2021-07-15 ITSI-17809 After ITSI upgrade from 4.6.1 to 4.9.1, new episodes are created instead of events being added to existing episodes.

Workaround:
Add the policy_id in the field_list for the itsi_notable_group_system_lookup stanza in $SPLUNK_HOME/etc/apps/SA-ITOA/transforms.conf
2021-05-24 ITSI-16844 For time-based policies, Action Rules with the condition AND "the following event occurs" don't work.
2021-01-21 ITSI-13167 On Safari, there is a 10 to 15 second delay when editing a Notable Event Aggregation Policy using the ServiceNow action

Notable Event Aggregation Policies

Date filed Issue number Description
2021-12-07 ITSI-20343 Impacted Services and KPIs do not appear in Episode Review when using Teams functionality
2021-10-20 ITSI-19415 On Windows server, more than 1 rules engines processes are spawned at a time.

Workaround:
The root cause is the splunk phased_execution_mode. Edit the limits.conf file and add the line: 

[search] phased_execution_mode = auto
2021-09-16 ITSI-18910 For fresh ITSI install, populate installed_version and old_version values
2021-07-15 ITSI-17809 After ITSI upgrade from 4.6.1 to 4.9.1, new episodes are created instead of events being added to existing episodes.

Workaround:
Add the policy_id in the field_list for the itsi_notable_group_system_lookup stanza in $SPLUNK_HOME/etc/apps/SA-ITOA/transforms.conf
2021-05-24 ITSI-16844 For time-based policies, Action Rules with the condition AND "the following event occurs" don't work.
2021-01-21 ITSI-13167 On Safari, there is a 10 to 15 second delay when editing a Notable Event Aggregation Policy using the ServiceNow action

Glass Table

Date filed Issue number Description
2021-08-13 ITSI-18306 "Service not found" error when switching services in Glass Tables if the service isn't included in the first 100 services

Workaround:
the only workaround I can think off (which I understand is not ideal) would be to rename the services that user want to user for service swapping of glass table with a prefix like A or something at the beginning of the alphabet or 0 if the service names have numbers. The idea is to have the services display in the first page of the service lister when the count per page is set to 100. Or within the first 5 pages if the count per page is set to 20.

KPI Base Searches

Date filed Issue number Description
2021-07-28 ITSI-17989 KPI Base Search name is limited to about 70 characters.

Maintenance Window

Date filed Issue number Description
2021-03-04 ITSI-14296 Maintenance Window time validation control errors : custom time set throws the error, "Start/End time date is invalid"

Workaround:
After setting the Start Time to what you want, change the start date to another date, and then change it back to the date that you want. Doing this clears the error, and you can proceed by clicking <bold>Next</bold>.

Service Analyzer

Date filed Issue number Description
2021-10-18 ITSI-19304 Newly created entities are not reflected on the service analyzer
2021-08-05 ITSI-18101 Service Analyzer Entity Panel always shows N/A after selecting a KPI that is N/A

Service Templates

Date filed Issue number Description
2021-11-24 ITSI-20208 Service Template and Service stuck in Syncing status

Workaround:
Following the steps in the below doc, we identified and generated output that shows the Service Templates with missing services.

Eng team in IST timezone will update the migration.zip for Support to run the fix.

[1]

Uncategorized issues

Date filed Issue number Description
2021-12-14 ITSI-20605 Occasionally after upgrade to ITSI 4.9.*, non-admin users get Oops Page - local.meta corrupted during the upgrade

Workaround:
Clean up all permissions on ITSI views in itsi/metadata/local.meta (and sync on SHC)

The workaround is to clean up the stanza in local.meta on the all the SH. remove all the stanza like \[views/....]  that have no valid access settings, (access = delete : \[  ], read : \[  ], write : \[  ]) and that are not custom views from your users.

As they may be many, to confirm, you can compare to the list in default.meta And you also can look at the modtime field in the stanza, as they are probably all identical.

2021-11-27 ITSI-20219 Inefficient background searches initiated during ITSI KV store migration may cause SmartStore outage.

Workaround:

2021-10-06 ITSI-19153 Infrastructure Overview Centre Pane needs to be resizeable
2021-10-04 ITSI-19103, ITSI-19699 Data Integration UI is not showing all content pack chiclets
2021-09-22 ITSI-18967, ITSI-19697 Content Pack upgrade fails as already installed ITSI objects are not shown as "Already Present" in Content Pack UI during upgrade scenario for CP present in Content library
2021-09-09 ITSI-18800 When you add ITSI instances as search peers to another Splunk instance, the peers might be disabled after 72 hours. This is because the ITSI licenses are flagged as duplicates on the search peers.
2021-08-17 ITSI-18390 Can't create metric-based KPIs for a service in ITSI 4.9.2

Workaround:
You must use an ad-hoc search using the | mstats command to create metrics based KPIs. 
2021-07-22 ITSI-17901 After installing IT Essentials Work, receive an error of ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\Python3.exe"
2021-05-25 ITSI-16870, ITSI-17181 Entity page doesn't load when IT Essentials Work is installed on search head cluster
2021-05-12 ITSI-16577 SA-ITOA transforms refers to non existing collections - causing errors about MongoModificationsTracker in splunkd.log

Workaround:
The workaround is either to delete the following unused stanzas from SA-ITOA/default/transforms.conf or replace these unused stanzas in SA-ITOA/local/transforms.conf:

[itsi_data_integrations_aws]
 collection = itsi_services

[itsi_data_integrations_azure]
 collection = itsi_services

[itsi_data_integrations_cloud_setup]
 collection = itsi_services


2021-03-24 ITSI-15026 Entities discovered before entity types are added may have no entity type association.

Workaround:
On a reinstallation of ITSI, don't enable entity discovery saved searches before pre-packaged entity types are added to ITSI. 

All ITSI Modules

Publication date Issue number Description
2017-03-21 ITOA-7585 When you bulk add services and an error caused by the racing condition occurs, the incorrect message "itsi_module does not exist" is displayed.
2017-03-07 MOD-979 KPIs do not have consistent backfill settings across all modules.
2017-01-17 MOD-452 The Analyze KPI button on the Service Details page is broken.
2017-01-17 MOD-402 The Export to PDF option does not work in the drilldown to a module.
2017-01-17 MOD-296 The extendable tab XML generator REST endpoint is located in DA-ITSI-OS instead of in common components where it can be used by all modules.
2017-01-17 MOD-591 ITSI displays a misleading error message when a KPI template contains a field that cannot be resolved.
2017-01-17 MOD-498 There is no upper limit to the number of characters a KPI title or description can contain. Long strings can negatively affect performance.
2017-01-17 MOD-309 The Gruntfile.js included in ITSI modules uses double quotes instead of single quotes, which does not conform to the standard for all JavaScript files.
2017-04-17 MOD-2002 When you drilldown from the Events tab, an "Invalid earliest_time" error occurs.


Workaround:
Disable drilldown from the Events tab.

2017-01-17 MOD-439 Some modules do not have descriptions for saved searches.

Application Server Module

Publication date Issue number Description
2017-01-27 MOD-492 If you reuse the same panel within a dashboard, the duplicate panel does not display any event data.

Cloud Services Module

There are no known issues for this release.

Database Module

Publication date Issue number Description
2017-01-17 MOD-586 When a lookup is not configured for TA-Microsoft-SqlServer, ITSI displays a misleading error message on the server drilldown page.

End User Experience Module

There are no known issues for this release.

Load Balancer Module

Publication date Issue number Description
2017-01-27 MOD-492 If you reuse the same panel within a dashboard, the duplicate panel does not display any event data.

Operating System Module

Publication date Issue number Description
2017-04-13 MOD-555 The Storage Free Space % base search runs every minute while the Linux df command runs every 5 minutes. This causes data gaps.
2017-04-10 MOD-1964 Windows data for memory free space is collected at different intervals than the Memory Free % KPI.
2017-01-17 MOD-1398 Line, stack, and area charts do not display a metric gap when no metrics are available during a time period.

Storage Module

There are no known issues for this release.

Virtualization Module

There are no known issues for this release.

Web Server Module

Publication date Issue number Description
2017-03-17 MOD-320 Some KPI ad hoc searches transform data with the stats command and do not retain time fields. The KPIs do not render anything and do not show thresholding details.
2017-03-17 MOD-538 When you add a new tab with panels and refresh the page, the page breaks.
Last modified on 26 January, 2022
PREVIOUS
Fixed issues in Splunk IT Service Intelligence
  NEXT
Removed features in Splunk IT Service Intelligence

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.9.2


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters