The following are the spec and example files for
# This file contains attributes and values for configuring different ITSI # event management features. # # There is an itsi_event_management.conf in $SPLUNK_HOME/etc/apps/SA-ITOA/default/. # To set custom configurations, place an itsi_event_management.conf in # $SPLUNK_HOME/etc/apps/SA-ITOA/local/. You must restart Splunk to enable # configurations. # # To learn more about configuration files (including precedence) please see # the documentation located at # http://docs.splunk.com/Documentation/ITSI/latest/Configure/ListofITSIconfigurationfiles
# Use the [default] stanza to define any global settings. # * You can also define global settings outside of any stanza, at the top # of the file. # * Each .conf file should have at most one default stanza. If there are # multiple default stanzas, attributes are combined. In the case of # multiple definitions of the same attribute, the last definition in the # file wins. # * If an attribute is defined at both the global level and in a specific # stanza, the value in the specific stanza takes precedence.
* A setting that you want to enable for Episode Review. * Supported settings (stanzas) are 'similar_episodes' and 'common_fields'
default_fields = <comma-seperated list> * The list of field names selected by default in Similar Episodes pane * For example, ["title","description","host"] * Default: ["title"]
number_of_fields = <integer|all> * The number of common fields to display on the Common Fields tab of an episode. * Can be a positive integer or the word "all" to display all common fields. * For example, "50" displays 50 common fields. * Default: 50
The settings in this stanza apply to upgrades from pre-4.6.0 ITSI versions to version 4.6.0 or later. The settings support the addition of the following fields to the itsi_notable_group_system KV store collection: parent_group_id, split_by_hash, first_event_id, and group_template_id. If you are upgrading from ITSI version 4.6.0 or later, these settings no longer apply. kv_store_batch_size = <integer> * The maximum batch size of fetch requests to the itsi_notable_group_system KV store collection. * For example, if set to "10000", 10,000 objects are fetched from the KV store in a single fetch request. * Default: 10000 cluster_manager_check_required = <integer> * Whether a cluster manager check is required before migration starts. * If set to "1", a cluster manager check is required. * If set to "0", migration proceeds without a cluster manager check. * Default: 1 itsi_grouped_alerts_index_lookback = <integer> * The amount of time, in days, to look back to fetch old active groups from the itsi_grouped_alerts index. * For example, if set to "60", active groups from last two months are fetched from the index. * Default: 90 itsi_grouped_alerts_index_search_wait_time = <integer> * The amount of time, in seconds, to wait for the search job to return results from the itsi_grouped_alerts index. * For example, if set to "900", the search job will wait for 15 minutes to return results from the index. * Default: 7200
The settings in this stanza apply to upgrades from pre-4.6.0 ITSI versions to version 4.6.0 or later. The settings suppport the prechecks that runs before the migration happens. kv_store_collection_size_limit = <integer> * The maximum number of a single object type allowed in any KV store collection. * For example, if set to "2000000", 2000000 objects of a single type are allowed in a KV store collection. * Default: 2000000
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.7.1