![]() ![]() After this occurs, you can also delete the extra policy. In the threshold editor, create a new temporary time policy, save, and select *Replace all KPI thresholds.* This will force the propagation of all time policies to all linked services. Change '|makeresults' to '|makeresults | head 1' in the following two macrosĬhange in the threshold value of a KPI in a service template does not update in the services linked to it. Workaround to ensure that vital metrics populate with federated search setup:Ī. For example, to discover *nix entities, you need go to '*ITSI Import Object - OS*' and revise '|*makeresults*' to become '|makeresults | head 1'Ģ. ![]() # Workaround for enabling entity discovery with federated search setup:Ĭhange |makeresults to |makeresults | head 1 in saved searches from SPLUNK_HOME/etc/apps/itsi/(default) and (local)/nf.Īlternatively, you can make the change through the IT Service Intelligence interface by selecting *Settings > Searches, reports and alerts*, and then searching for the saved search name on the Searches, Reports, and Alerts page. This version of IT Service Intelligence (ITSI) has the following known issues and workarounds.Įvent generated from Provider are not getting grouped on Federated Search headĮvent generated from provider gets grouped through the rule engine periodic backfill.Įntities and vital metrics are not populating on federated search setup $ cd $SPLUNK_HOME/lib/python2.7/site-packagesĪfter this step the issue never came back again.Known issues in Splunk IT Service Intelligence On the SH, we followed the steps below so that pyc file should be auto-generated by the interpreter when splunk starts and imports modules. Iv) The error with ImportError suggests it fails to load python lib and pyc file corruption is suspected due to the OOM situation. Iii) Ever since then it fails to load python libraries.ġ0-29-2019 00:12:49.313 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - Traceback (most recent call last):ġ0-29-2019 00:12:49.313 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - File "/users/splunk/etc/apps/SA-ITOA/bin/itsi_event_generator.py", line 8, inġ0-29-2019 00:12:49.313 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - from tup_logging import getLoggerġ0-29-2019 00:12:49.313 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - File "/users/splunk/etc/apps/SA-ITOA/lib/ITOA/setup_logging.py", line 9, inġ0-29-2019 00:12:49.313 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - from import i18nġ0-29-2019 00:12:49.313 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - _install_highlighting()ġ0-29-2019 00:12:49.314 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - File "/users/splunk/lib/python2.7/site-packages/mako/exceptions.py", line 252,ġ0-29-2019 00:12:49.314 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - _install_fallback()ġ0-29-2019 00:12:49.314 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - File "/users/splunk/lib/python2.7/site-packages/mako/exceptions.py", line 243,ġ0-29-2019 00:12:49.314 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - from mako.filters import html_escapeġ0-29-2019 00:12:49.314 -0700 ERROR sendmodalert - action=itsi_event_generator STDERR - ImportError: cannot import name html_escape Then splunk might have been restarted at 05:49. Also the splunkd.log shows it stopped and started back.Ĭhecking logs in /var/log/messages, kernel complaint about out of memory and OOM killer killed kvstore and splunkd at Oct 26 05:46. Timechart suggested that this error started to happen from a specific time, i.e: Oct 26 05:49 and persisting since then. This is found to be happening 7days ago from the SH.ĮRROR ModularInputs - Unable to initialize modular input "itsi_entity_exchange_consumer" Index=_internal source= /scheduler.log status=success result_count > 0 alert_action="" savedsearch_name=A savedsearch_name=B OR savedsearch_name=C | stats count by host I) The search below shows that notables are not created intermittently and happening when it were assigned to one search head. ![]()
0 Comments
Leave a Reply. |