Splunk IT Service Intelligence

Is there a way to configure correlation search for multiple services for Maintenance Windows?

kecarste99
New Member

Is there a way to be able to configure Maintenance Windows for Services to include all Episodes without adding each service to “Association” in the correlation search? The problem with doing that is every Service in the Association appears in the Episode under “IMPACTED SERVICES AND KPIS”.

We need to be able to do the following:

  1. Have a correlation search include notable events for multiple services
  2. Configure Maintenance Windows for Services and have Episodes for the service included in the maintenance window
  3. Not have to ‘Associate’ each service in the correlation search that includes multiple services
0 Karma

skoelpin
SplunkTrust
SplunkTrust

Another approach you can take.. You can add the extra logic in your aggregation policy which looks for the in_mm field and if it has a value of 1 then automatically break episodes. So you would still create notable events during a MM window, but they would not roll up into episodes or be visible by your end users. Once that in_mm field goes back to zero then episodes will then start to roll up

0 Karma

dlm
New Member

We are having the same issue.  We have a nagios correlation search for multiple teams. Each team have about 20+ services. There are Parent services but I was told the parent service won't include the children. So how do you put the services on the correlation search. That's over 100 services... I saw where you talked about doing the NEAP. What do you need to add to the correlation search to get the in_maintenance or this said in_mm field to show as a field so you can have it available to use in the NEAP.

 

Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...