Run the following search to determine the number of peers participating in the itsi_event_grouping search over time:.This data is correlated in time against the volume of skipped events. If the number of hosts decreases over time, then it's likely that not all peers are being contacted. If the there is delay in grouping, backfilling, or missing events, it could be because of this issue.Ĭompare the number of active peers against the number of hosts identified using steps below. ![]() The realtime search itsi_event_grouping misses some events. Some search peers aren't contacted when realtime search runs Include a \ character before each of the special characters. Rules Engine errors occur if the filter criteria contains special characters like (, ), /, \, or *. Notable Event Aggregation Policy filter doesn't work with special characters This issue occurs because ITSI Event Analytics is incompatible with Splunk Enterprise versions 7.2.4 - 7.2.10. ITSI is constantly using 100% CPU because multiple java.exe processes are running
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |