Splunk IT Service Intelligence

Splunk Cloud Platform Splunk Enterprise Data Management Splunk Observability Cloud Splunk IT Service Intelligence AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings Release Notes and Updates Supported Add-ons Splunk Style Guide

Splunk Cloud Platform Splunk Enterprise Data Management Splunk Observability Cloud Splunk IT Service Intelligence AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings Release Notes and Updates Supported Add-ons Splunk Style Guide

Splunk IT Service Intelligence

Splunk IT Service Intelligence Contents

Splunk IT Service Intelligence

Release Notes and Resources

4.21

Release Notes

Splunk IT Essentials Work

Content Packs for ITSI

Extend ITSI and ITE Work

IT Essentials Learn

Content Packs for ITSI and ITE

Known issues in Splunk IT Service Intelligence

This version of IT Service Intelligence (ITSI) has the following known issues and workarounds.

Entities


Date filed	Issue number	Description
2025-09-05	ITSI-41680	Users with itoa_user, itoa_analyst roles seeing 403 error when retrieving entity drilldowns in service analyzer.
2024-04-11	ITSI-35019, ITSI-35068	Entity dashboard page re-renders when the entity sidebar is closed or opened.

Uncategorized issues


Date filed	Issue number	Description	Release version
2025-10-27	ITSI-42397	Correlation searches slower on ITSI 4.21.0. Workaround: The long term solution is to look for the new version for ITSI with the fix for the bug ITSI-42397. If you are not yet using the Event IQ feature for your event policies, comment the command from the macros. Steps: Locate macros: apply_entity_lookup(1) check their definitions, and command the last part with getservicetopolog Change the last line to comment the macro from eval sec_grp="default_itsi_security_group" \| `match_entities_to_correlation_search($entity_lookup_field$, sec_grp)` \| `filter_maintenance_entities` \| getservicetopology to eval sec_grp="default_itsi_security_group" \| `match_entities_to_correlation_search($entity_lookup_field$, sec_grp)` \| `filter_maintenance_entities` ```\| getservicetopology To upgrade to fixed version, revert to uncomment the macro.	4.21.0
2025-08-22	ITSI-41542	The Send to Splunk SOAR notable event action doesn't create artifacts.	4.21.0
2025-12-25	ITSI-43052	Description field not populated in itsi_tracked_alerts index.	4.20.0
2025-07-25	ITSI-41097	KPI sparklines on the Service Analyzer don't render when you input a time range greater than 7 days. Workaround: Reduce the time range to less than 7 days.	4.20.0
2025-10-18	ITSI-37708	Error "PkgResourcesDeprecationWarning: unknown is an invalid version and will not be supported in a future release". Workaround: Remove older deprecated library folder /splunk/etc/apps/SA-ITOA/lib/SA_ITOA_app_common/scp_download_simple_crypto-unknown.dist-info.	4.20.0
2025-09-24	ITSI-41765	Unable to initialize modular input "itsi_summary_worker" after upgrading to ITSI 4.21.0. Workaround: Install Python for Scientific Computing and the Splunk AI Toolkit to resolve the issue.	4.20.0
2025-09-18	ITSI-41761	The upgrade readiness check for Maximum number of events using base search reached displays a false positive error. Workaround: Ignore this error if all the instances of this error are a false positive.	4.20.0
2025-09-05	ITSI-41681	Filter Episode Monitoring alerts before passing them to EventIQ policies. Workaround: Update the filtering criteria for the Event iQ policy to filter out all monitoring alerts created by other policies in order to avoid overlap. For example: `AND source does not match Episode Monitoring`, or `AND itsi_policy_id does not match episode`.	4.20.0
2025-08-19	ITSI-41290	Splunk throttling is enabled for default connections when disabled in connection payload.	4.20.0
2025-08-05	ITSI-41271	When clicking impacted services from Episode Review, an error occurs on the Service Analyzer.	4.20.0
2024-10-18	ITSI-37708	Errors stating `PkgResourcesDeprecationWarning: unknown is an invalid version and will not be supported in a future release` appear after upgrading Splunk to 9.2.2. Workaround: Remove deprecated library folder /splunk/etc/apps/SA-ITOA/lib/SA_ITOA_app_common/scp_download_simple_crypto-unknown.dist-info	4.20.0
2024-06-25	ITSI-36467	Some actions not running in the rules engine. Workaround: Update each search head to disable asynchornous execution of actions in the Rules Engine. Go to $SPLUNK_HOME/etc/apps/SA-ITOA/local/itsi_rules_engine.properties. Go to the rules_engine_feature_disabled_list in the file. If this is not in the file, add this value to the file. Add the value RUN_ACTION_ASYNC to the comma separated list of values `rules_engine_feature_disabled_list = POLICY_EXECUTOR_ASYNC_SUB_ACTORS, POLICY_EXECUTOR_STATE_RECOVERY, SORT_NOTABLE_EVENTS, RUN_ACTION_ASYNC` Restart the itsi_event_grouping real time search. Select Activity then Jobs then Set filters to "All" then search `label="itsi_event_grouping"`, and then stop the job. It will restart after a couple of minutes.	4.20.0

ON THIS PAGE

Entities
Uncategorized issues

Splunk Enterprise

Splunk Cloud Platform

Release Notes

Splunk IT Service Intelligence

Last updated: September 2, 2025

Explore Topics

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Observability Cloud

Splunk IT Service Intelligence

AppDynamics SaaS

AppDynamics On-Premises

AppDynamics SAP Agent

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

Release Notes and Updates

Supported Add-ons

Splunk Style Guide

©2005-2025 Splunk Inc. All rights reserved.