New features in Splunk IT Service Intelligence

This version has these new and changed features.

Service Insights

New feature or enhancement Description
Enhanced RBAC for services and episodes

Services and episodes (using NEAPs) can now be shared across teams, cross-team service dependencies can be established, and episodes carry an explicit owner team. Granular, role-based capability checks now apply to mutating actions, giving teams clearer separation of duties and reducing cross-team noise.

  • Cross-team service and episode dependency management improves coordination across departments, supports service sharing, and lets shared services be added as dependencies in services owned by other teams. For more information, see Share a service to a different team and Sharing episodes with other teams using NEAPs.

  • The owner and shared teams logic is retained across Service Analyzer, Health Score, Glass Tables, Deep Dive, and KPI base-search dependents. It provides clearer visibility into related services and episodes while reducing cross-team noise.

  • Governance and security enhancements for large enterprise environments include read-only access for shared teams, owner team control, team-scoped episode filtering, and a team-scoped assignee picker. Episode actions are now governed by four new fine-grained capabilities replacing execute_notable_event_action, see Take action on an episode.

  • Backup and restore now accounts for team structure during partial object backups by automatically selecting dependent services and teams. See Create a partial backup.

Schedule recurring maintenance windows Use advanced scheduling capabilities when defining maintenance windows for your knowledge objects. Clone existing maintenance windows, create multi-day maintenance windows, and extend maintenance windows to external configuration items (CIs). In addition, synchronize maintenance schedules and outages directly from ServiceNow to eliminate manual configuration and reduce false positives. See:
Improved KPI and service tagging You can now apply structured key-value tags to services, service templates, and service sandbox services. Use this enhanced metadata model to easily organize, search, and manage large service inventories. See Add tags to a service in ITSI.
ITSI Admin Console ITSI now provides a centralized Admin Console that surfaces key administrative settings directly in the UI, facilitating ease of access for common configuration changes. See Use the ITSI Advanced Configuration page.

Event Analytics

New feature or enhancement Description
Improved event management experience (Event iQ Detect and Diagnose)

ITSI now includes a more streamlined event management experience for your alerts and episodes.

Event iQ Detect and Event iQ Diagnose leverages AI to provide automated episode summarization, troubleshooting insights, and root cause analysis. Additionally, receive recommendations for high-quality grouping fields to correlate alerts into episodes. This feature bridges the gap between detection and resolution by providing context-rich insights.

See Automate event correlation with Event iQ Detect in ITSI and Use Event iQ Diagnose to analyze episodes with AI.
Episode Review enhancements

The Episode Review interface has undergone a comprehensive user experience overhaul to streamline troubleshooting. Enhancements include a modernized layout for faster triage, ability to configure custom tabs to align with team workflows, advanced filtering capabilities, and AI-generated insights for faster troubleshooting. See Investigate episodes in ITSI.

Additionally, you now have greater customization options for the Episode Review dashboard that help to surface the most important episode information. See Customize Episode Review in ITSI.
Enhanced episode summaries Receive additional details about episodes that enhance your troubleshooting experience. When you select an episode from the Episode Review dashboard, you can now view information about the affected services, the suspected root cause, and relevant trends across your logs. For more information, see Investigate episodes in ITSI.
Flexible alert aggregation Assign a priority value to notable event aggregation policies. ITSI evaluate alerts against these policies in descending order and stops at the first matching policy, ensuring an alert is grouped using the highest ranking policy and into only one episode. See Configure priority for aggregation policies in ITSI.
Alert enrichment Apply the new Default CMDB CI Enrichment Policy​enrichment policy to any data integration connection to enrich your alerts with additional context to facilitate troubleshooting. See Overview of enrichment policies in ITSI.

Data integrations

New feature or enhancement Description
Content Pack improvements The Content Library experience is updated with a modernized interface for managing content pack installation and upgrades. See Overview of content pack management in ITSI.
New data integrations

ITSI now supports alert ingestion from 4 additional monitoring platforms:

  • Dynatrace

  • Zabbix

  • Oracle Enterprise Manager

  • Datadog

Each integration includes pre-built field mappings that automatically normalize third-party alerts into ITSI's unified alert format. See Available data integrations in ITSI.