New features in Splunk IT Service Intelligence
This version has these new and changed features.
Service Insights
| New feature or enhancement | Description |
|---|---|
| Enhanced RBAC for services and episodes |
Services and episodes (using NEAPs) can now be shared across teams, cross-team service dependencies can be established, and episodes carry an explicit owner team. Granular, role-based capability checks now apply to mutating actions, giving teams clearer separation of duties and reducing cross-team noise.
|
| Schedule recurring maintenance windows | Use advanced scheduling capabilities when defining maintenance windows for your knowledge objects. Clone existing maintenance windows, create multi-day maintenance windows, and extend maintenance windows to external configuration items (CIs). In addition, synchronize maintenance schedules and outages directly from ServiceNow to eliminate manual configuration and reduce false positives. See: |
| Improved KPI and service tagging | You can now apply structured key-value tags to services, service templates, and service sandbox services. Use this enhanced metadata model to easily organize, search, and manage large service inventories. See Add tags to a service in ITSI. |
| ITSI Admin Console | ITSI now provides a centralized Admin Console that surfaces key administrative settings directly in the UI, facilitating ease of access for common configuration changes. See Use the ITSI Advanced Configuration page. |
Event Analytics
| New feature or enhancement | Description |
|---|---|
| Improved event management experience (Event iQ Detect and Diagnose) |
ITSI now includes a more streamlined event management experience for your alerts and episodes. Event iQ Detect and Event iQ Diagnose leverages AI to provide automated episode summarization, troubleshooting insights, and root cause analysis. Additionally, receive recommendations for high-quality grouping fields to correlate alerts into episodes. This feature bridges the gap between detection and resolution by providing context-rich insights. See Automate event correlation with Event iQ Detect in ITSI and Use Event iQ Diagnose to analyze episodes with AI. |
| Episode Review enhancements |
The Episode Review interface has undergone a comprehensive user experience overhaul to streamline troubleshooting. Enhancements include a modernized layout for faster triage, ability to configure custom tabs to align with team workflows, advanced filtering capabilities, and AI-generated insights for faster troubleshooting. See Investigate episodes in ITSI. Additionally, you now have greater customization options for the Episode Review dashboard that help to surface the most important episode information. See Customize Episode Review in ITSI. |
| Enhanced episode summaries | Receive additional details about episodes that enhance your troubleshooting experience. When you select an episode from the Episode Review dashboard, you can now view information about the affected services, the suspected root cause, and relevant trends across your logs. For more information, see Investigate episodes in ITSI. |
| Flexible alert aggregation | Assign a priority value to notable event aggregation policies. ITSI evaluate alerts against these policies in descending order and stops at the first matching policy, ensuring an alert is grouped using the highest ranking policy and into only one episode. See Configure priority for aggregation policies in ITSI. |
| Alert enrichment | Apply the new Default CMDB CI Enrichment Policyenrichment policy to any data integration connection to enrich your alerts with additional context to facilitate troubleshooting. See Overview of enrichment policies in ITSI. |
Data integrations
| New feature or enhancement | Description |
|---|---|
| Content Pack improvements | The Content Library experience is updated with a modernized interface for managing content pack installation and upgrades. See Overview of content pack management in ITSI. |
| New data integrations |
ITSI now supports alert ingestion from 4 additional monitoring platforms:
Each integration includes pre-built field mappings that automatically normalize third-party alerts into ITSI's unified alert format. See Available data integrations in ITSI. |