Overview of correlation searches in ITSI
A correlation search in IT Service Intelligence (ITSI) is a recurring search that scans multiple data sources for defined patterns. You can configure a correlation search to generate a notable event (alert) when search results meet specific conditions. Review notable events that your correlation searches generate in Episode Review and initiate the investigative process of determining root cause.
Note: Do not create correlation searches by manually editing
$SPLUNK_HOME/etc/apps/itsi/local/savedsearches.conf. The search will not appear on the correlation search lister page. Always create correlation searches directly in the IT Service Intelligence app.
Correlation searches for ITSI-specific use cases
The following correlation searches are delivered with ITSI to complement product-specific features. You can enable them and modify them to meet your needs.
| Name | Description | Default status |
|---|---|---|
| Bidirectional Ticketing | Maps ServiceNow fields to Common Information Model (CIM) fields to enable bidirectional ticketing with ServiceNow. See Integrate ITSI with ServiceNow for information. | Disabled |
| BMC Remedy Bidirectional Ticketing | Maps BMC Remedy fields to Common Information Model (CIM) fields to enable bidirectional ticketing with BMC Remedy. See Integrate ITSI with BMC Remedy for more information. | Disabled |
| Monitor Critical Service Based on Health Score | Generates notable events for services with a critical health score. | Disabled |
| Normalized Correlation Search | Generates notable events for any third-party alerts being ingested into ITSI that include ITSI normalized fields. If you enable this search, ITSI generates notable events for all third-party alerts that contain the following normalized fields, including those from SAI:
|
Disabled |
| SNMP Traps | Generates notable events for SNMP traps being ingested into ITSI. See Ingest SNMP traps into ITSI for more information. | Disabled |