6/22/2023 0 Comments Splunk itsi maintenance rest api![]() If migration fails with the error Failed to import Team settings, you can manually run the Python script called itsi_reset_default_team.py. The global team is no longer present after an ITSI upgrade.Īll services in ITSI must be assigned to a team. Download this file and try to upload it for restore. Get a new backup file from the backup job.Make sure the file is valid and not corrupted.Check if you can create a restore job by clicking Create. Check the network tab of the browser to see if there's a failed request.ITSI fails to upload the selected backup file. ITSI fails to fetch backup information preview with ID: Ĭheck and see if the information exists for the given backup ID. For example, if the next scheduled time is 1:00am, the modular input runs at 12:45am and 1:45am, the backup will start at 1:45am.įailed to fetch backup information preview It's possible to see a maximum of one-hour delays. If your local timezone is different than the server's, it might appear to run at a different time.Īlternatively, the modular input for the default scheduled backup runs at every restart, and every hour after that. The backup runs at 1:00 am in the timezone of the server. If this is the case, add the inheritances added from the UI or through the configuration file.Īfter a fresh install or migration, the default scheduled backup isn't running at 1:00 am. You might have redefined the admin role inheritance in system/local/nf, or in other apps. $SPLUNK_HOME/bin/splunk btool authorize list role_admin -debug ITSI relies on the fact that your admin role inherit from the roles defined in $SPLUNK_HOME/etc/apps/itsi/default/nf: You see access denied errors when attempting to create objects. You do not have permission to create this object." However, they're unable to create an external ticket.Ī restriction in Splunk Enterprise means the user needs the itoa_admin role, which inherits from the admin role. Make sure these capabilities haven't changed.Ī user is assigned the itoa_analyst role with the create_external_ticket capability. ![]() The itoa_user ships with read capabilities for ITOA objects like services, entities, glass tables, and deep dives. User has itoa_admin role but can't view objectsĪ user is assigned the itoa_admin role but is unable to read services or any other objects on their corresponding lister pages.īy default, the itoa_admin role ships with the itoa_analyst and itoa_user roles. Make sure you've fully completed steps 1-4 in Create a custom role in ITSI. User assigned a custom role can't view objectsĪ user is assigned a custom role can't view objects in ITSI Here are some common issues related to ITSI permissions and capabilities, backups, and restores and how to resolve them. These files reside in the file system in $SPLUNK_HOME/etc/apps/SA-ITOA/README or $SPLUNK_HOME/etc/apps/itsi/READMEĪfter you are familiar with the configuration file content and directory structure, and understand how to leverage configuration file precedence, see How to edit a configuration file to learn how to safely modify your files.Troubleshoot ITSI permissions, teams, backups, and restores example files for the configuration file. Learn how different versions of the same configuration files in different directories are layered and combined.Learn about the structure of the stanzas that comprise configuration files and how the attributes you want to edit are set up.Learn about how the default configuration files work, and where to put the files that you edit.Do not start from a copy of the file in the default directory.īefore you change any configuration files: When you first create this new version of the file, start with an empty file. To change settings for a particular ITSI configuration file, you must first create a new version of the file in a non-default directory and then add the settings that you want to change. Default files must remain intact and in their original location. Never change, copy, or move the configuration files in the default directory. Most configuration files come packaged with your ITSI software in the $SPLUNK_HOME/etc/apps/ directory. See List of ITSI configuration files in this manual. This creates a layering effect that allows Splunk to determine configuration priorities based on factors such as the current user and the current app.įor a list of ITSI configuration files and an overview of the area each file covers, You can have configuration files with the same name in your default, local, and app directories. KPI, glass table, and deep dive configurationsĪ single Splunk instance typically has multiple versions of configuration files across several directories.Authentication and authorization information.conf extension and hold the information for different aspects of your ITSI configurations. Splunk IT Service Intelligence configuration information is stored in configuration files. ![]()
0 Comments
Leave a Reply. |