Which index contains ITSI Episodes?
Which index contains ITSI Episodes?
The index that contains ITSI Episodes is 'itsi_grouped_alerts'. This index holds live episode data and updates whenever a correlation search runs, thus storing new entries for episodes.
B. itsi_grouped_alerts
"The itsi_grouped_alerts index is the index that contains live episode data. Each time a correlation search runs and updates an episode, itsi_grouped_alerts houses a new entry for the episode. It is this index you will search over to look for open episodes attached to your service." source: https://lantern.splunk.com/Observability/Product_Tips/IT_Service_Intelligence/Bringing_episode_data_into_service_scores