We are in the process of building a dashboard in SPLUNK for an Application(ex: EISL) alerts coming into SOI. We already setup the connection on SPLUNK that will connect to the SOI DB and are working on a query to retrieve the EISL alert data. The issue that we are running into is that we need SPLUNK to query the alerts and ingest them into SPLUNK when they are generated and when they are updated. Therefore, we are looking at the field in the SOI DB that has the modified time stamp. Looking at the SOI console we found a filed “ModificationTime”:
We will need your help to add the “ModificationTime” DB field so that the results for the above query include this field. Please advise.
Release : 4.2
Component : Service Operations Insight (SOI) Console
"Modification Time" on Alert console is actually "Modification Time" of the associated Ci and coming from CIStaging table. This time gets updated whenever there is any update in the CI data.