When an episode warrants investigation, the analyst acknowledges the episode, which moves the status from New to In Progress.
[Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/EpisodeOverview, An episode represents a disruption of service operation causing impact to business operations. It is a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation. In Episode Review, you can manage the episodes and their statuses using various actions. One of the actions is Acknowledge, which changes the status of an episode from New to Acknowledged and assigns the current user as the owner. This action indicates that someone is working on resolving the episode and prevents duplicate efforts from other users. References: Overview of Episode Review in ITSI, [Episode actions in Episode Review]]
Submit