Splunk® IT Essentials Work

Entity Integrations Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Event Data Search dashboard in ITE Work

The Event Data Search dashboard in (ITE Work) displays the 100 most recent log events associated with an entity for the last 60 minutes. The dashboard provides a high-level overview of entity performance across your whole environment, regardless of the entity type you associated with the entity. The dashboard only populates for entities that have log data sources.

The Event Data Search dashboard uses entity aliases to aggregate recent log events. Entity aliases are field-value pairs that identify an entity. If you manually create or import entities, specify entity aliases when you bring them in to ITE Work. Entities you create with entity integrations have default aliases to identify the entity with. If you don't include an entity alias for an entity, Event Data Search doesn't populate with any log events for the entity.

To populate the Event Data Search dashboard for an entity, ITE Work runs a Splunk search that looks for every log event that contains at least one alias for the entity. For instance, ITE Work could populate Event Data Search with a search for an entity's host:

"alabama.usa.com"

Note: This search doesn't include the index field while the Entity Analytics dashboard search does. This might lead to inconsistent logs for the two dashboards. For more information, see Entity Analytics dashboard in ITE Work.

If an entity has multiple alias fields, the Splunk search separates each alias with an OR operator. You could open the search in the Search and Reporting app to view more events over a longer time period, and to further customize the search. Go to the Event Data Search tab for an entity to view the search and open it in the Search and Reporting app.

For more information about how ITE Work visualizes entity data, see Overview of entity types in ITE Work.

Find Event Data Search for an entity

Follow these steps to access the Event Data Search dashboard for an entity.

  1. From the ITE Work main menu, click Configuration > Entity Management.
  2. Find the entity you want to analyze. Use the basic or advanced filter to narrow down your search, if needed. When you find the entity you want to analyze, click View Health under the Health column of the entities lister page.
  3. Select the Event Data Search tab for the entity.
Last modified on 28 February, 2024
PREVIOUS
About the Infrastructure Overview in ITE Work 		  NEXT
Analyze entity performance metrics in ITE Work

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters