Splunk® IT Essentials Work

Entity Integrations Manual

This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

About the Splunk Infrastructure Monitoring entity integration in ITE Work

The (ITE Work) entity integration with Splunk Infrastructure Monitoring lets you use ITE Work monitoring tools to investigate and troubleshoot your AWS, Azure, and GCP instances from Splunk Infrastructure Monitoring. The integration leverages the Splunk Infrastructure Monitoring Add-on, which runs on the search head cluster and provides generating search commands that fetch metrics and event data from your Splunk Infrastructure Monitoring account. For setup instructions, see Integrate Splunk Infrastructure Monitoring with ITE Work.

This diagram illustrates how the Splunk Infrastructure Monitoring Add-on brings data into Splunk. The Splunk Infrastructure Monitoring Add-on is on the search head and sends a SignalFlow API query to Splunk Infrastructure Monitoring in the cloud. Splunk Infrastructure Monitoring contains GCP, Azure, and AWS integrations. The API sends back a streaming response with metrics. The Content Pack for Splunk Infrastructure Monitoring fetches these metrics and uses them to create entities, KPIs, and services. The content pack contains visualizations to help monitor your Splunk Infrastructure Monitoring environment.

Fetch data with the Splunk Infrastructure Monitoring Add-on

The Splunk Infrastructure Monitoring Add-on brings metrics and event data from Splunk Infrastructure Monitoring into ITE Work on-demand. The return data bypasses Splunk indexes and directly streams into the Splunk interface. You can further manipulate the Splunk Infrastructure Monitoring data using Splunk Search Processing Language (SPL) to fit your specific use case. ITE Work takes the data and populates the ITE Work summary index with the appropriate metrics and events. For more information, see Set up Infrastructure Monitoring.

Add structure to your data with the Content Pack for Splunk Infrastructure Monitoring

When you install the Content Pack for Splunk Infrastructure Monitoring, ITE Work entity discovery searches use the Splunk Infrastructure Monitoring Add-on to identify AWS, Azure, and GCP integration instances in your organization. The searches bring your cloud instances into ITE Work in the form of entities and associate them with entity types. Each Splunk Infrastructure Monitoring entity contains a navigation link in the entity health dashboard leading back to the corresponding instance within Splunk Infrastructure Monitoring. The content pack automatically creates ITE Work services corresponding to each integration type, which include KPIs to monitor critical functions.

Once you configure the Splunk Infrastructure Monitoring integration, use the service topology tree included in the content pack to monitor multiple cloud integrations all in one place. The following image shows the populated service topology tree:

This image shows the final Splunk Infrastructure Monitoring service topology tree. Each service is green. The Azure Functions service is selected and the side bar shows the individual KPIs within the service.
Last modified on 28 February, 2024
Troubleshoot the VMware vSphere entity integration in ITE Work   Splunk Infrastructure Monitoring integration requirements for ITE Work

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters