Splunk® IT Essentials Work

Entity Integrations Manual

This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

Create a single entity in ITE Work

Create a single entity in (ITE Work) to associate events your Splunk platform deployment receives. An entity is an IT component that requires management to deliver an IT service. Each entity has specific attributes and relationships to other IT processes that uniquely identify it. Entities contain alias fields and informational fields ITE Work associates with indexed events. For more, see Overview of entity integrations in ITE Work.

You can associate entities with entity types. Entity types define visualizations and resources for entities. For more information, see Overview of entity types in ITE Work.

Prerequisites

Requirement Description
ITE Work role You have to log in as a user with the itoa_admin or itoa_team_admin ITE Work role.

Steps

Follow these steps to manually create a single entity.

  1. From the ITE Work main menu, go to Configuration > Entity Management.
  2. Select Create Entity > Create Single Entity.
  3. Configure the following fields to define your entity:
    Field Description
    Name The name of the entity.
    Description Provide a description of the entity. You can view the description from the Entities lister page later.
    Team All entities are created in the Global team. You can't modify this field.
    Aliases

    Field-value pairs that identify the entity. Fields and values are case insensitive. For example:

    host=webserver-01

    IP=10.2.1.1

    MAC=C6:4B:B9:E8:E6:2A

    If a field has multiple values, separate them with commas. For example, host = webserver-01, webserver-01.splunk.com .

    When creating an entity alias, make sure the key-value pair is unique. ITE Work relies on alias key-value pairs to identify entities in visualizations such as Service Analyzer and Episode Review, and ensure that information is displayed accurately for each entity. To identify any duplicate entity aliases in your environment, see the Check for Duplicate Entity Aliases panel of the ITE Work Health Check dashboard.

    Info Fields

    Field-value pairs that associate specific attributes with the entity. Info fields are like common fields, and can have the same values across entities. For example, an info field like datacenter=vault13 can be common to all the entities of the same data center. Fields and values are case insensitive. For example:

    role=webserver

    owner=Ops

    If a field has multiple values, separate them with commas. For example, component=metrics, store.

    Alias and info fields and values have the following restrictions:

    • Unsupported characters in field names: dollar sign ($) as the first character, single quotes ('), double quotes ("), equal sign (=), period (.), and commas (,).
    • Unsupported characters in field values: dollar sign ($) as the first character, single quotes ('), double quotes ("), and equal sign (=). Using commas (,) will split a field value into two separate fields with two names.
  4. Select existing Entity Types you want to associate the entity with. You can select zero or more entity types. If you don't have existing entity types, create them first. You can edit the entity later and associate it with entity types. For more information about creating entity types, see Configure entity types in ITE Work.
  5. Click Create. The entity appears in the Entities lister page.

Do more with ITSI

After you create entities, you can use entity rules to associate entities with services, included with ITSI. For more information about entity rules and configuring services, see Overview of creating services in ITSI in the ITSI Service Insights manual.

Last modified on 28 February, 2024
CreateContentPacks   Import entities from a search in ITE Work

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters