Splunk® IT Service Intelligence

Service Insights Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Set KPI importance values in ITSI

After you create a KPI in IT Service Intelligence (ITSI), assign the KPI an importance value. ITSI uses KPI importance values, along with the KPI severity levels, to calculate the overall service health score. A service's health score is a weighted average of the severity levels of a service's KPIs and dependencies.

Importance values range from 0 to 11. KPI importance values from 1-11 are included in the health score calculation, with 1 being the least important and 11 being the most important. KPIs with an importance value of 0 aren't included in the health score calculation. The greater the KPI importance value, the greater the impact that KPI has on the service health score.

ITSI considers KPIs that have an importance value of 11 as a special case that represents a "minimum health indicator" for the service. When a KPI with an importance value of 11 reaches the critical state, the overall health score for the service turns critical, regardless of the status of other KPIs in the service.

Prerequisite

Before you set KPI importance values you must add one or more KPIs to the service. For more information, see Overview of creating KPIs in ITSI.

Steps

  1. Go to Configuration > Services from the ITSI main menu.
  2. Open the service that contains your KPI.
  3. Select the Settings tab.
  4. Under Service Health Score Include Entities is enabled by default. When enabled, entities can effect the health score due to the thresholding levels placed on the entity. Disable Include Entities if you want the KPI aggregate to determine the Service Health Score rather than a single entity. See Impact of per-entity thresholds on service health scores in this topic for more info.
  5. Under Health Score Calculation you can set the importance value of each KPI.
    • Use Importance slider to set the importance value for your KPI (0-11).
    • Use Simulated Severity to test how the Simulated Health Score is impacted by changes in your KPI. Use this functionality to fine-tune your KPI importance values. The simulated health score is for preview purposes only and has no impact on actual severity-level thresholds or service health scores.
  6. Select Save.

How service health scores are calculated

Each service you create in ITSI has a simulated health score. The health score is a good indicator of the status of a service and is a useful metric to display in Service Analyzer, glass tables, and deep dives. A decline in a service's health can be the first sign of an issue that might lead to an outage. ITSI continuously monitors and updates service health scores.

Service health scores range from 0 to 100, with 0 being most critical and 100 being most healthy. The health score calculation is based on the current severity level of service KPIs (Critical, High, Medium, Low, and Normal) and the weighted average of the importance values of all KPIs in a service.

The Info severity level isn't included in the service health score calculation.

ITSI doesn't directly use KPIs or health scores of dependent services to calculate a service's health score. Service health scores are calculated based on the score_contribution value for each severity level. Score contribution values are defined in threshold_labels.conf. Don't modify these values.

For example, a service contains 2 KPIs. One KPI is Critical, so the score_contribution value is 0. The other KPI is Normal, so the score_contribution value is 100. Assuming both KPIs have the same importance values, the service health score will be 50.

The following formula is used to calculate service health scores:
SHS.png
Where:

    • N = count of KPIs
    • G = importance value of one KPI
    • K = the score contribution of the KPI (Normal=100, Low=70, Medium=50, High=30, Critical=0)

For example, if you set KPI importance values as follows: KPIImportanceValues.png

The service health score is calculated as follows:

Service health score = (100 ∗ 10/22) + (70 ∗ 7/22) + (30 ∗ 5/22) = 45.45 + 22.27 + 6.81 = 74.53

Impact of per-entity thresholds on service health scores

When a KPI is split by entity, if any entity has a severity level that's worse than the service aggregate severity, the service health score is impacted. K in the equation above represents the score contribution of a KPI. However, if the KPI is split by entity, the worst entity is taken as the score contribution. Therefore, while the aggregate KPI score might be 100 (Normal), one of the entities within that KPI might be 30 (High), so the overall score contribution of that KPI will be 30.

In some cases, entity severity contributions can cause the overall service health score to change significantly, while the aggregate KPI severity level changes only marginally or not at all. For example, if you have a CPU % utilization KPI that is running against three entities, and two of those entities show normal severity, while the third shows critical, the overall service health score might show critical, while the aggregate KPI severity level remains normal.

For more information about per-entity thresholds, see Configure KPI thresholds in ITSI.

Disable impact of per-entity thresholds on service health scores

Complete the following steps if you don't want the service health score to be impacted when you split a KPI per entity:

  1. Click Configuration > Services from the ITSI main menu.
  2. Open the service that contains your KPI.
  3. Click the Settings tab.
  4. Disable the Include Entities toggle under the Service Health Score section.
  5. Click Save.

Impact of service dependencies on service health scores

Any service dependencies that you add to a service will impact the service health score, based on the importance value that you set for dependent service KPIs. For more information, see Set importance values for service dependencies.

Last modified on 28 April, 2023
PREVIOUS
Configure KPI thresholds in ITSI
  NEXT
Create KPI base searches in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters