Splunk® IT Service Intelligence

Install and Upgrade Manual

Install Splunk IT Service Intelligence on a single instance

Install Splunk IT Service Intelligence (ITSI) on an on-premises search head. In a single-instance deployment, a single Splunk Enterprise instance serves as both search head and indexer. Splunk Cloud customers must work with Support to coordinate access to the ITSI search head.

Install ITSI by extracting the ITSI installation package. ITSI doesn't support installation using the app manager in Splunk Web or using the splunk install app command at the command line.

For information about what and where to install in various types of distributed environments, see Where to install IT Service Intelligence in a distributed environment.

Installation prerequisites

  • Review the Splunk platform requirements for IT Service Intelligence. See Splunk Enterprise system requirements.
  • Your Splunk ITSI instance must include the default admin user. Deleting or renaming this user breaks ITSI installation and operation.

Steps

At this time, you can't install ITSI from the Splunk Web interface.

  1. Log in to splunk.com with your Splunk.com ID.
  2. Download the latest Splunk IT Service Intelligence product from Splunkbase.
  3. Stop your Splunk platform deployment. For example:
    cd $SPLUNK_HOME/bin
    ./splunk stop
    
  4. Extract the ITSI installation package into $SPLUNK_HOME/etc/apps. For example:
    tar -xvf splunk-it-service-intelligence_<latest_version>.spl -C $SPLUNK_HOME/etc/apps
    

    On Windows, rename the file extension from .spl to .tgz first and use a third-party utility to perform the extraction.

  5. Start your Splunk platform deployment. For example:
    cd $SPLUNK_HOME/bin
    ./splunk start
    

Install required Java components

IT Service Intelligence requires Java 8.x - 11.x or Java 17 to run anomaly detection and notable event management features. You can install Java prior to or after installing ITSI, but before you start running ITSI.

Install Java on all search heads running ITSI. On RHEL and Ubuntu Linux, you can install the vendor packages java-1.8.0-openjdk on RHEL Linux and openjdk-8-jdk on Ubuntu Linux. Alternatively, you can download and install the latest version of Oracle Java 8-11 (JRE or JDK).

Using 32-bit JRE/JDK on ITSI version 4.3.x or later might cause the Rules Engine to fail with unclear errors in the search.log. If this occurs, perform the workaround described in ITSI-4663.

If the JAVA_HOME environment variable is set correctly to the base of the Java installation, or the java executable (or java.exe in Windows) can be found using the PATH environment variable, no additional action is required. This is typically the case if you install the vendor Java packages in Linux or OS X.

If you install Java to a custom location, for example, when you install Oracle Java directly from Oracle's website, and neither PATH nor JAVA_HOME is set to the Java installation, you must add the bin bash of the JDK in $HOME/.bashrc. Perform the following steps:

  1. Change to your home directory.
    cd $HOME
    
  2. Open the .bashrc file.
  3. Add the following line to the file. Replace the JDK directory with the name of your java installation directory.
    export PATH=/usr/java/<JDK Directory>/bin:$PATH
    
  4. Save the file and exit.
  5. Use the source command to force Linux to reload the .bashrc file which normally is read only when you log in each time.
    source .bashrc
    

If you want to set the PATH for all users, you need to log in as root in the bash shell and perform the above steps on the .profile file in the etc directory and not the .bashrc file in the home directory.

(Optional) Install required Predictive Analytics add-ons

If you plan to use the ITSI Predictive Analytics capabilities, install the Splunk Machine Learning Toolkit (MLTK) and the Python for Scientific computing add-on. These add-ons are only required if you plan to use Predictive Analytics to predict service health scores. For more information, see Set up Predictive Analytics in ITSI.

  1. Install the Python for Scientific Computing add-on version 1.3 or later for your operating system from Splunkbase:
  2. Install the latest version of the Splunk MLTK. Follow the steps in Install the Splunk Machine Learning Toolkit in the MLTK User Guide.
  3. Give the MLTK app Global permissions:
    1. In ITSI, click App: IT Service Intelligence > Manage Apps.
    2. In the filter bar, enter Splunk Machine Learning Toolkit.
    3. Click Permissions.
    4. Ensure that All apps is selected.
    5. Click Save.

About the ITSI installation package

The ITSI installation package places the following directories in $SPLUNK_HOME/etc/apps:

  • DA-ITSI-APPSERVER
  • DA-ITSI-DATABASE
  • DA-ITSI-EUEM
  • DA-ITSI-LB
  • DA-ITSI-OS
  • DA-ITSI-STORAGE
  • DA-ITSI-VIRTUALIZATION
  • DA-ITSI-WEBSERVER
  • itsi
  • SA-IndexCreation
  • SA-ITOA
  • SA-ITSI-ATAD
  • SA-ITSI-CustomModuleViz
  • SA-ITSI-Licensechecker
  • SA-ITSI-MetricAD
  • SA-UserAccess

To use CIM-based data models with ITSI, you have to manually install Splunk_SA_CIM.

Alongside IT Essentials Work or Splunk Enterprise Security

ITSI can't be installed on the same search head as IT Essentials Work (ITE Work) or Splunk Enterprise Security.

Last modified on 11 September, 2024
Python 3 migration with ITSI   Install ITSI in a FIPS enabled environment

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.17.0, 4.17.1, 4.18.0, 4.18.1, 4.19.0, 4.19.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters