Install Splunk IT Service Intelligence on a single instance
Install Splunk IT Service Intelligence (ITSI) on an on-premises search head. In a single-instance deployment, a single Splunk Enterprise instance serves as both search head and indexer. Splunk Cloud customers must work with Support to coordinate access to the ITSI search head.
Install ITSI by extracting the ITSI installation package. ITSI doesn't support installation using the app manager in Splunk Web or using the splunk install app
command at the command line.
For information about what and where to install in various types of distributed environments, see Where to install IT Service Intelligence in a distributed environment.
Installation prerequisites
- Review the Splunk platform requirements for IT Service Intelligence. See Splunk Enterprise system requirements.
- Your Splunk ITSI instance must include the default
admin
user. Deleting or renaming this user breaks ITSI installation and operation.
Steps
At this time, you can't install ITSI from the Splunk Web interface.
- Log in to splunk.com with your Splunk.com ID.
- Download the latest Splunk IT Service Intelligence product from Splunkbase.
- Stop your Splunk platform deployment. For example:
cd $SPLUNK_HOME/bin ./splunk stop
- Extract the ITSI installation package into
$SPLUNK_HOME/etc/apps
. For example:tar -xvf splunk-it-service-intelligence_<latest_version>.spl -C $SPLUNK_HOME/etc/apps
On Windows, rename the file extension from .spl to .tgz first and use a third-party utility to perform the extraction.
- Start your Splunk platform deployment. For example:
cd $SPLUNK_HOME/bin ./splunk start
Install required Java components
IT Service Intelligence requires Java 8.x - 11.x or Java 17 to run anomaly detection and notable event management features. You can install Java prior to or after installing ITSI, but before you start running ITSI.
Install Java on all search heads running ITSI. On RHEL and Ubuntu Linux, you can install the vendor packages java-1.8.0-openjdk
on RHEL Linux and openjdk-8-jdk
on Ubuntu Linux. Alternatively, you can download and install the latest version of Oracle Java 8-11 (JRE or JDK).
Using 32-bit JRE/JDK on ITSI version 4.3.x or later might cause the Rules Engine to fail with unclear errors in the search.log. If this occurs, perform the workaround described in ITSI-4663.
If the JAVA_HOME
environment variable is set correctly to the base of the Java installation, or the java
executable (or java.exe
in Windows) can be found using the PATH
environment variable, no additional action is required. This is typically the case if you install the vendor Java packages in Linux or OS X.
If you install Java to a custom location, for example, when you install Oracle Java directly from Oracle's website, and neither PATH
nor JAVA_HOME
is set to the Java installation, you must add the bin bash of the JDK in $HOME/.bashrc
. Perform the following steps:
- Change to your home directory.
cd $HOME
- Open the .bashrc file.
- Add the following line to the file. Replace the JDK directory with the name of your java installation directory.
export PATH=/usr/java/<JDK Directory>/bin:$PATH
- Save the file and exit.
- Use the source command to force Linux to reload the .bashrc file which normally is read only when you log in each time.
source .bashrc
If you want to set the PATH
for all users, you need to log in as root in the bash shell and perform the above steps on the .profile file in the etc directory and not the .bashrc file in the home directory.
(Optional) Install required Predictive Analytics add-ons
If you plan to use the ITSI Predictive Analytics capabilities, install the Splunk Machine Learning Toolkit (MLTK) and the Python for Scientific computing add-on. These add-ons are only required if you plan to use Predictive Analytics to predict service health scores. For more information, see Set up Predictive Analytics in ITSI.
- Install the Python for Scientific Computing add-on version 1.3 or later for your operating system from Splunkbase:
- Install the latest version of the Splunk MLTK. Follow the steps in Install the Splunk Machine Learning Toolkit in the MLTK User Guide.
- Give the MLTK app Global permissions:
- In ITSI, click App: IT Service Intelligence > Manage Apps.
- In the filter bar, enter
Splunk Machine Learning Toolkit
. - Click Permissions.
- Ensure that All apps is selected.
- Click Save.
About the ITSI installation package
The ITSI installation package places the following directories in $SPLUNK_HOME/etc/apps
:
DA-ITSI-APPSERVER
DA-ITSI-DATABASE
DA-ITSI-EUEM
DA-ITSI-LB
DA-ITSI-OS
DA-ITSI-STORAGE
DA-ITSI-VIRTUALIZATION
DA-ITSI-WEBSERVER
itsi
SA-IndexCreation
SA-ITOA
SA-ITSI-ATAD
SA-ITSI-CustomModuleViz
SA-ITSI-Licensechecker
SA-ITSI-MetricAD
SA-UserAccess
To use CIM-based data models with ITSI, you have to manually install Splunk_SA_CIM
.
Alongside IT Essentials Work or Splunk Enterprise Security
ITSI can't be installed on the same search head as IT Essentials Work (ITE Work) or Splunk Enterprise Security.
Python 3 migration with ITSI | Install ITSI in a FIPS enabled environment |
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.17.0, 4.17.1, 4.18.0, 4.18.1, 4.19.0, 4.19.1
Feedback submitted, thanks!