Splunk® IT Service Intelligence

Service Insights Manual

Overview of creating services in ITSI

An IT Service Intelligence (ITSI) service is a representation of a real-world IT service that you can use to monitor the health of IT systems and business processes. For more information about ITSI services, see Overview of Service Insights in ITSI. The following diagram shows the steps to configure an ITSI service:

ServiceConfig.png

After you initially create one or more services, you must perform some manual configuration, including adding entity rules to filter to entities, adding KPIs to monitor the service's health, and adding service dependencies. You can then use ITSI to monitor service health, perform root-cause analysis, set up threshold-based alerts, and track compliance with organizational SLAs (service-level agreements).

Prerequisites

  • You must have the write_itsi_service capability to create services. The itoa_admin and itoa_team_admin roles have this capability by default.
  • You must have write access to a team to edit services belonging to that team. If your organization hasn't created teams, all services reside in the Global team. For information about teams, see Implement teams in ITSI in the Administration Manual.
  • Before you create a service, define the entities you want the service to contain. You can add the entities to the service when you configure the service. For more information, see Overview of entity integrations in ITSI in the Entity Integrations Manual.

Step 1: Create one or more services

There are three ways to create services in ITSI:

Create a single service in ITSI
Create new services one at a time in the UI. Manually create a service from scratch or use service templates to automatically populate the entity rules and KPIs.
Import services from a CSV file in ITSI
Import new services and link them to service templates from a CSV file. This method lets you import a hierarchy of dependent services with entities already associated. You can also create a modular input that runs automated recurring imports of the CSV file contents.
Import services from a search in ITSI
Add services and link services to service templates from an ITSI module, saved search, or ad hoc search.

Step 2: Define entity rules (Optional)

Entity rules let you dynamically filter KPI searches based on entity alias matches. Define entity rules to associate entities with KPIs at the service level, which makes it unnecessary to specify entity identifying fields for each KPI search. For detailed instructions, see Define entity rules for a service in ITSI.

Step 3: Add KPIs to the service

A Key Performance Indicator (KPI) is a recurring saved search that returns the value of an IT performance metric, such as CPU load percentage, memory used percentage, response time, and so on. You can define a KPI from a metrics search, a an ad hoc search, or a base search. For detailed instructions, see Overview of creating KPIs in ITSI.

Step 4: Add service dependencies (Optional)

Adding service dependencies can help you detect if one service is having a negative impact on another service, and can be useful in performing root cause analysis. For detailed instructions, see Add service dependencies in ITSI.

Last modified on 28 April, 2023
Overview of Service Insights in ITSI   Create a single service in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1, 4.19.0, 4.19.1, 4.19.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters