About the Content Pack for Splunk Infrastructure Monitoring
The Content Pack for Splunk Infrastructure Monitoring provides the elements necessary to use ITSI monitoring tools to visualize and troubleshoot your Splunk Infrastructure Monitoring cloud services. The content pack includes predefined entity discovery searches paired with data from the Splunk Infrastructure Monitoring Add-on. The searches discover your AWS, Azure, and GCP instances within Infrastructure Monitoring and onboard them into ITSI as entities. Each service in the content pack has predefined key performance indicators (KPIs) that provide visibility into your Infrastructure Monitoring integrations.
The content pack also includes correlation searches that leverage ITSI Event Analytics to generate actionable events from those created by detectors in Infrastructure Monitoring. Preconfigured aggregation policies group these events into episodes for AWS, Azure, and GCP alerts. For more information about viewing and managing Infrastructure Monitoring events and episodes in ITSI, see Use the Content Pack for Splunk Infrastructure Monitoring.
Once you install and configure the content pack, use the service topology tree within ITSI to monitor multiple cloud providers all in one place. The following image shows the active service topology tree that monitors multiple cloud providers:
Content pack contents
This content pack contains services, entity discovery searches, entity types, KPI base searches, and correlation searches. Each object corresponds to either an AWS, Azure, or GCP instance. The following table describes how the objects fit together:
|Service||Entity discovery search||Entity type||KPI base search||Correlation search||Aggregation policy|
|AWS EC2||IT Service Intelligence - SIM AWS EC2 entities||AWS EC2||SIM:Cloud.AWS_EC2||Splunk Infrastructure Monitoring Events AWS EC2 Search||SIM AWS EC2 Alerts|
|AWS Lambda||IT Service Intelligence - SIM AWS Lambda entities||AWS Lambda||
|Azure Functions||IT Service Intelligence - SIM Azure Functions entities||Azure Functions||SIM:Cloud.Azure_Functions||Splunk Infrastructure Monitoring Events Azure VM Search||SIM Azure VM Alerts|
|Azure Virtual Machines||IT Service Intelligence - SIM Azure VM entities||Azure Virtual Machines||SIM:Cloud.Azure_VM|
|Google Cloud Functions||IT Service Intelligence - SIM Google Cloud Functions entities||Google Cloud Functions||SIM:Cloud.GCP_Compute||Splunk Infrastructure Monitoring Events GCP Compute Engine Search||SIM GCP Compute Engine Alerts|
|Google Compute Engine||IT Service Intelligence - SIM Google Compute Engine entities||Google Compute Engine||
Splunk Cloud installation
Splunk Cloud users can install this content pack directly through the ITSI Content Library, which is included in the ITSI 4.8.x installation package. For installation instructions, see Install and configure the Content Pack for Splunk Infrastructure Monitoring.
On-premises users currently need to download the embedded backup ZIP file from the installation steps in the documentation and restore it in ITSI using the backup/restore functionality. The Content Library will be made available to on-premises users in a future release. See the installation instructions for this content pack to access the ZIP file.
Use the following table to determine the ITSI version compatibility with various versions of the Content Pack for Splunk Infrastructure Monitoring:
|Content pack version||ITSI version|
|1.0.0||4.7.0 or higher|
- For ITSI deployment planning guidelines, see Plan your ITSI deployment in the Install and Upgrade manual.
- For ITSI version compatibility with Splunk Enterprise versions, see Splunk products version compatibility matrix.
Release notes for the Content Pack for Splunk Infrastructure Monitoring
This documentation applies to the following versions of Content Pack for Splunk Infrastructure Monitoring: 1.0.0
Feedback submitted, thanks!