Content Pack for Monitoring Splunk as a Service

Content Pack for Monitoring Splunk as a Service

About the Content Pack for Monitoring Splunk as a Service

The Content Pack for Monitoring Splunk as a Service provides OS and application-level monitoring of your Splunk Enterprise environment. It includes services and KPIs to monitor a fully distributed single deployment of Splunk Enterprise. All operating system metrics are obtained from introspection and all KPIs are obtained from internal logs and REST APIs. This content pack is not intended for monitoring of Splunk Cloud Platform deployments.

In ITSI, a service is a logical mapping of IT objects that applies to your business goals. This content pack helps you create services that model the different pieces of your Splunk Enterprise environment, including search heads, indexers, and search head clusters. ITSI services contain KPIs (Key Performance Indicators) which make it possible to monitor service health, perform root cause analysis, and receive important alerts when things change.

This content pack provides the ability to monitor various aspects of your Splunk architecture, including the forwarder, indexer, license, and search tiers, as well as premium apps. The following image shows the services provided in this content pack:

SatSservicetree2.png

Content pack features

This content pack contains the following objects and object types:

Object type Description
ITSI services 41 services that represent your Splunk deployment. For a breakdown of the KPIs within each service, see KPI reference for the Content Pack for Monitoring Splunk as a Service.
Service templates Two service templates for Splunk instance and OS metrics.
KPI base searches 33 KPI base searches used by the KPIs in the various services.

ITSI and ITE Work support

The content in Content Pack for Monitoring Splunk as a Service is only supported in ITSI.

Installation

If you're using ITSI v4.9 or higher, you can install the Content Pack for Monitoring Splunk as a Service after installing the Splunk App for Content Packs. Install the content pack on the same search head where you installed ITSI. For installation instructions, see Install and configure the Content Pack for ITSI Monitoring and Alerting.

If you're using ITSI v4.8 or lower, you need to install the content pack using the backup ZIP file. See Install the content pack using backup and restore functionality provided by ITSI for detailed instructions.

Deployment requirements

Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring Splunk as a Service:

Content pack version ITSI version
2.1.0 4.17.x, 4.18.x
2.0.3 4.17.x, 4.18.x
2.0.1 4.4.5 and higher
2.0.0 4.4.5 and higher
1.1.0 4.4.4 - 4.5.0
1.0.0 4.2.1 - 4.4.3

Additional resources

Last modified on 31 January, 2024
  Release Notes for the Content Pack for Monitoring Splunk as a Service

This documentation applies to the following versions of Content Pack for Monitoring Splunk as a Service: 2.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters