Splunk® App for Content Packs

Overview of the Splunk App for Content Packs

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Overview of the Splunk App for Content Packs

Splunk Content Packs provide prepackaged content that you can use to quickly set up your Splunk IT Service Intelligence (ITSI) or IT Essentials Work (ITE Work) environment. This content can include configured KPI base searches, service templates, saved glass tables, and other objects for use within ITSI or ITE Work.

The Splunk App for Content Packs enables you to access content packs, preview their contents, and install them in your environment. Download the Splunk App for Content Packs from Splunkbase. The Splunk App for Content Packs is compatible with ITSI and ITE Work versions 4.9.0 and higher. As new content packs become available or existing content packs are updated, you can download the most recent version of the Splunk App for Content Packs to get this new content. When you install an updated version of a content pack, you can see which objects are new to the content pack.

After you've installed the Splunk App for Content Packs, you can go to Configuration > Data Integrations. Depending on your version of ITSI or ITE Work select Content Library to see the available content packs.

Once installed, the objects within a content pack are configurable. If you want to change the frequency of a search frequency, adjust latency, or change calculation methods, you can edit the objects directly.

Most content packs process data collected through the use of Splunk add-ons. Add-ons collect host, network, and other data from computers that you install them on and map that data to a data model. Add-ons power the data underlying the metrics for each content pack. For more information, see About Splunk add-ons in the Splunk Add-ons manual.

Example screenshot of featured content packs in content pack v2.0.0



Compatibility with ITSI and ITE Work

Splunk App for Content Packs version ITSI version ITE Work version
2.1.0 4.17.x, 4.18.x 4.17.x, 4.18.x
2.0.1 4.17.x, 4.18.x 4.17.x, 4.18.x
2.0.0 4.17.x, 4.18.x 4.17.x, 4.18.x
1.9.1 4.15.x, 4.16.x, 4.17.x, 4.18.x 4.15.x, 4.16.x, 4.17.x, 4.18.x
1.9.0 4.15.x, 4.16.x, 4.17.x, 4.18.x 4.15.x, 4.16.x, 4.17.x, 4.18.x
1.8.0 4.14.x, 4.15.x 4.14.x, 4.15.x
1.7.0 4.13.x, 4.14.x 4.13.x, 4.14.x
1.6.0 4.12.0 and higher 4.12.0 and higher
1.5.0 4.11.0 and higher 4.11.0 and higher
1.4.0 4.9.4 and higher, 4.11.0 and higher 4.9.4 and higher, 4.11.0 and higher
1.3.0 4.9.2 and higher 4.9.2 and higher
1.2.0 4.9.2 and higher 4.9.2 and higher
1.1.0 4.9.0 and higher 4.9.0 and higher
1.0.0 4.9.0 and higher 4.9.0 and higher

Install the Splunk App for Content Packs

To access the content packs on the Data Integrations page of ITSI or ITE Work, you have to install the Splunk App for Content Packs. You can install the Splunk App for Content Packs on your Splunk Cloud Platform or on-premises environment. See Install the Splunk App for Content Packs for steps to install the Splunk App for Content Packs.

Available content packs

These content packs are available in the Splunk App for Content Packs version 2.1.0.

All saved searches of Splunk App for Content Packs v2.0 are deactivated by default.

For more information about what is new or changed in this release, see New features in the Splunk App for Content Packs

Content pack Description Index type Supported Apps Required Add-ons and prerequisites
Content Pack for Amazon Web Services Dashboards and Reports version 1.4.0 Provides the elements necessary to monitor the health and availability of your AWS environment. Events ITSI and ITE Work Splunk Add-on for AWS
Content Pack for Example Glass Tables version 1.1.0 Provides a starting point for monitoring various use cases on the glass table canvas. None

(Uses static example data)

ITSI n/a
Content Pack for ITE Work Alert Routing version 1.0.2 Extends the default ITE Work alert functionality by allowing you to take an external action when an alert is triggered, such as sending an email. Events ITE Work
Content Pack for ITSI Monitoring and Alerting version 2.3.0 Provides a prescriptive blueprint for enterprise-wide alerting across all your ITSI services. Events and Metrics
(Most of the searches are based on events index)
ITSI
  • (Optional) Lookup File Editor app. The Content Pack for ITSI Monitoring and Alerting uses several new lookup files. The files enrich notable events with the information necessary to group related events, drive alert actions, and engage the correct stakeholders.
  • (Optional) Punchcard Visualization app. Several dashboards within the content pack depend on the punchcard visualization to better visualize concentrations of data over hours of the day or days of the week. If you plan to use the dashboards within this content pack, install this visualization.
Content Pack for Microsoft 365 version 1.4.0 Provides the elements necessary to monitor the health and availability of your Microsoft 365 environment. Events ITSI and ITE Work Splunk Add-on for Microsoft Office 365
Content Pack for Microsoft Exchange version 1.7.0 Provides the elements necessary to monitor the health and availability of your Exchange environment. Events ITSI and ITE Work Splunk Add-on for Microsoft Exchange
Content Pack for Monitoring Citrix version 1.0.3 Provides a quick way to build ITSI services to monitor your Citrix virtual apps and desktop infrastructure. Events and Metrics ITSI
Content Pack for Monitoring Microsoft Windows version 1.2.0 Provides the elements needed for monitoring your OS-level health related to Windows servers. Events and Metrics ITSI Splunk Add-on for Windows
Content Pack for Monitoring Phantom as a Service version 1.0.1 Provides knowledge objects to monitor the health of your Phantom server environment. Events ITSI
Content Pack for Monitoring Pivotal Cloud Foundry version 1.1.0 Provides the elements necessary for monitoring your Pivotal Cloud Foundry deployment. Events and Metrics ITSI Splunk Firehose Nozzle for PCF
Content Pack for Monitoring Splunk as a Service version 2.1.0 Provides OS and application-level monitoring of your Splunk Enterprise environment. Events ITSI n/a
Content Pack for Monitoring Unix and Linux version 1.2.0 Provides the elements needed to monitor your OS-level health related to Linux and certain types of Unix servers. Events and Metrics ITSI Splunk Add-on for Unix and Linux
Content Pack for NetApp Data ONTAP Dashboards and Reports version 1.1.1 Provides the elements necessary to monitor the health and availability of your NetApp environment. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. Events ITSI and ITE Work
Content Pack for ServiceNow version 1.1.0 Provides the elements needed to monitor your ServiceNow instances. Events ITSI and ITE Work
Content Pack for Shared IT Infrastructure Components version 1.4.0 Supports approaches for mapping service dependencies within ITSI. Events
(Uses _internal index)
ITSI n/a
Content Pack for SOAR System Logs version 1.0.0 The Content Pack for SOAR System Logs provides an ITSI-based approach to monitoring the health of your SOAR server environment. Events ITSI
Content Pack for Splunk Observability Cloud version 3.2.0 Bridges the data gap between ITSI and Splunk Observability Cloud by providing the functionality of Splunk Synthetic Monitoring, Splunk Infrastructure Monitoring, and Splunk Application Performance Monitoring in a single view. Metrics ITSI and ITE Work Splunk Infrastructure Monitoring Add-on
Content Pack for Splunk Synthetic Monitoring version 1.0.2 Detect and resolve issues faster across your critical user flows, business transactions and API endpoints using Splunk Synthetic monitoring. Metrics ITSI and ITE Work Splunk Synthetic Monitoring Add-on
Content Pack for Third-Party APM version 1.2.0 Provides the elements necessary to monitor the health of applications that use third-party APM tools (AppDynamics, DynaTrace, and New Relic). Events ITSI and ITE Work
Content Pack for Unix Dashboards and Reports version 1.1.5 Provides reports, alerts, and dashboards for Linux and Unix management. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. Events ITSI and ITE Work Splunk Add-on for Unix and Linux
Content Pack for VMware Dashboards and Reports version 1.2.0 Provides the elements necessary to monitor the health and availability of your virtual environments. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. Events and Metrics ITSI and ITE Work Splunk Add-on for VMware Metrics
Content Pack for VMware Monitoring version 1.2.0 Provides the elements necessary to monitor the performance of the main components in a VMware vSphere environment. Metrics ITSI Splunk Add-on for VMware Metrics
Content Pack for Windows Dashboards and Reports version 1.3.0 Provides deep visibility into the health and performance of your Microsoft Windows Server and Active Directory environments. Events ITSI and ITE Work

Content packs in ITE Work

The Splunk App for Content Packs installs supported content packs in your ITE Work environment. You can only install entity-type objects in ITE Work. In addition to the content packs shown on the Data Integrations page under Content Library, there are content packs that are automatically installed when you install the Splunk App for Content Packs. See Available content packs in this topic for a list of content packs available in ITE Work.

If you upgrade from ITE Work to ITSI, objects in your environment persist after the upgrade.

Featured content packs in this version of Splunk App for Content Packs

Last modified on 14 February, 2024
  NEXT
Upgrade Splunk App for Content Packs to version 2.x

This documentation applies to the following versions of Splunk® App for Content Packs: 2.1.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters