Splunk® IT Essentials Work

Administration Manual

Splunk IT Essentials Work version 4.9.0 isn't available for download.
This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

About administering Splunk ITE Work

(ITE Work) is a free app based on Splunk IT Service Intelligence (ITSI) that helps you start monitoring and analyzing your IT infrastructure.

ITE Work includes data integrations and investigation tools for operating systems, virtual infrastructures, and containers. You can use ITE Work to automatically discover and bring in data in the form of entities. An entity represents an IT component that requires management to deliver an IT service. Entities are usually hosts, but can also be items such as cloud or virtual resources, network devices, or applications. Related dashboards are also created as part of the entity integrations. These dashboards give you insight into the health and performance of your entities.

ITE Work is available both for Splunk Cloud Platform customers and Splunk Enterprise customers. It enables you to do the following:

Task Tool
Automatically discover and create entities from onboarded data for known entity types. Entity integrations


These default entity integrations are available in ITE Work:

  • Unix and Linux
  • Windows
  • VMware vSphere
  • Splunk Infrastructure Monitoring
Import additional entities into ITE Work. Entity discovery searches
Classify data sources and create statistical calculations to measure the health of the data source. Entity types and vital metrics
Get a holistic view of all entities in your environment, as well as the health of those entities across various platforms. Infrastructure Overview dashboard
Investigate alerts caused by changes in the vital metrics for entity types in your environment. Alert Review dashboard
Install prepackaged content to quickly set up your ITE Work environment and start using the data you've brought in. Splunk App for Content Packs and Splunk Content Packs for ITSI and ITE Work

Administering ITE Work is a less involved proposition than administering ITSI, because ITE Work only supports the following subset of the ITSI functionality:

Name Description
Overview of backing up ITE Work KV store data Regularly back up the KV store and restore your ITE Work data from a backup in the event of a disaster or if you add a search head to a cluster. You can perform both full backups and partial backups of your data.

Admins are also responsible for ingesting and analyzing entities, creating services and KPIs, and setting up alerts. These tasks are covered in the following manuals:

Last modified on 05 December, 2022
  User Roles in ITE Work

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters