IT Operations Overview

IT Operations Product Overview

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

IT operations product overview

Splunk software products provide end-to-end service monitoring, predictive management, and full-stack visibility across hybrid cloud environments for IT operations use cases. To fulfill IT operations use cases, you can select from a set of apps, add-ons, and prepackaged content. You can configure these components to create a solution that provides predictive analytics, service-level dashboards, and intelligent event management.

Learn how you can fit the available components together to create a solution for your IT monitoring needs:

  1. Choose an IT operations monitoring app.
  2. Install add-ons to get data in.
  3. Install prepackaged content.

Details about each step of the process follow the diagram.

"Screenshot of the IT Operations components starting with Splunk Enterprise or Splunk Cloud Platform, begin by adding choosing an IT operations monitoring app. Next, install add-ons to get data in. Finally install prepackaged content.

Choose an IT operations monitoring app

Begin by choosing the IT app that meets your needs. You can use either IT Essentials Work (ITE Work) or IT Service Intelligence (ITSI).

IT Essentials Work (ITE Work)

Splunk IT Essentials Work (ITE Work) is a free app that helps you get started monitoring and analyzing your IT infrastructure. ITE Work includes data integrations and investigation tools for operating systems, virtual infrastructures, and containers. ITE Work is made up of the Entity Integrations functionality of Splunk ITSI, which includes default entity integrations, entity types, and entity dashboards. See ITE Work documentation.

ITE Work is available both for Splunk Cloud Platform customers and Splunk Enterprise customers. You can upgrade from ITE Work to ITSI by purchasing and installing an ITSI license. After you upgrade, the ITE Work app is replaced with the ITSI app. All objects from your ITE Work environment are transferred to your ITSI environment as part of the upgrade.

IT Service Intelligence (ITSI)

Splunk IT Service Intelligence (ITSI) is a premium, scalable IT operations monitoring and analytics solution that provides actionable insight into the performance and behavior of your IT services. Use the monitoring tools in ITSI to detect problems, simplify investigations, triage issues, and accelerate resolutions. You can also ingest events from across your IT landscape and from other monitoring silos to provide a unified operational console of all your events and service-impacting issues. See ITSI documentation.

ITSI consists of three primary components: Entity Integrations, Service Insights, and Event Analytics.

  1. Entity Integrations are used to collect and aggregate data into ITSI. Data is collected into entities. An entity represents an IT component that requires management to deliver an IT service. Entities are usually hosts, but can also be items such as cloud or virtual resources, network devices, or applications.
  2. Service Insights lets you visualize the health of your business and IT services. The top-down mapping approach helps correlate business services to technical processes in the underlying infrastructure layer, enabling you to quickly identify and triage problems and identify root causes directly from the service layer.
  3. Event Analytics uses events from across your IT landscape and various monitoring tools to provide a unified operational console of all your events and service-impacting issues. By integrating event analytics with incident management tools and help desk applications, you can accelerate incident investigation and automate remedial actions.

ITSI is available both for Splunk Cloud Platform customers and Splunk Enterprise customers.

ITE Work and ITSI Work feature comparison

The following tables describe the different features available in ITE Work and ITSI.

Entity Integrations feature comparison

Feature Description Available in ITE Work Available in ITSI
Entity integrations Use entity integrations to automatically create entities and regularly bring in data.


These default entity integrations are available in both ITE Work and ITSI:

  • Unix and Linux
  • Windows
  • VMware vSphere
  • Splunk Infrastructure Monitoring
Yes Yes
Entity discovery searches Use entity discovery searches to import additional entities into ITE Work or ITSI. Entity discovery searches are saved searches that are included with the app to import entities into ITE Work and ITSI. Yes Yes
Entity types Classify data sources and create statistical calculations to measure the health of the data source using entity types.


For example, there are *nix, Windows, Kubernetes, and VMware vCenter Server entity types. Entity types can represent physical hosts, containers, virtual environments, and cloud providers.

Yes Yes
Vital metrics Vital metrics are statistical calculations based on Search Processing Language (SPL) searches that represent the overall health of entity types. Yes Yes
Infrastructure Overview dashboard Use the Infrastructure Overview dashboard to get a holistic view of all entities in your environment, as well as the health of those entities across various platforms. Yes Yes


Service Insights feature comparison

Feature Description Available in ITE Work Available in ITSI
Services Use services to represent the real-world IT services that you can use to monitor the health of IT systems and business processes. No Yes
KPI base searches Use KPI base searches to share a search definition across multiple KPIs ITSI. Create base searches to consolidate multiple similar KPIs, reduce search load, and improve search performance. No Yes
Service analyzer dashboards Service analyzers provide an overview of ITSI service health scores and KPI search results that are currently trending at the highest severity levels. Use the Service Analyzer to view the status of IT operations and to identify services and KPIs running outside expected norms. No Yes
Glass tables Use glass tables to visualize and monitor the interrelationships and dependencies across your IT and business services. No Yes

Event Analytics feature comparison

Feature Description Available in ITE Work Available in ITSI
Episode Review dashboard Use the Episode Review dashboard to get a unified view of all your service-impacting alerts as episodes. No Yes
Entity analytics dashboards Get high-level insight and troubleshoot notable events coming into your ITE Work or ITSI deployment.


Use the Event Analytics Audit dashboard to get high-level insight into the notable events coming into your ITE Work or ITSI deployment.

Use the Event Analytics Monitoring dashboard to troubleshoot events.

No Yes
Correlation searches, notable events, and aggregation policies Use correlation searches to regularly scan multiple data sources for defined patterns.

Notable events are typically generated by a correlation search, but they can also be directly fed into the system by anomaly detection or other REST API sources.

A notable event aggregation policy tells the ITSI rules engine how to group, organize, and deduplicate notable events in the Episode Review dashboard. You can also use aggregation policies to automate episode actions, such as sending an email or pinging a host.

No Yes

IT Essentials Learn

Want to learn more about the functionality of the ITSI and ITE Work apps? See Splunk IT Essentials Learn, a free app that allows you to explore relevant procedures that fit your environment, learn how they work, and measure your results.

Install add-ons to get data in

Beyond the default entity integrations that are present in both ITSI and ITE Work, there are add-ons for IT operations monitoring that you can install from Splunkbase to help you onboard data from various data sources. For example, see the Splunk Add-on for Amazon Web Services and the Splunk Add-on for Microsoft Office 365 are commonly used and have corresponding content packs to help you get started. Go to the IT Operations category on Splunkbase to review available add-ons.

After you download add-ons that correspond to your data sources from Splunkbase, install and configure them so that data for your various applications begins to flow into your ITE Work or ITSI app. Go to Splunk Supported Add-ons in Splunk documentation for installation and configuration help.

Install prepackaged content

After you configure the default entity integrations and any add-ons to get data in, you want to begin using this data. The Splunk App for Content Packs contains a library of Splunk content packs that provide prepackaged content for you to quickly set up your ITE Work or ITSI environment and start using the data you've brought in. Content packs can include preconfigured KPI base searches, service templates, saved glass tables, and other objects for use within ITE Work or ITSI. For a list of available content packs, go to the Overview of content packs for ITSI and IT Essentials Work.

Install the Splunk App for Content Packs from Splunkbase. After you install the Splunk App for Content Packs, you can install content packs that are relevant to the data you've brought in.

Next step

After you install any prepackaged content you want to use, create an IT operations configuration to meet your needs. Go to the ITSI documentation or the ITE Work documentation for next steps.

Legacy apps

Several vendor-specific apps have reached or are reaching end of life. Splunk has migrated the content from these legacy apps to content packs. When you switch from these legacy apps to content packs, you have a consolidated experience within one app, either ITE Work or ITSI. In addition, as content packs are updated, you can upgrade all content packs by upgrading the one app, the Splunk App for Content Packs. For help migrating from legacy apps to content packs, see Migrate from legacy apps to content packs.

Legacy app End-of-life date Replacement content pack
Splunk App for Amazon Web Services July 15, 2022 Content Pack for Amazon Web Services Dashboards and Reports
Splunk App for Infrastructure (SAI) August 22, 2022 See ITSI Entity discovery searches.
Splunk App for Linux and Unix March 13, 2022 Content Pack for Linux and Unix Dashboards and Reports
Splunk App for Microsoft Exchange October 22, 2021 Content Pack for Microsoft Exchange
Splunk App for NetApp Data ONTAP June 10, 2021 Content Pack for NetApp Data ONTAP Dashboards and Reports
Splunk App for VMware August 31, 2022 Content Pack for VMware Dashboards and Reports
Splunk App for Windows Infrastructure October 20, 2021 Content Pack for Windows Dashboards and Reports
Splunk Supporting Add-on for NetApp January 20, 2023 Content Pack for NetApp Data ONTAP Dashboards and Reports
Splunk Supporting Add-on for VMware January 11, 2023 Content Pack for VMware Dashboards and Reports
Last modified on 15 November, 2021
 

This documentation applies to the following versions of IT Operations Overview: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters