Install and configure ITSI modules
The following ITSI modules are installed as part of the Splunk IT Service Intelligence package:
- ITSI Application Server Module
- ITSI Database Module
- ITSI End User Experience Monitoring Module
- ITSI Load Balancer Module
- ITSI Operating System Module
- ITSI Storage Module
- ITSI Virtualization Module
- ITSI Web Server Module
The following ITSI modules are available for individual download:
- Splunk ITSI Module for Continuous Delivery
- Splunk ITSI Module for Application Performance Monitoring
All modules, whether included or downloaded and installed separately, do not require configuration. However, they do require relevant data to be indexed before you can create services based on the KPIs included in the modules.
See the documentation for each module that you want to use for links to the supported add-ons that are relevant for the environment you are monitoring with your ITSI deployment.
ITSI module entity discovery
ITSI module entity discovery works as follows:
- The ITSI admin provides data to ITSI by installing and configuring relevant Splunk add-ons.
- The entities send data to the indexers.
- The ITSI admin defines a new service, selecting an ITSI module to assist with service creation.
- The module automatically discovers entities for which relevant data has been collected.
The module uses a report (saved search) to discover entities. This search runs every four hours by default. You can manually run the search by doing one of the following actions:
- Restart the Splunk platform.
- Disable and enable the search.
- Create entities manually.
Change the automatic entity discovery search
You can change the automatic entity search for a module.
- From the system bar in Splunk IT Service Intelligence, navigate to Configure > Entities.
- Select Create New Entity > Import from Search.
- On the Entity/Service Import page, select Modules.
- Select the module, entity search, and search time you want.
- Click Next
- Specify your columns, then click Save & Next.
- Preview your service dependencies, then click Save & Next.
The configuration has been saved. You do not need to save it again as a modular input. You can trigger the module entity import search outside of the standard 4-hour interval.
Disable the automatic entity discovery search
You can disable entity discovery searches you are not using if you like. It is also OK to keep them enabled.
In a single search head environment:
To disable a module automatic entity discovery search, navigate to Settings > Data inputs and select IT Service Intelligence CSV Import. You will see the module entity discovery searches listed here. Scroll to the far right end of the table and disable the search in the Status column.
In a search head cluster environment:
You must disable the entity discovery search in the
inputs.conf file on the deployer and push the changes from the deployer to the cluster members.
Manually create entities
You can import entity information into ITSI.
- From the ITSI app menu bar, select Configure > Entities.
- Select Create New Entity > Import from Search.
- Click Modules. Two buttons appear and the search text field populates with the required search to locate entities.
- Confirm that the add-on button below the Modules button says ITSI Module for <Module> and that the search button below the add-on button says <Module> Entities search.
- (Optional) Set the time range that the search should run within by clicking the time range picker and choosing the range.
- Click the magnifying glass next to the time range picker to run the search. The Splunk platform searches indexed data and returns entity results for which data has been collected.
- Click Next.
- Navigate to the Specify Columns page.
- Review the information on the Specify Columns page. If you do not see the entity you want, then no data for that entity has been indexed into ITSI.
- Confirm that you installed and configured the correct add-on into a universal forwarder on that entity. Click Save & Next.
- Review the proposed changes to service dependencies, then click Save & Next. The Entity/Service Import success page shows you the number of entities you imported.
- Click Exit. ITSI returns you to the page you were on before you went to the Entity/Service Import page.
ITSI module roles
Versions 2.3.0 and above of ITSI use itsi_role in place of role, which was used in ITSI versions 2.2.2 and below. See the table to identify the roles that each module assigns to entities.
|ITSI Module||ITSI Role|
|ITSI Application Server Module||application_server|
|ITSI Database Module||database_instance|
|ITSI End User Experience Monitoring Module||end_user_application|
|ITSI Load Balancer Module||loadbalancer|
|ITSI Operating System Module||operating_system_host|
|ITSI Storage Module||storagesystem|
|ITSI Virtualization Module||virtualization|
|ITSI Web Server Module||web_server|
About ITSI modules
ITSI module visualizations
This documentation applies to the following versions of Splunk® IT Service Intelligence: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4