Use the Service Analyzer tile view in ITSI
The tile view is the default view of the Service Analyzer. To use the Service Analyzer tile view, click the icon in the Service Analyzer. Whichever view you save last loads the next time you open the Service Analyzer.
The Service Analyzer lists the top 50 most critical services and KPIs you are monitoring. Change the number of services or KPIs to display by clicking the gear icon next to the title.
The services and KPIs are represented as tiles containing a number, a color, and a sparkline. The number and the color indicate the current severity level of the service or KPI and the sparkline indicates the trend of the value for the time range selected in the time range picker (default is last 60 minutes).
- The service or KPI has one or more entities in a degraded state.
- The service has one or more critical or high notable event groups associated with it.
Hover over the icon to find out which conditions exist. Click the tile to open the side panel with more information.
Note that service tiles are not displayed for services for which the user does not have read access. Likewise, KPI tiles are not displayed for KPIs associated with services for which the user does not have read access. Read and write access to services and KPIs is controlled by teams. For information about teams, see ITSI service-level permissions in the Installation and Configuration Manual.
The minimum time range that can be selected in the time picker is 45 minutes. This is the minimum length of time needed to ensure all KPI data is available. If you select Last 15 minutes, or any time range that is less than 45 minutes, the time picker is automatically set to 45 minutes.
You can filter the services and KPIs that are displayed in the Service Analyzer using the Filter Services and Filter KPIs boxes at the top. When you filter by service, only the KPIs that belong to the filtered services are displayed. When you filter by KPI, only the services associated with the KPI are displayed. You can select one or more services or KPIs to filter in the dropdown list.
You can also use wildcards to filter. You can specify more than one wildcard filter. For example, if you have three services called Database Service 1, Database Service 2, and Database Service 3, you could type
data* in the Filter Services field to display just these three services and their associated KPIs. Furthermore, you can filter the KPIs for the filtered services. So if you wanted to see only the Database Service Response Time KPI for the three database services, you could specify
*response* in the Filter KPIs field. Note that if you filter on services then filter on a KPI that does not belong to any of the filtered services, no matches will be displayed.
Users cannot filter services or KPIs in the Filter Services and Filter KPI fields unless they have read access to those services and KPIs.
By default, disabled services and KPIs associated with disabled services are not shown on the Service Analyzer. Click the Show disabled service(s) check box at the top to display disabled services and their corresponding KPIs. The tiles for disabled services and KPIs are grey and display N/A instead of a number.
Automatically refresh the Service Analyzer
You can automatically refresh the Service Analyzer when a relative time range is selected from the time picker (as opposed to real-time). By default, auto-refresh is disabled for Service Analyzer. To enable it, create
$SPLUNK_HOME/etc/apps/SA-ITOA/local and add the following stanza to it:
[auto_refresh] disabled = 0 interval = 180
Interval is in seconds and defines the time interval to automatically refresh Service Analyzer. This configuration file setting applies to the default Service Analyzer and all saved Service Analyzers. For more information about this configuration file, see
Auto-refresh is disabled if a real-time selection is made in the time picker.
The number displayed in a service tile indicates the service health score. Service health scores range from 0 to 100, with 0 being most critical and 100 being most healthy.
|Service Health Score||Severity level||Color|
The service health score calculation is based on the current severity level of service KPIs (critical, high, medium, low, and normal) and the user-defined KPI importance value. For information about how the service health score is calculated, see How service health scores work in the ITSI Installation and Configuration manual.
The number displayed in a KPI tile is the number returned from the KPI search of the data. For example, you could have a KPI called Successful Logins that is a count of logins to your website. When a KPI is created in ITSI, aggregate severity-level thresholds of Normal, Low, Medium, High, and Critical are defined. If a KPI is split by entity, entity severity-level thresholds are also defined. The color corresponding to the aggregate severity-level is displayed in the KPI tile in the Service Analyzer by default. See Set Thresholds in the ITSI Installation and Configuration manual for information about KPI severity levels.
The name of the service that the KPI is associated with is displayed on the line beneath the name of the KPI for reference.
KPI tiles that are grey indicate one of the following conditions:
- The KPI search has returned no data matching the search criteria. The sparkline is flat in this case.
- The KPI is associated with a disabled service (when the Show disabled service(s) check box is checked).
- The KPI is associated with a service in maintenance mode (displayed in dark grey with a maintenance icon )
Drill down to a deep dive
You can drill down from the Service Analyzer tile view to a deep dive, where you can view and compare service health scores or KPI search results over time.
- Select the check box on one or more service or KPI tiles.
- Click Drilldown to Deep Dive.
If you select a single service or a single KPI, all KPIs associated with that service appear in the deep dive. If you select multiple services or KPIs, only the associated service health scores appear.
For more information about deep dives, see Deep dives in ITSI in this manual.
Monitor the health of your services with the ITSI Service Analyzer
Use the Service Analyzer tree view in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4