ITSI Service Analyzer use case
The Service Analyzer displays information about underlying entities and critical and high episodes associated with services. This helps you more quickly investigate the cause of service degradation.
To investigate a service with poor health or a service that displays a notification icon, click the service tile. A panel opens displaying the severity and values of the KPIs associated with the service and up to 20 episodes associated with the service that have a severity of critical or high. Furthermore, you can click on a KPI in the side panel (or on a KPI tile) to see a secondary panel that shows the severity and value of any entities that contribute to the KPI.
If you bookmark or copy the URL for a service analyzer page, the service or KPI that is selected and any side panels that are open are saved as part of the page.
As an IT Operations analyst, you are monitoring service health on the ITSI Service Analyzer.
- You notice a notification icon on the Database Service tile. You hover over the icon and see a message that the service has entities in a degraded state and also has critical or high episodes associated with it.
- You click the Database tile and a side panel opens showing the service KPIs and the critical or high episodes.
You see that two KPIs have notification icons indicating that they have entities in a degraded state. You also see there is one episode in a critical state containing over a hundred events.
Tip: Click View All to view the groups in Episode Review. Episode Review opens in a new tab and is filtered for the service you are viewing and the time range you are using on the Service Analyzer page. For information about Episode Review, see Overview of Episode Review in ITSI.
- You click the Storage Free Space: % KPI because it is in a critical state and has one or more entities with degraded performance. A secondary panel opens showing the contributing entities for this KPI.
You can now observe that the
mysql-02entity is in a critical state and has no free space. You have discovered the root cause of the service degradation.
- You click the name of the entity to see more information about the host on the Entity Details page. From here, you can see entity details such as title, host, application, itsi_role, version, and family.
You can only edit an entity on the Entity Details page if you have write permissions to the Global team. By default only the itoa_admin role has write permissions to the Global team.
Aggregate versus maximum severity KPI values in ITSI
Overview of Episode Review in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4