About the Infrastructure Overview in ITSI
The Infrastructure Overview provides a holistic view of all entities in your environment as well as the health of those entities across various platforms.
An entity is an IT infrastructure component that requires management to deliver an IT service. Each entity has specific attributes and relationships to other IT processes that identify the entity. Entities are usually hosts, but can also be items as diverse as cloud or virtual resources, network devices, applications, users, and cell towers. For more information about entities, see Overview of entity integrations in ITSI.
Use the Infrastructure Overview to monitor the health of your overall system and quickly understand the availability and performance of your server infrastructure. You can filter entities by status (Active, Inactive, N/A, or Unstable) using the Status Filter and alert severity (Normal, Warning, Critical) using the Severity Filter. Filter by additional dimensions such as entity alias, entity status, or informational fields in the entities with dimensions field.
Group entities by entity type
Use the Group by dropdown to group entities by entity type in the Infrastructure Overview and see a consolidated view of the health of each of your integrated platforms. Each entity type card displays a key statistic for that specific entity type. A key statistic calculates the distribution of entities associated with the entity type to indicate the overall health of the entity type. Select an entity type to drill down into its vital metrics and perform more in-depth analysis. For more information about vital metrics, see Investigate vital metrics for an entity type.
Key statistics are defined in the
is_key object in itsi_entity_types.conf. An entity type can only have one key statistic, so all other metrics must be vital metrics with
is_key = 0. Do NOT edit key statistics and vital metrics through this configuration file. If you want to change the key statistic for an entity type, use the REST API. For instructions and examples, see Add custom vital metrics or edit default metrics. Only users assigned the admin or itoa_admin role can edit key statistics.
The following image shows the Infrastructure Overview grouped by entity type:
Supported data sources
A gray histogram or inactive status means you're not collecting data from that particular data source. You need to bring that data into ITSI using the defined data configuration method so that corresponding entities can be associated with the proper entity type. The following table lists the entity integrations available out-of-the-box in ITSI and how to configure them:
|Data sources||Configuration instructions|
||About the Unix and Linux entity integration in ITSI|
||About the VMware vSphere entity integration in ITSI|
||Collect Kubernetes metrics and logs with Splunk App for Infrastructure|
(*) ITSI doesn't currently have a Kubernetes integration. Discover Kubernetes entities in Splunk App for Infrastructure (SAI) and view them in ITSI. For more information, see Integrate the Splunk App for Infrastructure with ITSI.
|Windows||About the Windows entity integration in ITSI|
Investigate vital metrics for an entity type
Select an entity type within the Infrastructure Overview to further drill down to its entity details page, which displays vital metrics for that entity type. Vital metrics are statistical calculations based on SPL searches that represent the overall health of entities of that type. Vital metrics can search against both metrics and logs data, while the search result must be a metric.
In the following example, the entity type's vital metrics are average CPU usage, memory usage, disk availability, and network usage:
Perform the following steps to access the vital metrics for an entity type:
- From the ITSI main menu, click Infrastructure Overview.
- In the Group by dropdown, choose Entity Type.
- Select the card for the entity type you want to analyze.
The vital metrics for all entity types are defined in itsi_entity_type.conf. One vital metric contains
"is_key": 1 which designates it as the key statistic displayed in the Infrastructure Overview histogram. Each vital metric in the configuration file contains a list of
split_by_fields that attribute the aggregation to each entity associated with the entity type based on the
matching_entity_fields. Split by fields enable ITSI to calculate the distribution of values to display in the histogram.
The vital metrics search of each of the default entity types uses a macro like
itsi_entity_type_nix_metrics_indexes to find data. If the entity type histogram or vital metrics shows no data, it's possible that the data resides in another index. If this is the case, modify the macro to include your index.
Monitor entity status
Entities discovered from a recurring import search are assigned a status to indicate whether they are actively sending data, enabling you to monitor the health and performance of your environment. The entity status updates when the recurring bulk import runs on its schedule. For more information about how to set up a recurring import search, see Set up a recurring import of entities in ITSI.
The Last Updated column indicates the last recorded time that an entity sent data. The Status column displays one of the following statuses:
- Active: Indicates that the entity is active and receiving data from the latest discovery window.
- Inactive: Indicates that the entity stopped sending data and is inactive.
- Unstable: Indicates that the entity is unstable because at least one of its data sources is inactive.
- N/A: Indicates that the entity does not have a status because it is not linked to a data source. Entities that are not created from recurring bulk import searches (such as entities created from a single import) will display this status.
The Current Entity Status Breakdown chart displays a breakdown of the number of entities by status. You can filter entities by status or dimension using the filters at the top of the page.
The Alert Breakdown chart displays a breakdown of the number of entities by alert severity. You can filter entities by alert severity using the Severity Filter at the top of the page.
Note:If you have a large number of entities, the recurring bulk import can take a longer time to complete. Tune the cron schedule of the recurring import searches to search less frequently in order to ensure your entity status updates on time.
Select an individual entity to investigate its status and other vital metrics on the Entity Details page.
Associate entities with an entity type in ITSI
Event Data Search dashboard in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only