Splunk® IT Service Intelligence

Modules

Splunk IT Service Intelligence (ITSI) version 4.11.x reached its End of Life on December 6, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.

Operating System Module KPIs and thresholds

This topic provides detail on the Key Performance Indicators (KPIs) and the thresholds associated with those KPIs in the context of the OS module.

The default KPI search schedule for ITSI is Every Minute, the default search schedule for the Splunk Add-on for Microsoft Windows and the Splunk Add-on for Unix and Linux is Every 5 Minutes. This means that KPIs that rely on the Splunk Add-on for Microsoft Windows and the Splunk Add-on for Unix and Linux will take longer to populate than the other KPIs in your ITSI deployment.

Adjust the search calculation time for this module:

  1. From the ITSI main menu, click Configure > KPI Base Searches.
  2. Navigate to the KPI you want to modify, and select Edit > Clone.
  3. Name your cloned KPI base search and click Clone.
  4. Click on the KPI you want to modify.
  5. Navigate to KPI Search Schedule, and select Every 5 Minutes from the dropdown menu.
  6. Click Save.

Operating System Module KPI Availability

KPI Name Splunk Add-on for Microsoft Windows Splunk Add-on for Unix and Linux
CPU Utilization: % X X
CPU Utilization: Interrupts/second X X
CPU Utilization: System Threads X X
Memory Available: MB X X
Memory Free: % X X
Memory Operations: Paging X X
Memory Used: MB System X X
Network Utilization: Total packets/second (in/out) X X
Processor Queue Length: System X X
Storage Free Space: % X X
Storage Operations: Latency X X
Storage Operations: Total X X

KPI and Threshold Reference Table

KPI Name Description Unit Type Threshold Values
CPU Utilization: % Total average across all available CPU cores. % Normal: < 70, Medium: 70-90, High: > 90
CPU Utilization: Interrupts/second Measures the number of CPU interrupts per second. count Adaptive thresholding - 2 hour window every day
CPU Utilization: System Threads Measures the total number of threads (running and waiting) in the system. count Adaptive thresholding - 2 hour window every day
Memory Available: MB Measures of the amount of memory available in the system. count Aggregate Thresholds
Memory Free: % Detects memory overutilization across the system using free memory. % Normal: >40, Medium: 10-40, High: 0-10
Memory Operations: Paging Measures the number of paging operations per second. count Aggregate Thresholds
Memory Used: MB System Measures the amount of memory used in the system. count Aggregate Thresholds
Network Utilization: Total packets/second (in/out) Measures the total packets transferred over all network interfaces. count Aggregate Thresholds
Processor Queue Length: System Detects excessive processor load averages. count Normal: 0-1, Medium: 2-5, High: >5
Storage Free Space: % Detects storage overutilization across the system using free storage space. % Normal: 25, Medium: 10, High: 0
Storage Operations: Latency Measures the latency of all I/O operations to disk. count Adaptive thresholding - 3 hour window every day.
Storage Operations: Total Measures the total number of storage operations per second. count Aggregate Thresholds
Last modified on 28 April, 2023
Operating System Module configurations   Operating System Module entity attributes

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters