Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

SAI and ITSI functionalities reference

This page describes equivalent functionalities between the Splunk App for Infrastructure (SAI) and IT Service Intelligence (ITSI), and the differences between how these functionalities are used in both applications.

Services

Feature Splunk App for Infrastructure (SAI) IT Service Intelligence (ITSI)
Services Use groups to monitor and analyze performance across multiple hosts, and to quickly find relevant log events for the entire group. When creating a group, logically group hosts together by choosing one or more dimension filters that are common across similar entities. In order to use groups, you must have multiple entities uploaded. For more information, see Using Groups in Splunk App for Infrastructure. Use services in ITSI to represent the real-world IT services and monitor the health of IT systems and business processes. In order to group services, you must have multiple entities uploaded. For more information, see Create a single service in ITSI.
Entity Rules Not available in SAI Entity rules are set after creating services and allow users to dynamically filter KPI searches based on entity alias matches. Set up entity rules to match entities based on entity aliases or titles, and associate one or more entities to a specific service. For more information, see Define entity rules for a service in ITSI.
Predictive Analytics Not available in SAI Predictive Analytics use machine learning algorithms to predict the health score value of a selected service in IT Service Intelligence (ITSI). Use Predictive Analytics to identify and fix service outages before they happen. ITSI provides visualization tools that guide you through the process of creating machine learning models. For more information, see Overview of Predictive Analytics in ITSI.
Service Analyzer Not available in SAI The Service Analyzer provides a unified view of all the services and KPIs in your IT environment, including the service health scores and KPI search results that are currently trending at the highest severity levels. Select any tile in the Service Analyzer to drill down and view analysis and search results over time. For more information, see Overview of the Service Analyzer in ITSI.

KPIs

Feature Splunk App for Infrastructure (SAI) IT Service Intelligence (ITSI)
Alerts Crea alerts for single entity or groups. For more information, see Using the Analysis Workspace in Splunk App for Infrastructure. KPIs are an improved alerting feature in ITSI. A KPI (Key Performance Indicator) is a recurring saved search that returns the value of an IT performance metric such as CPU load percentage, response time, or another metric. ITSI offers several advanced thresholding options for user to more accurately and efficiently monitor the KPI data. For more information, see Overview of creating KPIs in ITSI.
Advanced thresholding Not available in SAI Use advanced KPI thresholding to define and manage alert thresholds that are either time-based (static) or adaptive (self-adjusting). For more information, see Overview of advanced thresholding in ITSI.
Anomaly detection Not available in SAI Anomaly Detection uses machine learning algorithms to model KPI behavior and generate alerts when a KPI deviates from an expected pattern. These alerts can be seen as notable events in Episode Review. For more information, see Apply anomaly detection to a KPI in ITSI.

Infrastructure Overview

Feature Splunk App for Infrastructure (SAI) IT Service Intelligence (ITSI)
Infrastructure overview The SAI Investigate page displays your available entities and enables you to analyze and understand server performance. For more information, see Using the Infrastructure Overview in Splunk App for Infrastructure. The ITSI Infrastructure Overview page displays entities grouped by entity type, providing a consolidated view of the health of each of the integrated platforms. You can click on any of the entity types to further drill down and view its details and vital metrics. Vital metrics are statistical calculations based on SPL searches that represent the overall health of entities of that type. For more information, see About the Infrastructure Overview in ITSI.
Entity overview The Entity Overview contains performance charts that give a quick view of the performance of Infrastructure entities. For more information, see Using the Entity Overview in Splunk App for Infrastructure. ITSI provides an overview of all entity metrics as well as additional capabilities, such as navigations that point to a specific dashboard or quick access to linked services, KPIs, and notable events. For more information, see Create a single entity in ITSI and Overview of entity types in ITSI.
Entity list The List View is used to view your entities, monitor individual entities, view their status, sort entities by dimensions and perform bulk actions. For more information, see Using the List View in Splunk App for Infrastructure. ITSI includes additional entity monitoring capabilities such as tracking entity status, charts displaying the breakdown of the number of active entities and alert severity, and entity filtering capabilities. For more information, see About the Infrastructure Overview in ITSI.
Entity analysis Analyze performance metrics and log sources for a single entity or group of entities. For more information, see Using the Analysis Workspace in Splunk App for Infrastructure. Analyze performance metrics for a single entity on the entity's Analytics dashboard within Splunk IT Service Intelligence (ITSI). Determine poor performing entities for a set of metrics, or determine a point in time when multiple entities began performing in a similar way. Use the visualizations to perform root cause analysis and understand why your infrastructure is performing the way it is. The insights can help you quickly identify and respond to issues or anomalies in your data. For more information, see Analyze entity performance metrics in ITSI.

Data Integrations

Feature Splunk App for Infrastructure (SAI) IT Service Intelligence (ITSI)
Data integrations The Add Data tab in SAI allows you to set up data collection on Linux, Windows, Mac OS X servers, Kubernetes clusters, and Docker containers for both system metrics and logs. For more information, see How to add data to Splunk App for Infrastructure. An entity integration is content within ITSI that enables the automatic detection and discovery of entities, while also providing the vital metrics and related dashboards you need explore the health of those entities. Entity integrations for a number of technologies are available as part of individual content packs in the Splunk App for Content Packs. After entities are detected, they become visible under the Infrastructure Overview menu. For more information, see What is an entity integration?
Content packs Not available in SAI ITSI features content packs that provide prepackaged content that user can use to quickly set up a Splunk IT Service Intelligence (ITSI) or IT Essentials Work (ITE Work) environment. This content can include configured KPI base searches, service templates, saved glass tables, and other objects for use within ITSI or ITE Work. For more information, see Overview of the Splunk App for Content Packs.
Last modified on 15 June, 2022
PREVIOUS
Migrate from Splunk App for Infrastructure (SAI) to IT Service Intelligence
  NEXT
Manually configure a Kubernetes (SCK) integration

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.13.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters