Splunk® IT Service Intelligence

Service Insights Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Create an alert for potential service degradation in ITSI

The predictive models in ITSI can detect when a service's health is about to decline. Create an alert from a model which will generate an event in Episode Review notifying you when the service health score is predicted to reach a configured threshold.

Prerequisites

  • To create an alert from a predictive model, a trained model must be saved in the service definition. For more information, see Train a predictive model in ITSI.
  • Make sure you're viewing the Predictive Analytics tab from the service definition.

Steps

  1. From the Predictive Analytics tab, select the model under Test a Model.
  2. Click the bell icon (Bell.png) in the Worst Case Service Health Score panel.
  3. Configure the following fields in the Create Correlation Search box:
    Field Description
    Search Name The name of the correlation search.
    Create a notable event when predicted health score is The threshold values used by the search to trigger an alert. When the service's health score drops below or between the values or severities you specify, ITSI generates an event in Episode Review.
    Notable Event Title The title of the notable event generated in Episode Review.
    Run every How often the correlation search runs.
    Severity The initial severity of the notable event.


    This severity is not tied to the severity of the prediction itself. Rather, it represents the importance of the prediction. For example, the predicted health score might be 60, which is technically in the Medium range for ITSI. However, if this service's health is very important to you, you might make the Severity of the notable event High so that it will be prioritized and investigated sooner.

  4. Click Create.

If the service's health score drops to the value or severity you configured, ITSI generates a notable event in Episode Review. Click the drilldown link in the event to open the Predictive Analytics dashboard and perform more granular root cause analysis.

Note: The alert needs to be created again if you re-train your predictive model.

Manage alerts

Alerts are stored with other correlation searches in ITSI. To delete or disable a Predictive Analytics alert, click Configuration > Correlation Searches from the top menu bar. You can edit the correlation search to change fields such as Time Range, Severity, and Description. For more information about correlation searches, see Overview of correlation searches in ITSI.

Last modified on 28 April, 2023
PREVIOUS
Test a predictive model in ITSI
  NEXT
Add a predictive model to a glass table in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters