Splunk® IT Service Intelligence

Service Insights Manual

Overview of advanced thresholding in ITSI

The simple solution to thresholding in IT Service Intelligence (ITSI) is to manually configure KPI thresholds. However, there are some monitoring situations in which different workloads for a KPI occur at regular and expected intervals. Under these conditions, a static alert threshold would prove to be inaccurate.

For example, the accurate alert thresholds for a database performing Online Transaction Process (OLTP) during the day and batch processing at night would be different. Similarly, database workloads can change based purely on different time periods, such as weekday versus weekend. In both these situations, fixed, static values for thresholds might result in false alert reporting.

ITSI offers several advanced thresholding options you can leverage to more accurately and efficiently monitor your KPI data.

Advanced thresholding options

Advanced thresholding lets you define and manage alert thresholds that are either time-based (static) or adaptive (self-adjusting).

Time-based thresholds

Time-based thresholds are user-defined, static threshold values to be used at different (hourly, daily, or weekly) time blocks to accommodate known variations in data patterns. For more information, see Create time-based static KPI thresholds in ITSI.

Adaptive thresholds

Adaptive thresholds are thresholds calculated by machine learning algorithms that dynamically adapt and change based on the KPI's behavior. For more information, see Create adaptive KPI thresholds in ITSI.

Create KPI thresholds with machine learning

Instead of manual threshold configurations, use machine learning to analyze your historic KPI data and generate recommendations for threshold values and time policies tailored to your data's behavior. Visualize the recommended threshold values and time policies before you apply the settings, and save the configuration to your service definition. For more information, see Configure KPI thresholds with machine learning in ITSI.

Adjust advanced thresholds for daylight savings

To adjust advanced thresholds for daylight savings time, you need to use mode 4 of the kvstore_to_json.py python script to set an offset for the KPI threshold template. For instructions, see Time zone offset operations (mode 3) in the Administration Manual.

Last modified on 18 July, 2024
Synchronize KPI searches in ITSI   Create time-based static KPI thresholds in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.19.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters