Splunk® IT Service Intelligence

SAI Integration

Acrobat logo Download manual as PDF


Splunk IT Service Intelligence version 4.3.x will no longer be supported as of July 17, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Overview of integrating the Splunk App for Infrastructure with ITSI

Integrate the Splunk App for Infrastructure (SAI) with IT Service Intelligence (ITSI) to correlate server metrics with events and metrics from other layers of the IT stack for higher level monitoring. You can drill directly into the Splunk App for Infrastructure from ITSI to get detailed entity, group, and alert information for seamless troubleshooting.

Integrating Splunk App for Infrastructure with ITSI enables you to do the following:

  • Ingest entities from Splunk App for Infrastructure
  • Ingest alerts from Splunk App for Infrastructure as notable events
  • Create services from Splunk App for Infrastructure entities

The integration is one direction only, from the Splunk App for Infrastructure to ITSI. When enabled, entities and alerts continuously update in ITSI from the Splunk App for Infrastructure. Service templates are available to create services with pre-built KPIs and entity rules.

Use cases

For existing Splunk App for Infrastructure users, integrating with ITSI enables you to get a service-level view of your IT infrastructure while continuing to use the Splunk App for Infrastructure for entity and group-level monitoring. This enables faster troubleshooting and remediation by linking server health to service KPIs and notable events to see the big picture of overall service and business health.

For existing ITSI users, ingesting entities and alerts from the Splunk App for Infrastructure into ITSI lets you build KPIs and services from entities and groups, and correlate alerts from the Splunk App for Infrastructure with other events and data sources in ITSI. Additionally, ITSI lets you apply machine learning to the entity-level data to detect anomalies and aggregate the event data with machine learning algorithms to reduce event noise.

See also

See the following topics for more information.

Last modified on 20 February, 2020
  NEXT
Requirements for integrating the Splunk App for Infrastructure with ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters