Splunk® IT Service Intelligence

Use Splunk IT Service Intelligence

Download manual as PDF

Download topic as PDF

Overview of deep dives in ITSI

Deep dives are an investigative tool to help you identify and analyze issues in your IT environment. You can use deep dives to view KPI search results over time, zoom-in on KPI search results, and visually correlate root cause. Stack and organize deep dive lanes to create contextual views of metrics across your services.

Deep dive searches append the timechart time series command to KPI searches to generate data in the proper format (_time column and data series column). This enables the display of search results over a user-specified time range in a swim lane graphic, and lets you see the variations in specific metrics over time.

You can create swim lanes for both KPI and ad hoc searches, and you can customize the look of your swim lanes with unique graph types and colors, to differentiate services and metrics.

For an example of how to troubleshoot an outage using a deep dive, see Troubleshoot an outage in the Splunk IT Service Intelligence Scenarios manual.

DeepDive.png

Create a deep dive

Create a custom deep dive view to investigate the root cause of a specific issue in your IT environment.

  1. Click Deep Dives from the ITSI top menu bar.
  2. Click Create Deep Dive.
  3. Provide a name and optional description. Select whether the deep dive will be private and only viewable by you, or shared with all users.
  4. Click Create.
  5. Open the deep dive from the deep dives lister page.
  6. Click Add lane to start adding metric, KPI, and event lanes to your deep dive. For more information, see Add a swim lane to a deep dive in ITSI.

Delete a deep dive

ITSI users can delete private deep dives that they've created. To delete shared deep dives, you must have the delete_itsi_deep_dive capability.

  1. Click Deep Dives from the ITSI top menu bar.
  2. Locate the deep dive you want to delete and select Edit > Delete.
PREVIOUS
Tutorial: Build a beta glass table to monitor your infrastructure
  NEXT
Add a swim lane to a deep dive in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters