Splunk® IT Service Intelligence

User Manual

Acrobat logo Download manual as PDF

Splunk IT Service Intelligence version 4.3.x will no longer be supported as of July 17, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Overview of deep dives in ITSI

Deep dives are an investigative tool to help you identify and analyze issues in your IT environment. You can use deep dives to view KPI search results over time, zoom-in on KPI search results, and visually correlate root cause. Stack and organize deep dive lanes to create contextual views of metrics across your services.

Deep dive searches append the timechart time series command to KPI searches to generate data in the proper format (_time column and data series column). This enables the display of search results over a user-specified time range in a swim lane graphic, and lets you see the variations in specific metrics over time.

You can create swim lanes for both KPI and ad hoc searches, and you can customize the look of your swim lanes with unique graph types and colors, to differentiate services and metrics.

Lane type Description
Metric lane Display search results for a user-defined data model or ad hoc search. When you add a new metric lane to the deep dive, you can configure a new data model or ad hoc search.
KPI lane Display search results for existing KPIs in your services. KPI lanes also provide the option of running searches against the KPI summary index, which can accelerate search times.
Event lanes Display the number of occurrences of a specific event type over time. For example, an event lane might show the number of times an error appears in your data. Event lanes also let you drill down to Splunk search and view all events in a selected time bucket directly inside the deep dive.

Create a deep dive

Create a custom deep dive view to investigate the root cause of a specific issue in your IT environment.

  1. Click Deep Dives from the ITSI top menu bar.
  2. Click Create Deep Dive.
  3. Provide a name and optional description. Select whether the deep dive will be private and only viewable by you, or shared with all users.
  4. Click Create.
  5. Open the deep dive from the deep dives lister page.
  6. Click Add lane to start adding metric, KPI, and event lanes to your deep dive. For more information, see Add a swim lane to a deep dive in ITSI.

When you drill down to a deep dive from a different ITSI context, such as the Service Analyzer, the generated deep dive is considered an "unnamed" deep dive. If you add a new lane to it, the lane is automatically saved into the deep dive without having to click Save.

Last modified on 30 April, 2020
Tutorial: Build a beta glass table to monitor your infrastructure
Add and modify deep dive swim lanes ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters