Add a swim lane to a deep dive in ITSI
Swim lanes are the individual metric rows within a deep dive. You can stack multiple swim lanes to do a side-by-side comparison of metrics across your services. Deep dives support the following lane types:
- Metric lanes
- Metric lanes display search results for a user-defined data model or ad hoc search. When you add a new metric lane to the deep dive, you can configure a new data model or ad hoc search.
- KPI lanes
- KPI lanes display search results for existing KPIs in your services. KPI lanes also provide the option of running searches against the KPI summary index, which can accelerate search times.
- Event lanes
- Event lanes display the number of occurrences of a specific event type over time. For example, an event lane might show the number of times an
errorappears in your data. Event lanes also let you drill down to Splunk search and view all events in a selected time bucket directly inside the deep dive.
There are several ways to add new lanes to your deep dive, including:
- Create new lanes using the Add Lane menu in the deep dive
- Add KPI lanes from the topology tree sidebar within the deep dive
- Click on a KPI in a different ITSI context, such as Service Analyzer or a glass table.
When you drill down to a deep dive from a different ITSI context, such as the Service Analyzer, the generated deep dive is considered an "unnamed" deep dive. If you add a new lane to it, the lane is automatically saved into the deep dive without having to click Save.
- You must have the
write_itsi_deep_divecapability to add a swim lane to a deep dive. By default, the
itoa_analystroles are assigned this capability.
- Read and write access to services and KPIs is controlled by service-level permissions. When adding a new swim lane, you can only select from services to which you have read access. You cannot perform bulk actions on lanes for which you do not have read access.
Add a new metric lane
- In the deep dive, select Add Lane > Add Metric Lane.
- Configure your new metric lane.
Field Description Title The title for your new metric lane. Subtitle (optional) Additional info about your search, service, and so on. Graph Type Line, Area, or Column. Graph Color The color for your metric lane graph. Lane Size Small, Medium, or Large. Search Type Ad hoc: Type your custom search string in the Search field. Data Model: Select a data model, then select the aggregation operation. Add a Where clause that maps the data model search field to entity alias values (optional). For example,
- Click Create Lane. Your new metric lane appears in the deep dive.
- Select the Primary Time Range for your metric lane. The selected primary time range applies to all lanes in the deep dive.
Add a new KPI lane
- In the deep dive, select Add Lane > Add KPI Lane.
- Configure your new KPI lane.
Field Description Title The title for your new KPI lane. Subtitle (optional) Additional info about your search, service, and so on. Graph Type Line, Area, or Column. Graph Color The color for your KPI lane graph. Lane Size Small, Medium, or Large. Service The service that contains the KPI you want to display in the lane. KPI The specific KPI you want to display. Accelerate Using KPI Summary By default, all KPI searches are run against the itsi_summary index, which increases search speeds. Select No if you want to switch from itsi_summary index search to raw search. This option is disabled for KPI searches with calculation windows of 24 hour or more.
- Click Create Lane. Your new KPI lane appears in the deep dive.
Tip: If your KPI is a percentage, click the gear icon for the KPI lane and select Graph Rendering Options. Change Vertical Axis Boundary to Static with a Min Value of 0 and a Max Value of 100.
Tip: For count based KPIs, to see discreet numeric values without interpolation, click the gear icon for the KPI lane and select Edit Lane and change Graph Type from Line to Column. You can also click the gear icon and select Graph Rendering Options. Change Graph Data Gaps from Connected to Gaps to see the discreet data points that correspond to the counts coming in.
You can switch the KPI calculation metric between average, median, max, and min. This helps you better visualize search results aggregated over the selected time range. It can also help you troubleshoot issues if the current metric display is not useful. Switching the calculation metric has no impact on the underlying KPI configuration.
Add a new event lane
- In the deep dive, select Add Lane > Add Event Lane.
- Configure your new event lane.
Field Description Title The title for your new event lane. Subtitle (optional) Additional info about your search and service. Graph Color The color for your event lane graph. Lane Size Small, Medium, or Large. Event Search The event search that you want to display in the lane. Event searches cannot contain reporting search commands, such as
- Click Create Lane. Your new event lane appears.
Set lane threshold options
You can set threshold view options to display KPI status as either a graph against color bands that represent threshold severity levels, or as discreet color blocks that represent the severity level over a given unit of time. Threshold view options apply to KPI lanes only.
- Click the gear icon in the KPI lane and select Threshold Options.
- Set Enable Threshold Indication to Yes.
- Select a Threshold Indication Type:
Field Description Level Indication Shows severity-level thresholds as horizontal bands behind the graph. State Indication Shows severity-level thresholds in distinct time blocks behind the graph.
Threshold state indication shows aggregate KPI status for KPIs that are split by entity.
- (Optional) Enable Hide Graph to show severity-level thresholds in distinct time blocks without the line graph.
- Click Done.
After you configure your threshold options, you can use the Bulk Actions menu to show or hide thresholds for selected lanes.
Overview of deep dives in ITSI
Compare search results from different time ranges in an ITSI deep dive
This documentation applies to the following versions of Splunk® IT Service Intelligence: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0