Overview of services in ITSI

This topic provides an overview of how to create services for your Splunk IT Service Intelligence (ITSI) deployment. For instructions on configuring services, see Configure services in ITSI in this manual.

What is an ITSI service?

An ITSI service is a representation of a real-world IT service that lets you monitor the health of IT systems and business processes. For more information on ITSI services, see ITSI concepts and features in this manual.

After you create and configure a service, you can use ITSI to monitor service health, perform root-cause analysis, set up threshold-based alerts, and track compliance with organizational SLAs (service-level agreements).

Services must be assigned to a team. A service is only visible for roles that are assigned read permissions to the team. A service can only be edited by roles that are assigned read and write permissions to the team. If your organization has decided not to create private teams, all services will reside in the Global team. For information about teams, see Implement service-level permissions in ITSI.

Note: Before you create a service, it is a best practice to define the entities that you want the service to contain. You can then add entities to the service when you configure the service. For more information, see Overview of entities in ITSI in this manual.

How to create services

There are three ways to create services:

Create a single service in ITSI

Create new services one at a time in the UI. You can use service templates to quickly configure services.

Import from CSV

Import new services and link them to service templates from a CSV file. This method lets you import a hierarchy of dependent services with entities already associated. You can also create a modular input that runs automated recurring imports of the CSV file contents.

Import from search

Add services and link services to service templates from an ITSI module, saved search, or ad hoc search.