Overview of deep dives in ITSI
Deep dives are an investigative tool to help you identify and analyze issues in your IT environment. You can use deep dives to view KPI search results over time, zoom-in on KPI search results, and visually correlate root cause. Stack and organize deep dive lanes to create contextual views of metrics across your services.
Deep dive searches append the
timechart time series command to KPI searches to generate data in the proper format (_time column and data series column). This enables the display of search results over a user-specified time range in a swim lane graphic, and lets you see the variations in specific metrics over time.
You can create swim lanes for both KPI and ad hoc searches, and you can customize the look of your swim lanes with unique graph types and colors, to differentiate services and metrics.
|Metric lane||Display search results for a user-defined data model or ad hoc search. When you add a new metric lane to the deep dive, you can configure a new data model or ad hoc search.|
|KPI lane||Display search results for existing KPIs in your services. KPI lanes also provide the option of running searches against the KPI summary index, which can accelerate search times.|
|Event lanes||Display the number of occurrences of a specific event type over time. For example, an event lane might show the number of times an |
Create a deep dive
Create a custom deep dive view to investigate the root cause of a specific issue in your IT environment.
- Click Deep Dives from the ITSI top menu bar.
- Click Create Deep Dive.
- Provide a name and optional description. Select whether the deep dive will be private and only viewable by you, or shared with all users.
- Click Create.
- Open the deep dive from the deep dives lister page.
- Click Add lane to start adding metric, KPI, and event lanes to your deep dive. For more information, see Add a swim lane to a deep dive in ITSI.
When you drill down to a deep dive from a different ITSI context, such as the Service Analyzer, the generated deep dive is considered an "unnamed" deep dive. If you add a new lane to it, the lane is automatically saved into the deep dive without having to click Save.
Investigate a service with poor health in ITSI
Add and modify deep dive swim lanes ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4