Use the Service Analyzer tile view in ITSI

The tile view is the default view of the Service Analyzer. The tile view shows a unified view of all the services and KPIs in your IT environment. To use the Service Analyzer tile view, click the icon in the Service Analyzer. Whichever view you save last loads the next time you open the Service Analyzer.

The Service Analyzer lists the top 50 most critical services and KPIs you are monitoring. Change the number of services or KPIs to display by clicking the gear icon next to the title.

The services and KPIs are represented as tiles containing a number, a color, and a sparkline. The number and the color indicate the current severity level of the service or KPI and the sparkline indicates the trend of the value for the time range selected in the time range picker (default is last 60 minutes).

A notification icon ( ) on a tile indicates one of the following conditions, or both conditions, within the selected time range:

1. The service or KPI has one or more entities in a degraded state.
2. The service has one or more critical or high episodes associated with it.

Hover over the icon to find out which conditions exist. Click the tile to open the side panel with more information.

Note that service tiles are not displayed for services for which the user does not have read access. Likewise, KPI tiles are not displayed for KPIs associated with services for which the user does not have read access. Read and write access to services and KPIs is controlled by teams. For information about teams, see Overview of service-level permissions in ITSI in the Install and Upgrade manual.

The minimum time range that can be selected in the time picker is 45 minutes. This is the minimum length of time needed to ensure all KPI data is available. If you select Last 15 minutes, or any time range that is less than 45 minutes, the time picker is automatically set to 45 minutes.

Filter services and KPIs

You can filter the services and KPIs that are displayed in the Service Analyzer using the Filter Services and Filter KPIs boxes. When you filter by service, only the KPIs that belong to the filtered services are displayed. When you filter by KPI, only the services associated with the KPI are displayed. You can select one or more services or KPIs to filter in the dropdown list.

You can also use wildcards to filter. You can specify more than one wildcard filter. For example, if you have three services called Database Service 1, Database Service 2, and Database Service 3, you could type data* in the Filter Services field to display just these three services and their associated KPIs. Furthermore, you can filter the KPIs for the filtered services. So if you wanted to see only the Database Service Response Time KPI for the three database services, you could specify *response* in the Filter KPIs field. Note that if you filter on services and then filter on a KPI that does not belong to any of the filtered services, no matches are displayed.

You cannot filter services or KPIs unless you have read access to those services and KPIs.

Show disabled services

By default, disabled services and KPIs associated with disabled services are not shown on the Service Analyzer. Select Show disabled service(s) to display disabled services and their corresponding KPIs. The tiles for disabled services and KPIs are grey and display N/A instead of a number.

Show service dependencies

By default, when you filter by a service, the Service Analyzer only displays that service and its individual KPIs. Select Show service dependencies to also display the services that impact the filtered service and all KPIs within those services.

Automatically refresh the Service Analyzer

You can automatically refresh the Service Analyzer when a relative time range is selected from the time picker as opposed to real-time. By default, auto-refresh is disabled. Enable it in itsi_service_analyzer.conf

Prerequisites

• Only users with file system access, such as system administrators, can enable automatic refresh using a configuration file.
• Review the steps in How to edit a configuration file in the Admin Manual.

Never change or copy the configuration files in the default directory. The files in the default directory must remain intact and in their original location.

Steps

1. Open or create a local itsi_service_analyzer.conf file at $SPLUNK_HOME/etc/apps/SA-ITOA/local
2. Add the following stanza:

   [auto_refresh]
   disabled = 0
   interval = 180
   

The interval setting is in seconds and defines the time interval to automatically refresh the Service Analyzer. This configuration file setting applies to the default Service Analyzer and all saved service analyzer views.

Auto-refresh is disabled if you select a real-time time range in the time picker.

Monitor services

The number displayed in a service tile indicates the service health score. Service health scores range from 0 to 100, with 0 being most critical and 100 being most healthy.

Service Health Score	Severity level	Color
0-20	Critical
20-40	High
40-60	Medium
60-80	Low
80-100	Normal

The service health score calculation is based on the current severity level of service KPIs (critical, high, medium, low, and normal) and the user-defined KPI importance value. For information about how the service health score is calculated, see How service health scores work in ITSI in the Installation and Configuration manual.

If a service is in maintenance mode, the tile is dark grey and contains a maintenance icon .

Monitor KPIs

The number displayed in a KPI tile is the number returned from the KPI search of the data. For example, you could have a KPI called Successful Logins that is a count of logins to your website. When a KPI is created in ITSI, aggregate severity-level thresholds of Normal, Low, Medium, High, and Critical are defined. If a KPI is split by entity, entity severity-level thresholds are also defined. The color corresponding to the aggregate severity-level is displayed in the KPI tile in the Service Analyzer by default. See "Step 7: Set Thresholds" in Add a KPI to a service in ITSI for information about KPI severity levels.

The name of the service that the KPI is associated with is displayed on the line beneath the name of the KPI for reference.

Grey KPI tiles indicate one of the following conditions:

• The KPI search has returned no data matching the search criteria. The sparkline is flat in this case.
• The KPI is associated with a disabled service (when the Show disabled service(s) check box is checked).
• The KPI is associated with a service in maintenance mode (displayed in dark grey with a maintenance icon )

Drill down to a deep dive

You can drill down from the Service Analyzer tile view to a deep dive, where you can view and compare service health scores or KPI search results over time.

1. Select the check box on one or more service or KPI tiles.
2. Click Drilldown to Deep Dive.

If you select a single service or a single KPI, all KPIs associated with that service appear in the deep dive. If you select multiple services or KPIs, only the associated service health scores appear.

For more information about deep dives, see Deep dives in ITSI in this manual.

Why does a tile say "Waiting for data"?

You can change the number of tiles shown in the Service Analyzer. If you set the number of tiles too high (50 or greater), the two indexed real-time searches that generate the tiles might hang and show a "Waiting for data" message. This occurs only on the specific search head. This issue mostly occurs as a result of KV store performance issues in a search head cluster environment.

Workarounds:

• Avoid increasing the number of tiles in a search head cluster environment.
• Use filters to display only the specific services and KPIs that require monitoring.
• Set the number of visible tiles to the lowest number possible.