Splunk® IT Service Intelligence

User Manual

Acrobat logo Download manual as PDF

Splunk IT Service Intelligence version 4.5.x will no longer be supported as of April 29, 2022. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

About Splunk IT Service Intelligence

Splunk IT Service Intelligence (ITSI) is a scalable IT monitoring and analytics solution that provides actionable insight into the performance and behavior of your IT operations. ITSI is built on the Splunk operational intelligence platform and uses the search and correlation capabilities of the platform to enable you to collect, monitor, and report on data from IT devices, systems, and applications. As issues are identified, analysts can quickly investigate and resolve them.

Use IT Service Intelligence to do the following:

  • Monitor the health of your services with the Service Analyzer
  • Triage and investigate issues using Episode Review
  • Troubleshoot issues using deep dives

Access Splunk IT Service Intelligence

  1. Open a web browser and navigate to Splunk Web.
  2. Log in with your username and password.
  3. From the Apps list, select IT Service Intelligence.

Key features

As an ITSI analyst or user, you can leverage the following monitoring and troubleshooting features:

Service Analyzer

The Service Analyzer provides an overview of ITSI service health scores and KPI search results that are currently trending at the highest severity levels. Use the Service Analyzer to quickly view the status of IT operations and to identify services and KPIs running outside expected norms. Click on any tile in the Service Analyzer to drill down to the deep dives for further analysis and comparison of search results over time.

For more information, see Overview of the Service Analyzer in ITSI.

Deep dives

Deep dives are an investigative tool that let you quickly identify and troubleshoot issues in your IT environment. Deep dives provide swimlane views that let you stack KPI search results over time and create contextual views showing all KPIs in a service. You can use deep dives to quickly zoom in on metric and log events, and visually correlate root cause.

For more information, see Overview of deep dives in ITSI.

Episode Review

ITSI provides a notable events management framework that lets you triage and analyze groups of notable events (episodes). ITSI generates notable events when a correlation search or multi-KPI alert meets specific conditions that you define. An episode is a group of events occurring as part of a larger sequence (an incident or period considered in isolation). Use Episode Review to view episode details and identify issues that might impact the performance and availability of your IT services.

Other ITSI episode management features include a Python-based, notable event action SDK, which lets you define secondary, post-episode actions such as adding tags, adding comments, viewing episode activities, changing owner, status, and severity, and so on.

For more information, see Overview of Episode Review in ITSI.

Glass tables

Glass tables are custom visualizations that let you monitor KPI and service health scores. You can use glass tables to create dynamic contextual views of your IT topology or business processes and monitor them in real time. Glass tables features a drawing canvas where you can draw custom images, upload pre-existing images, and/or add icons from the Splunk icon library.

For more information, see Overview of the beta glass table editor in ITSI in the Service Insights Manual.

Last modified on 12 January, 2021
Overview of the Service Analyzer in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.5.0 Cloud only, 4.5.1 Cloud only, 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters