Splunk® IT Service Intelligence

User Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

About Splunk IT Service Intelligence

Splunk IT Service Intelligence (ITSI) is a scalable IT monitoring and analytics solution that provides actionable insight into the performance and behavior of your IT operations. ITSI is built on the Splunk operational intelligence platform and uses the search and correlation capabilities of the platform to enable you to collect, monitor, and report on data from IT devices, systems, and applications. As issues are identified, analysts can quickly investigate and resolve them.

Use IT Service Intelligence to do the following:

  • Monitor the health of your services with the Service Analyzer
  • Triage and investigate issues using Episode Review
  • Troubleshoot issues using deep dives

Access Splunk IT Service Intelligence

  1. Open a web browser and navigate to Splunk Web.
  2. Log in with your username and password.
  3. From the Apps list, select IT Service Intelligence.

Key features

As an ITSI analyst or user, you can leverage the following monitoring and troubleshooting features:

Service Analyzer

The Service Analyzer provides an overview of ITSI service health scores and KPI search results that are currently trending at the highest severity levels. Use the Service Analyzer to quickly view the status of IT operations and to identify services and KPIs running outside expected norms. Click on any tile in the Service Analyzer to drill down to the deep dives for further analysis and comparison of search results over time.

For more information, see Monitor the health of your services with the ITSI Service Analyzer in the IT Service Intelligence User Manual.

Deep dives

Deep dives are an investigative tool that let you quickly identify and troubleshoot issues in your IT environment. Deep dives provide swimlane views that let you stack KPI search results over time and create contextual views showing all KPIs in a service. You can use deep dives to quickly zoom in on metric and log events, and visually correlate root cause.

For more information, see Overview of deep dives in ITSI in the IT Service Intelligence User Manual.

Episode Review

ITSI provides a notable events management framework that lets you triage and analyze groups of notable events (episodes). ITSI generates notable events when a correlation search or multi-KPI alert meets specific conditions that you define. An episode is a group of events occurring as part of a larger sequence (an incident or period considered in isolation). Use Episode Review to view episode details and identify issues that might impact the performance and availability of your IT services.

Other ITSI notable events management features include a python-based, notable event action SDK, which lets you define secondary, post-notable event actions, such as add tags, add comments, view notable event activities, change owner, change status, change severity, and so on.

Glass tables

Glass tables are custom visualizations that let you monitor KPI and service health scores. You can use glass tables to create dynamic contextual views of your IT topology or business processes and monitor them in real time. Glass tables features a drawing canvas where you can draw custom images, upload pre-existing images, and/or add icons from the Splunk icon library.

For more information, see Overview of the beta glass table editor in ITSI in the Service Insights Manual.

For more information, see Overview of Episode Review in ITSI in the IT Service Intelligence User Manual.

Last modified on 25 March, 2020
  NEXT
Overview of the Service Analyzer in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.5.0 Cloud only, 4.5.1 Cloud only, 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters