Splunk® IT Service Intelligence

Service Insights Manual

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Overview of advanced thresholding in ITSI

The simple solution to thresholding in IT Service Intelligence (ITSI) is to manually configure KPI thresholds. However, there are some monitoring situations in which different workloads for a KPI occur at regular and expected intervals. Under these conditions, a static alert threshold would prove to be inaccurate.

For example, the accurate alert thresholds for a database performing Online Transaction Process (OLTP) during the day and batch processing at night would be different. Similarly, database workloads can change based purely on different time periods, such as weekday versus weekend. In both these situations, fixed, static values for thresholds might result in false alert reporting.

ITSI offers several advanced thresholding options you can leverage to more accurately and efficiently monitor your KPI data.

Advanced thresholding options

Advanced thresholding lets you define and manage alert thresholds that are either time-based (static) or adaptive (self-adjusting).

Time-based thresholds

Time-based thresholds are user-defined threshold values to be used at different times of the day or week to account for changing KPI workloads. For more information, see Create time-based static KPI thresholds in ITSI.

Adaptive thresholds

Adaptive thresholds are thresholds calculated by machine learning algorithms that dynamically adapt and change based on the KPI's observed behavior. For more information, see Create adaptive KPI thresholds in ITSI .

Adjust advanced thresholds for daylight savings

To adjust advanced thresholds for daylight savings time, you need to use mode 4 of the kvstore_to_json.py python script to set an offset for the KPI threshold template. For instructions, see Time zone offset operations (mode 3) in the Administration Manual.

Last modified on 06 November, 2020
Synchronize KPI searches in ITSI
Create time-based static KPI thresholds in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.5.0 Cloud only, 4.5.1 Cloud only, 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.8.0 Cloud only, 4.8.1 Cloud only

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters