Overview of the Infrastructure Overview in ITSI
The Infrastructure Overview provides a holistic view of all the active entities in your environment as well as the health of those entities across various platforms. Leverage this view to monitor the health of your overall system and quickly understand the availability and performance of your server infrastructure. Use the filter box to filter by different dimensions such as entity alias or informational fields.
An entity is an IT infrastructure component that requires management to deliver an IT service. Each entity has specific attributes and relationships to other IT processes that uniquely identify it. Entities are usually hosts, but can also be items as diverse as cloud or virtual resources, network devices, applications, users, and cell towers. For more information about entities, see Overview of entity integrations in ITSI in the Entity Integrations Manual.
Group entities by entity type
Use the Group by dropdown to group entities by entity type in the Infrastructure Overview and see a consolidated view of the health of each of your integrated platforms. Each entity type card displays a key static for that specific entity type. A key statistic calculates the distribution of entities associated with the entity type to indicate the overall health of the entity type. Select an entity type to drill down into its vital metrics and perform more in-depth analysis. For more information about vital metrics, see Investigate vital metrics for an entity type.
Key statistics are defined in the
is_key object in itsi_entity_types.conf. An entity type can only have one key statistic, so all other metrics must be vital metrics with
is_key = 0. Do NOT edit key statistics and vital metrics through this configuration file. If you want to change the key statistic for an entity type, use the REST API. For instructions and examples, see Add custom vital metrics or edit default metrics. Only users assigned the admin or itoa_admin role can edit key statistics.
The following image shows the Infrastructure Overview grouped by entity type:
Supported data sources
A gray histogram means you're not collecting data from that particular data source. You need to bring that data into ITSI using the defined data configuration method so that corresponding entities can be associated with the proper entity type. The following table lists the entity integrations available out-of-the-box in ITSI and how to configure them:
|Data sources||Configuration instructions|
||About the Unix and Linux entity integration in ITSI|
||About the VMware vSphere entity integration in ITSI|
||Collect Kubernetes metrics and logs with Splunk App for Infrastructure|
(*) ITSI doesn't currently have a Kubernetes integration. Discover Kubernetes entities in Splunk App for Infrastructure (SAI) and view them in ITSI. For more information, see Integrate the Splunk App for Infrastructure with ITSI.
|Windows||About the Windows entity integration in ITSI|
Investigate vital metrics for an entity type
Select an entity type within the Infrastructure Overview to further drill down to its health page, which displays four vital metrics for that entity type. Vital metrics are statistical calculations based on SPL searches that represent the overall health of entities of that type. Vital metrics can search against both metrics and logs data, while the search result must be a metric.
In the following example, the entity type's vital metrics are average CPU usage, memory usage, disk availability, and network usage:
Perform the following steps to access the vital metrics for an entity type:
- From the ITSI main menu, click Infrastructure Overview.
- In the Group by dropdown, choose Entity Type.
- Select the card for the entity type you want to analyze.
The vital metrics for all entity types are defined in itsi_entity_type.conf. One vital metric contains
"is_key": 1 which designates it as the key statistic displayed in the Infrastructure Overview histogram. Each vital metric in the configuration file contains a list of
split_by_fields that attribute the aggregation to each entity associated with the entity type based on the
matching_entity_fields. Split by fields enable ITSI to calculate the distribution of values to display in the histogram.
The vital metrics search of each of the default entity types uses a macro like
itsi_entity_type_nix_metrics_indexes to find data. If the entity type histogram or vital metrics shows no data, it's possible that the data resides in another index. If this is the case, modify the macro to include your index.
Add custom vital metrics or edit default metrics
While you currently can't add vital metrics to a custom entity type through the UI, you can add them through the ITSI REST API. You can also add to or modify the vital metrics for the default entity types included in ITSI. You need to log in as a user with the itoa_admin or itoa_team_admin role to add and modify entity types and vital metrics.
For example REST calls to add and modify vital metrics, see Add vital metrics to an entity type in the Entity Integrations manual.
For the full vital metric schema reference, see Entity Type Vital Metrics in the REST API Reference manual.
Editing entity types through the UI or the REST API permanently unlinks them from the configuration file, so future changes to the file won't be reflected. Therefore, it's recommended that you avoid editing the configuration file and instead make all entity type modifications through the UI or the REST API to avoid confusion.
Investigate a service with poor health in ITSI
Analyze entity performance metrics in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4