Splunk® IT Service Intelligence

User Manual

Acrobat logo Download manual as PDF

Splunk IT Service Intelligence version 4.7.0 reached its End of Life on October 28, 2022.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Overview of the Infrastructure Overview in ITSI

The Infrastructure Overview provides a holistic view of all the active entities in your environment as well as the health of those entities across various platforms. Leverage this view to monitor the health of your overall system and quickly understand the availability and performance of your server infrastructure. Use the filter box to filter by different dimensions such as entity alias or informational fields.

An entity is an IT infrastructure component that requires management to deliver an IT service. Each entity has specific attributes and relationships to other IT processes that uniquely identify it. Entities are usually hosts, but can also be items as diverse as cloud or virtual resources, network devices, applications, users, and cell towers. For more information about entities, see Overview of entity integrations in ITSI in the Entity Integrations Manual.

Group entities by entity type

Use the Group by dropdown to group entities by entity type in the Infrastructure Overview and see a consolidated view of the health of each of your integrated platforms. Each entity type card displays a key static for that specific entity type. A key statistic calculates the distribution of entities associated with the entity type to indicate the overall health of the entity type. Select an entity type to drill down into its vital metrics and perform more in-depth analysis. For more information about vital metrics, see Investigate vital metrics for an entity type.

Key statistics are defined in the is_key object in itsi_entity_types.conf. An entity type can only have one key statistic, so all other metrics must be vital metrics with is_key = 0. Do NOT edit key statistics and vital metrics through this configuration file. If you want to change the key statistic for an entity type, use the REST API. For instructions and examples, see Add custom vital metrics or edit default metrics. Only users assigned the admin or itoa_admin role can edit key statistics.

The following image shows the Infrastructure Overview grouped by entity type:


Supported data sources

A gray histogram means you're not collecting data from that particular data source. You need to bring that data into ITSI using the defined data configuration method so that corresponding entities can be associated with the proper entity type. The following table lists the entity integrations available out-of-the-box in ITSI and how to configure them:

Data sources Configuration instructions
  • *Nix
  • Splunk Add-on for Unix and Linux
About the Unix and Linux entity integration in ITSI
  • VMware VM
  • VMware Cluster
  • VMware ESXi Host
  • VMware vCenter
  • VMware Datastore
About the VMware vSphere entity integration in ITSI
  • Kubernetes Node*
  • Kubernetes Pod*
Collect Kubernetes metrics and logs with Splunk App for Infrastructure

(*) ITSI doesn't currently have a Kubernetes integration. Discover Kubernetes entities in Splunk App for Infrastructure (SAI) and view them in ITSI. For more information, see Integrate the Splunk App for Infrastructure with ITSI.

Windows About the Windows entity integration in ITSI

Investigate vital metrics for an entity type

Select an entity type within the Infrastructure Overview to further drill down to its health page, which displays four vital metrics for that entity type. Vital metrics are statistical calculations based on SPL searches that represent the overall health of entities of that type. Vital metrics can search against both metrics and logs data, while the search result must be a metric.

In the following example, the entity type's vital metrics are average CPU usage, memory usage, disk availability, and network usage:


Perform the following steps to access the vital metrics for an entity type:

  1. From the ITSI main menu, click Infrastructure Overview.
  2. In the Group by dropdown, choose Entity Type.
  3. Select the card for the entity type you want to analyze.

The vital metrics for all entity types are defined in itsi_entity_type.conf. One vital metric contains "is_key": 1 which designates it as the key statistic displayed in the Infrastructure Overview histogram. Each vital metric in the configuration file contains a list of split_by_fields that attribute the aggregation to each entity associated with the entity type based on the matching_entity_fields. Split by fields enable ITSI to calculate the distribution of values to display in the histogram.

The vital metrics search of each of the default entity types uses a macro like itsi_entity_type_nix_metrics_indexes to find data. If the entity type histogram or vital metrics shows no data, it's possible that the data resides in another index. If this is the case, modify the macro to include your index.

Add custom vital metrics or edit default metrics

While you currently can't add vital metrics to a custom entity type through the UI, you can add them through the ITSI REST API. You can also add to or modify the vital metrics for the default entity types included in ITSI. You need to log in as a user with the itoa_admin or itoa_team_admin role to add and modify entity types and vital metrics.

For example REST calls to add and modify vital metrics, see Add vital metrics to an entity type in the Entity Integrations manual.

For the full vital metric schema reference, see Entity Type Vital Metrics in the REST API Reference manual.

Editing entity types through the UI or the REST API permanently unlinks them from the configuration file, so future changes to the file won't be reflected. Therefore, it's recommended that you avoid editing the configuration file and instead make all entity type modifications through the UI or the REST API to avoid confusion.

Last modified on 06 January, 2021
Investigate a service with poor health in ITSI
Analyze entity performance metrics in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters