Configure event lanes in a deep dive in ITSI
Event lanes in IT Service Intelligence (ITSI) deep dives display the number of occurrences of a specific event type over time. For example, an event lane might show the number of times an
error appears in your data. Light bands represent times where there are no events, and dark bands represent times when there were one or more events. Event lanes also let you drill down to a Splunk search and view all events in a selected time bucket directly inside the deep dive.
The following deep dive shows an example of how event lanes can help you troubleshoot outages. As database service errors start coming in, the Database Service Response Time KPI begins to degrade, soon after which the entire service health score drops. Clicking an event band displays the actual associated events to give you more information about the outage:
- You must have the write_itsi_deep_dive capability to add a swim lane to a deep dive. By default, the itoa_admin, itoa_team_admin, and itoa_analyst roles are assigned this capability.
- Read and write access to services and KPIs is controlled by team permissions. When adding a new swim lane, you can only select from services to which you have read access. You cab;t perform bulk actions on lanes for which you don't have read access.
- In the deep dive, select Add Lane > Add Event Lane.
- Configure your new event lane.
Field Description Title The title for your new event lane. Subtitle (optional) Additional info about your search and service. Graph Color The color for your event lane graph. Lane Size Adjust the size of the lane for easier viewing and analysis. Event Search The event search to display in the lane. For example, a search for Windows security events might be:
Event searches can't contain reporting search commands, such as
- Click Create Lane. Your new event lane appears.
Configure KPI lanes in a deep dive in ITSI
Configure the KPI aggregation metric in a deep dive in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.5.0 Cloud only, 4.5.1 Cloud only, 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4