Overview of entity integrations in ITSI
Splunk IT Service Intelligence (ITSI) entity integrations provide data integrations and investigation tools for operating systems, virtual infrastructures, and containers.
For each resource in an integration, ITSI creates an entity. You can also manually import entities from CSV files or searches. ITSI correlates logs and metrics for each entity. Use metrics to observe the performance of entities and logs to understand the performance of entities.
Entities in ITSI
An entity is an IT component that requires management to deliver an IT service. Each entity has specific attributes and relationships to other IT processes that uniquely identify it. Entities are usually hosts, but can also be items as diverse as cloud or virtual resources, network devices, applications, users, and cell towers.
ITSI entities can be any of the following components:
- Physical, virtual, or cloud resources
- Network devices such as switches or routers
- AD and LDAP users
- Storage systems, volumes
- Operating systems or processes
- Software applications such as database, web server, and business applications
- Application process instances
- Cell towers
Entities contain information ITSI uses to associate services with information found in searches, imports, and integrations. You can use this entity information to filter items according to the entity definition.
An entity is similar to a "configuration item" in the ITIL framework, but an entity is never a service itself.
Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.
How to create entities
There are a few ways to create entities in ITSI:
- Manually create a single entity in ITSI
- Manually import entities from a Splunk search in ITSI
- Manually import entities from a CSV file in ITSI
After you import entities, you can configure recurring imports to update existing entities and create new entities. For more information, see Set up a recurring import of entities in ITSI.
Automatically create entities and collect data on a recurring basis with ITSI entity integrations. These integrations are available:
- About the Unix and Linux entity integration in ITSI
- About the Windows entity integration in ITSI
- About the VMware vSphere entity integration in ITSI
- About the Splunk Infrastructure Monitoring entity integration in ITSI
All entities exist in the Global team. Only a user with write permissions to the Global team can create a single entity. Only a user with the itoa_admin role can import entities from CSV files or searches.
Auto-detect entities using ITSI modules
Modules included with IT Service Intelligence (ITSI) can help automatically discover entities. When a new server comes online, ITSI can automatically add it as an entity. Entity discovery occurs on a scheduled basis if the modules included with ITSI are properly configured and the add-ons required for data collection are installed and properly configured.
For example, the OS module automatically detects all the servers that are sending data to your Splunk platform deployment using the Splunk Add-on for Unix and Linux or the Splunk Add-on for Microsoft Windows. Entity types such as OS hosts, virtualization hypervisors, virtual machines, web servers, database servers, and load balancers can be created and populated as entities in ITSI using module entity discovery searches.
For more information about using modules to create entities, see ITSI module entity discovery in the ITSI Modules manual.
Analyze and monitor entities
This diagram illustrates a basic entity integration workflow in ITSI. Configure integrations to monitor hosts, containers, and virtual infrastructures as entities with ITSI.
After you import your entities, use the entity views available in ITSI to analyze log data associated with an entity and track entity metrics.
|Event Data Search||Analyze logs ITSI correlates with entities.|
|Entity Analytics||Analyze the performance of entities.|
After you configure integrations to monitor your infrastructure at the entity level, associate those entities with services to monitor your infrastructure at the service level. A service is a logical mapping of IT objects that applies to your business goals, such as a physical or virtual machine, an application, a process, or a business services. For more information, see Overview of creating services in ITSI in the Service Insights manual.
To associate an entity with a service, you must define entity rules for that service. Entity rules filter KPI data to ensure that the service is only reading data from the entities associated with it. Create entity rules for the service to add entities with specific aliases, information, or titles to the service. For more information, see Define entity rules for a service in ITSI.
Configure the HTTP Event Collector to collect entity integration data in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4
Feedback submitted, thanks!