Splunk® IT Service Intelligence

Entity Integrations Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. Click here for the latest version.
Acrobat logo Download topic as PDF

Overview of entity integrations in ITSI

Splunk IT Service Intelligence (ITSI) entity integrations provide data integrations and investigation tools for operating systems, virtual infrastructures, and containers.

For each resource in an integration, ITSI creates an entity. You can also manually import entities from CSV files or searches. ITSI correlates logs and metrics for each entity. Use metrics to observe the performance of entities and logs to understand the performance of entities.

Entities in ITSI

An entity is an IT component that requires management to deliver an IT service. Each entity has specific attributes and relationships to other IT processes that uniquely identify it. Entities are usually hosts, but can also be items as diverse as cloud or virtual resources, network devices, applications, users, and cell towers.

ITSI entities can be any of the following components:

  • Physical, virtual, or cloud resources
  • Network devices such as switches or routers
  • AD and LDAP users
  • Storage systems, volumes
  • Operating systems or processes
  • Software applications such as database, web server, and business applications
  • Application process instances
  • Cell towers

Entities contain information ITSI uses to associate services with information found in searches, imports, and integrations. You can use this entity information to filter items according to the entity definition.

An entity is similar to a "configuration item" in the ITIL framework, but an entity is never a service itself.

Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.

How to create entities

There are a few ways to create entities in ITSI:

After you import entities, you can configure recurring imports to update existing entities and create new entities. For more information, see Set up a recurring import of entities in ITSI.

Automatically create entities and collect data on a recurring basis with ITSI entity integrations. These integrations are available:

All entities exist in the Global team. Only a user with write permissions to the Global team can create a single entity. Only a user with the itoa_admin role can import entities from CSV files or searches.

Auto-detect entities using ITSI modules

Modules included with IT Service Intelligence (ITSI) can help automatically discover entities. When a new server comes online, ITSI can automatically add it as an entity. Entity discovery occurs on a scheduled basis if the modules included with ITSI are properly configured and the add-ons required for data collection are installed and properly configured.

For example, the OS module automatically detects all the servers that are sending data to your Splunk platform deployment using the Splunk Add-on for Unix and Linux or the Splunk Add-on for Microsoft Windows. Entity types such as OS hosts, virtualization hypervisors, virtual machines, web servers, database servers, and load balancers can be created and populated as entities in ITSI using module entity discovery searches.

For more information about using modules to create entities, see ITSI module entity discovery in the ITSI Modules manual.

Analyze and monitor entities

This diagram illustrates a basic entity integration workflow in ITSI. Configure integrations to monitor hosts, containers, and virtual infrastructures as entities with ITSI.

This image describes an infrastructure monitoring workflow that includes creating entities, viewing the overall health of entities with the Entity Overview Dashboard, viewing logs ITSI correlates with an entity in the Event Data Search Dashboard, and viewing metrics for entities with the Entity Analysis Dashboard.

After you import your entities, use the entity views available in ITSI to analyze log data associated with an entity and track entity metrics.

View Description
Event Data Search Analyze logs ITSI correlates with entities.
Entity Analytics Analyze the performance of entities.

Next step

After you configure integrations to monitor your infrastructure at the entity level, associate those entities with services to monitor your infrastructure at the service level. A service is a logical mapping of IT objects that applies to your business goals, such as a physical or virtual machine, an application, a process, or a business services. For more information, see Overview of creating services in ITSI in the Service Insights manual.

To associate an entity with a service, you must define entity rules for that service. Entity rules filter KPI data to ensure that the service is only reading data from the entities associated with it. Create entity rules for the service to add entities with specific aliases, information, or titles to the service. For more information, see Define entity rules for a service in ITSI.

Last modified on 13 January, 2021
  NEXT
Configure the HTTP Event Collector to collect entity integration data in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters