Overview of advanced thresholding in ITSI
The simple solution to thresholding in IT Service Intelligence (ITSI) is to manually configure KPI thresholds. However, there are some monitoring situations in which different workloads for a KPI occur at regular and expected intervals. Under these conditions, a static alert threshold would prove to be inaccurate.
For example, the accurate alert thresholds for a database performing Online Transaction Process (OLTP) during the day and batch processing at night would be different. Similarly, database workloads can change based purely on different time periods, such as weekday versus weekend. In both these situations, fixed, static values for thresholds might result in false alert reporting.
ITSI offers several advanced thresholding options you can leverage to more accurately and efficiently monitor your KPI data.
Advanced thresholding options
Advanced thresholding lets you define and manage alert thresholds that are either time-based (static) or adaptive (self-adjusting).
Time-based thresholds are user-defined threshold values to be used at different times of the day or week to account for changing KPI workloads. For more information, see Create time-based static KPI thresholds in ITSI.
Adaptive thresholds are thresholds calculated by machine learning algorithms that dynamically adapt and change based on the KPI's observed behavior. For more information, see Create adaptive KPI thresholds in ITSI .
Adjust advanced thresholds for daylight savings
To adjust advanced thresholds for daylight savings time, you need to use mode 4 of the
kvstore_to_json.py python script to set an offset for the KPI threshold template. For instructions, see Time zone offset operations (mode 3) in the Administration Manual.
Synchronize KPI searches in ITSI
Create time-based static KPI thresholds in ITSI
This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.5.0 Cloud only, 4.5.1 Cloud only, 4.6.0 Cloud only, 4.6.1 Cloud only, 4.6.2 Cloud only, 4.7.0, 4.7.1, 4.7.2, 4.8.0 Cloud only, 4.8.1 Cloud only, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only