Splunk® ITSI Content Packs

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Overview of content packs for ITSI and IT Essentials Work

Splunk Content Packs provide out-of-the-box content that you can use to quickly set up your Splunk IT Service Intelligence (ITSI) or IT Essentials Work environment. This content can include preconfigured KPI base searches, service templates, saved glass tables, and other objects for use within ITSI or IT Essentials Work.

Once installed, the objects within a content pack are completely configurable. If you want change a search's frequency, adjust latency, or change calculation methods, you can edit the objects directly. Most importantly, many content packs include service templates as a way to easily link one of your existing services to a predefined set of KPIs.

Most content packs process data collected through the use of Splunk add-ons. Add-ons collect host, network, and other data from computers that you install them on and map that data to a data model. Add-ons power the data underlying the metrics for each content pack. For more information, see About Splunk add-ons in the Splunk Add-ons manual.

The Splunk App for Content Packs

The Splunk App for Content Packs allows you to access content packs, preview their contents, and install them in your environment. Download the Splunk App for Content Packs on Splunkbase. The Splunk App for Content Packs is compatible with ITSI and IT Essentials Work versions 4.9.0 and later. As new content packs become available or current ones are updated, you can download the most recent version of the Splunk App for Content Packs to get this new content. When you install an updated version of a content pack, you can see which objects are new to the content pack.

Once you've installed the Splunk App for Content Packs you can go to Configuration > Data Integrations to see the available content packs.

ITSICL.png

Install the Splunk App for Content Packs

You can install the Splunk App for Content Packs on your Splunk Cloud Platform or on-prem environment. At this time, the Splunk App for Content Packs is only compatible with ITSI on Splunk Cloud Platform. That is, Splunk Cloud Platform customers who are using IT Essentials Work can't currently install the Splunk App for Content Packs.

Install the Splunk App for Content Packs on a Splunk Cloud Platform environment

Splunk Cloud Platform customers who are using ITSI can file a case requesting the Splunk App for Content Packs. Use the Splunk Support Portal at Support and Services or contact Splunk Customer Support. You can install the Splunk App for Content Packs on single-instance and distributed deployments.

Install the Splunk App for Content Packs on an on-premises environment

To access the Data Integrations page, you have to install the Splunk App for Content Packs. Follow these steps to to install the Splunk App for Content Packs in a Splunk Enterprise environment.

  1. Download the Splunk App for Content Packs app from Splunkbase. For cluster and distributed environments, download the Splunk App for Content packs on the search head where ITSI or IT Essentials Work is installed.
  2. Stop your Splunk platform deployment. For example: 
    cd $SPLUNK_HOME/bin
./splunk stop
  3. Extract the installation package into $SPLUNK_HOME/etc/apps. For example: 
    tar -xvf splunk-app-for-content-packs_<latest_version>.spl -C $SPLUNK_HOME/etc/apps

    On Windows, rename the file extension from .spl to .tgz first and use a third-party utility to perform the extraction.

  4. Start your Splunk platform deployment. For example: 
    cd $SPLUNK_HOME/bin
./splunk start

Install content packs for ITSI or IT Essentials Work 4.8.x and below

The Data Integrations page, where you access the content packs, is only available for ITSI or IT Essentials Work 4.9.x and later. If you have a version of either ITSI or IT Essentials Work lower than 4.9, you have to download the content pack as a backup ZIP file and restore it using the backup/restore functionality. The ZIP files are embedded within the documentation in the installation steps of each content pack.

Content Packs in IT Essentials Work

The Splunk App for Content Packs installs supported content packs in your IT Essentials Work environment. Content packs provide out-of-the-box content that you can reference or use in IT Essentials Work. You can only install entity type objects in IT Essentials Work.

Note: When you upgrade from IT Essentials Work to ITSI, objects in your environment persist after the upgrade.

Available content packs

These content packs are available.

Content pack Description Supported Apps
Content Pack for Amazon Web Services Dashboards and Reports Provides the elements necessary to monitor the health and availability of your AWS environment. ITSI and IT Essentials Work
Content Pack for Example Glass Tables Provides a starting point for monitoring various use cases on the glass table canvas. ITSI
Content Pack for Microsoft 365 Provides the elements necessary to monitor the health and availability of your Microsoft 365 environment. ITSI and IT Essentials Work
Content Pack for Microsoft Exchange Provides the elements necessary to monitor the health and availability of your Exchange environment. ITSI and IT Essentials Work
Content Pack for Monitoring Microsoft Windows Provides the elements needed for monitoring your OS-level health related to Windows servers. ITSI
Content Pack for Monitoring and Alerting Provides a prescriptive blueprint for enterprise-wide alerting across all your ITSI services. ITSI
Content Pack for Monitoring Citrix Provides a quick way to build ITSI services to monitor your Citrix virtual apps and desktop infrastructure. ITSI
Content Pack for Monitoring Phantom as a Service Provides knowledge objects to monitor the health of your Phantom server environment. ITSI
Content Pack for Monitoring Pivotal Cloud Foundry Provides the elements necessary for monitoring your Pivotal Cloud Foundry deployment. ITSI
Content Pack for Monitoring Splunk as a Service Provides OS and application-level monitoring of your Splunk Enterprise environment. ITSI
Content Pack for Monitoring Unix and Linux Provides the elements needed for monitoring your OS-level health related to Linux and certain types of Unix servers. ITSI
Content Pack for NetApp Data ONTAP Dashboards and Reports Provides the elements necessary to monitor the health and availability of your NetApp environment. ITSI and IT Essentials Work
Content Pack for Shared IT Infrastructure Components Supports approaches for mapping service dependencies within ITSI. ITSI
Content Pack for Splunk Infrastructure Monitoring Provides the elements necessary to use monitoring tools to visualize and troubleshoot your Splunk Infrastructure Monitoring cloud services. ITSI and IT Essentials Work
Content Pack for Unix Dashboards and Reports Provides reports, alerts, and dashboards for Linux and Unix management. ITSI and IT Essentials Work
Content Pack for VMware Dashboards and Reports Provides the elements necessary to monitor the health and availability of your virtual environments. ITSI and IT Essentials Work
Content Pack for VMware Monitoring Provides the elements necessary to monitor the performance of the main components in a VMware vSphere environment. ITSI
Last modified on 29 July, 2021
  NEXT
Release Notes for the Splunk App for Content Packs

This documentation applies to the following versions of Splunk® ITSI Content Packs: current

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters