Overview of content packs for ITSI and IT Essentials Work
Splunk Content Packs provide out-of-the-box content that you can use to quickly set up your Splunk IT Service Intelligence (ITSI) or IT Essentials Work (ITE Work) environment. This content can include preconfigured KPI base searches, service templates, saved glass tables, and other objects for use within ITSI or ITE Work.
Once installed, the objects within a content pack are configurable. If you want to change a search's frequency, adjust latency, or change calculation methods, you can edit the objects directly.
Most content packs process data collected through the use of Splunk add-ons. Add-ons collect host, network, and other data from computers that you install them on and map that data to a data model. Add-ons power the data underlying the metrics for each content pack. For more information, see About Splunk add-ons in the Splunk Add-ons manual.
The Splunk App for Content Packs
The Splunk App for Content Packs allows you to access content packs, preview their contents, and install them in your environment. Download the Splunk App for Content Packs on Splunkbase. The Splunk App for Content Packs is compatible with ITSI and ITE Work versions 4.9.0 and higher. As new content packs become available or existing content packs are updated, you can download the most recent version of the Splunk App for Content Packs to get this new content. When you install an updated version of a content pack, you can see which objects are new to the content pack.
Once you've installed the Splunk App for Content Packs, you can go to Configuration > Data Integrations > Add structure to your data to see the available content packs.
Install the Splunk App for Content Packs
To access the content packs on the Data Integrations page, you have to install the Splunk App for Content Packs. You can install the Splunk App for Content Packs on your Splunk Cloud Platform or on-premises environment. See Install the Splunk App for Content Packs for steps to install the Splunk App for Content Packs.
Content Packs in ITE Work
The Splunk App for Content Packs installs supported content packs in your ITE Work environment. You can only install entity-type objects in ITE Work. In addition to the content packs shown on the Data Integrations page under Add structure to your data, there are content packs that are automatically installed when you install the Splunk App for Content Packs. See the available content packs for a list of content packs available in ITE Work.
If you upgrade from ITE Work to ITSI, objects in your environment persist after the upgrade.
Available content packs
These content packs are available.
| Content pack | Description | Index type | Supported Apps |
|---|---|---|---|
| Content Pack for Amazon Web Services Dashboards and Reports | Provides the elements necessary to monitor the health and availability of your AWS environment. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. | Events | ITSI and ITE Work |
| Content Pack for Example Glass Tables | Provides a starting point for monitoring various use cases on the glass table canvas. | None (Uses static example data) |
ITSI |
| Content Pack for ITE Work Alert Routing | Extends the default ITE Work alert functionality by allowing you to take an external action when an alert is triggered, such as sending an email. | Events | ITE Work |
| Content Pack for ITSI Monitoring and Alerting | Provides a prescriptive blueprint for enterprise-wide alerting across all your ITSI services. | Events and Metrics (Most of the searches are based on events index) |
ITSI |
| Content Pack for Microsoft 365 | Provides the elements necessary to monitor the health and availability of your Microsoft 365 environment. | Events | ITSI and ITE Work |
| Content Pack for Microsoft Exchange | Provides the elements necessary to monitor the health and availability of your Exchange environment. | Events | ITSI and ITE Work |
| Content Pack for Monitoring Citrix | Provides a quick way to build ITSI services to monitor your Citrix virtual apps and desktop infrastructure. | Events and Metrics | ITSI |
| Content Pack for Monitoring Microsoft Windows | Provides the elements needed for monitoring your OS-level health related to Windows servers. | Events | ITSI |
| Content Pack for Monitoring Phantom as a Service | Provides knowledge objects to monitor the health of your Phantom server environment. | Events | ITSI |
| Content Pack for Monitoring Pivotal Cloud Foundry | Provides the elements necessary for monitoring your Pivotal Cloud Foundry deployment. | Events and Metrics | ITSI |
| Content Pack for Monitoring Splunk as a Service | Provides OS and application-level monitoring of your Splunk Enterprise environment. | Events | ITSI |
| Content Pack for Monitoring Unix and Linux | Provides the elements needed for monitoring your OS-level health related to Linux and certain types of Unix servers. | Events and Metrics | ITSI |
| Content Pack for NetApp Data ONTAP Dashboards and Reports | Provides the elements necessary to monitor the health and availability of your NetApp environment. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. | Events | ITSI and ITE Work |
| Content Pack for Shared IT Infrastructure Components | Supports approaches for mapping service dependencies within ITSI. | Events (Uses _internal index) |
ITSI |
| Content Pack for Splunk Infrastructure Monitoring | This content pack was replaced by the Content Pack for Splunk Observability Cloud in the version 1.4.0 of the Splunk App for Content Packs. See the Migrate from the Content Pack for Splunk Infrastructure Monitoring to the Content Pack for Splunk Observability Cloud topic for migration steps. | ||
| Content Pack for Splunk Observability Cloud | Bridges the data gap between ITSI and Splunk Observability Cloud by providing the functionality of Splunk Synthetic Monitoring, Splunk Infrastructure Monitoring, and Splunk Application Performance Monitoring in a single view. | Metrics | ITSI and ITE Work |
| Content Pack for Splunk Synthetic Monitoring | This content pack was replaced by the Content Pack for Splunk Observability Cloud in version 1.4.0 of the Splunk App for Content Packs. See the Migrate from the Content Pack for Splunk Synthetic Monitoring to the Content Pack for Splunk Observability Cloud topic for migration steps. | ||
| Content Pack for Third-Party APM | Provides the elements necessary to monitor the health of applications that use third-party APM tools (AppDynamics, DynaTrace, and New Relic). | Events | ITSI and ITE Work |
| Content Pack for Unix Dashboards and Reports | Provides reports, alerts, and dashboards for Linux and Unix management. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. | Events | ITSI and ITE Work |
| Content Pack for VMware Dashboards and Reports | Provides the elements necessary to monitor the health and availability of your virtual environments. This content pack is automatically installed when you install the Splunk App for Content Packs, so it doesn't have a chiclet on the Data Integrations page. | Events and Metrics | ITSI and ITE Work |
| Content Pack for VMware Monitoring | Provides the elements necessary to monitor the performance of the main components in a VMware vSphere environment. | Metrics | ITSI |
| Content Pack for Windows Dashboards and Reports | Provides deep visibility into the health and performance of your Microsoft Windows Server and Active Directory environments. | Events | ITSI and ITE Work |
| Migrate from legacy apps to content packs |
This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current
Download manual
Feedback submitted, thanks!