About ITSI content packs
Splunk IT Service Intelligence (ITSI) content packs provide out-of-the-box content that you can use to quickly set up your ITSI environment. This content can include preconfigured KPI base searches, service templates, saved glass tables, and other objects for use within ITSI. For more information about ITSI, see About Splunk IT Service Intelligence in the Administration Manual. Once installed, the objects within a content pack are completely configurable. If you want to do things like change a search's frequency, adjust latency, or change calculation methods, just edit that object directly. Most importantly, many content packs include service templates as a way to easily link one of your existing services to a predefined set of KPIs.
A content pack is a backup of KV store objects that you restore to your own environment and tune for your specific data sources. For more information about the backup and restore functionality in ITSI, see Overview of backing up and restoring ITSI KV store data in the Administration Manual.
Most content packs process data collected through the use of Splunk add-ons. Add-ons collect host, network, and other data from computers that you install them on and map that data to a data model. Add-ons power the data underlying the metrics for each content pack. For more information, see About Splunk add-ons in the Splunk Add-ons manual.
How do I access content packs?
Each content pack backup ZIP file is available for download through the ITSI documentation. To access the ZIP file and full installation instructions, see the Install page for the specific content pack you want to download.
How are content packs different than modules?
ITSI currently still supports modules. Modules were introduced in ITSI version 2.0 as a way to deliver out-of-the-box content to customers. For more information, see Overview of modules in ITSI.
Like content packs, modules include KPI base searches, KPIs, and entity discovery searches, but not the other elements that content packs provide. One key difference is that all module content is immutable, so you can't tailor KPI base searches for maximum performance.
Due to the limitations of modules, the current best practice is to use content packs instead.
Content pack versioning
At this time, content packs can only be installed in clean ITSI environments because the objects might overwrite existing configurations. Each content pack should only be downloaded and installed once. Do not install newer versions of a content pack on top of an existing version. This behavior is temporary and will be fixed when the ITSI Content Library is introduced in a future release.
For now, if you want to leverage a content pack for an existing ITSI implementation or use content from a newer content pack version, restore the content pack to a temporary instance and manually duplicate the desired content in your production instance. To see what's been added in the latest release, see the "What's new" page for that specific content pack.
As new versions of content packs are released, the ZIP file in the installation steps is updated to reflect the most recent version. For example,
BACKUP-CP-NIX-OS-1.0.0.zip means you're downloading version 1.0.0 of the content pack. You can't download other versions of a content pack other than the most recent version.
Available content packs
The following content packs are available for use within ITSI:
|Content Pack for Monitoring Unix and Linux||Provides the elements needed for monitoring your OS-level health related to Linux and certain types of Unix servers.|
|Content Pack for Monitoring Microsoft Windows||Provides the elements needed for monitoring your OS-level health related to Windows servers.|
|Content Pack for Shared IT Infrastructure Components||Supports approaches for mapping service dependencies within ITSI.|
|Content Pack for Monitoring and Alerting||Provides a prescriptive blueprint for enterprise-wide alerting across all your ITSI services.|
|Content Pack for Example Glass Tables||Provides a starting point for monitoring various use cases on the glass table canvas.|
|Content Pack for Monitoring Splunk as a Service||Provides OS and application-level monitoring of your Splunk Enterprise environment.|
|Content Pack for Monitoring Citrix||Provides a quick way to build ITSI services to monitor your Citrix virtual apps and desktop infrastructure.|
|Content Pack for VMware Monitoring||Provides the elements necessary to monitor the performance of the main components in a VMware vSphere environment.|
|Content Pack for Splunk Infrastructure Monitoring||Provides the elements necessary to use ITSI monitoring tools to visualize and troubleshoot your Splunk Infrastructure Monitoring cloud services.|
|Content Pack for Monitoring Pivotal Cloud Foundry||Provides the elements necessary for monitoring your Pivotal Cloud Foundry deployment.|
|Content Pack for Monitoring Phantom as a Service||Provides an ITSI-based approach to monitor the health of your Phantom server environment.|
About the Content Pack for Monitoring Unix and Linux
This documentation applies to the following versions of Splunk® ITSI Content Packs: current