Related Answers
Download topic as PDF
About the Content Pack for Monitoring and Alerting
The IT Service Intelligence (ITSI) Content Pack for Monitoring and Alerting provides a prescriptive blueprint for enterprise-wide alerting across all your services. It helps ITSI administrators and service owners quickly translate service and KPI health into notable events and take action when necessary. The content pack provides a set of preconfigured correlation searches and notable event aggregation policies which, when enabled, produce meaningful and actionable alerts. The content pack also provides a faster method for onboarding external alerts into ITSI with universal alerting.
Use this content pack as a starting point in a clean ITSI environment. If you do restore the content to an active environment, you must back up your environment first. See Create a full backup of ITSI in the Administration Manual.
Refresher: How alerts are generated in ITSI
To better understand what's included in this content pack, consider the standard workflow for configuring ITSI to take action on service and KPI health with the following diagram. The grey boxes represent configurations that the ITSI administrator or service owner must perform before ITSI can produce actionable alerts.
Content pack contents
This content pack contains objects that facilitate the entire alert configuration process as depicted in the following diagram:
This content pack contain the following object types:
| Object | Description |
|---|---|
| Service monitoring correlation searches | The service monitoring correlation searches routinely check service and KPI results written to the itsi_summary index and produce notable events based on a variety of noteworthy circumstances related to service and KPI health. For more information about these correlation searches, see About the correlation searches in the Content Pack for Monitoring and Alerting.
|
| Notable event aggregation policies | The aggregation policies provide configuration for grouping related notable events together in useful ways. The policies also contain action rules that you can tune to meet your organization's alerting strategy. For example, some action rules produce emails, create service tickets, or integrate with VictorOps or other incident response platforms. For more information about these aggregation policies, see About the aggregation policies in the Content Pack for Monitoring and Alerting. |
| Episode monitoring correlation searches | The episode monitoring correlation searches routinely inspect open episodes and produce alerts based on a variety of noteworthy circumstances related to that episode. For more information about these correlation searches, see About the correlation searches in the Content Pack for Monitoring and Alerting. |
The content pack also ships with other supporting objects including automatic lookups, dashboards, and sample services. For a full list of the contents contained within this content pack, see What's new in the Content Pack for Monitoring and Alerting.
On-premises installation
On-premises users currently need to download the embedded backup ZIP file from the installation steps in the documentation and restore it in ITSI using the backup/restore functionality. The Content Library will be made available to on-premises users in a future release. See the installation instructions for this content pack to access the ZIP file.
Deployment requirements
Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring and Alerting:
| Content pack version | ITSI version |
|---|---|
| 1.0.0 | 4.2.1 or later |
Additional resources
- For ITSI deployment planning guidelines, see Plan your ITSI deployment in the Install and Upgrade manual.
- For ITSI version compatibility with Splunk Enterprise versions, see Splunk products version compatibility matrix.
|
PREVIOUS Use the Content Pack for Shared IT Infrastructure Components |
NEXT Release notes for the Content Pack for Monitoring and Alerting |
This documentation applies to the following versions of Splunk® ITSI Content Packs: current
Feedback submitted, thanks!