Splunk® ITSI Content Packs

Splunk ITSI Content Packs

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Content Pack for Monitoring and Alerting

The IT Service Intelligence (ITSI) Content Pack for Monitoring and Alerting provides a prescriptive blueprint for enterprise-wide alerting across all your services. It helps ITSI administrators and service owners quickly translate service and KPI health into notable events and take action when necessary. The content pack provides a set of preconfigured correlation searches and notable event aggregation policies which, when enabled, produce meaningful and actionable alerts. The content pack also provides a faster method for onboarding external alerts into ITSI with universal alerting.

Use this content pack as a starting point in a clean ITSI environment. If you do restore the content to an active environment, you must back up your environment first. See Create a full backup of ITSI in the Administration Manual.

Refresher: How alerts are generated in ITSI

To better understand what's included in this content pack, consider the standard workflow for configuring ITSI to take action on service and KPI health with the following diagram. The grey boxes represent configurations that the ITSI administrator or service owner must perform before ITSI can produce actionable alerts.

NEworkflow.png

Content pack contents

This content pack contains objects that facilitate the entire alert configuration process as depicted in the following diagram:

NEworkflowCP.png



This content pack contain the following object types:

Object Description
Service monitoring correlation searches The service monitoring correlation searches routinely check service and KPI results written to the itsi_summary index and produce notable events based on a variety of noteworthy circumstances related to service and KPI health. For more information about these correlation searches, see About the correlation searches in the Content Pack for Monitoring and Alerting.
Notable event aggregation policies The aggregation policies provide configuration for grouping related notable events together in useful ways. The policies also contain action rules that you can tune to meet your organization's alerting strategy. For example, some action rules produce emails, create service tickets, or integrate with VictorOps or other incident response platforms. For more information about these aggregation policies, see About the aggregation policies in the Content Pack for Monitoring and Alerting.
Episode monitoring correlation searches The episode monitoring correlation searches routinely inspect open episodes and produce alerts based on a variety of noteworthy circumstances related to that episode. For more information about these correlation searches, see About the correlation searches in the Content Pack for Monitoring and Alerting.

The content pack also ships with other supporting objects including automatic lookups, dashboards, and sample services. For a full list of the contents contained within this content pack, see What's new in the Content Pack for Monitoring and Alerting.


On-premises installation

On-premises users currently need to download the embedded backup ZIP file from the installation steps in the documentation and restore it in ITSI using the backup/restore functionality. The Content Library will be made available to on-premises users in a future release. See the installation instructions for this content pack to access the ZIP file.

Deployment requirements

Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring and Alerting:

Content pack version ITSI version
1.0.0 4.2.1 or later

Additional resources

Last modified on 05 March, 2021
PREVIOUS
Use the Content Pack for Shared IT Infrastructure Components
  NEXT
Release notes for the Content Pack for Monitoring and Alerting

This documentation applies to the following versions of Splunk® ITSI Content Packs: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters