About the Content Pack for Monitoring and Alerting
The IT Service Intelligence (ITSI) Content Pack for Monitoring and Alerting provides a prescriptive blueprint for enterprise-wide alerting across all your services. It helps ITSI administrators and service owners quickly translate service and KPI health into notable events and take action when necessary. The content pack provides a set of preconfigured correlation searches and notable event aggregation policies which, when enabled, produce meaningful and actionable alerts. The content pack also provides a faster method for onboarding external alerts into ITSI with universal alerting.
Use this content pack as a starting point in a clean ITSI environment. If you do restore the content to an active environment, you must back up your environment first. See Create a full backup of ITSI in the Administration Manual.
Refresher: How alerts are generated in ITSI
To better understand what's included in this content pack, consider the standard workflow for configuring ITSI to take action on service and KPI health with the following diagram. The grey boxes represent configurations that the ITSI administrator or service owner must perform before ITSI can produce actionable alerts.
Content pack contents
This content pack contains objects that facilitate the entire alert configuration process as depicted in the following diagram:
This content pack contain the following object types:
|Service monitoring correlation searches||The service monitoring correlation searches routinely check service and KPI results written to the |
|Notable event aggregation policies||The aggregation policies provide configuration for grouping related notable events together in useful ways. The policies also contain action rules that you can tune to meet your organization's alerting strategy. For example, some action rules produce emails, create service tickets, or integrate with VictorOps or other incident response platforms. For more information about these aggregation policies, see About the aggregation policies in the Content Pack for Monitoring and Alerting.|
|Episode monitoring correlation searches||The episode monitoring correlation searches routinely inspect open episodes and produce alerts based on a variety of noteworthy circumstances related to that episode. For more information about these correlation searches, see About the correlation searches in the Content Pack for Monitoring and Alerting.|
The content pack also ships with other supporting objects including automatic lookups, dashboards, and sample services. For a full list of the contents contained within this content pack, see What's new in the Content Pack for Monitoring and Alerting.
On-premises users currently need to download the embedded backup ZIP file from the installation steps in the documentation and restore it in ITSI using the backup/restore functionality. The Content Library will be made available to on-premises users in a future release. See the installation instructions for this content pack to access the ZIP file.
Use the following table to determine ITSI version compatibility with various versions of the Content Pack for Monitoring and Alerting:
|Content pack version||ITSI version|
|1.0.0||4.2.1 or later|
Use the Content Pack for Shared IT Infrastructure Components
Release notes for the Content Pack for Monitoring and Alerting
This documentation applies to the following versions of Splunk® ITSI Content Packs: current