Splunk® Content Packs for ITSI and IT Essentials Work

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Content Pack for Splunk Observability Cloud

The Content Pack for Splunk Observability Cloud enables IT Service Intelligence (ITSI) users or IT Essentials Work users to visualize and investigate the health of applications that use Splunk Observability Cloud. The content pack provides a seamless experience for IT Ops users to combine monitoring of Splunk Observability Cloud, including Splunk Infrastructure Monitoring, Splunk APM, and Splunk Synthetic Monitoring, with business services monitoring to gain a more complete view of their enterprise.

Splunk Observability Cloud service analyzer.png

Content pack features

The content pack provides a robust collection of features for you to monitor the performance of your applications.

Dashboards

The content pack includes 3 dashboards so that you can access info for Splunk Infrastructure Monitoring, Splunk APM, and Splunk Synthetic Monitoring in one place.

Entity searches

The Splunk App for Content Packs includes nine entity searches for use with this content pack. You can enable these searches when you are ready to run them to import your Observability Cloud entities. Go to the the install documentation for steps to enable the searches.

Entity types

The content pack includes 14 custom entity types, one for each of the metrics from the Splunk Infrastructure Monitoring Add-on, one for Splunk APM, and one for each of the metrics from the Splunk Synthetic Monitoring Add-on.

  • AWS EC2
  • AWS Lambda
  • Azure Functions
  • Azure VM
  • GCP Cloud Functions
  • GCP Compute Engine
  • Kubernetes Pods
  • OS Hosts
  • Splunk Infrastructure Monitoring
  • Splunk APM
  • Synthetic API
  • Synthetic Benchmark
  • Synthetic Content
  • Synthetic HTTP
  • Synthetic Real Browser

Glass tables

The content pack includes 5 glass tables that you can use to monitor your applications' performance at a high level.

  • The Observability_DevOps SRE Detailed View glass table provides insights across Splunk Synthetic Monitoring, Splunk Application Performance Management, and Splunk Infrastructure Monitoring; at a summary level, as well as two levels down.
  • The Observability_Executive Glass Table delivers rolled-up insights across three major observability areas: Splunk Synthetic Monitoring, Splunk Infrastructure Monitoring, and Splunk Application Performance Monitoring.
  • The Observability_NOC Glass Table [Layered] glass table is designed for a 40-foot wall or hallway monitor, enables visibility and awareness, showing the trend and history along with current state for all your critical KPI's rolled up.
  • The Observability_Overview [Columns] glass table provides a quick overview of the three major observability areas: Splunk Synthetic Monitoring, Splunk Application Performance Monitoring, and Spunk Infrastructure Monitoring.
  • The Observability_Overview [Layered with Radio Gauges] glass table provides immediate insight and results, which can be viewed at a distance, with radio gauges on the left side making it simple to know the status of Splunk Synthetic Monitoring, Splunk Application Performance Monitoring, and Splunk Infrastructure Monitoring for your entire environment.

KPI base searches and metrics

The content pack includes these 15 KPI base searches with 60+ associated metrics.

  • SIM_cloud_aws_ec2
  • SIM_cloud_aws_lambda
  • SIM_cloud_azure_functions
  • SIM_cloud_azure_vm
  • SIM_cloud_gcp_compute
  • SIM_cloud_gcp_functions
  • SIM_containers
  • SIM_data_center_hosts
  • SIM_kubernetes
  • SplunkAPM Rate Base Search
  • SSM_api_checks
  • SSM_benchmark_checks
  • SSM_content_checks
  • SSM_http_checks
  • SSM_real_browser_checks

Services and KPIs

The content pack includes 26 services with 70+ KPIs. For a full list of services and KPIs, see the KPI reference for the Content Pack for Splunk Observability Cloud.

Service analyzer

The content pack includes a preconfigured saved service analyzer view called Splunk Observability Cloud that provides visual representation of your Splunk Observability Cloud services and the dependencies between them. You can use this custom view to see the KPIs associated with a service.

Vital metrics

The entity types in this content pack contain a set of vital metrics which describe the overall performance the entities within it. You can view these metrics on the Entity Health page and drill down further into individual Observability Cloud entities.

Content pack features in ITSI and IT Essentials Work

The features available in IT Essentials Work are a subset of the full feature set available in the content pack for ITSI. The content pack for IT Essentials Work only includes the APM dashboards.

Objects IT Essentials Work ITSI
Dashboards 4 4
Entity searches 9 9
Entity types 14 14
Glass tables 0 5
KPIs 0 74
KPI base searches 0 15
Services 0 26
Service analyzer dashboards 0 1
Service templates 0 0
Vital metrics 34 34

Installation

You can install the Content Pack for Splunk Observability Cloud after installing the Splunk App for Content Packs on the search head where you have installed ITSI or IT Essentials Work. For detailed installation and configuration instructions, see Install and configure the Content Pack for Splunk Observability Cloud.

Deployment requirements

Review the version compatibility requirements for the Content Pack for Splunk Observability Cloud:

Content pack version ITSI version IT Essentials Work version Splunk App for Content Packs version Splunk Synthetic Monitoring Add-on version Splunk Infrastructure Monitoring Add-on version
1.0.0 4.9.4, 4.11.0 4.9.4, 4.11.0 1.4.0 1.0.5 1.2.0

Content pack object conflicts

The Content Pack for Splunk Observability Cloud contains these objects that conflict with either the Content Pack for Splunk Infrastructure Monitoring or the Content Pack for Splunk Synthetic Monitoring.

See the Migrate from the Content Pack for Splunk Synthetic Monitoring to the Content Pack for Splunk Observability Cloud and Migrate from the Content Pack for Splunk Infrastructure Monitoring to the Content Pack for Splunk Observability Cloud topics for migration steps.

Object name Object type Conflicting content pack
SSM_api_checks KPI base search The Content Pack for Splunk Synthetic Monitoring
SSM_benchmark_checks KPI base search The Content Pack for Splunk Synthetic Monitoring
SSM_content_checks KPI base search The Content Pack for Splunk Synthetic Monitoring
SSM_http_checks KPI base search The Content Pack for Splunk Synthetic Monitoring
SSM_real_browser_checks KPI base search The Content Pack for Splunk Synthetic Monitoring
AWS EC2 Service The Content Pack for Splunk Infrastructure Monitoring
AWS Lambda Service The Content Pack for Splunk Infrastructure Monitoring
AWS Services The Content Pack for Splunk Infrastructure Monitoring
Azure Functions Service The Content Pack for Splunk Infrastructure Monitoring
Azure VM Service The Content Pack for Splunk Infrastructure Monitoring
Azure Service The Content Pack for Splunk Infrastructure Monitoring
GCP Cloud Functions Service The Content Pack for Splunk Infrastructure Monitoring
GCP Compute Engine Service The Content Pack for Splunk Infrastructure Monitoring
GCP Service The Content Pack for Splunk Infrastructure Monitoring
AWS EC2 Entity type The Content Pack for Splunk Infrastructure Monitoring
AWS Lambda Entity type The Content Pack for Splunk Infrastructure Monitoring
Azure Functions Entity type The Content Pack for Splunk Infrastructure Monitoring
GCP Cloud Functions Entity type The Content Pack for Splunk Infrastructure Monitoring
GCP Compute Engine Entity type The Content Pack for Splunk Infrastructure Monitoring
Splunk Infrastructure Monitoring Entity type The Content Pack for Splunk Infrastructure Monitoring
Synthetic API Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic Benchmark Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic Content Entity Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic HTTP Entity type The Content Pack for Splunk Synthetic Monitoring
Synthetic Real Browser Entity type The Content Pack for Splunk Synthetic Monitoring

Additional resources

Last modified on 27 October, 2021
PREVIOUS
Use the Content Pack for Splunk Infrastructure Monitoring
  NEXT
Release Notes for the Content Pack for Splunk Observability Cloud

This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters