Splunk® Content Packs for ITSI and IT Essentials Work

Splunk Content Packs for ITSI and IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install and configure the Content Pack for Third-party APM

Follow these high-level steps to configure the Content Pack for Third-party APM:

  1. Install and configure the Splunk add-on for the third-party vendors you want to use in the content pack.
  2. Install the content pack.
  3. Import your Third-party APM entities.
  4. Review and tune KPIs thresholds.

Prerequisites

Create a full backup of your ITSI environment in case you need to uninstall the content pack later. For more information, see Create a full backup in the Administration Manual.

Step 1: Install and configure the Splunk add-on for the third-party vendor

This content pack depends on data collected in Splunk add-ons for 3 third-party vendors. You can safely install add-ons on all tiers of a distributed Splunk platform deployment, including heavy forwarders, indexers, or search heads. Download the latest version of the add-ons from Splunkbase.

Step 2: Install the Content Pack for Third-party APM

The Content Pack for Third-party APM is automatically available for installation once you have installed the Splunk App for Content Packs on the search head with ITSI 4.9.0 or higher or IT Essentials Work 4.9.0 or higher. For steps to install the Splunk App for Content Packs, go to the installation instructions for the Splunk App for Content Packs. After you install the Splunk App for Content Packs, you can follow these steps install the content pack:

  1. From the ITSI main menu, click Configuration > Data Integrations.
  2. Click Add structure to your data.
  3. Select the 3rd Party APM content pack.
  4. Review what's included in the content pack and then click Proceed.
  5. Configure the settings:
    • Choose which objects to install: For a first-time installation, select the items you want to install and deselect any you're not interested in. For an upgrade, the installer identifies which objects from the content pack are new and which ones already exist in your environment from a previous installation. You can selectively choose which objects to install from the new version or install all objects.
    • Choose a conflict resolution rule for the objects you install: For upgrades or subsequent installs, decide what happens to duplicate objects introduced from the content pack. Choose from these options:
      • Install as new: Any existing identical objects in your environment remain intact.
      • Replace existing: Existing identical objects are replaced with those from the new installation. Any changes you previously made to these objects are overwritten.
    • Import as enabled: Select whether to install objects as enabled or leave them in their original state. We recommend that you import objects as disabled to ensure your environment doesn't break from the addition of new content. This setting only applies to services, correlation searches, and aggregation policies. All other objects such as KPI base searches and saved searches are installed in their original state regardless of the option you choose.
    • Add a prefix to your new objects: Optionally, append a custom prefix to each object installed from the content pack. For example, you might prefix your objects with CP- to indicate they came from a content pack. This option can help you locate and manage the objects after installation.
    • Backfill service KPIs: Optionally backfill your ITSI environment with the previous seven days of KPI data. Consider enabling backfill if you want to configure adaptive thresholding and predictive analytics for the new services. This setting only applies to KPIs, not service health scores.


    3rd-party-APM-intall.png

  6. When you've made your selections, click Install selected.
  7. Click Install to confirm the installation. When the installation completes you can view all objects that were installed in your environment. A green checkmark on the Data Integrations page indicates which content packs you've already installed.

Step 3: Import your Third-party APM entities

To import your third-party APM hosts as entities, follow these steps:

  1. Go to Configuration > Entities from the ITSI or IT Essentials Work menu.
  2. Select Create Entity > Import from Search.
  3. Paste this SPL in the Ad hoc Search field and click the search icon to preview your entities.
    tag=application tag=inventory tag=apm app_title=* 
    | stats latest(app_name) as app_name,latest(vendor) as vendor, latest(account) as account, latest(app_language) as app_language, latest(application_id) as application_id by app_title 
    | eval entity_type = "apm", type="application"
    
  4. Click Next.
  5. On the Entity/Service Import screen, map these columns:
    • app_title = Entity Title
    • entity_type = Entity Type
    • all other fields = Entity Information Fields


    3rd-party-APM-column-mapping.png

  6. Click Import
  7. Click Set Up Recurring Import.
    1. Enter a name for your recurring import.
    2. Select a schedule.
    3. Click Submit.

When you've finished importing your entities, go to the Service Analyzer > Analyzers > Service Analyzer - APM to see your services and KPIs light up.

3rd-party-apm-service-analyzer.png

Step 4: Review and tune KPIs thresholds

Aggregate and per-entity thresholds for the KPIs in this content pack have thresholds representing best practices. Consider going through the KPIs in each service and configuring the aggregate and per-entity thresholds values to reasonable defaults based on your use case. Some KPIs, such as basic the Apdex score, have universal best practices for threshold configuration. Others are specific to your deployment. For instructions to tune KPI thresholds, see Configure KPI thresholds in ITSI in the Service Insights manual.

For a full list of the KPIs in this content pack, see the KPI reference for the Content Pack for Third-party APM.

KPI alerting

Because acceptable application performance varies widely per use case, KPI alerting isn't enabled by default in this content pack. To receive alerts for KPIs when aggregate KPI threshold values change, see Receive alerts when KPI severity changes in ITSI. ITSI generates notable events on the Episode Review page based on the alerting rules you configure.

Next steps

Now that you have installed and configured the Content Pack for Third-party APM, you can start using the dashboards and visualizations in the content pack to monitor your applications. For instructions for using the content pack, see Use the Content Pack for Third-party APM.

Last modified on 08 October, 2021
PREVIOUS
Release Notes for the Content Pack for Third-party APM
  NEXT
Use the Content Pack for Third-party APM

This documentation applies to the following versions of Splunk® Content Packs for ITSI and IT Essentials Work: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters