Working with service insights in ITSI
A service is a set of interconnected applications and hosts that are configured to offer a specific service to the organization. These services can be internal — an organization’s email system— or external —an organization’s website.
You can create business and technical services that model those within your environment. Some services might have dependencies on other services. Services contain Key Performance Indicators (KPIs), which make it possible to monitor service health via service health scores, perform root cause analysis, receive alerts, and ensure that your IT operations are in compliance with business service-level agreements (SLAs).
ITSI’s Service Insights allow you to create glass tables to help you monitor real-time interrelationships and dependencies via KPIs and service health scores across your IT and business services in one view. Glass tables also feature a drawing canvas where you can add visualizations in the form of KPIs and service health scores, upload images and icons, and add charts.
Another glass table used to evaluate business, operational and SLA performances, along with infrastructure status.
Service Insights also enables you to create and use four kinds of dashboards: infrastructure overview, service analyzer, deep dives, and predictive analytics.
Infrastructure Overview Dashboards provide a consolidated view of all your data integrations and investigation tools for operating systems, virtual infrastructures, containers, and cloud services.
Service Analyzer Dashboards help you map dependencies based on a connection between devices and applications in a tile or topology view. You can visually correlate services to underlying infrastructure with a tile or tree view. You are also able to drill down to the code level and identify root causes directly from service monitoring dashboards.
Deep Dives Dashboards are an investigative tool to help you identify and analyze issues in your IT environment.
Deep dives display a side-by-side view of KPIs and service health scores over time to help you zoom in on metric and log data and visually correlate root cause.
Use side-by-side displays of multiple KPIs and correlate metrics over time to identify root causes.
Predictive Analytics Dashboards predict future incidents 30 minutes in advance using machine learning algorithms and historical service health scores.
Top five contributing service metrics are displayed to guide troubleshooting.
To learn more about these data models, see the Splunk ITSI interactive demo.
The following are included: Glass Tables (step 1/8), Predictive Analytics Dashboard (step 2/8), Service Analyzer Dashboard (step 5/8), and Deep Dive Dashboard (step 6/8).
Service Modeling and Service Decomposition
Before you are ready to set up your dashboards and services in Splunk ITSI, it’s important to identify what services will provide the most value.
Best Practices for selecting the right services to apply in Splunk ITSI
To learn more, see the Tech Talk: Service Decomposition.
Create KPIs for Your Services
Every service you map in ITSI will have at least one KPI. KPIs are recurring saved searches that return the value of an IT performance metric. They are created within a specific service and define everything needed to generate searches to understand the underlying data, including how to access, aggregate, and qualify with thresholds. There are two types of KPIs: business and technical.
Doing pre-work with service decomposition to correctly identify what services are most valuable to the organization is a good first step to identifying appropriate KPIs to map to these services. Please schedule time with your account team to go through the service decomposition workshop.
Best Practices for Choosing KPIs
Good KPIs have the following characteristics:
- Provide data regularly
- Self normalizing data
- Data with deltas, not counters
You can also use Splunk App for Content Packs and Content Packs for preconfigured services and KPIs. Here are some KPIS available in the Microsoft 365 Content Pack:
Availability KPIs |
Performance KPIs |
Group Administration Activities KPIs |
Login Activity KPIs |
Office 365 Security & Compliance Center |
---|---|---|---|---|
|
|
|
|
|
After you have your services, entity rules, KPIs, and service dependencies planned out, you can finally create services in ITSI! There are three ways to do so:
For more information regarding creating services, see the Service Insights Manual.
Get Started with Service Insights
Service Insights within Splunk ITSI consists of various dashboard views, alerts and metrics so that you can effectively monitor and map services within your organization. Here are some ways to get better acquainted with the various available features and views.
Tasks to tackle
- Navigate Service Analyzer
- Explore the Tile View of Services
- Filter to the Shared Infrastructure Service and Show Dependencies
- How many Services are in Shared Infrastructure?
- Navigate to the Tree View
- Navigate KPIs and Health Scores
- Navigate Entities
- Build a Multi-KPI Alert
- Configure a service health score alert
Source: BSI workshop
Additional Resources
- Tech Talk: Service Modeling
- Service Decomposition at a glance
- Speak to your account manager about setting up a Service Decomposition workshop
- .conf presentation: Top KPIs to consider in Splunk ITSI (slides)
- Webinar: Getting Started with ITSI Part 1
- Tech Talk: Top 10 Glass Table Dashboard Design Principles (recording | slides)
- How Service Health Scores are calculated
- Blog post: Best Practices for Thresholding KPIs
- Blog post: Best Practices for Alert Configuration
- Blog post: Best Practices for Adaptive Thresholding
- Glass Tables (Video)
- Exploring Insights with Glass Tables (Tech Talk)
- Deep Dives (Video)