With Splunk ITSI, you can not only monitor your service health but also your business health. You can give your people the data they need to make informed decisions fast, cutting your resolution times from hours to minutes. You can show what's broken, when it broke, why it broke, and you can know with certainty what that's affecting.
Splunk ITSI glass tables let you create a high high-level view that you can display in a NOC or anywhere convenient so people can self-serve for the status information they need. You can show how entities relate and interact with each other, key performance indicators (KPIs) tied to any number of metrics from those entities, aggregate health scores, dependencies, and more.
This visibility is great for executive reporting and frees you from emailing status updates, but it's great for service teams too. Imagine your web team and mobile team are both chasing down the same issue. They'll eventually reach the same conclusion that there's an issue with the databases that feed our authorization service. But how long do you think it'll take them both to arrive there with the tools you have today? With a properly configured Splunk ITSI deployment, you can look at the service analyzer and identify the problem within fifteen seconds, and maybe see another service that needs attention. You can then make correlations based on the dependencies you've configured and find the root cause almost as quickly.
Curious how? Watch the following demo to find out.
Service dashboards in Splunk ITSI
Service Insights enables you to create and use four kinds of dashboards: infrastructure overview, service analyzer, deep dives, and predictive analytics.
- Infrastructure Overview Dashboards provide a consolidated view of all your data integrations and investigation tools for operating systems, virtual infrastructures, containers, and cloud services.
- Service Analyzer Dashboards help you map dependencies based on a connection between devices and applications in a tile or topology view. You can visually correlate services to underlying infrastructure with a tile or tree view. You are also able to drill down to the code level and identify root causes directly from service monitoring dashboards.
- Deep Dives Dashboards are an investigative tool to help you identify and analyze issues in your IT environment. Deep dives display a side-by-side view of KPIs and service health scores over time to help you zoom in on metric and log data and visually correlate root cause. Use side-by-side displays of multiple KPIs and correlate metrics over time to identify root causes.
- Predictive Analytics Dashboards predict future incidents 30 minutes in advance using machine learning algorithms and historical service health scores. The top five contributing service metrics are displayed to guide troubleshooting.
Service modeling and service decomposition
Before you are ready to set up your dashboards and services in Splunk ITSI, it’s important to identify what services will provide the most value.
Best practices for selecting the right services to apply in Splunk ITSI
Create KPIs for your services
Every service you map in ITSI will have at least one KPI. KPIs are recurring saved searches that return the value of an IT performance metric. They are created within a specific service and define everything needed to generate searches to understand the underlying data, including how to access, aggregate, and qualify with thresholds. There are two types of KPIs: business and technical.
Doing pre-work with service decomposition to correctly identify what services are most valuable to the organization is a good first step to identifying appropriate KPIs to map to these services. Please schedule time with your account team to go through the service decomposition workshop.
Best practices for choosing KPIs
Good KPIs have the following characteristics:
- Provide data regularly
- Self normalizing data
- Data with deltas, not counters
You can also use Splunk App for Content Packs and Content Packs for preconfigured services and KPIs. Here are some KPIS available in the Microsoft 365 Content Pack:
Group Administration Activities KPIs
Login Activity KPIs
Office 365 Security & Compliance Center
After you have your services, entity rules, KPIs, and service dependencies planned out, you can finally create services in ITSI! There are three ways to do so:
For more information regarding creating services, see the Service Insights Manual.
Get started with Service Insights
Here are some ways to get better acquainted with the various available features and views.
- Navigate Service Analyzer
- Explore the Tile View of Services
- Filter to the Shared Infrastructure Service and Show Dependencies
- How many Services are in Shared Infrastructure?
- Navigate to the Tree View
- Navigate KPIs and Health Scores
- Navigate Entities
- Build a Multi-KPI Alert
- Configure a service health score alert
Source: BSI workshop
- .conf23 session: The Definitive List of Best Practices for Splunk® IT Service Intelligence: How to Configure, Administer, and Use ITSI for Optimal Results
- Lantern Guidance: The definitive guide to best practices for IT Service Intelligence
- Splunk Docs: How Service Health Scores are calculated
- Product Tour: Splunk IT Service Intelligence