Accelerating ITSI event management

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

This event management accelerator is for customers who want to integrate Splunk ITSI (ITSI) in Splunk Cloud Platform or Splunk Enterprise with their event management supported data sources. This accelerator is meant to provide immediate value through the union of noisy, third-party alerts with the capabilities of Splunk ITSI Event Analytics. After completing the steps provided here, the goal is that you will have alerts ingested from third party platforms. These events can then be correlated, summarized, aggregated to meet your needs.

All ITSI event management accelerators are available as engagements with Splunk Professional Services. If you do not feel comfortable completing these processes on your own or would like hands-on training with any of the concepts and processes included in this article, contact our Professional Services experts.

Prerequisites

This accelerator is appropriate for people who are existing Splunk customers but are new to Splunk ITSI. It is intended to provide a simple, out-of-the-box solution for alert routing and grouping. Complex, multi-tier, or root cause analysis type alerting (for example, topological impact) is not encompassed in this accelerator. You can eventually get to a more complex end-state, but the focus of this offering is to specifically get you running on basic alert grouping and event management so you can then be confident in taking the next steps in your ITSI journey, while already achieving value in the product, such as lower MTTR and less alert fatigue.

In addition, before beginning, you should complete the following:

Ensure that you have the latest version of Splunk ITSI and the Splunk App for Content Packs installed and verified. If you need assistance in this, contact Professional Services before completing this accelerator.
Review the documentation on Event Analytics in ITSI. This includes Episode Review, Notable Event Aggregation Policies (NEAPs), and correlation searches. Additional information can be found in Configuring the ITSI Notable Event Aggregation Policy.

Third-party alerting options

Integration instructions are currently available for the following alert sources:

Click on either one to begin.

Additional data sources are in development:

Dynatrace
SCOM
Cloudwatch
Thousand Eyes

Additional resources

Splunk Professional Services can assist with any of the ITSI event management accelerators linked to in this article. Click here to learn more about working with Professional Services.