Skip to main content
Lantern Home
 
 
Splunk Lantern

The definitive guide to best practices for IT Service Intelligence

  1. Last updated
  2. Save as PDF

 

Welcome to our guide to best practices for Splunk ITSI (ITSI). Compiled by ITSI SMEs at Splunk and designed for ITSI administrators, this guide provides essential guidelines to ensure optimal operations and an excellent end-user experience, helping you to unlock the full potential of ITSI.

This guide focuses on three key areas: Service Insights, Event Analytics, and Content packs. You'll learn recommended best practices for configuring and optimizing ITSI deployments, including data ingestion, service modeling, notable event management, and advanced analytics. Let's dive in.

Service Insights

Service Insights represent the mapping and monitoring of business and technical services within your organization. The information helps you better detect problems, simplify investigations, triage issues, and accelerate resolutions. It also helps you map service dependencies based on a connection between devices and applications. This top-down mapping functionality helps you immediately see the impact of a problematic object on the rest of the service operation.

Event Analytics

Event Analytics ingests events from across your IT landscape to provide a unified operational console of all your events and service-impacting issues. It is equipped to handle huge numbers of events. After data is ingested into ITSI, it's processed through correlation searches to create notable events. Notable event aggregation policies group the events into meaningful episodes. You can then review the episodes and take actions, such as running a script, pinging a host, or creating tickets in external systems.

Content Packs

Splunk Content Packs provide prepackaged content that you can use to quickly set up your ITSI environment. This content can include configured KPI base searches, service templates, saved glass tables, and other configurable objects. If you want to change a search frequency, adjust latency, or change calculation methods, you can edit the objects directly. Most content packs process data collected through the use of Splunk add-ons.