Splunk IT Service Intelligence (ITSI) From the Ground Up

Learn how ITSI uses indicators from logs to show the health of your services on a single dashboard, including uptime, disk space, and failed logins in near real time.

Explore ITSI glass panels to monitor Buttercup Games’ services, applications, and cloud infrastructure, tracking health, mean time to resolution of errors, and transaction flows across web, mobile, and APIs.

Learn how ITSI decomposes services into KPIs and entities to enable real-time monitoring, alerts, and visualizations with glass tables and flexible dashboards.

Explore ITSI's advanced features, including integrated machine learning for predictive analytics, anomaly detection, adaptive thresholding, and episode reviews that correlate KPIs to business impact.

Discover how ITSI ingests logs, metrics, events, and traces into Splunk, uses add-ons and the common information model (CIM) to standardize data, and defines KPIs for service health.

Identify hardware and software network requirements for your ITSI deployment, plan storage and retention strategies, evaluate clustering and scaling options, and understand available licensing models.

Implement indexer clustering to improve performance and replicate data across multiple systems, and use search head clustering to balance workloads and prevent cued or delayed saved searches.

Plan for data growth by allocating 30–50% extra storage and routinely review daily ingestion and spikes. Ensure enough resources for concurrent searches across search heads and indexers as usage expands.

Explore ITSI licensing options, including the data ingestion and entity model, and how costs scale with monitored entities.

Install and configure Splunk ITSI with a live demo. Learn to install on Splunk Enterprise, deploy ITSI add-ons on a license server, and validate deployment on the indexer.

Learn to install Splunk ITSI by downloading from Splunk Base, transferring via scp, stopping Splunk, extracting the tar file into the apps directory, and adjusting ownership.

Install and place ITSI-related apps across indexers, license server, heavy forwarders, and search heads, including index creation, license checker, and user access; restart the license server to enforce licensing.

Set up distributed search for ITSI by adding https search peers to connect the search head with all indexers, then validate with an internal index search counting by Splunk server.

Set up an Ubuntu-based lab to build your Etsy environment, install Splunk Enterprise, and configure netplan and hostname via SSH for efficient, hands-on lab work.

Learn to install ITSI by downloading from Splunk base, transferring and unzipping the package, setting ownership to splunk, starting Splunk, and comparing ITSI with IT Essentials before licensing.

Compare IT service intelligence with IT essentials work, clarifying feature differences, dashboards, and premium features, while showing how base analytics and entity health monitoring still function.

Create a single entity in Splunk ITSI by naming it Etsy Demo, set its basic details, and make it available to all teams for immediate use.

Import a CSV to create entities, mapping host and IP fields to entity title and information fields, and resolve conflicts with conflict resolution settings.

Enable Linux and Windows entities in ITSI by deploying universal forwarders, configuring inputs.conf for Linux and Windows TA apps, and pushing a deployment bundle to auto-register entities and monitor health.

Review how to bring in entities using the Linux, Unix, Windows add-ons, single-entity and CSV imports, and internal search to view health insights and manage entities.

Identify and name the three key ITSI entities—web server, database server, and application server—by analyzing the web hosting, database, and application stack scenarios and performance issues.

Learn to create and link services in Splunk ITSI, define KPIs and dependencies, and configure a service health score through a walkthrough of content creation, YouTube, Udemy, and Amazon examples.

Identify and name lab services based on the conversation with leadership, creating simple health services for web, database, and application servers.

Explore the roles of key performance indicators in Splunk ITSI, and configure, customize, and optimize KPIs through health scores and aggregated service health with advanced Splunk searches.

Define a KPI as a measurable value that shows how well a service meets business objectives, illustrating health through metrics like cpu utilization and errors, and guiding ITSI monitoring.

Explore Splunk IT Service Intelligence, viewing KPIs across core load, memory, and disk IOPS to assess health. Learn to create KPIs from scratch with fake data for YouTube and Udemy.

Generate synthetic data with make results, label errors using stream stats and case, then save to a summary index and build a kpi dashboard for content errors.

Create the first ITSI KPI by building an ad hoc search of error logs, configuring thresholds, and splitting results by entities such as database and web server.

Analyze geographic video view counts as a KPI across Americas, Europe, and Asia, and set up automated geo-based reports to monitor country code views and regional access issues.

Set and tune weights for services and KPIs in ITSI, showing how weights shape the health score, thresholds, and interdependent service relationships across red, green, and yellow statuses.

derive KPIs for services by simulating a CEO conversation, identifying entities and services to monitor, and documenting three KPIs per service to validate monitoring strategy.

Module 7 lab 3 KPI answers cover ITSI metrics: web server cpu utilization, and response time; database query response time, active connections, disk usage; application server error rate, transaction throughput.

Learn to generate KPI data for Splunk ITSI by using provided SPL queries, create and schedule KPI reports, and backfill data to fuel CPU, memory, and response time KPIs.

Explore module eight on entity services and KPIs, learn the role of content packs in ITSI, and install, configure, monitor, and troubleshoot using content pack KPIs.

Gain hands-on experience with ITSI concepts by exploring entities, services, and KPIs, and install content packs that deliver prebuilt services and KPIs in Splunk ITSI.

Learn how Splunk ITSI content packs provide prepackaged apps for your ACI instance to jumpstart monitoring with prebuilt services and KPIs across dashboards, reports, and observability tools.

Configure the ITSI content pack by installing selected objects from the content library, handling conflicts, and optionally backing up. Verify new services and KPI management appear in service monitoring.

Explore how to navigate a newly installed Splunk ITSI content pack, configure entities and KPIs, and verify analytics flow for green service status through the ITSI instance and OS metrics.

Navigate the newly installed content pack v2 by validating entities, configuring ITSI services, and adjusting dependencies, weights, and thresholds; explore KPI-based searches and understand how deletions affect service dependencies.

Explore KPI thresholds in Splunk ITSI, including static, time-based, and adaptive ML-based thresholds, and learn to configure multi KPI alerts using historical data.

Explore time thresholding and time policies to adapt alerts to time of day, using adaptive thresholding and outlier exclusion to handle hourly spikes and maintenance windows.

Install the Splunk Python for scientific computing version 3.0 or later and the machine learning toolkit to enable adaptive thresholding in Splunk ITSI.

Explore AI assisted thresholding with Splunk to set adaptive thresholds for CPU and memory utilization, and learn when AI helps or falls short, not a silver bullet.

Explore how to create multi KPI alerts by tying two KPIs and shaping a joint risk score, using event management and triggers to fire notables.

Explore thresholding options in Splunk ITSI, including static, time-based, and adaptive AI-based approaches; configure KPI thresholds, implement multi KPI monitoring, set triggers, and use historical data to adjust.

Evaluate the limitations of lab six data, where random data hinders KPI thresholding and AI model testing, yielding low confidence intervals and limited insights from manual thresholding.