![]() To give you an idea of what you can expect with this content pack, I’ve installed it on a demo environment and taken some screenshots. For more information about these correlation searches, see About the correlation searches in the Content Pack for Monitoring and Alerting. These correlation searches routinely inspect open episodes and produce alerts based on a variety of noteworthy circumstances related to that episode. For more information about these aggregation policies, see About the aggregation policies in the Content Pack for Monitoring and Alerting. ![]() For example, some action rules produce emails, create service tickets, or integrate with VictorOps or other incident response platforms. The policies also contain action rules that you can tune to meet your organization's alerting strategy. These policies provide configuration for grouping related notable events together in useful ways. These correlation searches routinely check service and KPI results written to the itsi_summary index and produce notable events based on a variety of noteworthy circumstances related to service and KPI health. The Content Pack for Monitoring and Alerting addresses the problem described above by providing you with preconfigured settings for service monitoring and alerting as illustrated in the following diagram:Īt the heart of the content pack are the following service monitoring correlations searches, notable event aggregation policies, and episode monitoring correlation searches that you can simply enable: Splunk IT Service Intelligence (ITSI) content packs provide out-of-the-box content that you can use to quickly set up your ITSI environment. ![]() Ok ok… it’s not exactly that easy, but it’s close. It contains pre-built correlation searches and aggregation policies that you can simply enable, and presto! Actionable alerts. That’s exactly why I've created this content pack. If it makes you feel any better, these aren’t easy questions to answer. How do you configure your notable event aggregation policy to group related notable events? Do you take action on the first critical notable event you see? Do you alert on poor performing KPIs? Or do you only alert when the service health score goes critical? These are just some of the questions you’ll likely be asking yourself as you prepare to configure actionable alerts. So what should you do? Create a multi-KPI alert? Configure a correlation search? Use the new KPI alerting functionality? The grey boxes represent configurations that you as the ITSI administrator are required to define. How do you plan to do that? The following diagram briefly outlines how to produce actionable alerts from ITSI services and KPIs: Now it’s time to take action and alert someone when things start to go wrong. You’ve carefully thresholded your KPIs so that services are turning red when things are unhealthy and staying green otherwise. So you've built out your ITSI services and KPIs and the Service Analyzer is lighting up like a Christmas tree. conf talk and blog series for more details. You might also consider quickly reviewing the. No worries, we’ll cover it here at a high level. conf talk, you might be wondering what all the fuss is about. conf19 talk, " A Prescriptive Design for Enterprise-wide Alerts in IT Service Intelligence," you’ll be happy to hear that this content pack is more or less a pre-built version of that design with of course, more bells and whistles!įor those of you who aren't yet familiar with my blog post or. ![]() I’m so excited to announce the availability of my new IT Service Intelligence (ITSI) Content Pack for Monitoring and Alerting.įor those of you who are already familiar with either my blog series on this topic, " A Blueprint for Splunk ITSI Alerting," or my. Howdy Splunkers, I’m back and this time I’m packin’ a serious punch.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |