It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running slower than usual, and it’s majorly impacting user experience. Where do you start your investigation? Do you dive into the application Service Map in Splunk Application Performance Monitoring (APM) to trace request lows? Or do you check the Service Analyzer tree view in Splunk IT Service Intelligence (ITSI) to see the hierarchical business service health to understand business impact and prioritize response?
This is kind of a trick question because the reality is that it depends on which team you work on and what problems you're trying to solve. Thankfully, Splunk gives you the complete visibility you need, and when you’re equipped with the understanding the who and when that goes along with each of these tools, you’ll have the power to solve root causes rather than just fixing symptoms. So let’s learn more about each.
APM Service Maps: Your Application GPS
If you're on an engineering, SRE, or DevOps team, chances are you'll spend a lot of time with APM Service Maps. Service Maps provide a real-time visualization of how your microservices are connected and how they’re performing in relation to each other and their dependencies. Every technical component of your application – every service, dependency, and service interaction – becomes a node connected by a line on the map. You can see your entire application architecture from a birds-eye view.
From this view, you also get directed troubleshooting information like root causes for errors and quick access to services to get information specific to that service in the Service Map.
Service Maps are perfect for:
- Troubleshooting microservice communication issues
- Understanding distributed application architecture
- Finding performance bottlenecks in service-to-service calls
- Monitoring real-time application health
Real-World Example
Your Checkout service is throwing 500s. You open the APM Service Map and immediately see that the Payment service is healthy, but there’s a large red node representing the Inventory service. Drilling in, you discover that the Inventory service database is timing out. What looked like a Payment service issue is actually an Inventory service problem affecting the entire checkout flow.
Note: You may have heard "Flow Maps" referenced in other products like Splunk AppDynamics. These serve the similar purpose of visualizing how transactions or data flow across systems in a more technical way, but the implementation and focus differ.
ITSI Service Analyzer Tree View: Your Business Impact Compass
The ITSI Service Analyzer tree view takes observability up a level – from technical components to business services – and aggregates data across tools for first-line responders and Ops teams. It organizes your technology around business outcomes and can be used as a first line of support to diagnose and triage incidents from a high level. Instead of showing individual microservices, they show logical business services and their relationships like Web Front End to Product Catalog and how underlying technology components support them.
This topographical tree view allows you to quickly investigate issues. For example, if we click into our yellow On-Prem Database node, we can dig deeper and get an expanded view of specific KPIs that are causing an issue, view and investigate relevant episodes for the service, and move into Deep Dive to further troubleshoot.
Service Analyzer tree views are perfect for:
- Understanding business impact of technical issues
- Prioritizing incident response based on business impact
- Communicating technical status to business stakeholders
- Monitoring overall service health across the organization
Real-World Example
Your CEO asks about the impact of this afternoon’s infrastructure issue on customer-facing services. The Service Analyzer tree view shows that while 15 individual servers had problems, only the internally used “Reporting Dashboard” business service was affected. Customer-facing services remained green and functional. Crisis communication avoided.
Which Tool When?
Scenario | Your Go-To Tool | Why? |
“Users can’t complete checkout transactions” | APM Service Maps | Traces microservice interactions |
“The customer portal is down, what’s the business impact?” | ITSI Service Analyzer tree view | Shows business service health |
“We need to understand our service dependencies” | ITSI Service Analyzer tree view | Hierarchical dependency view |
“Microservice A is throwing errors to Microservice B” | APM Service Maps | Inter-service communication |
“Which infrastructure issues affect our revenue systems?” | ITSI Service Analyzer tree view | Business-aligned service health |
Complementary Strategy
While each of these visualizations is independently helpful and can provide strong observability value, they can also complement each other to give deep cross-team, cross-functional visibility into complex environments from different levels. Here’s how they might work together in a real issue investigation:
- Alert fires: Customer Portal is slow
- First-line support team checks ITSI Service Analyzer tree view: is this impacting business-critical services?
- Engineering, SRE, DevOps teams jump into APM Service Map: which microservices are having issues?
- Once the fix is in, revisit ITSI Service Analyzer tree view: are all business services recovered and healthy?
Wrap Up
APM Service Maps outline the technical conversation between your application’s services. The ITSI Service Analyzer tree view translates technical complexity into business impact. While they don't have to be used in conjunction, they can be used together so that all operational and technical teams can have a complete picture that will speed up troubleshooting, help you quickly assess impact, and ultimately benefit your entire organization.
Ready to build out your complete picture? Check out the Splunk Documentation or join the conversation in the Splunk Community.
Resources
