Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Best Approach of adding KPI based on different entities

AKG11
Path Finder
‎03-06-2024 07:22 AM

Hi,

we are using ITSI Service map/Service Analyzer to monitor services.  we have an use case where for same service we need to add multiple KPI and those KPI depends on different entities.
For Example: We have Infrastructure related KPI which uses host as entity, another KPI is "service Up" which basically check service is up and in this case entity is "process name".  Also have KPI for Garbage collection which also has different entity.

Question: I am trying to understand which is the best way to handle such scenario. where we can add all these KPI without making service map too complex.

AKG11_0-1709737985253.png

 

Labels (2)
Labels
0 Karma
Reply

srauhala_splunk
Splunk Employee
Splunk Employee
‎03-19-2024 05:57 AM

Hi @AKG11 

* KPI which uses host as entity,

* KPI is "service Up" which basically check service is up and in this case entity is "process name". 

* KPI for Garbage collection which also has different entity.

You could have multiple different strategies for this. All does however sound like they host specific.  "process name" will be related to a host, so does the Garbage collection right? 

I would make the KPI searches for "service Up" and "Garbage collection" exposes the host for every result. Use the filter to entities in service by host, and use the split by on a pseudo-entites for example process_name or garbage_collection_name. 

Then the result will be that all KPIs are filtered to the entity (host) of the service and split by different entites per KPI. Note this will be a bit wonky if you have multiple hosts by service, for example host1, host2, host3. 

In that case, to be able to distinguish a process from one host to another, you would need to create a combination of host and process, etc to split the data by. I.e. | eval my_process_entity = process_name."-".host

Filter kpi by hosy 

Split kpi by my_process_entity

If this widely used use-case also consider creating real entities and entity types for this use-cases to be able to create entity dashboards. 

Hope this gives some ideas! 

Kind Regards, 

Seb 

0 Karma
Reply

AKG11
Path Finder
‎03-19-2024 06:13 AM

 @srauhala_splunk  Thanks for response

Q. You could have multiple different strategies for this. All does however sound like they host specific.  "process name" will be related to a host, so does the Garbage collection right?

A. That's not the scenario. One host could have multiple process running on it. Some times even same process running on multiple host. In that case we have to use combination of process and host as entity. As multiple process on one host hence multiple GC on same host.

We wanted to have process based service because one service could be dependent on another Service.

0 Karma
Reply

srauhala_splunk
Splunk Employee
Splunk Employee
‎03-19-2024 06:40 AM

@AKG11  

 

"One host could have multiple process running on it. Some times even same process running on multiple host"

 - Yes would expect that, and that would work fine with the example I provided you. 

You can make the service process centric if you want and scale the service tree by process. I.e. filter by process and split by process_name_host_name, and similar a separate garbage collector service. You can even have both i.e. host and process, gc entities in one service and filter by entity of either in the KPI.  

But to be honest that sounds a but wonky to me. but you know your services best 😉 

/Seb 

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...