Can only a "master" service health score be create...

sallyanntracy · ‎03-02-2019

I'm hoping this is a simple question. Our servers are set up in a fairly common model: a prod environment and lower environments and within them different tiers (database, app, presentation). Nothing exciting.

I've created services for prod application, database and presentation servers and one service for all the lower environments. Here's the thing: I'd like to just display a master service health score for the entirety of the application for display on a service analyzer and then allow ops teams to drill into it if things go south. We have hundreds of applications and I think having 4 service health scores for each would be overwhelming for the ops teams.

Is the only way to do this by creating custom service analyzers?

esnyder_splunk · ‎10-23-2019

I suggest creating one "parent" service of all of your applications. In other words, create one service and make all of your applications "dependent services" of this parent service: https://docs.splunk.com/Documentation/ITSI/latest/Configure/Addservicedependencies. In the service analyzer tree view, all of these applications would be on one layer, and they'd all be pointing up to the single parent service on the next layer up.

Then you can create a custom service analyzer view that only displays that one parent service: https://docs.splunk.com/Documentation/ITSI/latest/User/Createcustomserviceanalyzers

Can only a "master" service health score be created?

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users