Splunk IT Service Intelligence

Fine tuning Splunk services and base search.

vardhanp
New Member

Hi Team,

We are using Splunk ITSI and we are planning to improve Splunk performance, we need help in understanding how much overhead each service gives on Splunk server,
So to understand this in a better way please read the scenario below

We have one platform say "App" where we have 5 servers and we need to measure performance on the basis of 3 KPI's i.e CPU Utilization, Memory Utilization & Disk Utilization, Now to measure the performance of the overall platform we need to measure the performance of each host.

So here we have two service configuration methods.

First :
1: We will create base search for the KPI's
2: We will create one service for each host having its host as an entity all 3 KPI's in it.
3: Then create one overall service for the "App" platform having Service dependencies in it where we will mention services created for all 5 hosts.

Second :
1: We will create base search for the KPI's
2: We will create one overall service for the "App" platform having its all 5 host as an entity all 3 KPI's in it.

So i want to understand here which method will more efficient and give less overhead on splunk.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...