Splunk IT Service Intelligence

ITSI Service health ignores entities defined.

t2793js
New Member

I've defined my entities to have servers named wdlrp. The system finds 10 such servers.
I define the KPI's i'm interested in and create the service (DC Web_Servers_Health):
No dependencies.

The generated search seems to have the entities (servers)I want:
alt text

When i view health of the service, The service health dis-regards my entity list (notice the missing wldrp servers) and includes all entities in the server farm that contain the KPI.

alt text

I have a few questions:
1) how can I have the service analyzer entities scoped to the entities I defined up front?
2) if #1 cant be achieved, is the service health showing the health based on my defined entities?
Thanks,
Jim

0 Karma

t2793js
New Member

Thanks, It's a pain because you get one chance a day to see if the thing works, which creates delays.

0 Karma

mfscully
Explorer

I continue to have a similar issue that corrects itself over 24 hours. The effected Kpis are both base search and cloned. I have put in support tickets against this issue. I will let you know if anything comes of it.

0 Karma

t2793js
New Member

The scope now has "fixed" itself. I suspect that it was a timing issue where waiting 24 hours from changes made yesterday in the core search filtered out the unwanted entities.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...