Splunk IT Service Intelligence

ITSI Service health ignores entities defined.

t2793js
New Member

I've defined my entities to have servers named wdlrp. The system finds 10 such servers.
I define the KPI's i'm interested in and create the service (DC Web_Servers_Health):
No dependencies.

The generated search seems to have the entities (servers)I want:
alt text

When i view health of the service, The service health dis-regards my entity list (notice the missing wldrp servers) and includes all entities in the server farm that contain the KPI.

alt text

I have a few questions:
1) how can I have the service analyzer entities scoped to the entities I defined up front?
2) if #1 cant be achieved, is the service health showing the health based on my defined entities?
Thanks,
Jim

0 Karma

t2793js
New Member

Thanks, It's a pain because you get one chance a day to see if the thing works, which creates delays.

0 Karma

mfscully
Explorer

I continue to have a similar issue that corrects itself over 24 hours. The effected Kpis are both base search and cloned. I have put in support tickets against this issue. I will let you know if anything comes of it.

0 Karma

t2793js
New Member

The scope now has "fixed" itself. I suspect that it was a timing issue where waiting 24 hours from changes made yesterday in the core search filtered out the unwanted entities.

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...