Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ITSI and non-host entities

cmeo
Contributor
‎02-21-2016 08:03 PM

Does anyone have an examples of ITSI entities that aren't hosts. The docs state that these entities can be:

physical or virtual hosts;
network devices;
users (AD/LDAP user);
storage systems, volumes;
operating system processes;
software application (db, web server, business app);
application process instances (for example, 2 instances of the same web server application is 2 separate entities).

So how would you set up e.g. a user or application process instance, especially where you might have multiple process instances? Also bearing in mind that things like JBOSS may have multiple instances only differentiated far along a long command line, is there any limit on the length of the command line that ITSI will have to inspect?

0 Karma
Reply

thejeffreystone
Path Finder
‎10-04-2016 10:04 AM

Yes. We have a base search that creates an entity value based on two fields (a location code and a numeric value representing a specific place at that location) and then output the KPIs by that entity value. Then we link our entities to our service using a wild card - location-*

As long as you can match the KPI values from the base search to the entities in the service I think you can use whatever you want.

0 Karma
Reply

JykkeDaMan
Path Finder
‎09-29-2019 12:54 AM

I'm wondering the same thing, since I cannot figure out the real use cases for the Entities other than hosts.
Where and how can I use my custom entities, if they are for example processes?
So far I have seen the Entities in Service Analyzer KPI drill down, which does the splitting just fine by the base search without any real Entities defined. So I'm wondering why should I create the Entities and which are the real use cases and advantages of doing so. Cannot find any real use case examples.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...