Splunk IT Service Intelligence

What is meant by entity in Splunk ITSI, which field need to add as Entity split by while cresting KPI?

nasrinmulani
New Member

What is meant by entity in Splunk ITSI,
Which field need to add as Entity split by while cresting KPI?
I want to display the traffic of host in on e KPI,
What is the need of the Entity, while creating KPI.
Why to add metrics?

0 Karma

esnyder_splunk
Splunk Employee
Splunk Employee

An entity is an IT infrastructure component, such as:

  • A physical or virtual server
  • A network device (switch, router)
  • A user (AD/LDAP)
  • A storage system or volume
  • An operating system process
  • A software application (database, web server, business app)
  • An application process instance (for example, 2 instances of the same web server application is 2 separate entities)

Each entity has specific attributes and relationships to other IT processes that uniquely identify it. For example, a server that you define as an entity can have multiple IP addresses, MAC addresses, DNS names, and so on.

Meanwhile, KPIs help you monitor the status of these various IT components by monitoring performance metrics, such as CPU load percentage, memory used percentage, response time, and so on.

For information about key ITSI concept, like entities and KPIs, see: https://docs.splunk.com/Documentation/ITSI/latest/Configure/KeyConcepts

For information about the entity split field, see: https://docs.splunk.com/Documentation/ITSI/latest/Configure/AddKPIs#Step_3:_Filter_entities

yannK
Splunk Employee
Splunk Employee

Entities are an abstract layer to identify an asset.
By example an entity could be as basic as a host, but could also be used for a cpu core#, or an application on a server ...
An entity is defined by alias fields (unique fields values, like a host or a vm id), or info fields (can be the same for several entities, like a datacenter location, a service role ...)

in ITSI the entities are used for 2 things :
- group entities in a service, using a filter, or a direct link.
- for the KPIs in a service

in KPI :
- you can ask to filter to only the entities in the service, or not (optional)
- you can also ask do to a split by of the metrics, to get the detail per entity. (optional)

For the split by
- if you are use a field (alias/info) to do the entity split by, then it will refer to a real entity
- but you could also use a split by field that is not specific to a real entity, we will then say that you are creating "pseudo entities", that only exits in the KPI metrics results (by example do a split by process when you do not use this field for entities)

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...