Splunk ITSI

ITSI Dynamic template creation question

RomeSplunk123
Explorer

How can we create templates for OS

type like – Linux, AIX and Windows so that it can account for KPI’s around filesystems as each server can have different volumes or number of filesystems like one Windows server can have C,D and E drive and the other server can have C, E, T drive so how can one template handle these differences.

Is it possible to visualize multiple KPIs  in dynamic template?

We are running Zenoss and inside of Zenoss what we have is literally a server that shows... disk space usage across different types of... data volumes...   Splunk is only showing one single KPI for “disk_percentUsed” while this server has 11 total filesystems.  Has anyone run into these limitations of being able to present multiple KPIs in a single dynamic template?

Or ITSI is the wrong place for us to do this and instead perhaps some other Splunk tool should be used? Or do we need to create multiple dynamic templates to tackle this?

We just want to visualize file systems... as part of dynamic template, and leverage dynamic templates as much as possible.   Has anyone else ran into such limitations of not being able to display file systems from Zenoss in ITSI or ran into similar type of challenges and if so.. which solution did you come up with to over come such challenges?   Or maybe ITSI is not exactly the tool that should be used for this and perhaps some other dashboard visualization inside of Splunk should be used?  

KPI-entities.png

So i guess if you look at the KPI you will see it shows disk_percentUsed for a specific Linux server... for example.. but the thing is Linux server has multiple drives...  in this case how do we represent all of these multiple drives as part of single disk_percentUsed KPI?  Or that's not really possible and we would need to show for each file system different KPI? 

Any ideas? 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...