Splunk ITSI

Is it possible that Splunk cannot collect certain values even though others are being collected?

bas28
Loves-to-Learn Lots

Hello,

I have installed Splunk ITSI several times on various types of infrastructure, and I am observing this behavior for the first time. The latencies all have zero values as if they are not being reported. I have adjusted the collection interval, but it hasn't made any difference. What I don't understand is that this issue concerns latencies of virtual machines, ESXi servers, and datastores, while all other KPIs are okay. Is it possible that Splunk cannot collect certain values even though others are being collected? Do you have any idea about the root cause of this error? 

IT Service Intelligence
Version :
4.17.0

Splunk Enterprise
Version :
9.0.5

Capture d’écran 2023-09-20 152854.png

Labels (2)
Tags (1)
0 Karma

srauhala_splunk
Splunk Employee
Splunk Employee

HI @bas28!

"Is it possible that Splunk cannot collect certain values even though others are being collected?" No. In my experience it is aways something missing between the entity filtering per service,  entity definition in the KPI searches and or some issue with the field normalisation (metric) of the KPI base search. 

Double check that those things are alright. Last thing to check could be ingest delay and that data is arriving in time for the KPI search to pick it up. 

/Seb 

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...