Splunk ITSI

Question about iTSI Service Templates

brent_weaver
Builder

I am trying to find a way to create a template in iTSI that I can basically clone and change one field to make it a new service. I have all this data that is the same, with the exception of one field. My thought was to have all the common denominator stuff laid out and some way to just pass in the needed value of the delta field. Does this even make sense? I basically need to be able to iterate adding services in iTSI.

0 Karma

yannK
Splunk Employee
Splunk Employee

If you make your KPIs Shared base searches (SBS) generic enough, and put the entity logic in the services entity filters,
then you can rely on the service's templates + SBS to scale

ideally, the service template use SBS, the SBS are broad and use the "filter per entity per service"
then when you create services (or import entities in service), the KPIs will automatically run on the new list of entities.


Beware, the usual limit of entity cardinality is 10000, so if you have a SBS populating several KPI metrics, for many entities, (number of metrics * number of entities > 10000), you may want to split it in several SBS

skoelpin
SplunkTrust
SplunkTrust

Before you go down this path.. Whats the purpose of wanting to change a single field and make a new service? Are your services using base searches or adhoc?

0 Karma

brent_weaver
Builder

Some base searches some not. I am trying to avoid have to repeat myself too many times.

0 Karma

skoelpin
SplunkTrust
SplunkTrust

So whats the purpose..

0 Karma
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...