Splunk ITSI

What is the difference between Splunk Insights for Infrastructure (SII) and Splunk APP for Infrastructure (SAI) ??

AbdelrahmanAbde
Explorer

Hi everyone ,

I have a couple of questions about Splunk Insights for Infrastructure :
I found that Splunk Insights for Infrastructure ( SII ) can be installed separately without the need to install Splunk Enterprise platform

  1. What is the added value that I get when using (SAI) as an app on top of Splunk Enterprise vs using (SII) without having Splunk Enterprise ?
  2. Does this app fits more into physical or virtual environments or it does not matter ? by that I mean will it show me how much RAM and CPU are utilized from the resources I assigned to a certain VM OR will it compare it against the total host's CPU and RAM
  3. When it comes to Disk Performance monitoring ( does this apply also to volumes attached to VMs from shared Storage arrays ) ?
  4. Is it better to use Splunk APP for VMware if I have a virtual environment ?
0 Karma
1 Solution

pwu_splunk
Splunk Employee
Splunk Employee
  1. SII was a product that acted as a simplified version of SAI + Splunk Enterprise. It lacked features like access to Search & Reporting and more granular control of Splunk for users who didn't want to jump right into the complexity of Splunk Enterprise. Most importantly, it's a deprecated product. Going forward, users should use SAI to receive the latest features and updates.
  2. SAI works for both physical and virtual environments. How your resources are displayed depends on how you send data from entities to SAI. For example, based on your configuration, you can discover an AWS server as a standalone Linux server, as part of a larger AWS infrastructure, or as both. As of version 1.4.0, SAI has no support for integrating with VMware directly. However, this may change in the next major release. 😉 Stay tuned.
  3. See above.
  4. Splunk App for VMware and Splunk App for Infrastructure have different features. They're more complimentary rather than one being strictly better than the other.

View solution in original post

pwu_splunk
Splunk Employee
Splunk Employee
  1. SII was a product that acted as a simplified version of SAI + Splunk Enterprise. It lacked features like access to Search & Reporting and more granular control of Splunk for users who didn't want to jump right into the complexity of Splunk Enterprise. Most importantly, it's a deprecated product. Going forward, users should use SAI to receive the latest features and updates.
  2. SAI works for both physical and virtual environments. How your resources are displayed depends on how you send data from entities to SAI. For example, based on your configuration, you can discover an AWS server as a standalone Linux server, as part of a larger AWS infrastructure, or as both. As of version 1.4.0, SAI has no support for integrating with VMware directly. However, this may change in the next major release. 😉 Stay tuned.
  3. See above.
  4. Splunk App for VMware and Splunk App for Infrastructure have different features. They're more complimentary rather than one being strictly better than the other.

AbdelrahmanAbde
Explorer

Thanks
This answers all of my questions .

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...