Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ITSI thresholds: adaptive vs static

djluke
Path Finder
‎01-23-2025 06:43 AM

Hello Splunkers,

I was wondering if it's possible to combine adaptive and static thresholds in IT Service Intelligence for the same KPI.

As an example, let's consider the percentage of swap memory used by a host. If I apply static thresholds, I know there's an issue only when the last detected value exceeds a fixed number (we can call this "the old style monitoring" 😋).

On the other hand, if I use ITSI adaptive thresholding, the boundary will adapt itself using historical data. This solution would be great, but let's imagine that the swap memory used by the system slowly but continuously grows over days and weeks.

At a certain point, it will reach 100%, but the KPI state will say "normal" because that value is, in some way, aligned with previous ones.

Is there a way to use the adaptive thresholding behavior while keeping the "emergency" values fixed?

Thanks in advance.

Happy Splunking!

Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...
Top