Splunk IT Service Intelligence

What is meant by entity in Splunk ITSI, which field need to add as Entity split by while cresting KPI?

nasrinmulani
New Member

What is meant by entity in Splunk ITSI,
Which field need to add as Entity split by while cresting KPI?
I want to display the traffic of host in on e KPI,
What is the need of the Entity, while creating KPI.
Why to add metrics?

0 Karma

esnyder_splunk
Splunk Employee
Splunk Employee

An entity is an IT infrastructure component, such as:

  • A physical or virtual server
  • A network device (switch, router)
  • A user (AD/LDAP)
  • A storage system or volume
  • An operating system process
  • A software application (database, web server, business app)
  • An application process instance (for example, 2 instances of the same web server application is 2 separate entities)

Each entity has specific attributes and relationships to other IT processes that uniquely identify it. For example, a server that you define as an entity can have multiple IP addresses, MAC addresses, DNS names, and so on.

Meanwhile, KPIs help you monitor the status of these various IT components by monitoring performance metrics, such as CPU load percentage, memory used percentage, response time, and so on.

For information about key ITSI concept, like entities and KPIs, see: https://docs.splunk.com/Documentation/ITSI/latest/Configure/KeyConcepts

For information about the entity split field, see: https://docs.splunk.com/Documentation/ITSI/latest/Configure/AddKPIs#Step_3:_Filter_entities

yannK
Splunk Employee
Splunk Employee

Entities are an abstract layer to identify an asset.
By example an entity could be as basic as a host, but could also be used for a cpu core#, or an application on a server ...
An entity is defined by alias fields (unique fields values, like a host or a vm id), or info fields (can be the same for several entities, like a datacenter location, a service role ...)

in ITSI the entities are used for 2 things :
- group entities in a service, using a filter, or a direct link.
- for the KPIs in a service

in KPI :
- you can ask to filter to only the entities in the service, or not (optional)
- you can also ask do to a split by of the metrics, to get the detail per entity. (optional)

For the split by
- if you are use a field (alias/info) to do the entity split by, then it will refer to a real entity
- but you could also use a split by field that is not specific to a real entity, we will then say that you are creating "pseudo entities", that only exits in the KPI metrics results (by example do a split by process when you do not use this field for entities)

0 Karma
Get Updates on the Splunk Community!

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...