A curated list of awesome resources for Splunk IT Service Intelligence.
- Basics
- Education and Training
- Professional Services
- Modules
- Content Packs
- Notable Event Aggregation Policy
- Integrations
- .Conf Presentations
Resources for getting started with Splunk IT Service Intelligence.
- Splunk Website
- Downloads
- Previous Releases
- Awesome Splunk - A curated list of awesome Splunk resources.
- Splunk ITSI
- Splunkbase Entry - Download page for licensed users.
- Documentation
- Splunk Blog ITSI Posts
- Training Classes
- Certifications
- Splunk ITSI Certified Admin
- Splunk ITSI Admin Blueprint - A guide to the examinable material in the ITSI Admin certification.
Need to get the experts involved in an ITSI implementation, or seeing guidance.
The Module for Application Performance Monitoring (APM) does not ship with ITSI by default. It can be downloaded from Splunkbase. If you are using ITSI on Splunk Cloud, request it to be installed from Splunk Cloud Ops.
The Splunk ITSI Module for Continuous Delivery does not shop with ITSI by default. It can be downloaded from Splunkbase. If you are using ITSI on Splunk Cloud, request it to be installed from Splunk Cloud Ops.
ITSI currently still supports modules. Modules were introduced in version 2.0 as a way to deliver out-of-the-box content to customers.
Like content packs, modules include KPI base searches, KPIs, and entity auto-discovery searches, but not the other elements that content packs provide. One key difference is that all module content is immutable, so you can't tailor KPI base searches for maximum performance.
Due to the limitations of modules, the current best practice is to use the content packs instead.
Further details on ITSI Content Packs can be found at https://docs.splunk.com/Documentation/ITSICP/current/Config/About
- Content Pack for Shared IT Infrastructure Components Download
- Splunkbase Entry - Alternate download site on Splunkbase.
- Documentation
- A Blueprint for Splunk ITSI Alerting - A Splunk blog series by Jeff Wiedemann on developing a blueprint for enterprise-wide alerting.
- Phantom
- VictorOps
- Splunk Integration Guide - VictorOps - The VictorOps and Splunk integration allow teams to schedule queries or alerts in Splunk to monitor system health. The VictorOps integration with Splunk can be leveraged to collect data about the overall release tool chain and deployment success to allow teams to collaborate around that information in the timeline.
- Create ticket in VictorOps - Splunk - You can create an incident in a VictorOps incident management system for an (ITSI) episode.
Selected .conf presentations related to various aspects of ITSI.
- All .Conf Presentations for 'ITSI'
- Introduction to Splunk IT Service Intelligence - .conf16.
- Anatomy of a successful Splunk IT Service Intelligence Deployment - .conf17.
- Ready, Set, Go! Learn from others - The First 30 day Experiences of ITSI Customers - .conf17.
- The Splunk IT Service Intelligence (ITSI) Top 20 KPIs - .conf17.
- Faster Time to Value with ITSI Modules - .conf17.
- Anatomy of a successful Event Analytics Deployment - .conf18.
Contributions welcome! Read the contribution guidelines first.
To the extent possible under law, Simon Duff has waived all copyright and related or neighbouring rights to this work.