Course Overview
This one-day course is designed for analyst users who want to use Splunk IT Service Intelligence to manage, analyze, and optimize their IT services. Those who will implement Splunk IT Service Intelligence, please enroll in Implementing Splunk IT Service Intelligence instead.
Who should attend
This one-day course is designed for analyst users who want to use Splunk IT Service Intelligence to manage, analyze, and optimize their IT services. Those who will implement Splunk IT Service Intelligence, please enroll in Implementing Splunk IT Service Intelligence instead.
Prerequisites
To be successful, students should have a solid understanding of the following courses:
-
Splunk Fundamentals 1 (Retired)
Or the following single-subject courses:
- What is Splunk? (Retired)
- Intro to Splunk (ITS)
- Using Fields (SUF)
- Scheduling Reports & Alerts (SRA)
- Visualizations (SVZ)
- Leveraging Lookups and Subsearches (LLS)
- Search Under the Hood (SUH)
- Intro to Knowledge Objects (IKO)
- Enriching Data with Lookups (EDL)
- Introduction to Dashboards (ITD)
Course Objectives
- IT Service Intelligence features and user interface
- Creating Glass Tables
- Investigating with Deep Dives
- Managing Episodes of Notable Event
Outline: Using Splunk IT Service Intelligence (USISI)
Module 1 – Monitoring Services with Service Analyzer
- Define key service intelligence concepts
- Describe IT Service Intelligence user roles
- Examine the IT Service Intelligence user interface
- Monitor Services with Service Analyzer
Module 2 – Monitoring Entities with Infrastructure Overview
- Describe what entities are
- Import entities by search
- Assign or edit Entity Types
- Dashboards
- Event Data
- Analytics
Module 3 – Visualizing Services with Glass Tables
- Describe glass tables
- Use glass tables
- Design glass tables
- Planning
- Views
- Edit mode
- Top bar controls
- Configuration bar
- Visualization types
- Source
- Configure glass tables
- Drilldowns
- Services and KPIs
- Ad-hoc searches, including predictive
- Service swapping
Module 4 – Investigating Issues with Deep Dives
- Describe deep dive concepts and their relationships
- Default
- Custom
- Lanes
- Use default deep dives
- Create and customize new custom deep dives
- Add and configure lanes
- Metric lane
- KPI lane
- Event lane
- Customize lane views
- Bulk actions
- State and level thresholds
- Graph rendering
- Entity and anomaly overlays
- Overlays as lanes
- View modules
- Describe effective workflows for troubleshooting
Module 5 – Managing Episodes
- Define key episode terms and their relationships
- Multi-KPI alerts
- Notable events
- Notable event groups (Episodes)
- How multi KPI alerts generate notable events
- Describe the episodes workflow
- Take ownership
- Change status as needed
- Comment as needed
- Work with episodes
- Episode review
- Update an episode
- Investigate details
- Impact tab
- Timeline tab
- Similar Episodes tab
- Common fields
- Add comments
- Search
- Take action
- Bi-directional ticketing
- Reference links
- Integrations
- Views and Filters
- Permissions