Splunk itsi dashboard9/10/2023 From the ITSI main menu, click Configuration > Entity Management.Go to the Event Data Search tab for an entity to view the search and open it in the Search and Reporting app.įor more information about how ITSI visualizes entity data, see Overview of entity types in ITSI.įollow these steps to access the Event Data Search dashboard for an entity. You could open the search in the Search and Reporting app to view more events over a longer time period, and to further customize the search. ![]() If an entity has multiple alias fields, the Splunk search separates each alias with an OR operator. For more information, see Entity Analytics dashboard in ITSI. This might lead to inconsistent logs for the two dashboards. Note: This search doesn't include the index field while the Entity Analytics dashboard search does. For instance, ITSI could populate Event Data Search with a search for an entity's host: To populate the Event Data Search dashboard for an entity, ITSI runs a Splunk search that looks for every log event that contains at least one alias for the entity. If you don't include an entity alias for an entity, Event Data Search doesn't populate with any log events for the entity. Entities you create with entity integrations have default aliases to identify the entity with. If you manually create or import entities, specify entity aliases when you bring them in to ITSI. ![]() ![]() Entity aliases are field-value pairs that identify an entity. The Event Data Search dashboard uses entity aliases to aggregate recent log events. The dashboard only populates for entities that have log data sources. The dashboard provides a high-level overview of entity performance across your whole environment, regardless of the entity type you associated with the entity. The Event Data Search dashboard in (ITSI) displays the 100 most recent log events associated with an entity for the last 60 minutes.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |