Effective IT monitoring is critical for organizations to ensure the smooth functioning of their systems and infrastructure. Content packs for Splunk IT Service Intelligence (ITSI) offer preconfigured dashboards and settings tailored to specific IT use cases, streamlining the monitoring process. In this guide, we’ll walk you through the steps to download, install, and integrate Splunk Content Packs into your Splunk ITSI environment seamlessly.
Step #1: Verify Installation of ITSI or IT Essentials Work
Before proceeding, confirm that your Splunk environment includes either Splunk IT Service Intelligence (ITSI) or Splunk IT Essentials Work. These platforms serve as the foundation for leveraging content packs to enhance IT monitoring capabilities.
To verify an installation of ITSI in Splunk, you can follow these steps:
1. Log in to your Splunk Web UI.
2. Navigate to the Apps menu and check if the ITSI app is listed and enabled.
3. If you need to install ITSI, it can be downloaded and installed from Splunkbase.
Step #2: Download and Install the Splunk App for Content Packs
Navigate to Splunkbase and search for the Splunk App for Content Packs. Download and install the app in your Splunk environment following the instructions. This app cannot be installed through the UI, so CLI installation is required. More specific information about how to install the Splunk App for Content Packs in your environment can be found here.
Step #3: Choose and Download your Desired ITSI Content Pack
Follow these steps for downloading ITSI content pack apps from Splunkbase:
- Visit the Splunkbase website (https://splunkbase.splunk.com/) and sign in with your Splunk account credentials.
- In the search bar, type “ITSI content packs” to narrow down your search to the relevant apps and add-ons.
- Browse through the available ITSI content packs and carefully read their descriptions, features, and compatibility requirements. Consider your organization’s specific monitoring needs and choose the content packs that align best with your requirements.
- The Atlas ITSI Content Packs provided by Kinney Group are available for free on Splunkbase and offer a wide range of pre-built data integrations for various technologies and use cases.
- Once you have identified the content packs you want to download, click on each app or add-on to view its details page.
- On the app’s details page, click the “Download” button to start the download process. If prompted, review and accept the terms and conditions.
- Save the downloaded file(s) to a location on your computer that you can easily access.
Step #4: Install the Content Pack into Splunk
Next, you must install the content pack app into Splunk to make it available for ITSI to use.
- Log in to your Splunk instance as an administrator.
- Navigate to the “Apps” section of your Splunk ITSI instance click on “Install app from file”.
- Browse to the location where you saved the downloaded content pack file(s), select the file(s), and click “Open” to begin the installation process.
- Follow the on-screen instructions to complete the installation of the app in your Splunk environment.
- Once the installation is complete, you can access the content pack’s features from within your Splunk ITSI instance.
Step #5: Accessing the Data Integration in ITSI
Next, you must integrate the ITSI content pack you just installed through the App into your ITSI instance.
- In Splunk, navigate to the ITSI software. Go to the “Configuration” tab and select the “Data Integrations” option from the menu.
- Select the “Content Library” option on the tabs.
- The content pack that you just installed should appear here.
Step #6: Install the Content Pack in the ITSI Environment
- Click on the desired content pack to proceed with the installation process. This will start the process of installing the content pack into your ITSI environment.
- Click the “Proceed” button
- Here, you will be presented with installation options that you can choose to meet the needs of your environment.
- Choose which objects to install: For a first-time installation, select the items you want to install and deselect any you’re not interested in. For an upgrade, the installer identifies which objects from the content pack are new and which ones already exist in your environment from a previous installation. You can selectively choose which objects to install from the new version or install all objects.
- Choose a conflict resolution rule for the objects you install: For upgrades or subsequent installs, decide what happens to duplicate objects introduced from the content pack. Choose from these options:
- Install as new: Any existing identical objects in your environment remain intact.
- Replace existing: Existing identical objects are replaced with those from the new installation. Any changes you previously made to these objects are overwritten.
- Import as enabled: Select whether to install objects as enabled or leave them in their original state. We recommend that you import objects as disabled to ensure your environment doesn’t break from the addition of new content. This setting only applies to services, correlation searches, and aggregation policies. All other objects such as KPI base searches and saved searches are installed in their original state regardless of the option you choose.
- Add a prefix to your new objects: Optionally, append a custom prefix to each object installed from the content pack. For example, you might prefix your objects with “
CP-” to indicate they came from a content pack. This is useful later because it can help you locate and manage the objects after they have been installed. - Backfil service KPIs: Optionally backfill your ITSI environment with the previous seven days of KPI data. Consider enabling backfill if you want to configure adaptive thresholding and predictive analytics for the new services. This setting only applies to KPIs, not service health scores.
- Click Install Selected when finished.
- Click Install to confirm the installation. When completed, you can view all objects that were installed in your environment.
NOTE: A green checkmark on the Data Integrations page indicates which content packs you have already installed.
Conclusion
By following these step-by-step instructions, you can seamlessly integrate Splunk Content Packs into their ITSI or IT Essentials Work environment, enhancing their monitoring capabilities and gaining valuable insights into their infrastructure. With pre-configured dashboards and settings, Splunk Content Packs simplify the monitoring process, enabling organizations to monitor their systems effectively and proactively address any issues that may arise. Explore the wide range of content packs available on Splunkbase and leverage them to optimize your IT monitoring efforts.
Kinney Group provides many ITSI content packs under the Atlas product umbrella on Splunkbase for free. These are provided as open source and contributions from the Splunk community are encourages. All contributions are manged via GitHub. To learn more about contributing to the Atlas Family of ITSI content packs visit the Kinney Group GitHub page or search for “Atlas ITSI Content Pack” on Splunkbase.
