Splunk ITSI Intermediate
Splunk IT Service Intelligence (ITSI) provides service-level monitoring with ML-powered analytics. For networking, ITSI excels at correlating infrastructure health with business service availability.
Service Modeling for Networks
ITSI organizes monitoring around services rather than individual devices. For networking, define services like:
- WAN Service — KPIs: link utilization, latency, jitter, packet loss across all WAN circuits
- Data Center Network — KPIs: spine-leaf utilization, east-west traffic, overlay health
- Internet Edge — KPIs: BGP session stability, DDoS indicators, firewall throughput
- Campus Network — KPIs: AP client count, authentication success rate, switch uplinks
KPI Configuration
| KPI | Splunk Search | Threshold Type |
|---|---|---|
| WAN Latency | index=network sourcetype=perfmon latency_ms | Adaptive (ITSI learns baseline) |
| Interface Errors | index=snmp ifInErrors OR ifOutErrors | Static (any errors are bad) |
| BGP Peers | index=syslog BGP neighbor state | Aggregate (% of peers up) |
Adaptive Thresholding
ITSI's adaptive thresholding uses ML to automatically determine normal ranges for each KPI based on time-of-day and day-of-week patterns. This eliminates the need to manually set and maintain thresholds for hundreds of KPIs.
Glass Tables
Glass tables provide executive-level visibility into service health with visual representations of your service hierarchy and real-time KPI status indicators.
Machine Learning Toolkit (MLTK)
For custom analytics, Splunk MLTK provides point-and-click ML model building for network use cases like capacity forecasting, anomaly detection, and predictive maintenance.
Next Step
Learn how to extend Prometheus with ML capabilities for open-source AI monitoring.
Next: Prometheus + ML →