Build Modules for Splunk IT Service Intelligence

The Module Builder has been deprecated and will be removed in the next major ITSI release. For more, see the Removal Notice.

This guide is for developers who have deep knowledge of a particular technology and domain and want to build custom modules that monitor their IT services using Splunk IT Service Intelligence.

The Module Builder tools made available in Splunk IT Service Intelligence are intended for on-premises customers and developers only. These tools are intended for those interested in developing content for Splunk IT Service Intelligence and should not be used in a production environment. Please note that if you are using the Module Builder tools with any third-party module, or component thereof, you are responsible for ensuring that your actions comply with the applicable third-party license terms.

  • The Module Builder is not compatible with search head clusters or Splunk Cloud.
  • Using the Module Builder requires you to have the itoa_admin and admin roles.

Request a Splunk Enterprise Developer License for developing ITSI modules

What is Splunk IT Service Intelligence?

Splunk IT Service Intelligence (ITSI) is a scalable IT monitoring and analytics solution that provides actionable insight into the performance and behavior of your IT services. The key components of ITSI are:

  • Entities. Entities correspond to IT assets, which are infrastructure components that can be tracked with a metric. An entity has a unique ID and multiple attributes such as numbers, values, or links to other entities. For example, an entity might be a server, a device, a user, an app, or a process.
  • KPIs. Key performance indicators (KPIs) are performance metrics for entities resulting from a search. For example, a KPI might be a CPU load percentage, the memory used percentage, or a response time.
  • Services. ITSI organizes KPIs into services that generate health scores, perform root-cause analysis, and receive alerts when needed. For example, a service might be an application; a web, database, or network tier; an online store; or a single process. Services can be created from one or more entities.

ITSI also provides several features for users to monitor and visualize IT services, including:

  • Glass Tables, which are custom visualizations that help you visually monitor the status of services.
  • Deep dives that let you view multiple KPIs to speed up troubleshooting.
  • Correlation searches that let you identify patterns across multiple sources of data, and can generate alerts when notable events occur.

What is an ITSI module?

ITSI modules are add-ons for ITSI that target specific use cases, providing prebuilt KPIs, entity definitions, service templates, and dashboard visualizations, along with the searches that populate these items. The Splunk IT Service Intelligence app includes several modules, such as the Web Server module, the Load Balancer module, the Operating System module, and so forth.

[ITSI Module]

ITSI modules also process data that you collect with Splunk add-ons, acting as a transformation layer between add-ons and ITSI.

Why build modules for ITSI?

You can build an ITSI module to:

  • Accelerate self-service productivity.
  • Eliminate the need for costly add-ons, customizations, and extensions.
  • Enable fast, accurate insights that can be mapped to services, KPIs, and entities.
  • Deliver deep service-oriented insights into individual technology domains.

What is the basic process for building modules for ITSI?

The main phases of building an ITSI module are:

  1. Research and plan the module.
  2. Develop the module.
  3. Package the module.
  4. Export and upload the module for distribution.

Start with the first step: Research and plan your ITSI module.