Splunk Training Provider Authorised Learning Partner Australia

Implementing Splunk IT Service Intelligence

The Implementing Splunk IT Service Intelligence course prepares consultants to install and configure Splunk’s app for IT Service Intelligence (ITSI).


Students will learn to use ITSI to monitor mission-critical services. Topics include ITSI architecture, deployment planning, installation, service design and implementation, configuring entities, notable events, and developing glass tables and deep dives.

Units : 4
Duration : 18 hours over 4 days
Time : 9:00 am – 1:30 pm AEST (GMT +10)

*Course discounts apply for Splunk Partners. Please use the currency convertor above to check for course pricing in your local currency.

Implementing Splunk IT Service Intelligence

Great attitude to the students, encourage questions. always attempt his best to answer them. there is a lot of material but he strive through it. willingness to go beyond to do his job, well done.

Participant, Cluster Administration

Implementing Splunk IT Service Intelligence
Implementing Splunk IT Service Intelligence - Course Topics
  • ITSI architecture and deployment

  • Installing ITSI

  • Designing Services – Discovery and best practices

  • Implementing services and entities

  • Configuring correlation searches and multi KPI alerts

  • Managing aggregration policies and anomaly detection

  • Troubleshooting and maintenance

Class Format

Instructor-led lecture with labs. Delivered via virtual classroom or at your site

Course Prerequisites
Related Certifications
Implementing Splunk IT Service Intelligence - Audience

Anyone whose role requires them to create complex search queries, advanced data models and reports with Splunk who have limited exposure to regular expressions. Previous attendees have included Consultants, IT Administrators and Business Intelligence/Business Analysts.

After completing Implementing Splunk IT Service Intelligence course you will be able to
  • Identify and design ITSI Services and KPI’s

  • Understand customer requirements, and translate into an ITSI implementation

  • Design and Implement Glass Tables

  • Create and Manage Notable Events

  • Configure Adaptive Thresholds and Anomaly Detection

  • Customize Deep Dive views

  • Work with Entities and Dependencies.

Implementing Splunk IT Service Intelligence
Implementing Splunk IT Service Intelligence - Course Objectives

Module 1 - Introducing ITSI

  • Identify ITSI features

  • Describe reasons for using ITSI

  • Examine the ITSI user interface

Module 2 - Glass Tables

  • Describe glass tables

  • Use glass tables

  • Design glass tables

  • Configure glass tables

Module 3 - Managing Notable Events

  • Define key notable events terms and their relationships

  • Describe examples of multi – KPI Alerts

  • Describe the notable events workflow

  • Work with notable events

Module 4 - Investigating Issues with Deep Dives

  • Describe deep dive concepts and their relationships

  • Use default deep dives

  • Create and customize new custom deep dives

  • Add and configure swim lanes

  • Custom views

  • Describe effective workflows for troubleshooting

Module 5 - Installing and Configuring ITSI

  • List ITSI hardware recommendations

  • Describe ITSI deployment options

  • Identify ITSI components

  • Describe the installation procedure

  • Identify data input options for ITSI

  • Add custom data to an ITSI deployment

Module 6 - Designing Services

  • Given customer requirements, plan an ITSI Implementation

  • Identify site entities

Module 7 - Data Audit and Base Searches

  • Use a data audit to identify service key performance indicators

  • Design base searches

Module 8 – Implementing Services

  • Use a service design to implement services in ITSI

Module 9 – Thresholds and Time Policies

  • Create KPI’s with static and adaptive thresholds

  • Use Time policies to define flexible thresholds

Module 10 – Entities and Dependencies

  • Using entities in KPI Searches

  • Defining dependencies

Module 11 – Correlation and Multi KPI Searches

  • Define new correlation searches

  • Define Multi KPI Alerts

  • Manage notable event storage

Module 12 – Aggregation Policies

  • Create new aggregation policies

  • Use smart mode

Module 13 – Anomaly Detection

  • Enable anomaly detection

  • Work with generated anomaly events

Module 14 – Access Control

  • Configure user access control

  • Create services level teams

Module 15 - Troubleshooting ITSI

  • Backup and restore

  • Maintenance mode

Splunk Course Schedules and Timezones

Ingeniq Course are delivered live and in English and provide access to customers spanning multiple timezones.

Dates and times displayed for each course are relative to Australian Eastern Time (AET).

AM Marked Splunk Courses

AM marked courses start at AET 9:00am and finish at AET 1:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+10 including Australia (East Coast)

  • UCT+11/+12 including New Zealand and the Pacific Islands

  • UTC-8 including USA (West Coast), Canada (West Coast)

  • UTC-7 including USA (Mid West)

PM Marked Splunk Courses

PM marked courses start at AET  2:00pm and finish at AET 6:30pm (4.5 hour sessions over 1 or more days) and are optimal for customers in the following countries and areas;

  • UTC+9 including Japan, Korea

  • UTC+8 including Australia (West Coast), Singapore, Hong Kong, China, Philippines, Brunei, Thailand

  • UTC +5/+6 including India and Sri Lanka

Implementing Splunk IT Service Intelligence - Upcoming Courses