ITSI Foundations • Room 3

ITSI Architecture

ITSI follows a modular architecture. The core components include: Services (logical groupings of KPIs), Entities (the physical or virtual infrastructure being monitored), KPIs (metrics derived from Splunk searches), and Glass Tables (real-time operational dashboards).

Data flows into ITSI through standard Splunk ingestion pipelines. Base searches run on a schedule to compute KPI values. These values feed into service health scores, which in turn power Glass Tables and Notable Event generation via aggregation policies.

The data flow is: Raw Data → Base Search → KPI Value → Service Health Score → Glass Table / Notable Event. Understanding this pipeline is critical for troubleshooting.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Raw machine data is ingested

Base search executes on schedule

KPI value is calculated

Service health score is updated

Step 1

Step 2

Step 3

Step 4