diff --git a/deployment-apps/DA-ITSI-SharedInfra/README b/deployment-apps/DA-ITSI-SharedInfra/README new file mode 100644 index 00000000..4395f489 --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/README @@ -0,0 +1,3 @@ +System Requirements: ITSI 3.X & Splunk 7.X +Version Support ITSI 3.0 or Higher, Splunk 7.0 or Higher +Documentation, Configuration and Installation instructions are listed on the main dashboard diff --git a/deployment-apps/DA-ITSI-SharedInfra/appserver/static/BACKUP­CP-SHARED-INFRA-1.0.0.zip b/deployment-apps/DA-ITSI-SharedInfra/appserver/static/BACKUP­CP-SHARED-INFRA-1.0.0.zip new file mode 100644 index 00000000..c339bf02 Binary files /dev/null and b/deployment-apps/DA-ITSI-SharedInfra/appserver/static/BACKUP­CP-SHARED-INFRA-1.0.0.zip differ diff --git a/deployment-apps/DA-ITSI-SharedInfra/appserver/static/SharedInfraBootStrap.png b/deployment-apps/DA-ITSI-SharedInfra/appserver/static/SharedInfraBootStrap.png new file mode 100644 index 00000000..75dff80a Binary files /dev/null and b/deployment-apps/DA-ITSI-SharedInfra/appserver/static/SharedInfraBootStrap.png differ diff --git a/deployment-apps/DA-ITSI-SharedInfra/bin/README b/deployment-apps/DA-ITSI-SharedInfra/bin/README new file mode 100644 index 00000000..9a70db09 --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/bin/README @@ -0,0 +1 @@ +This is where you put any scripts you want to add to this app. diff --git a/deployment-apps/DA-ITSI-SharedInfra/default/app.conf b/deployment-apps/DA-ITSI-SharedInfra/default/app.conf new file mode 100644 index 00000000..28cf4baf --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/default/app.conf @@ -0,0 +1,24 @@ +# +# Splunk app configuration file +# + +[install] +is_configured = 0 +install_source_checksum = fc4ccaa8d791d4acadd017f638ad6dcd860fce5e + +[ui] +is_visible = 1 +label = ITSI Content Pack for Shared IT Infrastructure Components + +[launcher] +author = Splunk +description = The Content Pack for Shared IT Infrastructure Components contains common IT/Tech services and service dependencies that we encounter at customer sites. These common services power many business services but rather than building them yourself you can just download and install them and configure them for your environment. +version = 1.3.0 + +[package] +id = DA-ITSI-SharedInfra + +[id] +group = DA-ITSI +name = SharedInfra +version = 1.3.0 diff --git a/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/html/itsi_shared_infrastructure.html b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/html/itsi_shared_infrastructure.html new file mode 100644 index 00000000..39eb52fa --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/html/itsi_shared_infrastructure.html @@ -0,0 +1,257 @@ + + + + + + ITSI Content Pack for Shared ITT Infrastructure Components + + + + + + + + + + + + +
+ Screen reader users, click here to skip the navigation bar +
+
+ splunk> +
+
+
+ +
+
+
+

ITSI_Shared_Infrastructure

+
+
+ + +
+ +

Roughly 45% of all P1 issues are caused by issues outside of the application stack. They’re caused by a failure somewhere in the shared IT infrastructure – the large collection of services provided by different groups within the IT organization.

+

This content pack provides a service dependency tree for modeling your shared IT infrastructure as a whole.

+ + Documentation: https://docs.splunk.com/Documentation/ITSICP/current/Config/AboutShared + +

Installation

+ +

1. Download the following backup file: - BACKUP­-CP-SHARED-INFRA-1.0.0.zip

+

2. On your ITSI search head, create a restore job and upload the backup file. Give it the same name as the backup file you downloaded. For example, BACKUP-CP-NIX-OS-1.0.0.

+

3. After the restore completes, confirm that the objects included in the content pack have been restored to your environment.

+ Package Contents: + +

- Multiple services in a dependency tree.

+

- A saved service analyzer view filtered to IT services.

+

- A glass table showing per-domain health of IT services. The visualizations drill down to the saved service analyzer and deep dive.

+ Requirements: + +

This content pack has no specific dependencies, although entity filtering examples use ITSI roles as that are populated by scheduled searches. For the roles to be populated correctly, you must configure data collection per the ITSI Modules Documentation.

+ + + + + + + + + \ No newline at end of file diff --git a/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/nav/default.xml b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/nav/default.xml new file mode 100644 index 00000000..e7b3cbcb --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/nav/default.xml @@ -0,0 +1,3 @@ + diff --git a/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/views/README b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/views/README new file mode 100644 index 00000000..6cf74f0b --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/views/README @@ -0,0 +1 @@ +Add all the views that your app needs in this directory diff --git a/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/views/itsi_shared_infrastructure.xml b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/views/itsi_shared_infrastructure.xml new file mode 100644 index 00000000..ed3f8738 --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/default/data/ui/views/itsi_shared_infrastructure.xml @@ -0,0 +1,107 @@ + + + Skip to content +Features +Business +Explore +Marketplace +Pricing +This repository +Search +Sign in or Sign up +0 0 0 Splunk-ITSI-FieldUpdates/SharedInfraBootstrap + Code Issues 0 Pull requests 0 Projects 0 Insights +Join GitHub today +GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together. + + +Shared Infrastructure Bootstrap Services + 10 commits + 1 branch + 0 releases + 1 contributor + GPL-2.0 + @Splunk-ITSI-FieldUpdates +Splunk-ITSI-FieldUpdates Merge pull request #1 from Splunk-ITSI-FieldUpdates/add-license-1 … +Latest commit feef526 on Apr 12 +ITSI Shared Infrastructure Bootstrap_2_0.zip Add files via upload 2 months ago +LICENSE Create LICENSE 2 months ago +README.md Update README.md 2 months ago +SharedInfraBootStrap.png Add files via upload 2 months ago + README.md +Shared Infrastructure Bootstrap alt text + +Questions? reach out to Martin Wiser on slack or by mwiser@splunk.com + +TLDR: + +Go here - https://github.com/Splunk-ITSI-FieldUpdates/SharedInfraBootstrap +Download the Shared Infra bootstrap(s) +In ITSI 3.0.x, create a restore job and select the bootstrap +If the bootstrap in question provides base searches, edit them to ensure the index= pieces are correct for your environment. +Use the KPIs, services, etc! +Background: Splunk's field organizations are busy bees that help make our products better by fine tuning out-of-the-box content or by building net new capabilities. These "enhancements" are useful to everyone so we decided to open-source them. + +The Shared Infrastructure Bootstrap contains common IT/Tech services and service dependencies that we encounter at customer sites. These common services power many business services but rather than building them yourself you can just download and install them and configure them for your environment. + +Bootstraps are essentially ITSI backup files, tailored to suit a specific need. Today these include: • OS Template (for NIX and Windows) • Shared IT Infrastructure • VMware (coming soon) • ITSI Healthchecks • more to come. + +Bootstraps are intended for a one-time load into ITSI, then a tailoring to suit the customer’s needs. Do not try to “upgrade” an environment by uploading a newer version of a bootstrap that’s already in use. + +Shared IT Infrastructure: Roughly 45% of all P1 issues are caused by issues outside of the application stack. Instead, they are caused by a failure somewhere in the Shared IT Infrastructure – the large collection of services provided by different groups within the IT organization. + +This bootstrap provides a service dependency tree for modeling the Shared IT Infrastructure as a whole. + +Bootstrap Contents: Multiple services, in a dependency tree and using examples of entity filtering. Also includes a CIO-level glass table, and save Service Analyzer view. + +Requirements: This bootstrap has no specific dependencies, although entity filtering examples use ITSI roles as that are populated automatically by scheduled searches. For the roles to be populated correctly, one must configure data collection per the ITSI Modules Documentation. + +Initial Configuration: • Download the bootstrap, create a restore job, restore the bootstrap. • Review the installed service dependency tree, disable or remove services that are not necessary within the deployed environment. + +The service dependency tree includes 30 discrete areas that are probably already monitored in some way, perhaps by different tools for different departments. The next step is to prioritize which areas will be instrumented. + +Review critical issues (P0s, P1s and major P2s) from the past 6-9 months, and determine root cause for each. +• The functional area where the problem occurred will help you prioritize which of the services you will instrument using metrics, which you will instrument using alerts / Event Analytics, and which can be ignored for now. +• The root causes for each case will guide you to specific KPIs that would help with root cause analysis during the next outage. + +Integrate with existing alerts: This tree includes 30 discrete areas that are probably monitored in some way already. That data may or may not be in Splunk, but the goal here will be to get that data into Splunk and then tie one or more service-specific KPIs to that alert data. Configuring your alerting system(s) to send alerts to Splunk are covered in detail elsewhere, and not included in this document. + +For each of the discrete services in the ITSI “Shared IT Infrastructure” tree corresponding to areas where alerts are being generated: + +Configure the alerts to come to Splunk, into a Splunk index not tied to ITSI. +Create a correlation search to normalize the information in the alerts, and to save these as ITSI Notable Events. +Within the associated service, create a KPI counting the number of recent alerts. +In the new KPI’s thresholding, set zero alerts to “normal”, set more than zero to “high”. +Modify the Health Score calculation, setting the importance for the alerting KPI to ‘11’ +Optional but recommended: a. Create a correlation search to process and normalize external alerts, storing them back to ITSI as Notable Events. b. Create a Notable Event Aggregation Policy for those specific events. +For areas of the ITSI “Shared IT Infrastructure” tree where alerts are not available, remove the Heartbeat KPI. This will change these services from green to gray, indicating that there is an unmonitored dependency in the environment. + +Integrate with OS metric data: Some areas of the infrastructure may be monitored at the OS level, including Active Directory, as well as network services such as DNS / DNS / NTP and the systems providing the SMTP backbone. + +For each of these services, + +Edit the service in ITSI +Set the Entity Filtering page to match the correct hosts +Use the OS monitoring approach from the OS Bootstrap to create KPIs in this service corresponding to OS metrics. +Edit the Health Score calculation, review / edit the Importance level of critical KPIs. +Save your configuration +Integrate with Service-specific metric data: For each of the services related to a recent major outage, + +Identify the root cause, and the data sources where that issue would have been seen. Ensure this data is in Splunk, or onboard that data. +Edit the service in ITSI +Set the Entity Filtering page to match the correct entities sending the data. +Create KPIs to track the root causes of issues. +Edit the Health Score calculation, review / edit the Importance level of critical KPIs. +Save your configuration +Using the Shared IT Infrastructure Bootstrap: Once the configuration work above is complete, you can leverage the artifacts created by this bootstrap in the following ways: + +Shared IT Infrastructure Health Score You now have a service that is monitoring across the siloed stacks in the CIO organization. This health score can be referenced by any other services, allowing business application stacks to tie to the Shared IT Infrastructure as a dependency. + +IT Infrastructure Health glass table. +Think of this as a CIO-level view, an at-a-glance view of current state across all stacks of the IT environment. +• Edit this page to remove any services you deleted. Add services or KPIs as needed. • When creating future glass tables, add a widget for “Shared IT Infrastructure” when appropriate, and tie that widget to this glass table. This will help in troubleshooting, perhaps avoiding the next P1-driven warroom. + +Service Analyzer View This bootstrap includes a saved Service Analyzer view for “IT Infrastructure”. This view may be used in a NOC environment to view health of the Shared IT Infrastructure over time. + +Switch to the Tree view, and now you have a real-time, automatically-generated view of the Shared IT Infrastructure and all of its dependencies. + \ No newline at end of file diff --git a/deployment-apps/DA-ITSI-SharedInfra/metadata/default.meta b/deployment-apps/DA-ITSI-SharedInfra/metadata/default.meta new file mode 100644 index 00000000..b77b8cb9 --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/metadata/default.meta @@ -0,0 +1,35 @@ + +# Application-level permissions + +[] +access = read : [ * ], write : [ admin, power ] + +### EVENT TYPES + +[eventtypes] +export = system + + +### PROPS + +[props] +export = system + + +### TRANSFORMS + +[transforms] +export = system + + +### LOOKUPS + +[lookups] +export = system + + +### VIEWSTATES: even normal users should be able to create shared viewstates + +[viewstates] +access = read : [ * ], write : [ * ] +export = system diff --git a/deployment-apps/DA-ITSI-SharedInfra/metadata/local.meta b/deployment-apps/DA-ITSI-SharedInfra/metadata/local.meta new file mode 100644 index 00000000..33b9ed91 --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/metadata/local.meta @@ -0,0 +1,3 @@ +[app/install/install_source_checksum] +version = 7.3.1.1 +modtime = 1569954235.012719000 diff --git a/deployment-apps/DA-ITSI-SharedInfra/splunkbase.manifest b/deployment-apps/DA-ITSI-SharedInfra/splunkbase.manifest new file mode 100644 index 00000000..651aa6d2 --- /dev/null +++ b/deployment-apps/DA-ITSI-SharedInfra/splunkbase.manifest @@ -0,0 +1,89 @@ +{ + "version": "1.0", + "date": "2022-11-14T21:15:37.111403162Z", + "hashAlgorithm": "SHA-256", + "app": { + "id": 4044, + "version": "1.3.0", + "files": [ + { + "path": "bin/README", + "hash": "597cdad620bec4e52e0e8adc3cad99de9b3ce45da0dd18e4159e1009c976e957" + }, + { + "path": "default/data/ui/html/itsi_shared_infrastructure.html", + "hash": "4b2d4fbf26af3156762f6cec4f2aa32d96af377e4b6acc3daf5c7212d73dffa6" + }, + { + "path": "default/data/ui/nav/default.xml", + "hash": "73c4b2321cd14e3bfd42f3daea58d91f4f140c220a79a92f9711648cc41fddd7" + }, + { + "path": "default/data/ui/views/README", + "hash": "4ccd9dc2dca5bd634f7c07ad1749e4e63a7969c84e2eff83517256f7c884cd29" + }, + { + "path": "default/data/ui/views/itsi_shared_infrastructure.xml", + "hash": "4e5bd0335351706c8b20d0ca25f20499119289675fdfcbe40f2653d34a1a18eb" + }, + { + "path": "default/app.conf", + "hash": "b0048c227b809254f0e975d44b818cbafbdcf7b225bbf1444ffcb18e9cae7bff" + }, + { + "path": "static/appIcon.png", + "hash": "8e9b39cc41807e8dde16cc101635126b5d276d7deb4eadbd2c26f5dab4ce8705" + }, + { + "path": "static/appIcon_2x.png", + "hash": "9c797564cc21716ebe9b6e66ae689054a41b7f7e91402f09201493cf5870287f" + }, + { + "path": "static/appLogo.png", + "hash": "9713050f047916eeea4783a9dfccc7ad4009c240be32f98eb5debc2b02f8ec0a" + }, + { + "path": "appserver/static/SharedInfraBootStrap.png", + "hash": "06216be0e547c3e44b3134b11786da1190ef78d84ef73d800d6f7aa6c48e720f" + }, + { + "path": "appserver/static/BACKUP\u00adCP-SHARED-INFRA-1.0.0.zip", + "hash": "fce0614830a868a0925e83908cc5d03b14396e035b0fe12d6a196d97bb023624" + }, + { + "path": "metadata/default.meta", + "hash": "957c594f988b95717e56f7c38672b1fdc6c4d5c9cfa42da58fb98d92b9febc13" + }, + { + "path": "metadata/local.meta", + "hash": "f4b20dce66631cf44bf1d219a30a6a462519271578211835e5a0e6070ae48cc6" + }, + { + "path": "README", + "hash": "a530eff34f1a5e11e0d4080fe5a16f61ebe90af8c4a99579c48d6b7fc404ab47" + } + ] + }, + "products": [ + { + "platform": "splunk", + "product": "enterprise", + "versions": [ + "7.1", + "7.2", + "7.3" + ], + "architectures": [ + "x86_64" + ], + "operatingSystems": [ + "windows", + "linux", + "macos", + "freebsd", + "solaris", + "aix" + ] + } + ] +} \ No newline at end of file diff --git a/deployment-apps/DA-ITSI-SharedInfra/static/appIcon.png b/deployment-apps/DA-ITSI-SharedInfra/static/appIcon.png new file mode 100644 index 00000000..443cd947 Binary files /dev/null and b/deployment-apps/DA-ITSI-SharedInfra/static/appIcon.png differ diff --git a/deployment-apps/DA-ITSI-SharedInfra/static/appIcon_2x.png b/deployment-apps/DA-ITSI-SharedInfra/static/appIcon_2x.png new file mode 100644 index 00000000..45e0619d Binary files /dev/null and b/deployment-apps/DA-ITSI-SharedInfra/static/appIcon_2x.png differ diff --git a/deployment-apps/DA-ITSI-SharedInfra/static/appLogo.png b/deployment-apps/DA-ITSI-SharedInfra/static/appLogo.png new file mode 100644 index 00000000..d5b87cc6 Binary files /dev/null and b/deployment-apps/DA-ITSI-SharedInfra/static/appLogo.png differ