Final Updates

Author: derkkila

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/2-creating-basic-alerts/_index.md

@@ -42,35 +42,19 @@ Splunk alerts are triggered by search results that match specific criteria. We'l
 **Time Ranges and Frequency:** Since everything in Splunk core is a search, you need to consider the search timespan and frequency so that you are not a) searching the same data multiple times with an overlap timespan, b) missing events because of a gap between timespan and frequency, c) running too frequently and adding overhead or d) running too infrequently and experiencing delays in alerting.
 
 
-## 2. AppDynamics Alerts (Health Rule Violations)
+## 2. Splunk Observability Cloud Alerts (Detectors)
 
-**2. Create a Health Rule (or modify an existing one):**
-   * Click "Create Rule" (or edit an existing rule that applies to your application).
-   * Give the health rule a descriptive name (e.g., "Order Service Response Time Alert").
-   * **Scope:**  Select the application and tier (e.g., "OrderService").
-   * **Conditions:**
-      * Choose the metric "Average Response Time."
-      * Set the threshold: "is greater than" "500" "milliseconds."
-      * Configure the evaluation frequency (how often AppDynamics checks the metric).
-   * **Actions:**
-      * For this basic example, choose "Log to console."  In a real-world scenario, you would configure email, SMS, or other notification channels.
-   * **Save:** Save the health rule.
-
-**Explanation:** This health rule continuously monitors the average response time of the "OrderService." If the response time exceeds 500ms, the health rule is violated, triggering the alert and the configured actions.
-
-
-## 3. Splunk Observability Cloud Alerts (Detectors)
-
-**2. Create a Detector:**
+**Create a Detector:**
    * Click "Detectors & SLOs" in the lefthand menu
    * Click "Create Detector -> Custom Detector"
    * Give the detector a descriptive name (e.g., "High CPU Utilization Alert - INITIALS").
    * **Signal:**
       * Select the metric you want to monitor ("cpu.utilization"). 
       * Add any necessary filters to specify the host (`service.name:otelshop-loadgenerator`).
+      * Click "Proceed to Alert Condition"
    * **Condition:**
-      * Set the threshold: "is above" "90" "%."
-      * Configure the evaluation frequency and the "for" duration (how long the condition must be true before the alert triggers).
+      * Select Static Threshold
+      * Set the threshold: "is above" "90"
    * **Notifications:**
       * For this example, choose a simple notification method (e.g., a test webhook). In a real-world scenario, you would configure integrations with PagerDuty, Slack, or other notification systems.
    * **Save:** Save the detector.

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/3-creating-services-in-itsi/1-creating-o11y-service.md

@@ -0,0 +1,47 @@
+---
+title: Creating an O11y Based Service
+linkTitle: 3.1 Creating an O11y Based Service
+weight: 2
+---
+
+# Starting with an Observability Cloud Based Service
+
+1. **Access Services:** In ITSI click "Configuration", click on "Services".
+
+2. **Create New Service: PaymentService2:** Click "Create New Service".
+
+3. **Service Details (PaymentService2):**
+    * **Title:** "PaymentService2"
+    * **Description (Optional):**  e.g., "Payment Service for Hipster Shop - version 2"
+
+4. **Select Template:** Choose "Link service to a service template" and search for "Splunk APM Business Workflow KPIs" from the template dropdown. Click **Create** to save the new service.
+
+6. **Entity Assignment:**
+    * The page will load and display the new Service and you will be on the Entities page. This demo defaults to selecting the *paymentservice:grpc.hipstershop.PaymentService/Charge* entity. In a real world situation you would need to match the workflow to the entity name manually.
+    * **Direct Entity Selection (If Available):** Search for the entity using `sf_workflow="paymentservice:grpc.hipstershop.PaymentService/Charge"` and select it.
+
+7. **Save Service (PaymentService2):** Click "Save" to create "PaymentService2".
+
+8. **Settings:** Click the "Settings" tab, enable *Backfill* and keep that standard 7 days. Enable the Service, and click "Save"
+
+## Setting PaymentService2's Service Health as a Dependency for Online-Boutique-US
+
+1. **Locate Online-Boutique-US:** Find the "Online-Boutique-US" service in the service list.
+
+2. **Edit Online-Boutique-US:** Click "Edit".
+
+3. **Service Dependencies:** Look for the "Service Dependencies" section. 
+
+4. **Add Dependency:**  There should be an option to add a dependent service.  Search for "PaymentService2".
+
+5. **Select KPI:** Check the box next to ServiceHealthScore for PaymentService2.
+
+6. **Save Changes:** Save the changes to the "Online-Boutique-US" service.
+
+## Verification
+
+* Click on "Service Analyzer" and select the "Default Analyzer"
+* Filter the service to just "Buttercup Business Health"
+* Verify that *PaymentService2* is now present below *Online-Boutique-US* and should be in a grey status.
+
+![show-entry](../images/service_tree_o11y.png?classes=inline)

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/3-creating-services-in-itsi/2-creating-appd-service.md

@@ -8,35 +8,35 @@ weight: 3
 
 1. **Access Services:** In ITSI click "Configuration", click on "Services".
 
-2. **Create New Service: AD-Ecommerce2:** Click "Create New Service".
+2. **Create Service: AD-Ecommerce2:** Click "Create Service -> Create Service".
 
 3. **Service Details (AD-Ecommerce2):**
     * **Title:** "AD-Ecommerce2"
     * **Description (Optional):**  e.g., "Ecommerce Service - version 2"
 
 4. **Select Template:** Choose "Link service to a service template" and search for "AppDynamics App Performance Monitoring" from the template dropdown. Click **Create** to save the new service.
 
-6. **Entity Assignment:**
+5. **Entity Assignment:**
     * The page will load and display the new Service and you will be on the Entities page. This demo defaults to selecting the *AD-Ecommerce:18112:demo1.saas.appdynamics.com* entity. In a real world situation you would need to match the entity_name to the entity name manually.
     * **Direct Entity Selection (If Available):** Search for the entity using `entity_name="AD-Ecommerce:18112:demo1.saas.appdynamics.com"` and select it.
 
-7. **Save Service (AD-Ecommerce2):** Click "Save" to create "AD-Ecommerce2".
-
-8. **Settings:** Click the "Settings" tab, enable *Backfill* and keep that standard 7 days. Enable the Service, and click "Save"
+7. **Settings:** Click the "Settings" tab, enable *Backfill* and keep that standard 7 days. Enable the Service, and click "Save"
 
 ## Setting AD-Ecommerce2's Service Health as a Dependency for AD.Ecommerce
 
-1. **Locate AD.Ecommerce:** Find the "AD.Ecommerce" service in the service list.
+1. **Navigate back to Services page:** Click "Configuration -> Services"
+
+2. **Locate AD.Ecommerce:** Find the "AD.Ecommerce" service in the service list.
 
-2. **Edit AD.Ecommerce:** Click "Edit".
+3. **Edit AD.Ecommerce:** Click "Edit".
 
-3. **Service Dependencies:** Look for the "Service Dependencies" section. 
+4. **Service Dependencies:** Look for the "Service Dependencies" section. 
 
-4. **Add Dependency:**  There should be an option to add a dependent service.  Search for "AD-Ecommerce2".
+5. **Add Dependency:**  There should be an option to add a dependent service.  Search for "AD-Ecommerce2".
 
-5. **Select KPI:** Check the box next to ServiceHealthScore for AD-Ecommerce2.
+6. **Select KPI:** Check the box next to ServiceHealthScore for AD-Ecommerce2.
 
-6. **Save Changes:** Save the changes to the "AD.Ecommerce" service.
+7. **Save Changes:** Save the changes to the "AD.Ecommerce" service.
 
 ## Verification
 

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/3-creating-services-in-itsi/_index.md

@@ -16,3 +16,4 @@ We have two existing services: "Online-Boutique-US" (representing an application
 
 **Return to your Splunk Environment and under Apps, select IT Service Intelligence**
 
+In the Default Analyzer update the Filter to "Buttercup Business Health"

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/4-creating-alerts-in-itsi/_index.md

@@ -26,20 +26,20 @@ This section guides you through configuring a basic alert in Splunk IT Service I
    ```
    index=itsi_summary kpi="*KPI*" alert_severity=critical
    ```
-    * **Time Range:** Last 5 minutes
+    * **Time Range:** Last 15 minutes
     * **Service:** *Service Name*
     * **Entity Lookup Field:** itsi_service_id
-    * **Run Every:** 5 minutes
+    * **Run Every:** minutes
     * **Notable Event Title:** *Service Name* *KPI* Critical
+    * **Severity:** Critical
     * **Notable Event Identified Fields:** source
 
-![show-entry](../images/alerts.png?classes=inline)
-
 **After Creating the Alert:**
 
 * You will need to wait 5-10 minutes for the alert to run
 * The alert will be listed in the "Alerts and Episodes" Pane in ITSI.
 
+![show-entry](../images/alerts.png?classes=inline)
 
 **Important Considerations:**
 

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/5-episodes-in-itsi/_index.md

@@ -15,15 +15,15 @@ This section outlines the steps to create an aggregation policy in Splunk ITSI t
 
 ## Steps
 
-1. **Navigate to Notable Event Aggregation Policies:** In Splunk, go to the Notable Event Aggregation Policies section (usually under "Configuration" -> "Notable Event Aggregation Policies").
+1. **Navigate to Notable Event Aggregation Policies:** In Splunk, go to "Configuration" -> "Notable Event Aggregation Policies".
 
 2. **Create New Policy:** click the green "Create Notable Event Aggregation Policy" button in the upper right corner.
 
 3. **Filtering Criteria:** This is the most important part.  You'll define the criteria for alerts to be grouped by this policy. Click "Add Rule (OR)"
 
     * **Field:** Select "title" from the dropdown menu.
     * **Operator:** Choose "matches".
-    * **Value:** Enter the string "*Service Name**".
+    * **Value:** Enter the string "*Service Name**". (make sure to include the *)
 
 4. **Splitting Events:** Remove the "hosts" field that is provided by default and update it to use the "service" field. We want this generating new episodes for each Service that is found. In our example, it should only be 1.
 
@@ -35,15 +35,15 @@ This section outlines the steps to create an aggregation policy in Splunk ITSI t
 
 8. **Click Next**
 
-9. **Policy Name and Description:**
+9. **Policy Title and Description:**
     * **Policy Title:** *Service Name* Alert Grouping
     * **Description:** Grouping *Service Name* alerts together.
 
-8. **Save Policy:** Click the "Save" button to create the aggregation policy.
+8. **Save Policy:** Click the "Next" button to create the aggregation policy.
 
 ## Verification
 
-After saving the policy, navigate to the "Alerts and Episodes" page and filter alerts for last 15 minutes and add a filter to status=New and search for our Service Name in the search box.
+After saving the policy, navigate to the "Go to Episode Review" page and filter alerts for last 15 minutes and add a filter to status=New and search for our Service Name in the search box.
 
 There may already be an episode named after our specific alert already, if so,  close it out and wait for a new one to be generated with our new Title.