Managing IT Just Got Easier: Introducing the New Splunk App for Content Packs

We are thrilled to announce the release of the Splunk App for Content Packs, an app that acts as a one-stop shop for prepackaged content, and out-of-the-box searches and dashboards for common IT infrastructure monitoring sources. Getting started with Splunk for IT operations use cases has never been easier.

In the past, you may have had to install and manage individual apps like Splunk App for VMWare and Splunk App for Windows Infrastructure. Now, with Splunk App for Content Packs, you can avoid a ‘mo packs, mo problems’ fate by eliminating the need to manually install, manage, and update individual monitoring applications. This improved user experience is the first reason we decided to bring all content packs together into one place.

Splunk App for Content Packs must be used with IT Service Intelligence (ITSI) or IT Essentials Work (ITE Work) 4.9 or later. Users may need to install Splunk Add-ons for specific Content Packs. 

Splunk App for Content Packs not only offers a fast path to value with preconfigured IT use cases, but it also offers a new experience to stay up to date with the latest content designed to continue maturing your IT operations. Users no longer have to use the backup/restore functionality to install content packs, as one app now updates ALL content packs together. This ensures you’re always using the latest and greatest version of each, with significantly less effort.

With Splunk App for Content Packs, you get preconfigured KPI base searches, service templates, saved glass tables and so much more. 

Take advantage of:

• Out-of-the-box content for IT use cases, no Search Process Language (SPL) required
• Content Packs for common infrastructure monitoring use cases
• Ready-to use-dashboards, metrics and alerts
   

A quick rundown of terminology:

• Splunk App for Content Packs: Free app for ITSI and ITE Work users that offers a comprehensive Content Library full of Content Packs
• Content Packs: Individual packs that provide capabilities for a specific use case, such as Content Pack for Microsoft 365
   

With the v1.2.0 release, both ITE Work and ITSI users have access to different features of the same content packs for AWS, NetApp, Unix, VMware, Exchange, and Microsoft 365. This new “feature-flagged” model will allow us to release fresh content updates every 6-8 weeks, providing a cloud-like user experience whether you’re on-prem, in the cloud, or somewhere in between.

Whether you’re using ITE Work or ITSI, we’ve got you covered. For an example of how simple we’ve made realizing the value of a new content pack, I’ll walk you through how to install the Splunk App for Content Packs and configure our latest Content Pack for Microsoft 365. Best of all, after you’ve configured one content pack, the others are designed to be wash, rinse, and repeat.

How to Install the Content Pack for Microsoft 365 for the First Time

We are excited to share that the Content Pack for Microsoft 365 is available and ready to deploy through the Splunk App for Content Packs. The Content Pack for Microsoft 365 is a backup of preconfigured ITSI objects that you restore to your own environment and tune for your specific needs. Before we get started, please remember to create a full backup of your ITSI environment and enable custom visualizations. 

Step 1: Install and configure the Splunk Add-on for Microsoft 365
This Content Pack relies on data from the Splunk Add-on for Microsoft 365, which collects service status, service messages, and management activity logs from the Office 365 Management Activity API and the Office 365 Service Communications API. Make sure you have the latest version of the Add-on from Splunkbase.

Step 2: Install the Content Pack for Microsoft 365
The following steps are a summary of those necessary to install the Microsoft 365 content pack, with a complete configuration guide hyperlinked below:

1. From the ITSI main menu, click Configuration > Data Integrations.
2. Click Add structure to your data.
3. Select the Microsoft for 365 content pack.
4. Review what's included in the content pack and then click Proceed.
5. Configure the settings.
6. When you're satisfied with your selections, click Install selected.
7. Click Install to confirm the installation. When the installation completes you can view all objects that were successfully installed in your environment. A green checkmark on the Data Integrations page indicates which content packs you've already installed.

For more details and next steps to gain more insights from the Content Pack for M365, check out this blog, "Microsoft 365: Are You Flying Blind...and at What Cost?," complete configuration instructions, and release notes.

Now that you know about the Splunk App for Content Packs, download and start using it today — tap into some of the insights they provide and see for yourself how much easier you just made your job. If you have specific content packs you’d like to see in the Splunk App for Content Packs, we’re all ears! Let us know via Splunk Ideas.