Entity types define how to classify a type of data source. For example, there are Linux, Windows, Kubernetes, and VMware vCenter Server entity types. Entity types can represent physical hosts, containers, virtual environments, and cloud providers.

Each entity type contains zero or more vital metrics, analysis data filters, and navigations that define the data sources and visualizations for each entity associated with the entity type. Analysis data filters and navigations are components of entity types. You can create, modify or delete analysis data filters and navigations for a specific entity type. You can't create, modify, or delete a single analysis data filter or navigation for multiple entity types at the same time.

Analysis data filters associate entity types with data sources. Analysis data filters are data collection rules that define data sources. They are split into two data types: metrics and events. Every supported entity type comes with at least one default metrics filter and one default events filter that populates the Analysis Workspace with data. Analysis data filters determine which data you can view in the Entity Analysis Dashboard. For more information about this dashboard, see Entity Analysis dashboard in ITE Work.

Each analysis data filter contains a static filter for specific data sources and an entity field filter to match data sources to a specific entity. Use static filters to include or exclude specific entity field-value pairs. Use an entity field filter to pass entity-specific information in the navigation URL. Here's an example analysis data filter for metrics for AWS EC2 instances:

{ \
    "title": "AWS EC2 metrics", \
    "type": "metrics", \
    "static_filter": { \
        "type": "include", \
        "field": "metric_name", \
        "values": ["AWS/EC2.*"] \
    }, \
    "entity_field_filter": { \
        "type": "entity", \
        "data_field": "InstanceId", \
        "entity_field": "InstanceId" \
    } \
}, \

The static_filter captures all events where metric_name = AWS/EC2.*. ITE Work correlates a metric or log event to an entity when the data_field of the event matches the entity_field of the entity. The entity_field can be any entity alias or entity information field you associated with an entity.

Navigations define parameters to send to a URL for an entity type. Use navigations to specify a URL that points to a dashboard or other resource for the entity and a set of parameters that let you specify entity information to pass as part of the URL parameters.

You can view navigations from an entity's information panel in the entity health page. Default AWS and Microsoft Azure entity types have a default navigation that displays a dashboard in an entity's Overview Dashboard.

Entity types and their analysis data filters, navigations, and vital metrics are defined in $SPLUNK_HOME/etc/apps/SA-ITOA/default/itsi_entity_type.conf. For more information about this file, see itsi_entity_type.conf in the Administration Manual.

(*) Represents the key metric for the entity type.

The following table includes the recommended methods to get data in for each of the default entity types.