SlideShare a Scribd company logo

Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk

Splunk, profile picture
Splunk

This document outlines an agenda and presentation for a Splunk workshop on reactive to proactive troubleshooting and monitoring. The agenda includes an introduction to Splunk for IT operations, hands-on IT operations exercises, an overview of relevant Splunk apps, an introduction to Splunk IT Service Intelligence, and customer stories. The presentation discusses how Splunk can help transform IT from reactive problem solving to proactive monitoring and operational intelligence. It highlights key Splunk capabilities like searching, monitoring, alerting and visualizing machine data from various sources to improve troubleshooting, uptime, and IT productivity. [/SUMMARY]

Technology
1 of 72
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk Seattle Workshop Al Liebl | Sr. Sales Engineer May 23, 2017
© 2017 SPLUNK INC. Session Agenda • Splunk for IT Operations – Introduction • IT Ops Hands On • IT Ops Relevant Splunk Apps • Introducing Splunk IT Service Intelligence • Customer Stories • Wrap Up
© 2017 SPLUNK INC. • 6,000+ IT and Business Professionals • 175+ Sessions • 80+ Customer Speakers PLUS Splunk University • Three days: Sept 23-25, 2017 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM .conf2017: The 8th Annual Splunk Conference
© 2017 SPLUNK INC. Splunk for IT Ops – Intro
© 2017 SPLUNK INC. Escalating IT Complexity… SaaS/PaaS IaaS VIRTUALIZATION STORAGE PACKAGED APPLICATIONS CUSTOM APPLICATIONS HR Email Finance App Svr DB Web Svr INFRASTRUCTURE APPLICATIONS VPN IP Phone Identify SERVERS NETWORKING
© 2017 SPLUNK INC. … Plaguing IT Operations SaaS/PaaS IaaS VIRTUALIZATION STORAGE PACKAGED APPLICATIONS CUSTOM APPLICATIONS HR Email Finance App Svr DB Web Svr INFRASTRUCTURE APPLICATIONS VPN IP Phone Identify SERVERS NETWORKING Complex, silo-based technologies Disconnected and outdated point solutions Reactive brute-force problem resolution Over 80% of time spent on maintaining, not innovating
© 2017 SPLUNK INC. Industry-Leading Platform for Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question
© 2017 SPLUNK INC. Industry-Leading Platform for Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source Schema on-the-fly Universal indexing No back-end RDBMS No need to filter data
© 2017 SPLUNK INC. The Focus Developer Platform (REST API, SDKs) IT Operations Application Delivery Business Analytics Internet of Things and Industrial Data Security, Compliance and Fraud Platform for Operational Intelligence
© 2017 SPLUNK INC. Turning Machine Data Into Operational Intelligence Search and Investigate Proactive Monitoring and Alerting Operational Visibility Real-Time Business Insight Reactive Proactive
© 2017 SPLUNK INC. Troubleshooting Find and fix problems faster Reduce MTTR Improve End User Experience Reduce Costs Greater IT Productivity
© 2017 SPLUNK INC. Troubleshooting Find and fix problems faster Reduced MTTR Reduce MTTR Improve End User Experience Reduce Costs Greater IT Productivity No more grepping through logs End-to-end correlation
© 2017 SPLUNK INC. Increased Uptime Trends in Real Time and Historical Data Powerful Visualizations Alerting and Notifications Monitoring Find and fix problem before it becomes a problem
© 2017 SPLUNK INC. Splunk Apps Accelerate Insights
© 2017 SPLUNK INC. Index and Analyze Data Across Your Technology Stack Splunk Add-Ons, Templates and Apps Accelerate Value From Machine Data No rigid schemas – add in data from any other source. Server, Storage, Network Virtualization, Containers Operating Systems and Databases Custom Applications Business Applications Cloud Services Web Intelligence Mobile Applications Stream Operations and Service Desks App Performance Monitoring DB Connect API
© 2017 SPLUNK INC. Apps Provide Deep Insights By Role Find and resolve problems fast in individual technology areas Exchange Admin Service Health Performance Message Tracking VMware/Win/Linux Admin Infrastructure Health Performance Anomalies/Outliers Storage Admin Infrastructure Health Performance Anomalies/Outliers
© 2017 SPLUNK INC. Fast-Track Your Deployment With Splunk Quick Start FAST time-to-results EASY to deploy LOW PRICE starting at $30K Splunk Quick Start Continued Success Education credits and .conf passes Deploy in 1 Week Expert support + customer success manager Tailored Splunk Apps & Add-Ons curated for your specific use case Scalable Scales from 20GB/day to 100GB/day + Easy path to upgrades Complete Everything you need to get started
© 2017 SPLUNK INC. Splunk Quick Start A quick and easy way to deploy Splunk Enterprise at a low price Splunk Education Credits and .conf Passes Everything you need to get your team Splunk Certified Tailored Selection of Splunk Apps and Add-ons Index and visualize the data sources you need Personalized Support Customer Success Manager to help you get up and running in 1 week Splunk Enterprise License Discounted by volume
© 2017 SPLUNK INC. Splunkbase splunkbase.splunk.com
© 2017 SPLUNK INC. Hands-On
© 2017 SPLUNK INC. Troubleshooting With Splunk BIRTH MONTH URL JANUARY https://od-seattleitwkshp-01.splunkoxygen.com FEBRUARY https://od-seattleitwkshp-02.splunkoxygen.com MARCH https://od-seattleitwkshp-03.splunkoxygen.com APRIL https://od-seattleitwkshp-04.splunkoxygen.com MAY https://od-seattleitwkshp-05.splunkoxygen.com JUNE https://od-seattleitwkshp-06.splunkoxygen.com JULY https://od-seattleitwkshp-07.splunkoxygen.com AUGUST https://od-seattleitwkshp-08.splunkoxygen.com SEPTEMBER https://od-seattleitwkshp-09.splunkoxygen.com OCTOBER https://od-seattleitwkshp-10.splunkoxygen.com NOVEMBER https://od-seattleitwkshp-11.splunkoxygen.com DECEMBER https://od-seattleitwkshp-12.splunkoxygen.com Ssid: splunk Pass: splunk2017 Username: user01 through user10 Password: changeme01 through changeme10
© 2017 SPLUNK INC. Login to Splunk Click on “Search and Reporting” to get started using Splunk!
© 2017 SPLUNK INC. ▶ Over 140 search commands ▶ Syntax was originally based upon the Unix pipeline and SQL and is optimized for time-series data ▶ The scope of SPL includes data searching, filtering, modification, manipulation, enrichment, insertion and deletion ▶ Includes machine learning such as anomaly detection SPL Overview Disk Intermediate results table Intermediate results table Final results table
© 2017 SPLUNK INC. Why Create a New Query Language? Flexibility and effectiveness on small and big data Late-binding schema More/better methods of correlation Not just analyze, but visualize Data BIG Data
© 2017 SPLUNK INC. search and filter | munge | report | cleanup | rename sum(KB) AS "Total KB" dc(clientip) AS "Unique Customers" | eval KB=bytes/1024 sourcetype=access* | stats sum(KB) dc(clientip) SPL Basic Structure
© 2017 SPLUNK INC. Searching With Splunk Start by typing * in the search bar!
© 2017 SPLUNK INC. Search Results Explore the results! Host = server Sourcetype = data format Look at the other fields Next, let’s extract new fields! Search for: sourcetype=apache:acce ss then click “Extract New Fields” at the bottom of the field list.
© 2017 SPLUNK INC. Extracting Fields Choose any event from the list to start. Note that there’s one field that is not already highlighted On the next screen, choose “Regular Expression” (but don’t panic – we won’t be writing regexes)
© 2017 SPLUNK INC. Extracting Fields, cont. Highlight the new field by selecting the text. In the pop-up, name the field “size” and click “Add Extraction” Check the Preview that comes up to see the new field!
© 2017 SPLUNK INC. Use the New Field! Search for sourcetype=apache:a ccess again and you’ll see the new field! Let’s get the maximum size for the last hour! Add “| stats max(size)” to the search (without quotes)
© 2017 SPLUNK INC. Troubleshooting Infrastructure We have reports of problems with the database – search sourcetype=mysqld Which machine do you think we should investigate further?
© 2017 SPLUNK INC. Troubleshooting Infrastructure, cont. Search for sourcetype=df on the affected host. Click the “PercentUsedSpace” field and then click “Maximum value over time”
© 2017 SPLUNK INC. Troubleshooting Infrastructure, cont. Now we can see that this server has a full disk!
© 2017 SPLUNK INC. Troubleshooting Applications Start by searching for “sourcetype=mint:network” Splunk MINT enables you to get data from mobile applications. Narrow down to see just the non-200 status codes.
© 2017 SPLUNK INC. Troubleshooting Applications, cont. There are many potential variables when dealing with mobile applications. Check to see if the problem is with a single device, carrier, platform, or version (appVersionName)
© 2017 SPLUNK INC. Creating an Alert We’ve found the problem – a bad application version that impacted Android devices! But it would be better to get an alert… Create a search for all MINT events with status codes other than 200 (hint: we did this earlier) Once you’ve run the new search, click “Save As” then “Alert”.
© 2017 SPLUNK INC. Creating an Alert, cont. Give the alert a name, and make it “Real-time” Make the trigger “Number of Results” and configure the alert to trigger if there are more than five results in five minutes. Click “Throttle” and set time to 60 seconds Configure email alert
© 2017 SPLUNK INC. Creating a Report Modify your search to show the count of events by status. On the “Visualization” tab, choose a “Pie Chart” for the chart. When you’ve got your pie chart working, click “Save As” and choose “Report”.
© 2017 SPLUNK INC. Creating a Dashboard From your new saved report, click “Add to Dashboard” Create a new dashboard and give it a name in the pop-up Click “Edit”, “Add Panel”, “Clone from Dashboard”, then choose your new dashboard and clone the panel. Edit the search of the new panel to show count by device, carrier or platform. Add more if you have time!
© 2017 SPLUNK INC. Using Dashboards Click on “Dashboards”, then “Mobile App Health”. The top row of this dashboard shows the server side of our mobile app isn’t having issues. The middle row shows counts by device, carrier, and app version. The bottom row shows some performance metrics. Use the panel in the lower left to see the application issue we diagnosed earlier.
© 2017 SPLUNK INC. Splunk IT Service Intelligence
© 2017 SPLUNK INC. What We Hear From Our Customers! “My CIO is demanding we look at IT from a business service perspective.” “Splunk is great for break-fix, but I need to show we’re meeting SLAs.” “I need everyone to be able to see the same thing at the same time.” “I just want to throw data at Splunk and have it find problems for me.” “Show me what my data can do for me!”
© 2017 SPLUNK INC. Rethinking and Improving How IT Operates • Structured data • Brittle tools and integrations • Obsession with “faults” and “traps” • Focus on components parts • Search oriented • Structured and unstructured data • Robust data integrations • Real-time insights from big data • Focus on the whole service • Machine learning-driven analytics Data Driven ITTraditional IT 0101101 0010101
© 2017 SPLUNK INC. What Is Service Intelligence? Enabling a business-aware IT Measuring and reporting on indicators that matter Unlocking operational efficiencies Collaborating across silos to improve service operations Data-based decision making Solving problems and anticipating pitfalls with sophisticated analytics and powerful insights
© 2017 SPLUNK INC. Machine learning-powered analytics for real-time service insights, simplified operations and root-cause isolation
© 2017 SPLUNK INC. Splunk IT Service Intelligence Prioritize incidents with context Deliver business & service context to prioritize incident investigation & action Redefine the role of IT Support decisions & communicate results with powerful service-level insights Simplify service operations Leverage machine learning to detect anomalies & highlight events that matter Unify siloed monitoring Combine events & metrics across silos with ease, flexibility & scale in days
© 2017 SPLUNK INC. Key Concepts
© 2017 SPLUNK INC. What’s a Service? Service Requests Responses In Splunk ITSI, a service is a logical group of technology components that a user deems need to be monitored together. It can often be generalized as a “black box” to which we send requests and expect responses
© 2017 SPLUNK INC. What’s a Service? DNS Requests Responses Technical Services Auth Requests Responses Web Requests Responses Services can be technology-centric…
© 2017 SPLUNK INC. What’s a Service? DNS Requests Responses Technical Services Customer Transactions Requests Responses Business Services Auth Requests Responses Web Requests Responses Support Desk Requests Responses … and business-centric
© 2017 SPLUNK INC. What’s a Service? Packet Network Hypervisor and Hosts RDBMSs Storage Tier API Services Web Services CustomerTransactions Mobile API/Middleware PartnerPortal DNS Services can encompass multiple tiers of the IT domain and may also depend upon other services/microservices
© 2017 SPLUNK INC. What’s a KPI? DNS Requests Responses KPI: Number of requests KPI: Error rate KPI: Average response time KPI: Servicer CPU load KPI: Server network I/F errors Customer Transactions Requests Responses KPI: Number of transactions KPI: Error rate KPI: Average response time KPI: Count of Incident Tickets KPI: Synthetic Transx Health KPIs and health scores constitute the means by which Services are monitored.
© 2017 SPLUNK INC. Key Performance Indicators (KPIs) KPI: A Splunk saved search defined in Splunk ITSI that helps monitor a specific field like CPU, Memory and so on. KPIs are contained within services.
© 2017 SPLUNK INC. Service Health Scores A health score is a score from 0-100 that helps determine the health of a service. It is calculated based on all KPIs importance and its status once every minute.
© 2017 SPLUNK INC. Capabilities & Features
© 2017 SPLUNK INC. Service Analyzer, Glass Tables, Deep Dives Service Analyzer: Auto generated filterable and tiled view of service health scores and KPIs Glass Tables: Customizable free form drawing dashboards to view health scores and KPIs of choice with visual tools to create context Deep Dives: Swim lane analysis dashboard to show all those indicators over time for investigations
© 2017 SPLUNK INC. Multi KPI Alerts, Notable Events Multi KPI Alerts: Correlation searches on service degradation Notable Events: Event framework for Multi KPI Alerts
© 2017 SPLUNK INC. Splunk ITSI Demo
© 2017 SPLUNK INC. What Makes Splunk ITSI Different! Search-Based KPIs • Easy to write, manage and change both services and KPIs • Reflects business and technology priorities • Benefit: Rapidly generate and change KPIs to align service health with business • Fiserv – 1000s in just weeks Full Fidelity Service Health • Adaptable and flexible definitions of service health • One solution to go seamlessly from service reports to root cause, including raw data • Remains adaptable and yet still maintains complete historical context Universal Data Platform • Data driven: All IT data including events, metrics and logs • Schema on-the-Fly • Ask any question of the data • Fast time to value • Data fidelity
© 2017 SPLUNK INC. Splunk IT Service Intelligence Machine Learning § Adaptive threshold automation to minimize false alerts § Behavior anomaly alerts to proactively address issues § Correlating data into knowledge, mitigating SME dependency § Accelerators minimize SPL coding § Trend aggregation to enable rapid visualization § Multi KPI Alerts for proactive irregularity identification Search-Based KPIs § Time Series Index § Schema on Read § Data Models Platform for Operational Intelligence § Visualize entire tech stack – bare metal through business layer § View the entire ecosystem with customized views for execs § Use 3 clicks to get the answer vs. 10 Dynamic Service ModelSplunk ITSI Capabilities
© 2017 SPLUNK INC. Customers Leading The Way
© 2017 SPLUNK INC. Why Enterprises Use Splunk for IT Operations Increased Uptime to 99.9% Availability Reduced MTTR from 2-3 days to a few minutes Improved Margins by protecting millions in ad-revenue Consolidated Tools by retiring 27 monitoring solutions Optimized Capacity by saving $500K in SW, HW & licenses Drives Innovation with usage analytics on product features
© 2017 SPLUNK INC. Unified insights: data integrations from other tools 11,000 to 100s Reduced incident tickets Alerting on service KPI’s instead of server performance Usage baselines to identify anomalies Splunk IT Service Intelligence at
© 2017 SPLUNK INC. Server-based to Services-based monitoring Top-down and deep-dive service insights 200+ services and 1500+ KPIs monitored Flexible creation and modification of services and KPIs Alerting on service KPIs instead of server performance Real-time, holistic and proactive “client” view Splunk IT Service Intelligence at
© 2017 SPLUNK INC. ▶ Real-time service insights to LOBs ▶ Reduced time to resolution ▶ Replaced home-grown tools Splunk IT Service Intelligence at
© 2017 SPLUNK INC. Wrap Up
© 2017 SPLUNK INC. Quick Start for Infrastructure Monitoring Fast time-to-results and success for a low entry price Expert Guidance and Customer Success Manager Tailored Selection of Apps and Add- Ons Education Credits and .conf Passes Add-On Builder
© 2017 SPLUNK INC. Quick Start for Application Management Fast time-to-results and success for a low entry price Expert Guidance and Customer Success Manager Tailored Selection of Apps and Add- Ons Education Credits and .conf Passes Stream Add-On Builder MINTMachine Learnin g
© 2017 SPLUNK INC. Splunk Quick Start for Service Intelligence Enterprise License Splunk ITSI License Education Professional Services .conf Passes Value Assurance Edition Services Edition Platform Edition * Splunk ITSI 6-month license *
© 2017 SPLUNK INC. Splunk is the Backbone of Modern IT Platform for Machine Data Troubleshooting Continuous Deployment Application Management Service Monitoring
© 2017 SPLUNK INC. AVAILABLE NOW! Try it: SPLUNK.COM/ITSI Free. In Splunk Cloud.
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank you

More Related Content

PDF
Splunk Discovery Day Milwaukee 9-14-17
Splunk
 
PPTX
Build a Security Portfolio That Strengthens Your Security Posture
Splunk
 
PPTX
Machine Data 101: Turning Data Into Insight
Splunk
 
PDF
Threat Hunting Workshop
Splunk
 
PDF
Splunk Threat Hunting Workshop
Splunk
 
PDF
Machine Data 101
Splunk
 
PDF
Splunk workshop-Threat Hunting
Splunk
 
PPTX
John Lewis at Gartner IOM 2017
Splunk
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk
 
Build a Security Portfolio That Strengthens Your Security Posture
Splunk
 
Machine Data 101: Turning Data Into Insight
Splunk
 
Threat Hunting Workshop
Splunk
 
Splunk Threat Hunting Workshop
Splunk
 
Machine Data 101
Splunk
 
Splunk workshop-Threat Hunting
Splunk
 
John Lewis at Gartner IOM 2017
Splunk
 

What's hot (20)

PPTX
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
PPTX
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk
 
PPTX
Threat Hunting
Splunk
 
PPTX
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
PPTX
Splunk Discovery Brussels - September 2017
Splunk
 
PDF
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
PPTX
Delivering New Visibility and Analytics for IT Operations
Splunk
 
PDF
Analytics Driven SIEM Workshop
Splunk
 
PPTX
A Day in the Life of a GDPR Breach - September 2017: France
Splunk
 
PPTX
The Hitchhiker's Guide to Service Intelligence
Splunk
 
PPTX
A Day in the Life of a GDPR Breach - September 2017: Germany
Splunk
 
PDF
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
PDF
The Hitchhiker's Guide to Service Intelligence Workshop
Splunk
 
PPTX
Financial Services Forum_New York, May 17, 2017
Splunk
 
PDF
.conf2016: Splunking the Endpoint: “Hands on!” Ransomware Edition
Splunk
 
PPTX
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
PPTX
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
Splunk
 
PPTX
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
PPTX
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
PPTX
A Day in the Life of a GDPR Breach
Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk
 
Threat Hunting
Splunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
Splunk Discovery Brussels - September 2017
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
Delivering New Visibility and Analytics for IT Operations
Splunk
 
Analytics Driven SIEM Workshop
Splunk
 
A Day in the Life of a GDPR Breach - September 2017: France
Splunk
 
The Hitchhiker's Guide to Service Intelligence
Splunk
 
A Day in the Life of a GDPR Breach - September 2017: Germany
Splunk
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
Splunk
 
Financial Services Forum_New York, May 17, 2017
Splunk
 
.conf2016: Splunking the Endpoint: “Hands on!” Ransomware Edition
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
A Day in the Life of a GDPR Breach
Splunk
 
Ad

Similar to Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk (20)

PDF
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
PDF
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
PPTX
Splunk Enterprise for IT Troubleshooting
Splunk
 
PPTX
Getting started with Splunk - Break out Session
Georg Knon
 
PPTX
Getting started with Splunk
Splunk
 
PPTX
Getting Started with Splunk Enterprise Hands-On
Splunk
 
PPTX
Getting Started with Splunk Enterprise
Splunk
 
PDF
Splunk workshop-2017-Power-of-SPL
Splunk
 
PDF
Power of SPL
Splunk
 
PDF
The Power of SPL
Splunk
 
PDF
Power of SPL Workshop
Splunk
 
PDF
Power of SPL Workshop
Splunk
 
PPTX
Getting Started with Splunk Enterprise
Shannon Cuthbertson
 
PPTX
Getting Started with Splunk Enterprise
Splunk
 
PDF
Machine Data 101 Workshop
Splunk
 
PPTX
Rage WITH the machine, not against it: Machine learning for Event Management
Splunk
 
PPTX
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
Splunk
 
PPTX
Power of SPL
Splunk
 
PPTX
Getting started with Splunk Breakout Session
Splunk
 
PDF
Splunk workshop-Machine Data 101
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Splunk
 
Splunk Enterprise for IT Troubleshooting
Splunk
 
Getting started with Splunk - Break out Session
Georg Knon
 
Getting started with Splunk
Splunk
 
Getting Started with Splunk Enterprise Hands-On
Splunk
 
Getting Started with Splunk Enterprise
Splunk
 
Splunk workshop-2017-Power-of-SPL
Splunk
 
Power of SPL
Splunk
 
The Power of SPL
Splunk
 
Power of SPL Workshop
Splunk
 
Power of SPL Workshop
Splunk
 
Getting Started with Splunk Enterprise
Shannon Cuthbertson
 
Getting Started with Splunk Enterprise
Splunk
 
Machine Data 101 Workshop
Splunk
 
Rage WITH the machine, not against it: Machine learning for Event Management
Splunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
Splunk
 
Power of SPL
Splunk
 
Getting started with Splunk Breakout Session
Splunk
 
Splunk workshop-Machine Data 101
Splunk
 
Ad

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Encapsulation theory and applications.pdf
gurumoop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 

Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk

  • 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk Seattle Workshop Al Liebl | Sr. Sales Engineer May 23, 2017
  • 2. © 2017 SPLUNK INC. Session Agenda • Splunk for IT Operations – Introduction • IT Ops Hands On • IT Ops Relevant Splunk Apps • Introducing Splunk IT Service Intelligence • Customer Stories • Wrap Up
  • 3. © 2017 SPLUNK INC. • 6,000+ IT and Business Professionals • 175+ Sessions • 80+ Customer Speakers PLUS Splunk University • Three days: Sept 23-25, 2017 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM .conf2017: The 8th Annual Splunk Conference
  • 4. © 2017 SPLUNK INC. Splunk for IT Ops – Intro
  • 5. © 2017 SPLUNK INC. Escalating IT Complexity… SaaS/PaaS IaaS VIRTUALIZATION STORAGE PACKAGED APPLICATIONS CUSTOM APPLICATIONS HR Email Finance App Svr DB Web Svr INFRASTRUCTURE APPLICATIONS VPN IP Phone Identify SERVERS NETWORKING
  • 6. © 2017 SPLUNK INC. … Plaguing IT Operations SaaS/PaaS IaaS VIRTUALIZATION STORAGE PACKAGED APPLICATIONS CUSTOM APPLICATIONS HR Email Finance App Svr DB Web Svr INFRASTRUCTURE APPLICATIONS VPN IP Phone Identify SERVERS NETWORKING Complex, silo-based technologies Disconnected and outdated point solutions Reactive brute-force problem resolution Over 80% of time spent on maintaining, not innovating
  • 7. © 2017 SPLUNK INC. Industry-Leading Platform for Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question
  • 8. © 2017 SPLUNK INC. Industry-Leading Platform for Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source Schema on-the-fly Universal indexing No back-end RDBMS No need to filter data
  • 9. © 2017 SPLUNK INC. The Focus Developer Platform (REST API, SDKs) IT Operations Application Delivery Business Analytics Internet of Things and Industrial Data Security, Compliance and Fraud Platform for Operational Intelligence
  • 10. © 2017 SPLUNK INC. Turning Machine Data Into Operational Intelligence Search and Investigate Proactive Monitoring and Alerting Operational Visibility Real-Time Business Insight Reactive Proactive
  • 11. © 2017 SPLUNK INC. Troubleshooting Find and fix problems faster Reduce MTTR Improve End User Experience Reduce Costs Greater IT Productivity
  • 12. © 2017 SPLUNK INC. Troubleshooting Find and fix problems faster Reduced MTTR Reduce MTTR Improve End User Experience Reduce Costs Greater IT Productivity No more grepping through logs End-to-end correlation
  • 13. © 2017 SPLUNK INC. Increased Uptime Trends in Real Time and Historical Data Powerful Visualizations Alerting and Notifications Monitoring Find and fix problem before it becomes a problem
  • 14. © 2017 SPLUNK INC. Splunk Apps Accelerate Insights
  • 15. © 2017 SPLUNK INC. Index and Analyze Data Across Your Technology Stack Splunk Add-Ons, Templates and Apps Accelerate Value From Machine Data No rigid schemas – add in data from any other source. Server, Storage, Network Virtualization, Containers Operating Systems and Databases Custom Applications Business Applications Cloud Services Web Intelligence Mobile Applications Stream Operations and Service Desks App Performance Monitoring DB Connect API
  • 16. © 2017 SPLUNK INC. Apps Provide Deep Insights By Role Find and resolve problems fast in individual technology areas Exchange Admin Service Health Performance Message Tracking VMware/Win/Linux Admin Infrastructure Health Performance Anomalies/Outliers Storage Admin Infrastructure Health Performance Anomalies/Outliers
  • 17. © 2017 SPLUNK INC. Fast-Track Your Deployment With Splunk Quick Start FAST time-to-results EASY to deploy LOW PRICE starting at $30K Splunk Quick Start Continued Success Education credits and .conf passes Deploy in 1 Week Expert support + customer success manager Tailored Splunk Apps & Add-Ons curated for your specific use case Scalable Scales from 20GB/day to 100GB/day + Easy path to upgrades Complete Everything you need to get started
  • 18. © 2017 SPLUNK INC. Splunk Quick Start A quick and easy way to deploy Splunk Enterprise at a low price Splunk Education Credits and .conf Passes Everything you need to get your team Splunk Certified Tailored Selection of Splunk Apps and Add-ons Index and visualize the data sources you need Personalized Support Customer Success Manager to help you get up and running in 1 week Splunk Enterprise License Discounted by volume
  • 19. © 2017 SPLUNK INC. Splunkbase splunkbase.splunk.com
  • 20. © 2017 SPLUNK INC. Hands-On
  • 21. © 2017 SPLUNK INC. Troubleshooting With Splunk BIRTH MONTH URL JANUARY https://od-seattleitwkshp-01.splunkoxygen.com FEBRUARY https://od-seattleitwkshp-02.splunkoxygen.com MARCH https://od-seattleitwkshp-03.splunkoxygen.com APRIL https://od-seattleitwkshp-04.splunkoxygen.com MAY https://od-seattleitwkshp-05.splunkoxygen.com JUNE https://od-seattleitwkshp-06.splunkoxygen.com JULY https://od-seattleitwkshp-07.splunkoxygen.com AUGUST https://od-seattleitwkshp-08.splunkoxygen.com SEPTEMBER https://od-seattleitwkshp-09.splunkoxygen.com OCTOBER https://od-seattleitwkshp-10.splunkoxygen.com NOVEMBER https://od-seattleitwkshp-11.splunkoxygen.com DECEMBER https://od-seattleitwkshp-12.splunkoxygen.com Ssid: splunk Pass: splunk2017 Username: user01 through user10 Password: changeme01 through changeme10
  • 22. © 2017 SPLUNK INC. Login to Splunk Click on “Search and Reporting” to get started using Splunk!
  • 23. © 2017 SPLUNK INC. ▶ Over 140 search commands ▶ Syntax was originally based upon the Unix pipeline and SQL and is optimized for time-series data ▶ The scope of SPL includes data searching, filtering, modification, manipulation, enrichment, insertion and deletion ▶ Includes machine learning such as anomaly detection SPL Overview Disk Intermediate results table Intermediate results table Final results table
  • 24. © 2017 SPLUNK INC. Why Create a New Query Language? Flexibility and effectiveness on small and big data Late-binding schema More/better methods of correlation Not just analyze, but visualize Data BIG Data
  • 25. © 2017 SPLUNK INC. search and filter | munge | report | cleanup | rename sum(KB) AS "Total KB" dc(clientip) AS "Unique Customers" | eval KB=bytes/1024 sourcetype=access* | stats sum(KB) dc(clientip) SPL Basic Structure
  • 26. © 2017 SPLUNK INC. Searching With Splunk Start by typing * in the search bar!
  • 27. © 2017 SPLUNK INC. Search Results Explore the results! Host = server Sourcetype = data format Look at the other fields Next, let’s extract new fields! Search for: sourcetype=apache:acce ss then click “Extract New Fields” at the bottom of the field list.
  • 28. © 2017 SPLUNK INC. Extracting Fields Choose any event from the list to start. Note that there’s one field that is not already highlighted On the next screen, choose “Regular Expression” (but don’t panic – we won’t be writing regexes)
  • 29. © 2017 SPLUNK INC. Extracting Fields, cont. Highlight the new field by selecting the text. In the pop-up, name the field “size” and click “Add Extraction” Check the Preview that comes up to see the new field!
  • 30. © 2017 SPLUNK INC. Use the New Field! Search for sourcetype=apache:a ccess again and you’ll see the new field! Let’s get the maximum size for the last hour! Add “| stats max(size)” to the search (without quotes)
  • 31. © 2017 SPLUNK INC. Troubleshooting Infrastructure We have reports of problems with the database – search sourcetype=mysqld Which machine do you think we should investigate further?
  • 32. © 2017 SPLUNK INC. Troubleshooting Infrastructure, cont. Search for sourcetype=df on the affected host. Click the “PercentUsedSpace” field and then click “Maximum value over time”
  • 33. © 2017 SPLUNK INC. Troubleshooting Infrastructure, cont. Now we can see that this server has a full disk!
  • 34. © 2017 SPLUNK INC. Troubleshooting Applications Start by searching for “sourcetype=mint:network” Splunk MINT enables you to get data from mobile applications. Narrow down to see just the non-200 status codes.
  • 35. © 2017 SPLUNK INC. Troubleshooting Applications, cont. There are many potential variables when dealing with mobile applications. Check to see if the problem is with a single device, carrier, platform, or version (appVersionName)
  • 36. © 2017 SPLUNK INC. Creating an Alert We’ve found the problem – a bad application version that impacted Android devices! But it would be better to get an alert… Create a search for all MINT events with status codes other than 200 (hint: we did this earlier) Once you’ve run the new search, click “Save As” then “Alert”.
  • 37. © 2017 SPLUNK INC. Creating an Alert, cont. Give the alert a name, and make it “Real-time” Make the trigger “Number of Results” and configure the alert to trigger if there are more than five results in five minutes. Click “Throttle” and set time to 60 seconds Configure email alert
  • 38. © 2017 SPLUNK INC. Creating a Report Modify your search to show the count of events by status. On the “Visualization” tab, choose a “Pie Chart” for the chart. When you’ve got your pie chart working, click “Save As” and choose “Report”.
  • 39. © 2017 SPLUNK INC. Creating a Dashboard From your new saved report, click “Add to Dashboard” Create a new dashboard and give it a name in the pop-up Click “Edit”, “Add Panel”, “Clone from Dashboard”, then choose your new dashboard and clone the panel. Edit the search of the new panel to show count by device, carrier or platform. Add more if you have time!
  • 40. © 2017 SPLUNK INC. Using Dashboards Click on “Dashboards”, then “Mobile App Health”. The top row of this dashboard shows the server side of our mobile app isn’t having issues. The middle row shows counts by device, carrier, and app version. The bottom row shows some performance metrics. Use the panel in the lower left to see the application issue we diagnosed earlier.
  • 41. © 2017 SPLUNK INC. Splunk IT Service Intelligence
  • 42. © 2017 SPLUNK INC. What We Hear From Our Customers! “My CIO is demanding we look at IT from a business service perspective.” “Splunk is great for break-fix, but I need to show we’re meeting SLAs.” “I need everyone to be able to see the same thing at the same time.” “I just want to throw data at Splunk and have it find problems for me.” “Show me what my data can do for me!”
  • 43. © 2017 SPLUNK INC. Rethinking and Improving How IT Operates • Structured data • Brittle tools and integrations • Obsession with “faults” and “traps” • Focus on components parts • Search oriented • Structured and unstructured data • Robust data integrations • Real-time insights from big data • Focus on the whole service • Machine learning-driven analytics Data Driven ITTraditional IT 0101101 0010101
  • 44. © 2017 SPLUNK INC. What Is Service Intelligence? Enabling a business-aware IT Measuring and reporting on indicators that matter Unlocking operational efficiencies Collaborating across silos to improve service operations Data-based decision making Solving problems and anticipating pitfalls with sophisticated analytics and powerful insights
  • 45. © 2017 SPLUNK INC. Machine learning-powered analytics for real-time service insights, simplified operations and root-cause isolation
  • 46. © 2017 SPLUNK INC. Splunk IT Service Intelligence Prioritize incidents with context Deliver business & service context to prioritize incident investigation & action Redefine the role of IT Support decisions & communicate results with powerful service-level insights Simplify service operations Leverage machine learning to detect anomalies & highlight events that matter Unify siloed monitoring Combine events & metrics across silos with ease, flexibility & scale in days
  • 47. © 2017 SPLUNK INC. Key Concepts
  • 48. © 2017 SPLUNK INC. What’s a Service? Service Requests Responses In Splunk ITSI, a service is a logical group of technology components that a user deems need to be monitored together. It can often be generalized as a “black box” to which we send requests and expect responses
  • 49. © 2017 SPLUNK INC. What’s a Service? DNS Requests Responses Technical Services Auth Requests Responses Web Requests Responses Services can be technology-centric…
  • 50. © 2017 SPLUNK INC. What’s a Service? DNS Requests Responses Technical Services Customer Transactions Requests Responses Business Services Auth Requests Responses Web Requests Responses Support Desk Requests Responses … and business-centric
  • 51. © 2017 SPLUNK INC. What’s a Service? Packet Network Hypervisor and Hosts RDBMSs Storage Tier API Services Web Services CustomerTransactions Mobile API/Middleware PartnerPortal DNS Services can encompass multiple tiers of the IT domain and may also depend upon other services/microservices
  • 52. © 2017 SPLUNK INC. What’s a KPI? DNS Requests Responses KPI: Number of requests KPI: Error rate KPI: Average response time KPI: Servicer CPU load KPI: Server network I/F errors Customer Transactions Requests Responses KPI: Number of transactions KPI: Error rate KPI: Average response time KPI: Count of Incident Tickets KPI: Synthetic Transx Health KPIs and health scores constitute the means by which Services are monitored.
  • 53. © 2017 SPLUNK INC. Key Performance Indicators (KPIs) KPI: A Splunk saved search defined in Splunk ITSI that helps monitor a specific field like CPU, Memory and so on. KPIs are contained within services.
  • 54. © 2017 SPLUNK INC. Service Health Scores A health score is a score from 0-100 that helps determine the health of a service. It is calculated based on all KPIs importance and its status once every minute.
  • 55. © 2017 SPLUNK INC. Capabilities & Features
  • 56. © 2017 SPLUNK INC. Service Analyzer, Glass Tables, Deep Dives Service Analyzer: Auto generated filterable and tiled view of service health scores and KPIs Glass Tables: Customizable free form drawing dashboards to view health scores and KPIs of choice with visual tools to create context Deep Dives: Swim lane analysis dashboard to show all those indicators over time for investigations
  • 57. © 2017 SPLUNK INC. Multi KPI Alerts, Notable Events Multi KPI Alerts: Correlation searches on service degradation Notable Events: Event framework for Multi KPI Alerts
  • 58. © 2017 SPLUNK INC. Splunk ITSI Demo
  • 59. © 2017 SPLUNK INC. What Makes Splunk ITSI Different! Search-Based KPIs • Easy to write, manage and change both services and KPIs • Reflects business and technology priorities • Benefit: Rapidly generate and change KPIs to align service health with business • Fiserv – 1000s in just weeks Full Fidelity Service Health • Adaptable and flexible definitions of service health • One solution to go seamlessly from service reports to root cause, including raw data • Remains adaptable and yet still maintains complete historical context Universal Data Platform • Data driven: All IT data including events, metrics and logs • Schema on-the-Fly • Ask any question of the data • Fast time to value • Data fidelity
  • 60. © 2017 SPLUNK INC. Splunk IT Service Intelligence Machine Learning § Adaptive threshold automation to minimize false alerts § Behavior anomaly alerts to proactively address issues § Correlating data into knowledge, mitigating SME dependency § Accelerators minimize SPL coding § Trend aggregation to enable rapid visualization § Multi KPI Alerts for proactive irregularity identification Search-Based KPIs § Time Series Index § Schema on Read § Data Models Platform for Operational Intelligence § Visualize entire tech stack – bare metal through business layer § View the entire ecosystem with customized views for execs § Use 3 clicks to get the answer vs. 10 Dynamic Service ModelSplunk ITSI Capabilities
  • 61. © 2017 SPLUNK INC. Customers Leading The Way
  • 62. © 2017 SPLUNK INC. Why Enterprises Use Splunk for IT Operations Increased Uptime to 99.9% Availability Reduced MTTR from 2-3 days to a few minutes Improved Margins by protecting millions in ad-revenue Consolidated Tools by retiring 27 monitoring solutions Optimized Capacity by saving $500K in SW, HW & licenses Drives Innovation with usage analytics on product features
  • 63. © 2017 SPLUNK INC. Unified insights: data integrations from other tools 11,000 to 100s Reduced incident tickets Alerting on service KPI’s instead of server performance Usage baselines to identify anomalies Splunk IT Service Intelligence at
  • 64. © 2017 SPLUNK INC. Server-based to Services-based monitoring Top-down and deep-dive service insights 200+ services and 1500+ KPIs monitored Flexible creation and modification of services and KPIs Alerting on service KPIs instead of server performance Real-time, holistic and proactive “client” view Splunk IT Service Intelligence at
  • 65. © 2017 SPLUNK INC. ▶ Real-time service insights to LOBs ▶ Reduced time to resolution ▶ Replaced home-grown tools Splunk IT Service Intelligence at
  • 66. © 2017 SPLUNK INC. Wrap Up
  • 67. © 2017 SPLUNK INC. Quick Start for Infrastructure Monitoring Fast time-to-results and success for a low entry price Expert Guidance and Customer Success Manager Tailored Selection of Apps and Add- Ons Education Credits and .conf Passes Add-On Builder
  • 68. © 2017 SPLUNK INC. Quick Start for Application Management Fast time-to-results and success for a low entry price Expert Guidance and Customer Success Manager Tailored Selection of Apps and Add- Ons Education Credits and .conf Passes Stream Add-On Builder MINTMachine Learnin g
  • 69. © 2017 SPLUNK INC. Splunk Quick Start for Service Intelligence Enterprise License Splunk ITSI License Education Professional Services .conf Passes Value Assurance Edition Services Edition Platform Edition * Splunk ITSI 6-month license *
  • 70. © 2017 SPLUNK INC. Splunk is the Backbone of Modern IT Platform for Machine Data Troubleshooting Continuous Deployment Application Management Service Monitoring
  • 71. © 2017 SPLUNK INC. AVAILABLE NOW! Try it: SPLUNK.COM/ITSI Free. In Splunk Cloud.
  • 72. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank you