2. Where to get the Hand Out?
2
https://splunk.box.com/splunkliveitsi16
3. Log in to Splunk
1. Meet your partner in ITSI for the next
hour
(the individual to you left or right
2. Following instructions on attached paper
please log in as User1 OR User2
3. Don’t worry we will come back to the
Service Analyzer Later (Promise!!!)
4. Please Click Glass Table
Click Glass Table
4. Glass Table Decom Refresher
4
CLICK
“Buttercup Games
Business Process”
QUICK REFRESHER:
Business Service Discussion
Click Service Health
6. New Requirement for DB Service
6
● Create 2 KPIs –
● Storage Availability
● Database error count
● Create Glass Table
“WE only have about 15min
TO DO WHAT ???!!???”
Think about how long this
would take you today?
8. Lets Talk Entities
8
● Select DB Service
● Entities are things
● Limit # with:
● And/Or
● Where do they come from?
CMDB?? Search??
9. KPI’s in 5 min? Storage
9
● Click New – Generic KPI
● Select Data Model
● Host Operating System
● Storage
● Storage_used_percent
● Next
10. Storage Continued….
10
Splunk Builds Searches for you –
Oh Yeah that’s happening
● Select Yes For Both Options
● Entity Mapping
● Host <-> Host
● Click Next
11. Last Stop for Storage
11
● Every 5 Min (think *Nix TA)
● Avg / Max/ etc
● Look back time frame = 5min
● Next
● Add unit of Measure = %
● Next
12. Final Steps only a minute left
12
● Set your thresholds
● Aggregate (All)
● Per Entity
● We will Discuss Adaptive Thresholds
(machine learning and anomaly
detection in just a moment)…
● Finish
13. Adaptive What?
13
● Lets Name it!
● Database Host
Storage Used Percent
● Adaptive thresholding
● Aggregates
● Per Entity
14. Anomaly Who?
14
● Turn On
● Set Training Window
● Show then adjust Sensitivity
● Click enable Alerting
15. KPI’s in 5 min? Errors
15
● Click New – Generic KPI
● Ad hoc Search
● Sourcetype=mysqld ERROR
OR CRITICAL
● Threshold Field (what we count)
● Priority
16. Errors Continued….
16
● Select Yes For Both Options
● Entity Mapping
● Host <-> Host
● Click Next
Splunk Builds Searches for you –
Oh Yeah that’s happening
17. Last Stop for Errors
17
● Every 1 Min
● Count
● Look back time frame = 5min
● Next
● Add unit of Measure = Ct
● Next
18. Final Steps only a minute left
18
● Set your thresholds
● Aggregate (All)
● Per Entity
● Finish
19. Lets Build a Glass Table
19
● Using 10 min - build a Glass
Table for Database Tier
● Click Save
20. Uh-huh Disk = Bad
20
● Notable Events
● Click Alert Critical –
Disk Full MySQL
21. Notable Event Review
21
● Actions –
● ServiceNow
● What Else
● Deep Dive??
● Open DB Service
Kpis in Deep Dive
23. Review Topics
23
● Business Services comprised of Technology Micro
Services which contain entities
● Measuring of Key Performance Indicators through quick
creation, adaptive thresholding and anomaly detection
● Service Analyzer
● Notable Event Framework
● Deep Dive to See EVERYTHING
So is it fair to say that YOU, the business teams and YOU, the technical teams can now use these Glass Tables to help each other start defining KPI’s that interrelate, correlate and integrate the technology and Business Micro Services that make up the Many Services in an Environment?
Show of hands Business Team who believes this can happen?
Show of hands Technical Teams who believes this can happen?
YES they CAN and YES it will actually happen both of the teams can and WILL start helping one another to identify Entities, KPI’s and Services?
So lets build on that excitement for a second. What is the typical answer the Business gets from the Technical Teams as to how long something will take to build?
"Many Quarters and realistically a Year on the conservative side right?"
To quantify that, Show of hands, anyone here been involved in a IT Service Management / Business Management team trying to map every Server to a Service or Business Function?
Net of that LONG Conversation it is not fun nor pretty and Job Longevity - Yeah as soon as you finish you have to start over.
So why ITSI - Because this is “EASY" with ITSI and we NEED the tech teams to let the Business Teams know that it can happen in weeks but, even more important we NEED the Business Teams to let the Technical Teams know it can happen in weeks…
But just like the infomercials, but wait theres more …
This has allows for teams to model their data and using machine learning to identify what is or is not data driven events based on historical activity. Which ANSWERS the question of how do teams schedule downtime week over week at the same time, GUESS WHAT THE MODEL WILL SHOW THAT and the teams can account for it.
And yes if you order now IT Service Intelligence also includes built in anomaly heuristics which are tunable for sensitivity
Talk through NOT HANDS ON For SplunkLivers …..
Talk through NOT WORK
So is it fair to say that YOU, the business teams and YOU, the technical teams can now use these Glass Tables to help each other start defining KPI’s that interrelate, correlate and integrate the technology and Business Micro Services that make up the Many Services in an Environment?
Show of hands Business Team who believes this can happen?
Show of hands Technical Teams who believes this can happen?
YES they CAN and YES it will actually happen both of the teams can and WILL start helping one another to identify Entities, KPI’s and Services?
So lets build on that excitement for a second. What is the typical answer the Business gets from the Technical Teams as to how long something will take to build?
"Many Quarters and realistically a Year on the conservative side right?"
To quantify that, Show of hands, anyone here been involved in a IT Service Management / Business Management team trying to map every Server to a Service or Business Function?
Net of that LONG Conversation it is not fun nor pretty and Job Longevity - Yeah as soon as you finish you have to start over.
So why ITSI - Because this is “EASY" with ITSI and we NEED the tech teams to let the Business Teams know that it can happen in weeks but, even more important we NEED the Business Teams to let the Technical Teams know it can happen in weeks…
But just like the infomercials, but wait theres more …
This has allows for teams to model their data and using machine learning to identify what is or is not data driven events based on historical activity. Which ANSWERS the question of how do teams schedule downtime week over week at the same time, GUESS WHAT THE MODEL WILL SHOW THAT and the teams can account for it.
And yes if you order now IT Service Intelligence also includes built in anomaly heuristics which are tunable for sensitivity
Explain Icons and Background images – Team of 2 will build their own or one together
Talk through NOT WORK
Talk through NOT WORK
Talk through NOT WORK
Talk through NOT WORK
We’re headed to the East Coast!
2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics!
165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE!
30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you!
Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers.
Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja!
REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!