Service Intelligence Modelle sind am effektivsten, wenn Sie auch mit speziellen Geschäftszielen und Initiativen verbunden sind und wenn sie kontinuierlich diese Zielerreichung messen. In dieser Session behandeln wir Best Practices und Techniken, um Ihre Service Intelligence Initiativen voranzutreiben. Wir werden ein effektives Serivce Intelligence Modele näher analysieren und dann ein Beispiel Modell entwerfen, mit dem sich die Geschäftsziele erreichen lassen und auch die Ziele für den Gschäftsmehrwert messen lassen.
2. Agenda
• ITSI Demo about Buttercup Games (role–play)
• Recap demonstrated key features
• Customer Success Stories
• Next steps and Q&A
3. Buttercup Games
Buttercup Games, a gaming company
– Goals:
Increase customer satisfaction
Increase revenue and profit
Lower operating costs
– Initiatives:
Digitization of all business processes
Big Data – leverage value of data along the whole
supply chain
4. What Is Service Intelligence?
5
Enabling a business-aware IT
Measuring and reporting on indicators that matter
Unlocking operational efficiencies
Collaborating across silos to improve service operations
Data-based decision making
Solving problems and anticipating pitfalls with
sophisticated analytics and powerful insights
7. • Visualize contextual inter-relationships
across service delivery components
• Illustrate business and service activity
using indicators aligned with strategic
goals
• Drive decisions by monitoring service
health against performance indicators
• Create sophisticated dashboards in
minutes
Personalized Visualizations of Your Services
9
8. Organized View of Performance Indicators
• Organize and correlate KPIs to speed
up investigations and diagnosis
• Compare performance over time and
in real time to understand trends
and identify systemic issues
• Enable broad and deep investigation
with contextual drill-downs
10
9. Real-Time View of Service and KPI Health
Scores
• Get early warning of emerging incidents
with a heat map of service health and
KPI scores, metrics, sparklines and alerts
• Drill down into service and entity details
for in-depth triage
11
10. Insights Into the Origin of Service Disruptions
12
Profile an entity to troubleshoot outages
and service degradations
Identify contributing services and entities
of the worst performing KPIs
12. Correlation Rules Generate Meaningful Events
14
Run predefined correlation searches against learned indicators to generate
notable events based on status and composite scores
13. Event Analytics
• Reduce event clutter and false
positives with multivariate
anomaly detection
• Automatically conceal duplicate
events to focus on relevant
events
• Easily sift through vast amounts
of events by filtering, tagging
and sorting
• Enrich and add context to events
to make it informative and
actionable
15
15. 17
Deep Service-Oriented Insights
Into Technology Domains
• Extend out-of-the-box functionality by
easily integrating with open source
and 3rd-party technologies and tools
17
• Fast-track data collection without
costly add-ons, customizations and
manual configurations
• Gain deep service-oriented insights
with built-in dashboards
• Simplify creation and deployment of
third-party and custom modules
18. 20
Reduce the Administrative Hurdle
20
Enable mass changes to thresholds and searches with templates,
reducing the number of searches and improving performance
Set services and entities into “maintenance” to suppress alerts
and accurately reflect health scores
Create highly available Splunk ITSI environments, revert
configurations to previous versions and ensure continuous
delivery
Manage permissions and authorize access to various views within
Splunk ITSI
FAST SEARCH
PERFORMANCE
MAINTENANCE
WINDOWS
BACKUP AND
RESTORE
ROLE-BASED
ACCESS CONTROLS
19. 22
What Makes Splunk ITSI Different
22
Search-BasedKPIs
• Easy to write, manage and change
both services and KPIs
• Reflects business and technology
priorities
• Benefit: Rapidly generate and
change KPIs to align service health
with business
• Fiserv – 1000s in just weeks
FullFidelityServiceHealth
• Adaptable and flexible
definitions of service health
• One solution to go seamlessly
from service reports to root
cause, including raw data
• Remains adaptable and yet still
maintains complete historical
context
UniversalDataPlatform
• Data driven: All IT data including
events, metrics and logs
• Schema on-the-Fly
• Ask any question of the
data
• Fast time-to-value
• Data fidelity
20. 23 23
Server-based to
services-based
monitoring
Top-down and
deep-dive service
insights
200+ services and
1,500+ KPIs
monitored
Flexible creation and
modification of
services and KPIs
Alerting on service
KPIs instead of
server performance
Real-time, holistic
and proactive
“client” view
Splunk IT Service Intelligence at
21. 24
Modernizing Enterprise Monitoring at
the International World Development Bank
• Enhanced service reliability and incident
response
• Ease and flexibility in creating business
level dashboards ad hoc and on-the-fly
• Integrations with BMC Remedy to simplify
incident response and action
• Tracing business transactions end to end
24
22. 25
Real-Time Car Auctions Delivered
With Intelligence
25
Reduced time-to-
investigate and
resolution with
real-time insights
Reduced incidents
across global
auctions by 90%
Improved end-user
experience and
service reliability
“With Splunk ITSI, we have proactive infrastructure monitoring to ensure a consistent level of customer
service for interested buyers to bid on cars.”
– Ken Gavranovic, VP Technology Application Development & Operations,
Cox Automotive
Scaling the
implementation with
Splunk Cloud
23. 26
Improved Satellite Operations With
Real-Time Infrastructure Visibility
26
“Using Splunk ITSI has helped us to
understand our IT network in a way
we weren’t able to previously. This
has directly led to improvements in
areas such as troubleshooting and
security awareness.”
– Daniel Nye,
CTO, Surrey Satellite
Improved service accessibility, reliability and security
Enhanced ability to troubleshoot persistent service problems
Gained end-to-end visibility into overall IT performance
24. 27
Splunk IT Service Intelligence
Data-driven service monitoring and analytics
27
SPLUNK IT SERVICE INTELLIGENCE
Time-Series Index
Platform for Operational Intelligence
Dynamic
Service Models
Schema-on-Read Data Model
Common
Information Model
At-a-Glance
Problem Analysis
Early Warning
on Deviations
Event Analytics
Simplified Incident
Workflows
25. 28
Splunk IT Service Intelligence
Get data
Define services,
entities and KPIs
Monitor and
troubleshoot
Analyze and
detect
Data-Defined, Data-Driven Service Insights
26. 29
Was sind ihre nächsten Schritte?
Glass Table workshop
Service Intelligene Breakfast
29. 32
Splunk-Sponsored Guided Workshop
32
Define methods for:
• Proactive service monitoring
• Reduced risk and failures
• Faster issue resolution
• Increased business
performance
What is it?
• 1-day on-site workshop
• Tightly linked with value
• Collaborative approach
• Build your own Splunk ITSI
Glass Table
30. ● 12 KPIs
● Unix and Windows OS ready
● Covers: CPU, memory, storage and network performance
33
OS Host
Load
Balancers
Application
Servers
● 13 KPIs
● For physical and software-based load balancers
● Covers: appliance health, user traffic and server pools
● 17 KPIs
● Deep insights into Java-based application servers
● Covers: runtime performance, server health and application traffic
Splunk ITSI Packaged Modules
31. ● 7 KPIs
● Per-instance monitoring
● Covers: server health, network and database activity
34
Splunk ITSI Packaged Modules
● 24 KPIs
● 3 service templates
● Covers: host, virtual machine and data store performance
● 8 KPIs
● Server and web transaction monitoring
● Covers: user traffic, server health and application performance
Databases
Virtualization
Web Servers
Editor's Notes
Splunk is a scalable platform for machine data, that allows you to interact with the data to solve various use-cases. Initially we were founded one enabling IT administrators to solve IT challenges but over the years we’ve manifested this into various other use cases including Application Management, Security and Compliance (the top 3 being our core use-cases) and the evolving use cases are around Business Analytics and IoT, all of which has been led by our customers.
As our customers grow their asks from Splunk also began to evolve. They were looking for an integrated holistic packaged solution that will not only help them break-down silos, but apply machine learning to enable their IT practitioners to help arm them with the right data at the right time. They want to exploit the data they have within Splunk to discover new ways to improve their operations and drive business priorities and growth. Our customers wanted to up-level the insight machine data gave them. Not only did they want to immediately address the operational problems but also wanted visibility into whether they are meeting SLA’s, what impact performance is having to the business.
That brings us to Splunk IT Service Intelligence – a packaged solution that enables real-time visibility into services driven by machine data.
Splunk ITSI speeds and simplifies service monitoring and analytics and enables IT to make better, smarter and informed business decisions.
This solution allows you to gain a deep understanding of your services. With Splunk ITSI, you have real-time views into the health of your services, and can use advanced analytics to find patterns, detect anomalies and trends to proactively monitor and address issues.
As a result you have improved service visibility, reduced resolution times, and a transformative approach to monitoring and analytics driven by machine-data.
In order to solve these evolving needs, a certain class of customers began to leverage the platform and take advantage of the data they already had indexed within Splunk. They built some pretty sophisticated use-cases to improve operational efficiencies. And they way they are doing this is by adding a service perspective to the data they already have in Splunk.
What became apparent as we spoke to those customers was that we have the ability to transform this age-old problem of troubleshooting and monitoring with a new approach driven by machine data. Given our customers had custom built service insights using the data they already had in the platform, it was a natural evolution for us to build an integrated solution based on our customers successes and make Splunk service-aware. This helps our customers to maximize the value they can get from Splunk with a machine data driven approach to monitoring and analytics.
What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of.
Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises.
An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs.
One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well.
To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time!
Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity
With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time.
The business impact here surrounds the time and expense in identifying root cause and fixing the problem
To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation.
The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale.
Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business.
The impact that we hear from Service Owners is that the business perceives IT as being inefficient.
So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs.
Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies.
Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of.
Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises.
An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs.
One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well.
To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time!
Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity
With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time.
The business impact here surrounds the time and expense in identifying root cause and fixing the problem
To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation.
The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale.
Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business.
The impact that we hear from Service Owners is that the business perceives IT as being inefficient.
So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs.
Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies.
Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
Fiserv is a global financial services technology provider behind essential services such as mobile and online banking, payments, risk management, data analytics and core account processing - more than 1 in 3 U.S. financial institutions rely on Fiserv for core processing services. Lacking a consistent monitoring approach and frustrated with too many tools, Fiserv initially deployed Splunk Enterprise to deploy Splunk to collect and process data that can feed into existing incident management process. While Splunk Enterprise was supporting faster troubleshooting and issue resolutions, Fiserv needed a way to quickly react to changing environment conditions to alert and prevent reoccurring events BEFORE they happened. The team was struggling to build Splunk dashboards that surfaced the right information and led to decisive action. Fiserv also needed to perform continual education across business units, across support tiers and across shifts on the latest dashboards that looks for specific client impacting conditions. The team had a mandate to achieve these goals in just 90 days. Enter Splunk IT Service Intelligence – with Splunk ITSI, Fiserv was able to:
Deliver service based monitoring in a much shorter time frame
Empower a tier 1 user with a tool kit to triage and act as a higher tier
Develop model out of a problem review to add new KPIs to roll into the service as a hole.
Easily correlate issues through a drill down and determine cause vs effect and then dive right into the logs
Fiserv leveraged Splunk IT Service Intelligence to enhance their service-based monitoring and empower their users. With Splunk IT Service Intelligence, the Fiserv team is able to collect and process data from multiple sources and locations and integrate that data into an existing incident management process.
…all within 90 days from inception to delivery.
Splunk was brought into the organization nearly 3 years ago, primarily to solve security use cases. IT ops teams were struggling with a variety of different monitoring tools, managed by different teams and showing different perspectives of the same data.
Needed to consolidate all this data and visualizations and needed a flexible way to create business dashboards and consolidate the the different tools and data into a single console and replace their Manager of Managers solution.
With (Splunk IT Service Intelligence) ITSI World Bank has realized the ease with which these tools can be integrated, events brought in and parsing the message from these events and to make sure that only what’s being displayed to the console are actionable meaningful alert.
Example service is the was with the treasury department.
There are financial penalties if trades aren’t released in a certain amount of time, as you can imagine. If it goes into the next day, interest rates may change that could cause a lot of problems for the trading desk.
With ITSI, they were able to put together a holistic dashboard that shows what the user experience is, how much time it takes for traders to log in, how many traders are still logged into the system and then when it comes to their business, how many trades have been released, how many are not released, how many are stuck, how many are completed, and then, what that overall processing time is, so that their treasury line managers can see on their desktop a holistic picture of real-time trading activity and what is happening now and do they need to take actions.
They didn’t have to spend weeks and months to integrate data sources to them, customize portlets and other things. With Splunk ITSI, thet were able to build exactly what they needed quickly within hours.
They’ve also built in integration into BMC Remedy to automoate incident workflows.
Challenges:
In the past, Cox Automotive encountered uptime and application stability challenges during its auto auctions, but had little visibility into the root cause. When a problem occurred, their operations teams lacked visibility into whether the disruption was broad across the network or isolated to a single lane that needed investigation. It also lacked the ability to prioritize incident investigations and needed real-time insights into the performance and availability of each auction lane.
Solution:
Cox Automotive decided to standardize its data aggregation strategy on Splunk IT Service Intelligence to gain much-needed Operational Intelligence. With Manheim, AutoTrader.com and Kelley Blue Book, Cox Automotive is changing the car buying and selling business and enabling people to buy and sell cars from their homes, offices and mobile devices.
Since Cox Automotive implemented Splunk ITSI, the platform has delivered tremendous value and helped drive down key metrics such as mean-time-to-investigate (MTTI) and mean-time-to-resolution. As Cox deploys Splunk ITSI across all of its brands, the solution is already providing nearly instantaneous returns and is improving end-user-experience and service reliability
Now, if an incident with a camera, microphone or other device occurs, staff members get an alert within seconds, can troubleshoot quickly, and rapidly identify the issue and exact location for an auction technician to minimize disruption. Moreover, using advanced analytics and machine learning, staff can predict outages and can even monitor equipment degradation for proactive replacement.
Splunk Cloud:
Given the enormous amount of data at Cox Automotive, they are pleased with the company’s cloud strategy and notes that the ability to have all data flow to one place instead of distributing it among different data centers has been a godsend. With the Splunk platform, the company no longer has to depend on on-premises storage and it has the flexibility to scale on demand. With Splunk ITSI being adopted as the enterprise monitoring and analytics solution, Splunk Cloud has made it possible to scale their implementation and adoption across various brands within Cox Automotive.
Beyond the data associated with Manheim car auctions, Cox is ingesting approximately 2TB of data per day from across its infrastructure into the Splunk Cloud platform. This is enabling teams to not only understand the health and well-being of production systems but also giving release engineering and application development teams insights into new software releases.
Real-time visibility improves security effectiveness
SSTL was unable to search through security data due to limitations in its disparate security solutions. By using Splunk Enterprise to centrally store, index and provide insight to a range of data sources including firewall, Active Directory, email hosting and website traffic, the organization now is able to rapidly search through data and establish alerts in a way that wasn’t possible previously. This has significantly improved the organization’s ability to understand and respond to potential insider and advanced persistent threats , with alerts established to recognize anomalies such as employees logging in at work when they haven’t swiped into the office.
Insight into IT health and performance
Since deploying Splunk ITSI, SSTL has gained overarching insights into the performance of the organization’s key services through a Service Health. Powerful visualizations provide easily digestible data and analytics in the form of a dashboards that the business services team uses to better understand real-time performance and business impact. This end-to-end view into IT highlights how potential problems such as a high load being exerted on the SQL server estate affects other key IT services. The team can then drill down into the data to accelerate root cause analysis and problem resolution. With Splunk ITSI, SSTL has been able to improve performance issues and ensure IT services are accessible, reliable and secure for all employees. “Using Splunk Enterprise and Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously,” says Surrey Satellite Technology Chief Technology Officer, Daniel Nye. “This has directly led to improvements in areas such as troubleshooting and security awareness , which is allowing us to focus more on how we can support our engineers and researchers.”
With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational use cases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business.
The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
So, let’s look at a simple visual to discuss how it works?
In four simple steps, customers can achieve data driven service insights.
They Get the data in. (all the data…)
They quickly define services, entities, and KPIs
They monitor and troubleshoot
They analyze and detect
Through these steps, the customers is able to realize the value of Data Defined, Data Driven Service Insights.