Daten getriebene Service Intelligence mit Splunk ITSI
•
1 like•642 views
Service Intelligence Modelle sind am effektivsten, wenn Sie auch mit speziellen Geschäftszielen und Initiativen verbunden sind und wenn sie kontinuierlich diese Zielerreichung messen. In dieser Session behandeln wir Best Practices und Techniken, um Ihre Service Intelligence Initiativen voranzutreiben. Wir werden ein effektives Serivce Intelligence Modele näher analysieren und dann ein Beispiel Modell entwerfen, mit dem sich die Geschäftsziele erreichen lassen und auch die Ziele für den Gschäftsmehrwert messen lassen.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Daten getriebene Service Intelligence mit Splunk ITSI
Similar to Daten getriebene Service Intelligence mit Splunk ITSI (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
Daten getriebene Service Intelligence mit Splunk ITSI
- 1. Copyright © 2015 Splunk Inc. Data driven Service Intelligence mit Splunk ITSI
- 2. Agenda • ITSI Demo about Buttercup Games (role–play) • Recap demonstrated key features • Customer Success Stories • Next steps and Q&A
- 3. Buttercup Games Buttercup Games, a gaming company – Goals: Increase customer satisfaction Increase revenue and profit Lower operating costs – Initiatives: Digitization of all business processes Big Data – leverage value of data along the whole supply chain
- 4. What Is Service Intelligence? 5 Enabling a business-aware IT Measuring and reporting on indicators that matter Unlocking operational efficiencies Collaborating across silos to improve service operations Data-based decision making Solving problems and anticipating pitfalls with sophisticated analytics and powerful insights
- 5. Machine learning-powered analytics for real-time service insights, simplified operations and root-cause isolation
- 6. What we’ve seen …and what we’ve NOT seen
- 7. • Visualize contextual inter-relationships across service delivery components • Illustrate business and service activity using indicators aligned with strategic goals • Drive decisions by monitoring service health against performance indicators • Create sophisticated dashboards in minutes Personalized Visualizations of Your Services 9
- 8. Organized View of Performance Indicators • Organize and correlate KPIs to speed up investigations and diagnosis • Compare performance over time and in real time to understand trends and identify systemic issues • Enable broad and deep investigation with contextual drill-downs 10
- 9. Real-Time View of Service and KPI Health Scores • Get early warning of emerging incidents with a heat map of service health and KPI scores, metrics, sparklines and alerts • Drill down into service and entity details for in-depth triage 11
- 10. Insights Into the Origin of Service Disruptions 12 Profile an entity to troubleshoot outages and service degradations Identify contributing services and entities of the worst performing KPIs
- 11. Out of the Box Dashboards via Modules
- 12. Correlation Rules Generate Meaningful Events 14 Run predefined correlation searches against learned indicators to generate notable events based on status and composite scores
- 13. Event Analytics • Reduce event clutter and false positives with multivariate anomaly detection • Automatically conceal duplicate events to focus on relevant events • Easily sift through vast amounts of events by filtering, tagging and sorting • Enrich and add context to events to make it informative and actionable 15
- 14. IntegrateWithExistingIncidentWorkflows 16 Automatically initiate defined incident and remediation responses Integrate with ServiceNow to create tickets and accelerate triage
- 15. 17 Deep Service-Oriented Insights Into Technology Domains • Extend out-of-the-box functionality by easily integrating with open source and 3rd-party technologies and tools 17 • Fast-track data collection without costly add-ons, customizations and manual configurations • Gain deep service-oriented insights with built-in dashboards • Simplify creation and deployment of third-party and custom modules
- 16. LearnWhat’sNormaland Abnormal 18 Baseline normal operations and alert on anomalous conditions Identify abnormal trends and patterns in KPI data
- 17. BaselineTrendsto AdaptThresholds 19 Use statistics to dynamically adapt KPI thresholds by time Maintain and preserve learned thresholds to monitor KPI and service behavior
- 18. 20 Reduce the Administrative Hurdle 20 Enable mass changes to thresholds and searches with templates, reducing the number of searches and improving performance Set services and entities into “maintenance” to suppress alerts and accurately reflect health scores Create highly available Splunk ITSI environments, revert configurations to previous versions and ensure continuous delivery Manage permissions and authorize access to various views within Splunk ITSI FAST SEARCH PERFORMANCE MAINTENANCE WINDOWS BACKUP AND RESTORE ROLE-BASED ACCESS CONTROLS
- 19. 22 What Makes Splunk ITSI Different 22 Search-BasedKPIs • Easy to write, manage and change both services and KPIs • Reflects business and technology priorities • Benefit: Rapidly generate and change KPIs to align service health with business • Fiserv – 1000s in just weeks FullFidelityServiceHealth • Adaptable and flexible definitions of service health • One solution to go seamlessly from service reports to root cause, including raw data • Remains adaptable and yet still maintains complete historical context UniversalDataPlatform • Data driven: All IT data including events, metrics and logs • Schema on-the-Fly • Ask any question of the data • Fast time-to-value • Data fidelity
- 20. 23 23 Server-based to services-based monitoring Top-down and deep-dive service insights 200+ services and 1,500+ KPIs monitored Flexible creation and modification of services and KPIs Alerting on service KPIs instead of server performance Real-time, holistic and proactive “client” view Splunk IT Service Intelligence at
- 21. 24 Modernizing Enterprise Monitoring at the International World Development Bank • Enhanced service reliability and incident response • Ease and flexibility in creating business level dashboards ad hoc and on-the-fly • Integrations with BMC Remedy to simplify incident response and action • Tracing business transactions end to end 24
- 22. 25 Real-Time Car Auctions Delivered With Intelligence 25 Reduced time-to- investigate and resolution with real-time insights Reduced incidents across global auctions by 90% Improved end-user experience and service reliability “With Splunk ITSI, we have proactive infrastructure monitoring to ensure a consistent level of customer service for interested buyers to bid on cars.” – Ken Gavranovic, VP Technology Application Development & Operations, Cox Automotive Scaling the implementation with Splunk Cloud
- 23. 26 Improved Satellite Operations With Real-Time Infrastructure Visibility 26 “Using Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously. This has directly led to improvements in areas such as troubleshooting and security awareness.” – Daniel Nye, CTO, Surrey Satellite Improved service accessibility, reliability and security Enhanced ability to troubleshoot persistent service problems Gained end-to-end visibility into overall IT performance
- 24. 27 Splunk IT Service Intelligence Data-driven service monitoring and analytics 27 SPLUNK IT SERVICE INTELLIGENCE Time-Series Index Platform for Operational Intelligence Dynamic Service Models Schema-on-Read Data Model Common Information Model At-a-Glance Problem Analysis Early Warning on Deviations Event Analytics Simplified Incident Workflows
- 25. 28 Splunk IT Service Intelligence Get data Define services, entities and KPIs Monitor and troubleshoot Analyze and detect Data-Defined, Data-Driven Service Insights
- 26. 29 Was sind ihre nächsten Schritte? Glass Table workshop Service Intelligene Breakfast
- 27. Danke
- 29. 32 Splunk-Sponsored Guided Workshop 32 Define methods for: • Proactive service monitoring • Reduced risk and failures • Faster issue resolution • Increased business performance What is it? • 1-day on-site workshop • Tightly linked with value • Collaborative approach • Build your own Splunk ITSI Glass Table
- 30. ● 12 KPIs ● Unix and Windows OS ready ● Covers: CPU, memory, storage and network performance 33 OS Host Load Balancers Application Servers ● 13 KPIs ● For physical and software-based load balancers ● Covers: appliance health, user traffic and server pools ● 17 KPIs ● Deep insights into Java-based application servers ● Covers: runtime performance, server health and application traffic Splunk ITSI Packaged Modules
- 31. ● 7 KPIs ● Per-instance monitoring ● Covers: server health, network and database activity 34 Splunk ITSI Packaged Modules ● 24 KPIs ● 3 service templates ● Covers: host, virtual machine and data store performance ● 8 KPIs ● Server and web transaction monitoring ● Covers: user traffic, server health and application performance Databases Virtualization Web Servers
Editor's Notes
- Splunk is a scalable platform for machine data, that allows you to interact with the data to solve various use-cases. Initially we were founded one enabling IT administrators to solve IT challenges but over the years we’ve manifested this into various other use cases including Application Management, Security and Compliance (the top 3 being our core use-cases) and the evolving use cases are around Business Analytics and IoT, all of which has been led by our customers. As our customers grow their asks from Splunk also began to evolve. They were looking for an integrated holistic packaged solution that will not only help them break-down silos, but apply machine learning to enable their IT practitioners to help arm them with the right data at the right time. They want to exploit the data they have within Splunk to discover new ways to improve their operations and drive business priorities and growth. Our customers wanted to up-level the insight machine data gave them. Not only did they want to immediately address the operational problems but also wanted visibility into whether they are meeting SLA’s, what impact performance is having to the business.
- That brings us to Splunk IT Service Intelligence – a packaged solution that enables real-time visibility into services driven by machine data. Splunk ITSI speeds and simplifies service monitoring and analytics and enables IT to make better, smarter and informed business decisions. This solution allows you to gain a deep understanding of your services. With Splunk ITSI, you have real-time views into the health of your services, and can use advanced analytics to find patterns, detect anomalies and trends to proactively monitor and address issues. As a result you have improved service visibility, reduced resolution times, and a transformative approach to monitoring and analytics driven by machine-data.
- In order to solve these evolving needs, a certain class of customers began to leverage the platform and take advantage of the data they already had indexed within Splunk. They built some pretty sophisticated use-cases to improve operational efficiencies. And they way they are doing this is by adding a service perspective to the data they already have in Splunk. What became apparent as we spoke to those customers was that we have the ability to transform this age-old problem of troubleshooting and monitoring with a new approach driven by machine data. Given our customers had custom built service insights using the data they already had in the platform, it was a natural evolution for us to build an integrated solution based on our customers successes and make Splunk service-aware. This helps our customers to maximize the value they can get from Splunk with a machine data driven approach to monitoring and analytics.
- What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of. Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises. An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs. One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well. To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time! Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time. The business impact here surrounds the time and expense in identifying root cause and fixing the problem To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation. The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale. Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business. The impact that we hear from Service Owners is that the business perceives IT as being inefficient. So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs. Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies. Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
- What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of. Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises. An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs. One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well. To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time! Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time. The business impact here surrounds the time and expense in identifying root cause and fixing the problem To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation. The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale. Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business. The impact that we hear from Service Owners is that the business perceives IT as being inefficient. So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs. Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies. Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
- Fiserv is a global financial services technology provider behind essential services such as mobile and online banking, payments, risk management, data analytics and core account processing - more than 1 in 3 U.S. financial institutions rely on Fiserv for core processing services. Lacking a consistent monitoring approach and frustrated with too many tools, Fiserv initially deployed Splunk Enterprise to deploy Splunk to collect and process data that can feed into existing incident management process. While Splunk Enterprise was supporting faster troubleshooting and issue resolutions, Fiserv needed a way to quickly react to changing environment conditions to alert and prevent reoccurring events BEFORE they happened. The team was struggling to build Splunk dashboards that surfaced the right information and led to decisive action. Fiserv also needed to perform continual education across business units, across support tiers and across shifts on the latest dashboards that looks for specific client impacting conditions. The team had a mandate to achieve these goals in just 90 days. Enter Splunk IT Service Intelligence – with Splunk ITSI, Fiserv was able to: Deliver service based monitoring in a much shorter time frame Empower a tier 1 user with a tool kit to triage and act as a higher tier Develop model out of a problem review to add new KPIs to roll into the service as a hole. Easily correlate issues through a drill down and determine cause vs effect and then dive right into the logs Fiserv leveraged Splunk IT Service Intelligence to enhance their service-based monitoring and empower their users. With Splunk IT Service Intelligence, the Fiserv team is able to collect and process data from multiple sources and locations and integrate that data into an existing incident management process. …all within 90 days from inception to delivery.
- Splunk was brought into the organization nearly 3 years ago, primarily to solve security use cases. IT ops teams were struggling with a variety of different monitoring tools, managed by different teams and showing different perspectives of the same data. Needed to consolidate all this data and visualizations and needed a flexible way to create business dashboards and consolidate the the different tools and data into a single console and replace their Manager of Managers solution. With (Splunk IT Service Intelligence) ITSI World Bank has realized the ease with which these tools can be integrated, events brought in and parsing the message from these events and to make sure that only what’s being displayed to the console are actionable meaningful alert. Example service is the was with the treasury department. There are financial penalties if trades aren’t released in a certain amount of time, as you can imagine. If it goes into the next day, interest rates may change that could cause a lot of problems for the trading desk. With ITSI, they were able to put together a holistic dashboard that shows what the user experience is, how much time it takes for traders to log in, how many traders are still logged into the system and then when it comes to their business, how many trades have been released, how many are not released, how many are stuck, how many are completed, and then, what that overall processing time is, so that their treasury line managers can see on their desktop a holistic picture of real-time trading activity and what is happening now and do they need to take actions. They didn’t have to spend weeks and months to integrate data sources to them, customize portlets and other things. With Splunk ITSI, thet were able to build exactly what they needed quickly within hours. They’ve also built in integration into BMC Remedy to automoate incident workflows.
- Challenges: In the past, Cox Automotive encountered uptime and application stability challenges during its auto auctions, but had little visibility into the root cause. When a problem occurred, their operations teams lacked visibility into whether the disruption was broad across the network or isolated to a single lane that needed investigation. It also lacked the ability to prioritize incident investigations and needed real-time insights into the performance and availability of each auction lane. Solution: Cox Automotive decided to standardize its data aggregation strategy on Splunk IT Service Intelligence to gain much-needed Operational Intelligence. With Manheim, AutoTrader.com and Kelley Blue Book, Cox Automotive is changing the car buying and selling business and enabling people to buy and sell cars from their homes, offices and mobile devices. Since Cox Automotive implemented Splunk ITSI, the platform has delivered tremendous value and helped drive down key metrics such as mean-time-to-investigate (MTTI) and mean-time-to-resolution. As Cox deploys Splunk ITSI across all of its brands, the solution is already providing nearly instantaneous returns and is improving end-user-experience and service reliability Now, if an incident with a camera, microphone or other device occurs, staff members get an alert within seconds, can troubleshoot quickly, and rapidly identify the issue and exact location for an auction technician to minimize disruption. Moreover, using advanced analytics and machine learning, staff can predict outages and can even monitor equipment degradation for proactive replacement. Splunk Cloud: Given the enormous amount of data at Cox Automotive, they are pleased with the company’s cloud strategy and notes that the ability to have all data flow to one place instead of distributing it among different data centers has been a godsend. With the Splunk platform, the company no longer has to depend on on-premises storage and it has the flexibility to scale on demand. With Splunk ITSI being adopted as the enterprise monitoring and analytics solution, Splunk Cloud has made it possible to scale their implementation and adoption across various brands within Cox Automotive. Beyond the data associated with Manheim car auctions, Cox is ingesting approximately 2TB of data per day from across its infrastructure into the Splunk Cloud platform. This is enabling teams to not only understand the health and well-being of production systems but also giving release engineering and application development teams insights into new software releases.
- Real-time visibility improves security effectiveness SSTL was unable to search through security data due to limitations in its disparate security solutions. By using Splunk Enterprise to centrally store, index and provide insight to a range of data sources including firewall, Active Directory, email hosting and website traffic, the organization now is able to rapidly search through data and establish alerts in a way that wasn’t possible previously. This has significantly improved the organization’s ability to understand and respond to potential insider and advanced persistent threats , with alerts established to recognize anomalies such as employees logging in at work when they haven’t swiped into the office. Insight into IT health and performance Since deploying Splunk ITSI, SSTL has gained overarching insights into the performance of the organization’s key services through a Service Health. Powerful visualizations provide easily digestible data and analytics in the form of a dashboards that the business services team uses to better understand real-time performance and business impact. This end-to-end view into IT highlights how potential problems such as a high load being exerted on the SQL server estate affects other key IT services. The team can then drill down into the data to accelerate root cause analysis and problem resolution. With Splunk ITSI, SSTL has been able to improve performance issues and ensure IT services are accessible, reliable and secure for all employees. “Using Splunk Enterprise and Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously,” says Surrey Satellite Technology Chief Technology Officer, Daniel Nye. “This has directly led to improvements in areas such as troubleshooting and security awareness , which is allowing us to focus more on how we can support our engineers and researchers.”
- With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational use cases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business. The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
- So, let’s look at a simple visual to discuss how it works? In four simple steps, customers can achieve data driven service insights. They Get the data in. (all the data…) They quickly define services, entities, and KPIs They monitor and troubleshoot They analyze and detect Through these steps, the customers is able to realize the value of Data Defined, Data Driven Service Insights.