SplunkLive! Zurich 2017 - How to Design, Build and Map IT and Business Services in Splunk
•Download as PPTX, PDF•
1 like•842 views
Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session covers best practices and techniques for designing and building an effective service model, using the domain knowledge of your experts and capturing and reporting on key metrics that everyone can understand. We will design a sample service model and map them to performance indicators to track operational and business objectives. We will also show you how to make Splunk service-ware with Splunk IT Service Intelligence (ITSI).
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to SplunkLive! Zurich 2017 - How to Design, Build and Map IT and Business Services in Splunk
Similar to SplunkLive! Zurich 2017 - How to Design, Build and Map IT and Business Services in Splunk (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
SplunkLive! Zurich 2017 - How to Design, Build and Map IT and Business Services in Splunk
- 1. © 2017 SPLUNK INC. Splunk ITSI How to design, build and map IT and Business Services in Splunk Johann Schrem, Enterprise Account Manager k
- 2. © 2017 SPLUNK INC. Data-driven service insights for increased customer satisfaction and efficient IT operations INTRODUCING
- 3. © 2017 SPLUNK INC. 3 What Is Service Intelligence? Enabling a business-aware IT Measuring and reporting on indicators that matter Unlocking operational efficiencies Collaborating across silos to improve service operations Data-based decision making Solving problems and anticipating pitfalls with sophisticated analytics and powerful insights
- 4. © 2017 SPLUNK INC. Rethinking and Improving How IT Operates 4 Traditional IT Data-Driven IT • Structured data • Brittle tools and integrations • Obsession with “faults” and “traps” • Focus on components parts • Search oriented • Structured and unstructured data • Robust data integrations • Real-time insights from big data • Focus on the whole service • Machine learning-driven analytics
- 5. © 2017 SPLUNK INC. Splunk IT Service Intelligence Data-driven service monitoring and analytics 5 SPLUNK IT SERVICE INTELLIGENCE Time-Series Index Platform for Machine Data Dynamic Service Models Schema-on-Read Data Model Common Information Model At-a-Glance Problem Analysis Early Warning on Deviations Event Analytics Simplified Incident Workflows
- 6. © 2017 SPLUNK INC. Splunk ITSI Overview
- 7. © 2017 SPLUNK INC. How IT SI complements core Splunk ▶ Think of core Splunk as collecting data at each horizontal layer ▶ ITSI is a ‘vertical slice’ that only focuses on the components in the layer that rollup to a given application or Business Service Physical Server (Dell, HP, CISCO blades or servers) Guest OS (Windows/Linux/*Nix) Database (Oracle, SQL Server, MySQL) Hypervisor (ESX, HyperV, Citrix) Web Server (Apache, TomCat) App Server (WebLogic, Jboss EAP, WebSphere) 7 Applications, business/mission services SAN/NAS Storage (EMC, AppNet) Network FullStackCustomApp RESTbased service ASPISP Cloud
- 8. © 2017 SPLUNK INC. Service Analyzer: Auto generated filterable and tiled view of Service health scores and KPIs Deep Dives: Swim lane analysis dashboard to show all those indicators over time for investigations Glass Tables: Customizable free form drawing dashboards to view health scores and KPIs of choice with visual tools to create context ITSI Visualizations 8
- 9. © 2017 SPLUNK INC. Proactive Alerting 9 Multi KPI Alerts: Correlation searches on service degradation Notable Events: Event framework for Multi KPI Alerts
- 10. © 2017 SPLUNK INC.
- 11. © 2017 SPLUNK INC.
- 12. © 2017 SPLUNK INC.
- 13. © 2017 SPLUNK INC. Service Health
- 14. © 2017 SPLUNK INC. Server-based to services-based monitoring Top-down and deep-dive service insights 200+ services and 1,500+ KPIs monitored Flexible creation and modification of services and KPIs Alerting on service KPIs instead of server performance Real-time, holistic and proactive “client” view Splunk IT Service Intelligence at
- 15. © 2017 SPLUNK INC. Modernizing Enterprise Monitoring at the International World Development Bank • Enhanced service reliability and incident response • Ease and flexibility in creating business level dashboards ad hoc and on-the-fly • Integrations with BMC Remedy to simplify incident response and action • Tracing business transactions end to end 15
- 16. © 2017 SPLUNK INC.
- 17. © 2017 SPLUNK INC. 17 Efficient and Effective IT Ops with Splunk Root Cause Analysis Up to 30% of root causes not isolated, causing incidents to recur Incident Troubleshooting Log analysis done manually Incident Triage All hands on deck, taking up 30 to 40 minutes Failure detection Customer often informs IT Before ITSI Service Restoration Fix is implemented in 2 hours on average Faster and more comprehensive root cause analysis helping to reduce incident recurrence Faster investigation (MTTI) through Deep Dives, correlation, and search capabilities Faster triage often conducted by 1st level staff without all hands on deck Detection before customer is impacted With Splunk Fix is implemented Event Mgmt Incident Mgmt Problem Mgmt
- 18. © 2017 SPLUNK INC. 18 The Value of Splunk 67-82% reduction in business impact 60-80% reduction in fees and penalties 15-45% reduction in high priority incidents 70-90% reduction in incident investigation time Preliminary results from early adopter Business Value Assessments Speed: More services modeled faster, real-time service intelligence for a competitive advantage Risk: Fewer business impacting incidents, reduced amount of time when consumers are impacted Cost: less time investigating and resolving issues Tangible ValueITSI Key Benefits IT Operations & Application Support
- 19. © 2017 SPLUNK INC. 5 Launch your Service Intelligence Initiative 3 Decompose and design before configuring 1 Start with a problem worth solving Bring subject experts together 2
- 20. © 2017 SPLUNK INC. Design methodology: Service Decomposition 1 Start with business function & flow Define scope and depth 2 3 Link supporting technology Measure health and impact
- 21. © 2017 SPLUNK INC. Service Intelligence Workshop Harness the creativity and domain knowledge of your organization to unlock the value of data and solve an important Business Service problem through a joint service intelligence workshop with key stakeholders Define methods for: › Proactive service monitoring › Reduced risk and failures › Faster issue resolution › Increased business performance What is it? › Tightly linked with value › Demonstrates best practices › Collaborative approach › Builds a functioning example
- 22. © 2017 SPLUNK INC. SMEs for Service Decomposition Provisioning Service Service Owners NOC Managers Tools Managers Infrastructure SMEs Incident Managers Problem Managers Development 22
- 23. © 2017 SPLUNK INC. Service Decomposition 23 Infrastructure Layer Power / Cooling Facilities Server – Networking – Storage Application Layer Physical & Virtual O/S Database – Middleware – Application Server Business Layer Mail Transport - Order Processing E-Commerce Service Layer
- 24. © 2017 SPLUNK INC. How Do You Get Splunk ITSI? 24 ONLINE SANDBOX TRIAL 7 days of access to a free, personal environment in the cloud, with prepopulated data Engage in a proof-of-concept to index your data and experience Splunk ITSI
- 25. © 2017 SPLUNK INC. Splunk-Sponsored Guided Workshop 25 Define methods for: • Proactive service monitoring • Reduced risk and failures • Faster issue resolution • Increased business performance What is it? • 1-day on-site workshop • Tightly linked with value • Collaborative approach • Build your own Splunk ITSI Glass Table
- 26. © 2017 SPLUNK INC. Splunk Demo
- 27. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
- 28. © 2017 SPLUNK INC. Take the Survey on Pony Poll ponypoll.com/zurich2017
- 29. © 2017 SPLUNK INC. BREAK 5 MINUTES
- 30. © 2017 SPLUNK INC. ▶ 6000+ IT and Business Professionals ▶ 200+ Sessions ▶ 80+ Customer Speakers PLUS Splunk University ▶ Three days: Sept 23-25, 2017 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. .conf2017 The 8th Annual Splunk Conference conf.splunk.com
- 31. © 2017 SPLUNK INC. Q&A
Editor's Notes
- With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational use cases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business. The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
- These are the 4 main dashboards that are in ITSI, SA is for the quick view and quick filtering to see only the Services and KPIs of choice, Glass table is for those who want to represent their own workflow and want to take the time to make things look pretty. Deep Dive is for the investigative work when things go wrong, Multi KPI alerts is to build alerts for when there is a desire to be alerted by email or just view the notable event review dashboard (like Incident review in ES).
- Think ES when talking about notable events. They are nearly identical to ES notable events other than the fact that they are some other fields like Service and the actions you can perform on them are a little different. Like going to Deep Dive or creating ticket in service now. The correlation searches that create these notable events can be designed through the correlation search interface like in ES, or through the Multi KPI alert UI. They are stored in the notable events summary index.
- Fiserv is a global financial services technology provider behind essential services such as mobile and online banking, payments, risk management, data analytics and core account processing - more than 1 in 3 U.S. financial institutions rely on Fiserv for core processing services. Lacking a consistent monitoring approach and frustrated with too many tools, Fiserv initially deployed Splunk Enterprise to deploy Splunk to collect and process data that can feed into existing incident management process. While Splunk Enterprise was supporting faster troubleshooting and issue resolutions, Fiserv needed a way to quickly react to changing environment conditions to alert and prevent reoccurring events BEFORE they happened. The team was struggling to build Splunk dashboards that surfaced the right information and led to decisive action. Fiserv also needed to perform continual education across business units, across support tiers and across shifts on the latest dashboards that looks for specific client impacting conditions. The team had a mandate to achieve these goals in just 90 days. Enter Splunk IT Service Intelligence – with Splunk ITSI, Fiserv was able to: Deliver service based monitoring in a much shorter time frame Empower a tier 1 user with a tool kit to triage and act as a higher tier Develop model out of a problem review to add new KPIs to roll into the service as a hole. Easily correlate issues through a drill down and determine cause vs effect and then dive right into the logs Fiserv leveraged Splunk IT Service Intelligence to enhance their service-based monitoring and empower their users. With Splunk IT Service Intelligence, the Fiserv team is able to collect and process data from multiple sources and locations and integrate that data into an existing incident management process. …all within 90 days from inception to delivery.
- Splunk was brought into the organization nearly 3 years ago, primarily to solve security use cases. IT ops teams were struggling with a variety of different monitoring tools, managed by different teams and showing different perspectives of the same data. Needed to consolidate all this data and visualizations and needed a flexible way to create business dashboards and consolidate the the different tools and data into a single console and replace their Manager of Managers solution. With (Splunk IT Service Intelligence) ITSI World Bank has realized the ease with which these tools can be integrated, events brought in and parsing the message from these events and to make sure that only what’s being displayed to the console are actionable meaningful alert. Example service is the was with the treasury department. There are financial penalties if trades aren’t released in a certain amount of time, as you can imagine. If it goes into the next day, interest rates may change that could cause a lot of problems for the trading desk. With ITSI, they were able to put together a holistic dashboard that shows what the user experience is, how much time it takes for traders to log in, how many traders are still logged into the system and then when it comes to their business, how many trades have been released, how many are not released, how many are stuck, how many are completed, and then, what that overall processing time is, so that their treasury line managers can see on their desktop a holistic picture of real-time trading activity and what is happening now and do they need to take actions. They didn’t have to spend weeks and months to integrate data sources to them, customize portlets and other things. With Splunk ITSI, thet were able to build exactly what they needed quickly within hours. They’ve also built in integration into BMC Remedy to automoate incident workflows.
- Measure health and impact goes across the bottom
- Verify each person’s role in the room. See if there are gaps in SMEs. During break ask if gaps can be filled.
- SANDBOX: (detailed faq available online) What is the Splunk IT Service Intelligence Online Sandbox? The Splunk IT Service Intelligence (ITSI) Online Sandbox is a personal online environment provisioned in the cloud where you can immediately try and experience the power of Splunk ITSI – with the ability to search, visualize, and analyze the pre-populated data. What data is available in the sandbox? The data in the sandbox is what you might expect to see from a small three-tier web store. There are web and mobile tiers that end users interact with, a middleware tier and a database tier. The web and mobile tiers are generating web logs, while the middleware and database tiers are generating logs from Splunk App for Stream. There are also OS metrics for all tiers: CPU, memory, disk space and IO Latency. These pre-populated data sets were selected to provide you with meaningful visual indications and enable a thorough walkthrough of the solution. Do I need to set up a Splunk.com account to use the Sandbox? Yes. You can create a Splunk.com account on the Splunk Cloud Free Trial page. How many Splunk IT Service Intelligence Online Sandboxes can I try? You may try up to three 7-day sandboxes per account. TRIAL: Standard POC engagement
- The live expression of our community is our users conference. Journalists last year said it was more like a family reunion than a technology conference, and we take that as a compliment. It’s the best place to share best practices, new ideas and learn directly from the smartest people in the Splunk ecosystem. Doesn’t matter if you’re just getting started with Splunk or are a veteran user, everyone learns something and gets reenergized at .conf2017. 4 inspired Keynotes 165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security… and MORE! 30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you! Join the 50%+ of Fortune 100 companies who attended .conf2016 to get hands-on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers. Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in DC a Splunk user, leave Orlando a Splunk Ninja! REGISTRATION IS OPEN, sessions will be posted by end of June