Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session covers best practices and techniques for designing and building an effective service model, using the domain knowledge of your experts and capturing and reporting on key metrics that everyone can understand. We will design a sample service model and map them to performance indicators to track operational and business objectives. We will also show you how to make Splunk service-ware with Splunk IT Service Intelligence (ITSI).
With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational use cases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business.
The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
These are the 4 main dashboards that are in ITSI, SA is for the quick view and quick filtering to see only the Services and KPIs of choice, Glass table is for those who want to represent their own workflow and want to take the time to make things look pretty. Deep Dive is for the investigative work when things go wrong, Multi KPI alerts is to build alerts for when there is a desire to be alerted by email or just view the notable event review dashboard (like Incident review in ES).
Think ES when talking about notable events. They are nearly identical to ES notable events other than the fact that they are some other fields like Service and the actions you can perform on them are a little different. Like going to Deep Dive or creating ticket in service now. The correlation searches that create these notable events can be designed through the correlation search interface like in ES, or through the Multi KPI alert UI. They are stored in the notable events summary index.
Fiserv is a global financial services technology provider behind essential services such as mobile and online banking, payments, risk management, data analytics and core account processing - more than 1 in 3 U.S. financial institutions rely on Fiserv for core processing services. Lacking a consistent monitoring approach and frustrated with too many tools, Fiserv initially deployed Splunk Enterprise to deploy Splunk to collect and process data that can feed into existing incident management process. While Splunk Enterprise was supporting faster troubleshooting and issue resolutions, Fiserv needed a way to quickly react to changing environment conditions to alert and prevent reoccurring events BEFORE they happened. The team was struggling to build Splunk dashboards that surfaced the right information and led to decisive action. Fiserv also needed to perform continual education across business units, across support tiers and across shifts on the latest dashboards that looks for specific client impacting conditions. The team had a mandate to achieve these goals in just 90 days. Enter Splunk IT Service Intelligence – with Splunk ITSI, Fiserv was able to:
Deliver service based monitoring in a much shorter time frame
Empower a tier 1 user with a tool kit to triage and act as a higher tier
Develop model out of a problem review to add new KPIs to roll into the service as a hole.
Easily correlate issues through a drill down and determine cause vs effect and then dive right into the logs
Fiserv leveraged Splunk IT Service Intelligence to enhance their service-based monitoring and empower their users. With Splunk IT Service Intelligence, the Fiserv team is able to collect and process data from multiple sources and locations and integrate that data into an existing incident management process.
…all within 90 days from inception to delivery.
Splunk was brought into the organization nearly 3 years ago, primarily to solve security use cases. IT ops teams were struggling with a variety of different monitoring tools, managed by different teams and showing different perspectives of the same data.
Needed to consolidate all this data and visualizations and needed a flexible way to create business dashboards and consolidate the the different tools and data into a single console and replace their Manager of Managers solution.
With (Splunk IT Service Intelligence) ITSI World Bank has realized the ease with which these tools can be integrated, events brought in and parsing the message from these events and to make sure that only what’s being displayed to the console are actionable meaningful alert.
Example service is the was with the treasury department.
There are financial penalties if trades aren’t released in a certain amount of time, as you can imagine. If it goes into the next day, interest rates may change that could cause a lot of problems for the trading desk.
With ITSI, they were able to put together a holistic dashboard that shows what the user experience is, how much time it takes for traders to log in, how many traders are still logged into the system and then when it comes to their business, how many trades have been released, how many are not released, how many are stuck, how many are completed, and then, what that overall processing time is, so that their treasury line managers can see on their desktop a holistic picture of real-time trading activity and what is happening now and do they need to take actions.
They didn’t have to spend weeks and months to integrate data sources to them, customize portlets and other things. With Splunk ITSI, thet were able to build exactly what they needed quickly within hours.
They’ve also built in integration into BMC Remedy to automoate incident workflows.
Measure health and impact goes across the bottom
Verify each person’s role in the room. See if there are gaps in SMEs. During break ask if gaps can be filled.
SANDBOX: (detailed faq available online)
What is the Splunk IT Service Intelligence Online Sandbox?
The Splunk IT Service Intelligence (ITSI) Online Sandbox is a personal online environment provisioned in the cloud where you can immediately try and experience the power of Splunk ITSI – with the ability to search, visualize, and analyze the pre-populated data.
What data is available in the sandbox?
The data in the sandbox is what you might expect to see from a small three-tier web store. There are web and mobile tiers that end users interact with, a middleware tier and a database tier. The web and mobile tiers are generating web logs, while the middleware and database tiers are generating logs from Splunk App for Stream. There are also OS metrics for all tiers: CPU, memory, disk space and IO Latency.
These pre-populated data sets were selected to provide you with meaningful visual indications and enable a thorough walkthrough of the solution.
Do I need to set up a Splunk.com account to use the Sandbox?
Yes. You can create a Splunk.com account on the Splunk Cloud Free Trial page.
How many Splunk IT Service Intelligence Online Sandboxes can I try?
You may try up to three 7-day sandboxes per account.
TRIAL:
Standard POC engagement
The live expression of our community is our users conference. Journalists last year said it was more like a family reunion than a technology conference, and we take that as a compliment. It’s the best place to share best practices, new ideas and learn directly from the smartest people in the Splunk ecosystem. Doesn’t matter if you’re just getting started with Splunk or are a veteran user, everyone learns something and gets reenergized at .conf2017.
4 inspired Keynotes
165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security… and MORE!
30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you!
Join the 50%+ of Fortune 100 companies who attended .conf2016 to get hands-on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers.
Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in DC a Splunk user, leave Orlando a Splunk Ninja!
REGISTRATION IS OPEN, sessions will be posted by end of June