SplunkLive! London 2017 - Happy Apps, Happy Users
•
0 likes•538 views
No matter what business you’re in, your web applications are front-and-center for your customers. Downtime, or even bad performance not only creates a spike in costs, they often translate into loss of customers and revenue. You need immediate insight into the availability, performance and usage of your applications and the infrastructure your applications run on. In this session, you will learn why you need to take a platform approach to full stack application management, whether your applications reside on-premises or in the cloud. Second, we will show you how you can use Splunk to monitor the usage and performance of your applications, and quickly troubleshoot faults by stepping through some of the most common issues our customers experience. Third, we’ll contrast what Splunk does relative to other APM tools you may already have deployed, and even show you how you can bring APM data into Splunk to gain more insight into application performance.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to SplunkLive! London 2017 - Happy Apps, Happy Users
Similar to SplunkLive! London 2017 - Happy Apps, Happy Users (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
SplunkLive! London 2017 - Happy Apps, Happy Users
- 1. © 2017 SPLUNK INC. Happy Apps, Happy Users: Using Splunk for APM Mark Brown | ITOA Subject Matter Expert, Splunk MAY 11, 2017 | LONDON
- 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Safe Harbor Statement
- 3. © 2017 SPLUNK INC. Mark Brown Staff Sales Engineer ITOA SME at Splunk mbrown@splunk.com Your Presenters
- 4. © 2017 SPLUNK INC. 1. Taking a Platform Approach 2. How Splunk Provides Reliability and Performance Insight 3. Splunk and Your APM Tools: Better Together! 4. Adding Service and Root-Cause Insight In This Session
- 5. © 2017 SPLUNK INC. Taking a Platform Approach It’s your data, make the most of it.
- 6. © 2017 SPLUNK INC. Application Management: Many Roles, Many Challenges ▶ Is the problem with the app, the network or the backend system? ▶ Why are my specialists all saying “it works” but the application is down? ▶ How does performance compare mobile vs. web vs. desktop?APP MANAGERS/ OPERATIONS ▶ How can I deliver new releases faster? ▶ How can I see how my applications are working in production? ▶ How can other developer, test and monitoring tools improve my coding?DEVELOPERS ▶ How do I ensure new releases don’t break critical apps? ▶ How can I do “full stack” monitoring easily? ▶ What changes will optimize application and infrastructure performance?DEVOPS, SRE PERF MANAGER ▶ How are customers using my app? How is it impacting my business? ▶ Which features should I prioritize for future versions? ▶ Are my customers impacted by outages and performance issues?LINE OF BUSINESS
- 7. © 2017 SPLUNK INC. Complex Technology Stacks Make Reliability More Difficult End Users Networking/ Load-balancing Web Servers App Servers Legacy Systems Messaging Databases Security Virtualization, Containers, Servers, Storage Java, .NET, PHP, etc.
- 8. © 2017 SPLUNK INC. Complex Technology Stacks Make Reliability More Difficult End Users Networking/ Load-balancing Web Servers App Servers Legacy Systems Messaging Databases Security Virtualization, Containers, Servers, Storage Java, .NET, PHP, etc. Containers and microservices are dynamic and change constantly Hybrid cloud, multiple providers of services require different approaches Lack of connection to the business services delivered over the stack Disconnected and outdated point solutions that limit visibility
- 9. © 2017 SPLUNK INC. Traditional Monitoring Tools Contribute to the Silo Effect Network InfrastructureLayer Packet, Payload, Traffic, Utilization, Perf Storage Utilization, Capacity, Performance Server Performance, Usage, Dependency ApplicationLayer User Experience Usage, Response Time, Failed Interactions Byte Code Instrumentation Usage, Experience, Performance, Quality Business Performance Corporate Data, Intake, Output, Throughput Challenges ▶ Many disparate components ▶ Brittle integrations ▶ Data is summarized and lost ▶ Longer root-cause identification ▶ End-to-end view challenging ▶ Labor-intensive to manage ▶ Not agile enough for digital businessEVENTS Event Layer Event Management METRICS Service Layer BSM/Dashboard Tools
- 10. © 2017 SPLUNK INC. ▶ Ingest data once – single source of truth across teams ▶ Analyze machine data across entire stack ▶ Integrate data from other management tools ▶ Connect machine data to business services ▶ Identify root cause of problems quickly ▶ Apply best practices in analytics to predict changes in reliability and service usage Reliability Requires a Platform Approach Data Fabric OTHER TEAMS PRODUCT MANAGERS/ BUSINESS OWNERS DEVOPS, SRE PERF MANAGER APP MANAGERS/ OPERATIONS DEVELOPERS
- 11. © 2017 SPLUNK INC. How Splunk Provides Reliability and Performance Insight Application Performance Insight. Better, more efficient monitoring. Faster troubleshooting. Insight across teams. Everyone wins.
- 12. © 2017 SPLUNK INC. A Platform Approach for Application Performance Analytics Network InfrastructureLayer Packet, Payload, Traffic, Utilization, Perf Storage Utilization, Capacity, Performance Server Performance, Usage, Dependency ApplicationLayer User Experience Usage, Response Time, Failed Interactions Byte Code Instrumentation Usage, Experience, Performance, Quality Business Performance Corporate Data, Intake, Output, Throughput Splunk Approach: ▶ Single repository for ALL data ▶ Data in original raw format ▶ Machine learning ▶ Simplified architecture ▶ Fewer resources to manage ▶ Collaborative approach MACHINE DATA
- 13. © 2017 SPLUNK INC. Splunk Is the Platform for IT Applications Development Infrastructure
- 14. © 2017 SPLUNK INC. Index and Analyze Data Across Your Technology Stack Splunk Add-Ons, Templates and Apps Accelerate Value From Machine Data Server, Storage, Network Virtualization, Containers Operating Systems + Databases Custom Applications Business Applications Cloud Services Mobile Applications Web Intelligence Stream No rigid schemas – add in data from any other source. API SDKs UI DB Connect
- 15. © 2017 SPLUNK INC. Index and Analyze Data Across Your Technology Stack Splunk Add-Ons, APIs and Apps Integrate With Other Tools You Already Have App Performance Monitoring Operations and Service Desks Server, Storage, Network Virtualization, Containers Operating Systems + Databases Custom Applications Business Applications Cloud Services Mobile Applications Web Intelligence Stream No rigid schemas – add in data from any other source. API SDKs UI DB Connect
- 16. © 2017 SPLUNK INC. Solution Architecture DATA SOURCES SOLUTIONS Cloud Servers Open Source Database APM Network Hypervisor Wire Data MobileStorage Applications Service Monitoring Entity Monitoring Event Intelligence PLATFORM Automation Tools (THIRD PARTY) Service Management Tools (THIRD PARTY) TOOLS & APIs LOGS TroubleshootingMonitoring Platform for Operational Intelligence
- 17. © 2017 SPLUNK INC. ▶ Gain real-time insight into application performance and customer experience ▶ Attain visibility into cloud services ▶ Deliver immediate insights from streaming network ▶ Network-based packet capture does not require DBA or other admin tools and doesn’t affect performance Gaining Transaction Insight From Your Network Splunk Stream
- 18. © 2017 SPLUNK INC. ▶ Immediate visibility to mobile app crashes ▶ Insight into mobile app use – MAU/DAU, device usage, network insight ▶ Transaction performance insights ▶ Correlate mobile with other data types for complete insight Gaining Insight on Your Mobile Apps
- 19. © 2017 SPLUNK INC. ▶ Accelerate your AWS deployment through better visibility into usage and user behavior ▶ Gain increased visibility into AWS resource utilization ▶ Supports wide range of AWS data sources Gaining Insight on Your AWS Hosted Apps AWS CloudTrail AWS Config AWS Billing AWS CloudWatch AWS CloudFront AWS ELB Logs AWS S3 Access Logs Other AWS VPC Flow Logs
- 20. © 2017 SPLUNK INC. ▶ Accelerated code delivery from 3 months to 20 minutes ▶ Reduced infrastructure and hardware costs by migrating to the cloud ▶ Gained visibility and able to perform analysis from metrics: • What users were doing, how long was it taking ▶ Eliminated other tools Faster Development, Better Troubleshooting
- 21. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Splunk Demo
- 22. © 2017 SPLUNK INC. Splunk and APM – Better Together! More insight, less “chair swivel”
- 23. © 2017 SPLUNK INC. Traditional APM tools excel at… … but have critical limitations ▶ End user response time (and alerting when performance is slow) ▶ Byte code instrumentation (detecting what code causes bottlenecks) ▶ App server metrics ▶ Application mapping and transaction profiling ▶ Deploying quickly for base-level use cases ▶ “Full stack” monitoring (including networks, load balancers, etc.) ▶ Finding the root cause (that’s usually found in logs) ▶ Reactive (not predictive) ▶ Usually don’t store raw data indefinitely ▶ Advanced analytics (prediction, anomalies, ML, etc.) ▶ Data access for multiple stakeholders (LOBs, security, etc.) APM Tools – Valuable, But Not Enough
- 24. © 2017 SPLUNK INC. ▶ Some, but not all of your apps are instrumented ▶ Other “off-the-shelf” apps can’t be instrumented with traditional APM ▶ Non-instrumented parts of your stack can’t be “seen” Covering APM “Blind Spots” Without Splunk Physical Server (Dell, HP, CISCO blades or servers) Guest OS (Windows/Linux/*Nix) Database (Oracle, SQL Server, MySQL) Hypervisor (ESX, HyperV, Citrix) Applications, business/mission services App Server (WebLogic, Jboss EAP, WebSphere) Web Server (Apache, TomCat) SAN/NAS Storage (EMC, AppNet) Network AWS Firewalls Database (Oracle, SQL Server, MySQL) SAN/NAS Storage (EMC, AppNet) Network Load Balancers Legacy Environments (AS400, Mainframe, ESBs, others) Akamai Packaged Apps (SAP, PeopleSoft, etc) Log Analysis (System, Application, Security, etc) APMInstrumented- ApplicationA APMInstrumented- ApplicationB ApplicationD (notAPMInstrumented) ApplicationC (notAPMInstrumented) ▶ End-to-end, holistic visibility to the complete service ▶ Insight across ALL data sources and applications ▶ PREDICTIVE analysis, before issues occur With Splunk
- 25. © 2017 SPLUNK INC. ▶ Pull data from APM tools and provide events to APM tools ▶ Gain insight into EUM, application requests, app errors and correlate with logs all in one platform ▶ Reduce the “clicks” between spotting problems and finding root cause ▶ Forecast, predict and detect anomalies in APM data ▶ Integrate triage with non-application layers of the stack APM as a Data Source for Splunk
- 26. © 2017 SPLUNK INC. APM Tools ▶ Splunk add-on and app for New Relic ▶ Splunk add-on and app for AppDynamics ▶ Dynatrace app (provided by Dynatrace) Other Notable APM Apps ▶ Web Performance (based on boomerang.js) ▶ Splunk Mobile Intelligence (Splunk MINT) ▶ Splunk Stream splunkbase.splunk.com Splunk Apps for APM
- 27. © 2017 SPLUNK INC. ▶ Insight on HTTP 500 Errors ▶ Dashboards, reports, alerts, searches • Web, app server logs • Server/infrastructure logs ▶ Method level execution times ▶ User Experience Management ▶ Database response times ▶ JVM heap stats Dynatrace + Splunk at CSAA CSAA integrated Dynatrace data into Splunk and saw… ▶ Correlated metrics with HTTP 500 errors: What happened and why ▶ Anyone with Splunk access can see app performance data ▶ New reports types generated with no manual modification
- 28. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Splunk Demo
- 29. © 2017 SPLUNK INC. Adding Service and Root-Cause Insight Your stakeholders only see the service, you should too.
- 30. © 2017 SPLUNK INC. Splunk IT Service Intelligence ▶ Visualize entire tech stack – bare metal through business layer ▶ View the entire ecosystem with customized views for execs ▶ Apply context to events to prioritize investigation based on impact Dynamic Service Model Machine Learning ▶ Adaptive threshold automation to minimize false alerts ▶ Behavior anomaly alerts to proactively address issues ▶ Automatic correlation of data into intelligence, mitigating SME dependency ▶ Accelerators minimize SPL coding ▶ Trend aggregation to enable rapid visualization ▶ Multi KPI Alerts for proactive irregularity identification Search-Based KPIs ▶ Time Series Index ▶ Schema on Read ▶ Handle any and all data Platform for Operational Intelligence
- 31. © 2017 SPLUNK INC. ▶ Improved service accessibility, reliability and security ▶ Enhanced ability to troubleshoot persistent service problems ▶ Gained end-to-end visibility into overall IT performance Improved Satellite Operations With Real-Time Infrastructure Visibility “Using Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously. This has directly led to improvements in areas such as troubleshooting and security awareness.” – Daniel Nye, CTO, Surrey Satellite TECHNOLOGY – IT OPERATIONS
- 32. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Splunk Demo
- 33. © 2017 SPLUNK INC. Splunk: Application Performance Analytics End Users Networking/ Load-balancing Web Servers App Servers Legacy Systems Messaging Databases Security Virtualization, Containers, Servers, Storage Java, .NET, PHP, etc. Manage to KPIs, SLOs – isolate root case and service impact Analytics for hybrid and cloud environments + microservices stacks Full stack monitoring that integrates your APM tool’s data Platform approach that spans technology and team silos
- 34. © 2017 SPLUNK INC. Get Quick Started Today! Splunk Quick Start + + + = Splunk Apps + Add-Ons Expert Guidance Free Edu + .conf Passes Splunk Quick Start Infrastructure Monitoring Application Management Service Intelligence SIEM Visit www.Splunk.com/Bundles
- 35. © 2017 SPLUNK INC. Easy to Try & Get Started FREE ONLINE TRIAL FREE DOWNLOAD FREE AMAZON MACHINE IMAGES (AMI) 1 2 3
- 36. © 2017 SPLUNK INC. May 17 SESSION FULL May 31 Availability Jun 14 Availability Jun 28 Availability Located in the Splunk Office: 3 Sheldon Square Paddington London Workshops: Get Splunk Hands-on Experience Attend a Splunk4Rookies: Upcoming London Schedule http://live.splunk.com/S4R_London2017 SIGN UP TODAY!
- 37. © 2017 SPLUNK INC. SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. .conf2017 The 8th Annual Splunk Conference conf.splunk.com You will receive an email after registration opens with a link to save over $450 on the full conference rate. You’ll have 30 days to take advantage of this special promotional rate! SAVE OVER $450
- 38. © 2017 SPLUNK INC. Take the Survey on Pony Poll ponypoll.com/london17 Complete the survey for your chance to win a .conf2017 pass
- 39. © 2017 SPLUNK INC.© 2017 SPLUNK INC. THANK YOU
Editor's Notes
- Today’s application environments are extremely complex – applications or business services typically span multiple components, usually provided by different vendors. Web 2.0, the devops movement, service oriented architectures are trends that bring with them an increasing pace of change as well as added complexity. With virtualization and cloud, they now span on premise datacenters, off premise cloud environments – traditional tools are simply not sufficient to manage such distributed, constantly changing environments
- Today’s application environments are extremely complex – applications or business services typically span multiple components, usually provided by different vendors. Web 2.0, the devops movement, service oriented architectures are trends that bring with them an increasing pace of change as well as added complexity. With virtualization and cloud, they now span on premise datacenters, off premise cloud environments – traditional tools are simply not sufficient to manage such distributed, constantly changing environments
- ---need to understand holistic; need to coordinate and work well with all elements; coordinate all parts of the body as the example --customer wants security operations to be smart, intelligence, nimble and to detect and remediate fast We are the nerve center for your SOC/command center A nerve center approach saves time and makes the overall solution more effective; this is why channel partners and SI s want to sell the nerve center Most commonly seen technologies security technologies are integrated so range of human and system task can be automated – this provides operational intelligence and maturity; we are the GLUE Our partnerships and levels of integration are constantly growing-–which means the data coming in is increasing This is an example of some of the partners in our ecosystem across key elements of the security stack Splunk’s Security Ecosystem continues to flourish with partners contacting us daily to inquire about the benefits of membership We currently represent eight domains of security and with plans to expand into Fraud and UBA Not only are we expanding across security, but we also focused on diving deeper with key integrations (PAN, Symantec, Proofpoint, Forescout – as we know these are most valuable to our customers Our most successful initiative this year was Adaptive Response – where we were blown away by 20+ partners in just the first few months
- Over the last couple of years Splunk has evolved from an engine for machine data to a platform for machine data – nothing is a testimony of this more than our Apps store apps which range from plugins and templates to full fledged apps that help you collect, analyze and harness data from every layer of your technology stack. These apps are built by our customers, technology partners such as Cisco, NetApp, or others and Splunk employees. We are a platform as it is very easy to get data into Splunk and out of Splunk. We are complementing other solutions in the data center Two important things to remember: If a logo you have doesn't show up here, Splunk still doesn't’t limit you – you can always index data from that technology – Splunk extensions simply help you accelerate the process. We provide a full featured REST API and a variety of SDKs that help you build your own custom apps for technologies and insights custom to your business. This is to help you create a specific interface to your data in special format and development languages your team is used to. Lastly, each of the Splunk extensions is not comparable to point solutions in every silo, simply because your data from each silo is more valuable when in context of other data from other technology tiers. Splunk apps simply help you get to the point faster where you can see correlations and comparisons of machine data ACROSS silos. We also recently introduced the 2 new offerings – one to collect wire data, with the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense. The Splunk App for Stream enables the capture of real-time streaming wire data, which is the data transmitted between applications over the network. It enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business. And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps Splunk MINT helps you combine and correlate mobile app data with other data in Splunk so you can pinpoint problems faster and analyze user experience/behavior across mobile, desktop and web channels. The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos. In addition to prebuilt apps, customers can also build their own. What have developers been building using Splunk Enterprise? Examples include the following: Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel) Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case) Log directly to Splunk from remote devices (Bosch use cases) Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases) Programmatically extract data from Splunk for long-term data warehousing We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
- Over the last couple of years Splunk has evolved from an engine for machine data to a platform for machine data – nothing is a testimony of this more than our Apps store apps which range from plugins and templates to full fledged apps that help you collect, analyze and harness data from every layer of your technology stack. These apps are built by our customers, technology partners such as Cisco, NetApp, or others and Splunk employees. We are a platform as it is very easy to get data into Splunk and out of Splunk. We are complementing other solutions in the data center Two important things to remember: If a logo you have doesn't show up here, Splunk still doesn't’t limit you – you can always index data from that technology – Splunk extensions simply help you accelerate the process. We provide a full featured REST API and a variety of SDKs that help you build your own custom apps for technologies and insights custom to your business. This is to help you create a specific interface to your data in special format and development languages your team is used to. Lastly, each of the Splunk extensions is not comparable to point solutions in every silo, simply because your data from each silo is more valuable when in context of other data from other technology tiers. Splunk apps simply help you get to the point faster where you can see correlations and comparisons of machine data ACROSS silos. We also recently introduced the 2 new offerings – one to collect wire data, with the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense. The Splunk App for Stream enables the capture of real-time streaming wire data, which is the data transmitted between applications over the network. It enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business. And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps Splunk MINT helps you combine and correlate mobile app data with other data in Splunk so you can pinpoint problems faster and analyze user experience/behavior across mobile, desktop and web channels. The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos. In addition to prebuilt apps, customers can also build their own. What have developers been building using Splunk Enterprise? Examples include the following: Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel) Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case) Log directly to Splunk from remote devices (Bosch use cases) Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases) Programmatically extract data from Splunk for long-term data warehousing We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
- Starting with IT Troubleshooting and Application Management, the foundation of what users have been using Splunk for over a decade. Customer deploy Splunk enterprise and connect data sources such as logs from network devices, Mobile, or applications. More importantly, customers also index information from Their existing tools – the primary reason for this… it’s the history of silo information In order to do effective troubleshooting, you must have a place to gain We introduced IT Service Intelligence last year to provide holistic service-level monitoring and intelligence And we’re providing measurement and sharing to give visibility across your DevOps teams and activities T: so, what is the market opportunity for all of these use cases?
- Red Hat provides open source software products to the enterprise community. It started off as an operational tool, but quickly expanded to beyond operations. Currently, over 300 people use Splunk at the company. It’s used by folks across various teams including Platform Operations, InfoSec, Enterprise Architecture, Systems Engineering, IT Engineering, Identity & Access Management, GSS Developers, IT Management. Before Splunk: Insight gathering was very manual and took a long time To get information, sysadmins had to ssh into boxes to grep logs Time to resolution of issues measured in days or weeks No single place to access and visualize machine data Correlation across disparate data sources was complex After Splunk: They have been able to address operational issues proactively, reduce the total number of incidents, improve code quality and gain tremendous visibility into Cloud deployments. To elaborate a little more: Reduce Alert noise: Reduce the number of spurious pages from monitoring systems, combat alert fatigue among sysadmins, and well-rested (happy?) sysadmins have fewer “oops” moments Improve Code Quality: With Splunk, the engg team was able to accelerate error reduction by 2 orders of magnitude in weeks, significantly exceeding their goals for the year. Now, they are able to quickly validate and troubleshoot code pushes to production, ensure that new code doesn’t negatively impact performance or user experience. Developers now have access to real-time production data, responding to issues much before end users detect these issues. When a user calls about a problem, they are able to guide them to a patch that has already been developed to address these issues thereby improving customer satisfaction. After just a few days of work with Splunk, the development team has been able to reduce the daily error rate by 1/3. Visibility into Cloud deployments: with Cloud becoming the default choice for most Redhat ‘s new applications, visibility into Cloud was critical. With Splunk, the Redhat team proactively monitor costs, enabling better budget planning, gain insights into performance and reliability of workloads moved to the cloud and enable detailed security audits.
- AWS app demo
- http://conf.splunk.com/session/2015/conf2015_DErkkila_DPatel_CSAA_Application_Management_SplunkingTheUserExperience.pdf
- IT Troubleshooting demo
- What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of. Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises. An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs. One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well. To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time! Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time. The business impact here surrounds the time and expense in identifying root cause and fixing the problem To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation. The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale. Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business. The impact that we hear from Service Owners is that the business perceives IT as being inefficient. So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs. Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies. Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
- Challenges: In the past, Cox Automotive encountered uptime and application stability challenges during its auto auctions, but had little visibility into the root cause. When a problem occurred, their operations teams lacked visibility into whether the disruption was broad across the network or isolated to a single lane that needed investigation. It also lacked the ability to prioritize incident investigations and needed real-time insights into the performance and availability of each auction lane. Solution: Cox Automotive decided to standardize its data aggregation strategy on Splunk IT Service Intelligence to gain much-needed Operational Intelligence. With Manheim, AutoTrader.com and Kelley Blue Book, Cox Automotive is changing the car buying and selling business and enabling people to buy and sell cars from their homes, offices and mobile devices. Since Cox Automotive implemented Splunk ITSI, the platform has delivered tremendous value and helped drive down key metrics such as mean-time-to-investigate (MTTI) and mean-time-to-resolution. As Cox deploys Splunk ITSI across all of its brands, the solution is already providing nearly instantaneous returns and is improving end-user-experience and service reliability Now, if an incident with a camera, microphone or other device occurs, staff members get an alert within seconds, can troubleshoot quickly, and rapidly identify the issue and exact location for an auction technician to minimize disruption. Moreover, using advanced analytics and machine learning, staff can predict outages and can even monitor equipment degradation for proactive replacement. Splunk Cloud: Given the enormous amount of data at Cox Automotive, they are pleased with the company’s cloud strategy and notes that the ability to have all data flow to one place instead of distributing it among different data centers has been a godsend. With the Splunk platform, the company no longer has to depend on on-premises storage and it has the flexibility to scale on demand. With Splunk ITSI being adopted as the enterprise monitoring and analytics solution, Splunk Cloud has made it possible to scale their implementation and adoption across various brands within Cox Automotive. Beyond the data associated with Manheim car auctions, Cox is ingesting approximately 2TB of data per day from across its infrastructure into the Splunk Cloud platform. This is enabling teams to not only understand the health and well-being of production systems but also giving release engineering and application development teams insights into new software releases.
- Real-time visibility improves security effectiveness SSTL was unable to search through security data due to limitations in its disparate security solutions. By using Splunk Enterprise to centrally store, index and provide insight to a range of data sources including firewall, Active Directory, email hosting and website traffic, the organization now is able to rapidly search through data and establish alerts in a way that wasn’t possible previously. This has significantly improved the organization’s ability to understand and respond to potential insider and advanced persistent threats , with alerts established to recognize anomalies such as employees logging in at work when they haven’t swiped into the office. Insight into IT health and performance Since deploying Splunk ITSI, SSTL has gained overarching insights into the performance of the organization’s key services through a Service Health. Powerful visualizations provide easily digestible data and analytics in the form of a dashboards that the business services team uses to better understand real-time performance and business impact. This end-to-end view into IT highlights how potential problems such as a high load being exerted on the SQL server estate affects other key IT services. The team can then drill down into the data to accelerate root cause analysis and problem resolution. With Splunk ITSI, SSTL has been able to improve performance issues and ensure IT services are accessible, reliable and secure for all employees. “Using Splunk Enterprise and Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously,” says Surrey Satellite Technology Chief Technology Officer, Daniel Nye. “This has directly led to improvements in areas such as troubleshooting and security awareness , which is allowing us to focus more on how we can support our engineers and researchers.”
- Today’s application environments are extremely complex – applications or business services typically span multiple components, usually provided by different vendors. Web 2.0, the devops movement, service oriented architectures are trends that bring with them an increasing pace of change as well as added complexity. With virtualization and cloud, they now span on premise datacenters, off premise cloud environments – traditional tools are simply not sufficient to manage such distributed, constantly changing environments
- Splunk software and cloud services are simple to deploy, scale from a single server deployment to global large-scale operations and delivers fast payback. Whether you’re using Hadoop, deploying in the cloud, or searching for an on-premises solution, getting started with Splunk software was designed from the ground up to be as frictionless possible. We have multiple options for getting started, designed to suit your needs: Try out Hunk, Splunk Cloud and Splunk Enterprise with our free online sandboxes. Want try it out on premises? Free downloads of Hunk and Splunk Enterprise are available. The product you download is the same product that scales to ingest petabytes of data per day. 3. Already running with Amazon Cloud deployments? AMIs for Splunk Enterprise and Hunk make it easy to get up and running.
- Get hands on with Splunk by signing up for an upcoming hands on workshop to be held in Tysons Corner, VA. These half day workshops provide a hands-on educational experience with Splunk experts to go deeper into topics your learned about today. Sign up today at the community exhibit in the SplunkZone. Workshops are free but seating is limited.
- And of course, your biggest education opportunity this year is .conf2017 which will be held right back here in Washington, DC on September 25 – 28. I know you have heard a lot about .conf2017 today but don’t forget that by attending SplunkLive! today we are extending you a discount of over $450. You will be able to register with a unique link that will be sent in the post SplunkLive! emails to go out next week.
- Don’t forget to complete today’s survey at ponypoll.com/sldc for your chance to win a .conf2017 pass. A winner will be identified tomorrow through a random drawing from completed surveys and will be notified via email.