SplunkLive! London 2016 Splunk for IT Ops

Copyright © 2015 Splunk, Inc.
Splunk for ITOps
Andi Mann
Chief Evangelist IT Markets

Session Agenda
• Splunk for ITOps - Introduction
• Splunk Apps
• Introducing Splunk IT Service Intelligence
• Customer Stories
• Wrap Up

Escalating IT Complexity…
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
Identity
VPN
IP Phone
HR
Email
Finance
App Svr
DB
Web Svr SaaS/PaaS
IaaS

… Plaguing IT Operations
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
Identity
VPN
IP Phone
HR
Email
Finance
App Svr
DB
Web Svr SaaS/PaaS
IaaS
Complex, silo-based technologies
Disconnected and outdated point solutions
Reactive brute-force problem resolution
Over 80% of time on maintaining not innovating

Industry Leading Platform for Machine Data
Any Machine Data
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search and
Investigation
Proactive
Monitoring
Operational
Visibility
Real-time
Business
Insights
Operational Intelligence

Industry Leading Platform for Machine Data
Any Machine Data
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search and
Investigation
Proactive
Monitoring
Operational
Visibility
Real-time
Business
Insights
Operational Intelligence
Any amount, any location, any source
Schema-
on-the-fly
Universal
indexing
No
back-end
RDBMS
No need
to filter
data

Developer Platform (REST API, SDKs)
The Focus
8
Application
Delivery
IT
Operations
Security,
Compliance,
and Fraud
Business
Analytics
Industrial Data
and the
Internet of Things

Turning Machine Data Into Operational Intelligence
Reactive
Search
and
Investigate
Proactive
Monitoring
and Alerting
Operational
Visibility
Proactive
Real-time
Business
Insight
9

Troubleshooting
Find and fix problems faster
10
Reduce
MTTR
Improve End User
Experience
Reduce Costs
Greater IT
productivity

Troubleshooting
Find and fix problems faster
11
Reduced
MTTR
Improve End User
Experience
Reduce Costs
Greater IT
productivity
No more grepping through logs
End-to-end correlation

Monitoring
Find and fix problem before it becomes a problem
Increased uptime
Trends in real time
and Historical Data
Powerful
Visualizations
Alerting and
notifications

Splunk Apps
Accelerate Insights

Splunk Apps
14
Plug-Ins, Templates and Apps Accelerate Value From Machine Data
No rigid schemas– Add in data from any other source.
API
SDKs UI
Server, Storage,
Network
Server
Virtualization
Operating
Systems
Custom
Applications
Business
Applications
Cloud
Services
App Performance
MonitoringTicketing/ and
Other
Web Intelligence
Mobile
Applications
Stream

Apps Provide Deep Insights By Role
Find and resolve problems fast in individual technology areas
Exchange Admin
Service Health
Performance
Message tracking
VMware/Win/
Linux Admin
Infrastructure Health
Performance
Anomalies/Outliers
Storage Admin
Infrastructure Health
Performance
Anomalies/Outliers

Splunk IT Service
Intelligence

What We Hear From Our Customers!
17
“My CIO is demanding we look at IT from a business service perspective.”
“Splunk is great for break-fix, but I need to show we’re meeting SLAs.”
“I need everyone to be able to see the same thing at the same time.”
“I just want to throw data at Splunk and have it find problems for me.”
“Show me what my data can do for me!”

Data-driven service insights
for root-cause isolation and improved service operations
INTRODUCING

Splunk IT Service Intelligence
19

What is a Service?
Service
Requests
Responses
In Splunk ITSI, a Service is a logical group of technology components that a user
deems need to be monitored together.
It can often be generalized as a “black box” which we send requests and expect
responses

What is a Service?
DNS
Requests
Responses
Technical Services
Auth
Requests
Responses
Web
Requests
Responses
Services can be technology-centric…

What is a Service?
DNS
Requests
Responses
Technical Services
Customer
Transactions
Requests
Responses
Business Services
Auth
Requests
Responses
Web
Requests
Responses
Support Desk
Requests
Responses
… and business-centric

What is a Service?
Packet Network
Hypervisor and Hosts
RBMDBs
Storage Tier
API Services
Web Services
Customer Transactions
Mobile
API/Middleware
Partner Portal
DNS
Services can encompass multiple tiers of the IT domain and may also
depend upon other services/micro-services

What is a KPI?
DNS
Requests
Responses
KPI: Number of requests
KPI: Error rate
KPI: Average response time
KPI: Servicer CPU load
KPI: Server network I/F errors
Customer
Transactions
Requests
Responses
KPI: Number of transactions
KPI: Error rate
KPI: Average response time
KPI: Count of Incident Tickets
KPI: Synthetic Transx Health
KPIs and Health scores constitute the means by which Services are monitored.

Key Performance Indicators (KPIs)
26
KPI: A Splunk saved search defined in Splunk ITSI that helps monitor a specific field like CPU,
Memory and so on. KPIs are contained within Services.

Service Health Scores
27
A Health score is a score from 0-100 that helps determine the health of a Service. It
is calculated based on all KPIs importance and its status once every minute.

Service Analyzer, Glass Tables, Deep Dives
29
Service Analyzer: Auto generated filterable and tiled view of Service health scores and KPIs
Glass Tables: Customizable free form drawing dashboards to view health scores and KPIs of choice
with visual tools to create context
Deep Dives: Swim lane analysis dashboard to show all those indicators over time for investigations

Multi KPI Alerts, Notable Events
30
Multi KPI Alerts: Correlation searches on service degradation
Notable Events: Event framework for Multi KPI Alerts

What Makes Splunk ITSI Different!
32
Search-Based KPIs
• Easy to write, manage and change
both services and KPIs
• Reflects business and technology
priorities
• Benefit: Rapidly generate and
change KPIs to align service health
with business
• Fiserv – 1000s in just weeks
Full Fidelity Service Health
• Adaptable and flexible
definitions of service health
• One solution to go seamlessly
from service reports to root
cause, including raw data
• Remains adaptable and yet still
maintains complete historical
context
Universal Data Platform
• Data driven: All IT data including
events, metrics and logs
• Schema on-the-Fly
• Ask any question of the
data
• Fast time to value
• Data fidelity

Why Enterprises Use Splunk for IT Operations
Increased Uptime
to 99.9%
Availability
Reduced MTTR
from 2-3 days to
few minutes
Improved Margins
by protecting millions in
ad-revenue
Consolidated Tools
by retiring 27 monitoring
solutions
Optimized Capacity
by saving $500K in
SW, HW & licenses
Drives Innovation
with usage analytics on
product features

35
Unified insights: data
integrations from other tools
11,000 to 100s
Reduced incident
tickets
Alerting on service
KPI’s instead of
server performance
Usage baselines to
identify anomalies
Splunk IT Service Intelligence at

36
Server-based to
Services-based
monitoring
Top-down and deep-
dive service insights
200+ services and
1500+ KPIs
monitored
Flexible creation and
modification of
services and KPIs
Alerting on service
KPIs instead of
server performance
Real-time, holistic
and proactive
“client” view

37
Replaced home-
grown tools
Real-time service
insights to LOBs
Reduced time to
resolution

Troubleshooting
Continuous
Deployment
Application
Management
Service
Monitoring
Splunk is the Backbone of Modern IT
Platform for Machine Data

AVAILABLE NOW!
Try it: SPLUNK.COM/ITSI
Free. In SplunkCloud.

Meet me @ the Ask the
Expert Bar at 16:00

Driving Service Intelligence that
creates measurable insight and value
Colin Ferguson
Director, Market Specialists

What’s My Role?
AdministratorManager Programmer
ServiceOwner
Architect
Executive

What we hear…
“Service Intelligence is new to us. How do we get started?”
“Do you have best practices to help us with Service
Intelligence?”

Splunk IT Service Intelligence
SPLUNK IT SERVICE INTELLIGENCE
Time-series Index
Platform for Machine Data
Dynamic
Service Models
Schema-on-read Data Model
Common
Information Model
At-a-Glance
Problem Analysis
Early Warning
on Deviations
Simplify Incident
Workflows

Bring Subject
Experts
Together
Design Before
Configuring
Driving Service Intelligence
Start with a
Problem worth
solving

Start with a
Problem worth
solving
How Critical?
Which customers are
impacted?
How are they
impacted?
Does the service drive
revenue?
Who is the business
owner?
How Complex?
How often are we experiencing
problems?
What systems are impacted?
How quickly is it being resolved?
Who is involved to resolve?

Bring Subject
Experts
Together

Collaboration is Key
Escalation Manager
Enterprise Architect
Administrators
Business functions
Performance indicators
Common business
issues
Frequency of issues
Business impact of
issues
Service Owners
Common issues
Performance indicators
Resolution processes
Tools used for resolving
issues
Frequency of issues
IT impact of issues
Current tools and
usage, and adoption
levels
Splunk expertise
Environment expertise
Business processes
Key inputs and outputs
Technology architecture
Data architecture
Common issues

Design Before
Configuring
Metrics
Components
Supporting Data

Design Methodology: Service Decomposition
Start With
Business Function
& Flow
Define
Scope &
Depth
Link
Supporting
Technology
Start with
Business
Function & Flow
Measurehealth and impact 73%
-36%

Gaining Service Intelligence
ServiceLayer SupplyChain
InfrastructureLayer
Server©Server
BusinessLayer OrderEntry ShippingManufacturing Fulfillment
ApplicationLayer
EDI
Middleware Database
OnlineStore
Web Tier

Bringing it all together - KPIs
ServiceLayer SupplyChain
InfrastructureLayer
Server©Server
ApplicationLayer
OnlineStore EDI
Web Tier Middleware Database
BusinessLayer OrderEntry ShippingManufacturing Fulfillment
ServiceHealth
Unit Count
Unit Failures
Service Level Delivery Time
Online Orders
Online Revenue
Service Health
CPU Load
Memory Used
Disk Used
IO Latency
CPU Load
Memory Used
Disk Used
IO Latency
Service Health Service Health
Total Orders
Total Revenue
Service Health

A flyingstartto ServiceIntelligence
Start With A problem worth solving
Collaborate with Subject Matter Experts
Design Before Configuring

We’re here to help!
Harness the creativity and domain knowledge of your
organization to unlock the value of data and solve an
important Business Service problem through a joint service
intelligence workshop with key stakeholders
Define methods for:
› Proactive service monitoring
› Reduced risk and failures
› Faster issue resolution
› Increased businessperformance
What is it?
› 1 Day Onsite Workshop
› Tightly linked with value
› Collaborative approach
› Build your own Glass Table

57
SEPT 26-29, 2016
WALT DISNEY WORLD, ORLANDO
SWAN AND DOLPHIN RESORTS
• 5000+ IT & Business Professionals
• 3 days of technical content
• 165+ sessions
• 80+ Customer Speakers
• 35+ Apps in Splunk Apps Showcase
• 75+ Technology Partners
• 1:1 networking: Ask The Experts and Security
Experts, Birds of a Feather and Chalk Talks
• NEW hands-on labs!
• Expanded show floor, Dashboards Control
Room & Clinic, and MORE!
The 7th Annual Splunk Worldwide Users’ Conference
PLUS Splunk University
• Three days: Sept 24-26, 2016
• Get Splunk Certified for FREE!
• Get CPE credits for CISSP, CAP, SSCP
• Save thousands on Splunk education!

SplunkLive! London 2016 Splunk for IT Ops

More Related Content

What's hot

Viewers also liked

Similar to SplunkLive! London 2016 Splunk for IT Ops

More from Splunk

Recently uploaded

SplunkLive! London 2016 Splunk for IT Ops