SplunkLive! - Splunk for IT Operations
•
3 likes•875 views
This document discusses how Splunk can help organizations address challenges related to escalating IT complexity. It notes that IT environments have become more complex with disconnected point solutions, over 70% of time spent maintaining rather than innovating, and latency in resolving issues measured in hours or days. Splunk provides a single platform to gather, analyze, and search machine data from various sources in real-time. It allows correlating data across silos for faster problem resolution. The document highlights how Splunk reduced escalations by 90% and mean time to resolution by 67% for one customer. It then discusses how Splunk offers pre-built apps for monitoring different parts of the IT infrastructure and applications.
Recommended
More Related Content
What's hot
What's hot (19)
Similar to SplunkLive! - Splunk for IT Operations
Similar to SplunkLive! - Splunk for IT Operations (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
SplunkLive! - Splunk for IT Operations
- 1. Copyright © 2016 Splunk Inc. IT-OPERATIONS RENE SIEKERMANN SENIOR SALES ENGINEER
- 2. CIO Obstacle: Escalating IT Complexity SERVERS STORAGE NETWORKING VIRTUALIZATION INFRASTRUCTURE APPLICATIONS PACKAGED APPLICATIONS CUSTOM APPLICATIONS Identity VPN IP Phone HR Email Finance App Svr DB Web Svr SaaS/PaaS IaaS
- 3. CIO Obstacle: Escalating IT Complexity SERVERS STORAGE NETWORKING VITUALIZATION INFRASTRUCTURE APPLICATIONS PACKAGED APPLICATIONS CUSTOM APPLICATIONS Identity VPN IP Phone HR Email Finance App Svr DB Web Svr SaaS/PaaS IaaS Complex, silo-based technologies Disconnected and outdated point solutions Over 70% of time spent on maintaining, not innovating
- 4. Before Splunk Data Gathering DB App NW Storage Now What? …. War Room Outage Occurs Human latency measured in hours or days
- 5. From Days to Minutes With Splunk “First Responder” 2012-12-05 07:04:44 Id=Rd910EAJ City=New York Email.jdoe@gmail.com product_id=product_i BD- 66.57.19.112 ..[05/Dec/2012 07:05:22:152]”GET /card.do?action=addtocart &itemid=K9 [1208/12 02:39:03:209 UTC] 000000c6 ConnectionEve A J2CA00561: ConnectionExeception:[IBM][CLI Driver] SQL1224N Report and analyze Custom dashboards Monitor and alert Ad hoc search 2012-12-05 07:04:44 Id=Rd910EAJ City=New York Email.jdoe@gmail.com product_id=product_i BD- 66.57.19.112 ..[05/Dec/2012 07:05:22:152]”GET /card.do?action=addtocart &itemid=K9 [1208/12 02:39:03:209 UTC] 000000c6 ConnectionEve A J2CA00561: ConnectionExeception:[IBM][CLI Driver] SQL1224N Outage Occurs
- 6. “Splunk reduced our escalations by 90% and our problem resolution time by 67%. “Escalations reduced by 90% and MTTR dropped by 67%” Splunk at Service Desk: Vodafone Paulo Carvalho Director Operations Theoldway:DisparateITsilos impactCustomerService • Manuallyintensive,error-proneprocessesresultinconstantescalationsandlongdelays • Expensive,home-growntoolsforlogcollectionandanalysisdon’tprovidethecompletepicture • Disconnectedsystemscreatetroubleinmeetingsecurityandcompliancemandates Thenewway:Providecomprehensivevisibility andcontrol ✓ Asingle Tier 1support person can now perform iterative searches across alltheir IT data to investigate, identify, and fixthe problem – escalations reduced by90percent ✓ Splunk consolidates logs from disparate systems into asingle view, providing visibility across end- to-end service delivery from one place -time to problem resolution dropped by67% ✓ Role-based secure access to logs viaSplunk ensures SOX compliance ✓ Monitor IT data and find issues before they become visible to customers
- 7. Splunk : The Better Approach For IT 7 Customer Facing Data Outside the Datacenter Applications Web logs Log4J, JMS, JMX .NET events Code and scripts Networking Configurations syslog SNMP netflow Databases Configurations Audit/query logs Tables Schemas Virtualization & Cloud Hypervisor Guest OS, Apps Cloud Linux/Unix Configurations syslog File system ps, iostat, top Windows Registry Event logs File system sysinternals Logfiles Configs Messages Traps Alerts Metrics Scripts TicketsChanges Click-stream data Shopping cart data Online transaction data Manufacturing, logistics… CDRs & IPDRs Power consumption RFID data GPS data Powerful, end-to-end, real-time platform for Machine Data
- 8. Splunk : The Better Approach For IT 8 Customer Facing Data Outside the Datacenter Applications Web logs Log4J, JMS, JMX .NET events Code and scripts Networking Configurations syslog SNMP netflow Databases Configurations Audit/query logs Tables Schemas Virtualization & Cloud Hypervisor Guest OS, Apps Cloud Linux/Unix Configuration s syslog File system ps, iostat, top Windows Registry Event logs File system sysinternals Logfiles Configs Messages Traps Alerts Metrics Scripts TicketsChanges Click-stream data Shopping cart data Online transaction data Manufacturing, logistics… CDRs & IPDRs Power consumption RFID data GPS data Powerful, end-to-end, real-time platform for Machine Data Noupfrontschema Nocustomconnectors NoRDBMS •Any amount, any location, any source.
- 9. Copyright © 2015 Splunk Inc. Demo
- 10. Copyright © 2016 Splunk Inc. SPLUNK APPS ACCELEERATE INSIGHT
- 11. Copyright © 2015 Splunk Inc. Apps Provide Deep Insights By Role Find and resolve problems fast in individual technology areas Exchange Admin Service Health Performance Message tracking VMware/Win/ Linux Admin Infrastructure Health Performance Anomalies/Outliers Storage Admin Infrastructure Health Performance Anomalies/Outliers 11
- 12. Reduce Costs: Consolidate tools, eliminate silos, find root cause faster! Exchange Admin Linux/Win Admin Network Admin Applications Admin Line of Business User Application Support VMware/Linux/ Win Admin Security Admin Storage Admin IT Management
- 13. Copyright © 2015 Splunk Inc. Splunk : Platform For IT Operational Intelligence 13 Plug-Ins, Templates and Apps Accelerate Value From Machine Data No rigid schemas– Add in data from any other source. API SDKs UI Server, Storage, Network Server Virtualization Operating Systems Custom Applications Business Applications Cloud Services App Performance Monitoring Ticketing/ and Other Web Intelligence Mobile Applications Stream
- 14. Copyright © 2015 Splunk Inc. Splunk For Operating Systems Proactive Monitoring Operational Analytics End-to-End Visibility Get instant insight into infrastructure health OS Metrics for Performance, Capacity & Resource Allocation Analyses Scale And Correlate Across All Tiers Of Your Technology Stack 14
- 15. Copyright © 2015 Splunk Inc. Splunk For Virtualization & Storage Proactive Monitoring Operational Analytics End-to-End Visibility Real-time actionable insights into problem spots and health issues Real-time & historical insights into performance, security, capacity, forecasting and change tracking Scalable Big Data solution for holistic visibility across all technology tiers 15
- 16. Copyright © 2015 Splunk Inc. Demo
- 17. Copyright © 2016 Splunk Inc. IT SERVICE INTELLIGENCE
- 18. Data-driven service insights for root-cause isolation and improved service operations INTRODUCING
- 19. Current Challenges 19 Can’t access the data that matters Multiple products lack deep integration Complex and customized tools require significant expertise and time IT organizations continue to struggle with aligning operations with business FRAGMENTED INSIGHTS SLOW & REACTIVE INEFFICIENT & UNSCALABLE
- 20. Even More Challenges 20 Increased Business Expectations around – IT Agility, Availability, and Support I am measured on service performance KPI’s focus on components As services change, I need to quickly adapt Previous attempts to model service failed I need to understand what is going on at any point in time (including history) Snapshots in time don’t help with troubleshooting or continuous improvement
- 21. Splunk IT Service Intelligence 21 Data Driven • All IT Data - events, metrics, and logs Service-awareness • Provides actionable insights into high visibility services • Personal contextual visualizations • Mitigate problems before they impact customers. Powerful Platform • Fast correlation across services & KPIs • Deploys Quickly • Scalable, flexible and fast time-to-value • Scalable Universal Platform (any point in time)
- 22. The Splunk IT SI Solution in a Nutshell 1. Splunk IT SI core concepts • Services • KPIs • Health Scores 2. Solution capabilities and features • Glass Tables & Deep Dives • Service Analyzer • Multi-KPI Alerts & Notable Events 22
- 23. What is a Service? Service Requests Responses
- 24. What is a Service? DNS Requests Responses Technical Services Customer Transactions Requests Responses Business Services Auth Requests Responses Web Requests Responses Support Desk Requests Responses
- 25. What is a Service? Packet Network Hypervisor and Hosts RBMDBs Storage Tier API Services Web Services CustomerTransactions Mobile API/Middleware PartnerPortal DNS
- 26. What is a KPI? DNS Requests Responses KPI: Number of requests KPI: Error rate KPI: Average response time KPI: Servicer CPU load KPI: Server network I/F errors Customer Transactions Requests Responses KPI: Number of transactions KPI: Error rate KPI: Average response time KPI: Count of Incident Tickets KPI: Synthetic Transx Health
- 27. Demo
- 28. Thank You
Editor's Notes
- Welcome to SplunkLive [City]. Thank you for taking the time to attend today’s event.
- Company Background: Vodafone Group Plc is the world's leading mobile telecommunications company, providing a wide range of services including voice and data communications. Paulo Carvalho works in Vodafone's DSSL group supports Vodafone live! Which includes popular mobile video, news, music and other services. Paulo is the Services Network Manager at Vodafone Portugal and is responsible for all services on top of GSM Network, MMS, SMS, Voice Mail, Unified Messaging, streaming, Mobile Portal, VAS Services, Prepaid Services. Other Notes: Vodafone uses Splunk for application troubleshooting and management of services they offer over their 3G network. The environment is complex, with many services being offered, running on many platforms and servers - Solaris, Redhat Linux and introducing virtualized environments. They also have a huge Java and J2EE infrastructure and often need to search quickly for errors or exceptions occurring within the last sixty minutes. Vodafone has been a successful user of Splunk realizing significant material benefits. They have also moved to a proactive phase with Splunk, using it to monitor IT data such as threshold levels for specific systems, and fixing issues before they become visible to their customers.
- So how does Splunk help? We offer a powerful, end-to-end, real-time platform for Machine Data. Splunk can collect data from any source, giving our customers real-time visibility and intelligence into what’s happening across the IT infrastructure – whether it’s physical, virtual or in the cloud.
- Splunk’s highly capable platform for machine data can handle any machine generated data from any location and any source – without the need to transform the data to fit a schema, without the need for custom connectors-because unlike most other tools on the market, Splunk does not have a database backend. Splunk’s proprietary map-reduce based high speed index and retrieval system allows management of very large quantities of data at scale with just commodity x86 servers.
- Welcome to SplunkLive [City]. Thank you for taking the time to attend today’s event.
- Remember we said before, that Splunk is a “platform” for machine data? Splunk has evolved over the years from an engine for any kind of machine data to a robust platform, complete with a REST API, 6 different SDKs and numerous “apps” that sit on top of Splunk and provide out of the box value from your data. These “apps” are available on Splunkbase and they accelerate getting g data into Splunk and getting pre-built visualizations for that data. Note that these apps are not like connectors because they don’t lock away the data in a silo or restrict its usage to particular sets of views – the data is in Splunk and can be used side by side with any other data in Splun k. You can move dashboards and key indicators across apps or customize them in any way you want. Apps make it faster to get value out of your data and several key apps provide new visibility into areas that were formerly “black box” in the infrastructure – such as the virtualization apps. We also recently introduced the 2 new offerings – one to collect wire data, with the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense. The Splunk App for Stream enables the capture of real-time streaming wire data, which is the data transmitted between applications over the network. It enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business. And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps Splunk MINT helps you combine and correlate mobile app data with other data in Splunk so you can pinpoint problems faster and analyze user experience/behavior across mobile, desktop and web channels. The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos. In addition to prebuilt apps, customers can also build their own. What have developers been building using Splunk Enterprise? Examples include the following: Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel) Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case) Log directly to Splunk from remote devices (Bosch use cases) Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases) Programmatically extract data from Splunk for long-term data warehousing We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
- Welcome to SplunkLive [City]. Thank you for taking the time to attend today’s event.
- That brings us to Splunk IT Service Intelligence – a packaged solution that enables real-time visibility into services driven by machine data. Splunk ITSI speeds and simplifies service monitoring and analytics and enables IT to make better, smarter and informed business decisions. This solution allows you to gain a deep understanding of your services. With Splunk ITSI, you have real-time views into the health of your services, and can use advanced analytics to find patterns, detect anomalies and trends to proactively monitor and address issues. As a result you have improved service visibility, reduced resolution times, and a transformative approach to monitoring and analytics driven by machine-data.
- Discovery and CMDB DO NOT WORK in service context - They lack service awareness - Too many assets are discovered - Inability to easily categorize entities - Can’t get the data that matters o Do not have access to right data (inability to troubleshoot, no idea what to do when the light goes red - still go to another system/multiple systems of record) - Cannot see metrics, events and log data together - Aggregated and limited set of metrics gathered o Multiple different products integrated that lack deep integration between the parts - No continuous workflow - complicates the product
- 1. Every IT manager provides individual metrics that show great KPI’s but those don’t always translate into 99% uptime for a service. And KPI’s are typically associated with physical metrics of components. Are those the ONLY metrics you want to focus on for the health of your services? What about one’s from your applications, business processing, etc.? 2. Historically, if you attempted to model your services was it time consuming? What happens if you need to make a change? 3. Say users call and complain about a performance problem yesterday but most of your tools only tell you what is going on NOW. Wouldn’t it be nice to see trends and use historical data to develop a true baseline if there truly was a problem? Even use that historical data as indicators to catch problems before they happen, not after?
- Splunk’s IT SI represents a new approach to service intelligence Rather than bolting a mish-mash of products together, ITSI uses a data-driven approach (all data, across silos) Provides insights into the highest-visibility services-- the ones which directly impact business and operations with – personal, meaningful contextual visualizations. Provides sophisticated alerting mechanisms and workflow, to catch and mitigate problems early, before they impact customers Allows fast correlation across services & KPIs, to quickly determine root cause and reduce MTTR Deploys in days & weeks, rather than weeks & months It’s Scalable, flexible (schema on the fly) and continues to provide fast time-to-value
- 1. 2. 3. We’ll use a simulated failure scenario which a NOC might encounter We’ll show how to isolate a particular problem, from a NOC operator's perspective We’ll show how to significantly reduce MTTR and provide actionable alerts to avoid outages in the future
- A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- How can you leverage Splunk?