Die vorausschauenden Möglichkeiten des Machine Learning Toolkits (MLTK)zusammen mit ITSI's Event Analytics Fähigkeiten ermmöglichen es Operations Teams, proaktiv auf Events zu reagieren, bevor es zu einem Ausfall kommt. Diese Session befasst sich im Detail damit, wie Sie Splunk ITSI mit dem MLTK kombinieren, um einen Service Health Score vorherzusagen und es über Ihren Unternehmens-Messenger, z.B. Slack, mitzuteilen. Wir werden auch komplexe Suchkomandos zeigen, die Sie für besseres Incident Management nutzen können.

1. © 2019 SPLUNK INC.© 2019 SPLUNK INC.
Predictive, Proactive,
and Collaborative ML with
IT Service Intelligence
Creating Actionable and Predictive Alerts
Through Analytics
Dr. Siyka Andreeva | ITOA Specialist
René Siekermann | ITOA Specialist
26th of March 2019

2. © 2019 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward-looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved.
Forward-Looking Statements

3. © 2019 SPLUNK INC.
1. Why You Need to Stop Being Reactive
2. Data and Machine Learning: How to Get
to a Predictive IT
3. Collaborate and Remediate with
VictorOps
4. Demo
Agenda

4. © 2019 SPLUNK INC.
Why You Need to Stop
Being Reactive

5. © 2019 SPLUNK INC.
The Cost of an Incident
Customer
Satisfaction
Brand
Reputation
Line of
Revenue
*According to “Damage Control: The Impact of Critical IT
Incidents”
$ 141,628
the mean business
cost of an IT incident

6. © 2019 SPLUNK INC.
Predict and Prevent Operational Issues with AI
$ Impact
Proactive
(add logs and metrics)
Effective
$ Impact
Existing
Events
Cost of
Impact
Reactively Alerted
MTTR
Automated Resolution
MTTR
MTTR
Splunk ML Alert

7. © 2019 SPLUNK INC.
Predict and Prevent Operational Issues with AI
$ Impact
Predictive
Proactive
(add logs and metrics)
Effective
$ Impact
Existing
Events
NEGATIVE
MTTR!!
Predict 30 Minutes
in Advance
Time
Return to
Business
Cost of
Impact
Reactively Alerted
MTTR
Automated Resolution
MTTR
MTTR
Splunk ML Alert

8. © 2019 SPLUNK INC.
Data and Machine
Learning: How to Get
to a Predictive IT

9. © 2019 SPLUNK INC.
Where Does Data Come From?
Machine Data
Synthetic APM
Application Code
Code
Deployment
Network
Change Records
Server Changes
Byte Code
Instrumentation
ML Adaptive
Thresholding
Server
Storage
Service Intelligence
Metrics
Events
IP Creation
Events
ApplicationLayerInfrastructureLayer
Human Data

10. © 2019 SPLUNK INC.
Use Splunk ITSI Provide flexible dependency
service mapping for
interactions at scale
Leverage a platform to
build out KPIs that
ensure repeatability for
consistency and allows
aggregation and per
entity KPI values
Ease the burden of
cleaning data
What Do I Do With It Now

11. © 2019 SPLUNK INC.
What Do I Do With it Now?
Get a bunch of data
consistently moving
through time in ITSI’s
Service Health Scores
and KPIs
1
Use a bit of time shifting
SPL to move the
Service Health Score so
you can predict the
future
2 Build a model and
operationalize with ITSI3

12. © 2019 SPLUNK INC.
Domain
Expertise
(IT, Security…)
Data Science
Expertise
Splunk
Expertise
Skill Areas for Machine Learning at Splunk
MLTK
Splunk ML Toolkit
facilitates and simplifies
via examples & guidance
Premium solutions
provide out of the box
ML capabilities.
ITSI,
UBA
• Statistics/math background
• Algorith selection
• Model building
• Identify use cases
• Drive decisions
• Understanding of business impact
• Searching
• Reporting
• Alerting
• Workflow

13. © 2019 SPLUNK INC.
Getting Answers From Your Data!
Anomaly Detection
• Deviation from past behavior
• Deviation from peers
• Unusual changes in features
• ITSI MAD Anomaly
Detection
Predictive Analytics
• Predict Service Health Score
• Predicting churn
• Predicting events
• Trend forecasting
• Detecting influencing entities
• Imminent outage prediction
• ITSI Predictive Analytics
Clustering
• Identify peer groups
• Event correlation
• Reduce alert noise
• Behavioral analytics
• ITSI Event Analytics

14. © 2019 SPLUNK INC.
Machine Learning in ITSI
MACHINE LEARNING
Internal
Machine
Learning
Adaptive Thresholds
Anomaly Detection
Cohesion Detection
Predictive Analytics,
ITSI 4.0
Internal
Machine
Learning
Clustered Notable
Events
Automated Actions
Assisted Deep Dive
Investigation
Application
logs
Network logs
Metrics*
Server logs
Any Time
Series in
Splunk
INTELLIGENCEKPIs
MLTK Customization

15. © 2019 SPLUNK INC.
What’s New in ITSI in 4.0
Predictive Analytics
Predict imminent service degradation
30-45 minutes in advance
Detect which KPI might be responsible
for service degradation, and how
values are likely to change in the next
30-45 minutes through automatic
probable root cause analysis

16. © 2019 SPLUNK INC.
ITSI + MLTK
► Leveraged the ITSI
and Sophisticated
Machine Learning Blog
► Everything else
customize
MLTK
► Engage with the
Splunk ML Advisory
Program
► Multiple business rules
ITSI 4.0
► ITSI 4.0 now includes
this as a turn key
feature!
► Saves a TON of time
getting to an outcome!
Machine Learning at Splunk
Time + Effort for One Use Case!
+

17. © 2019 SPLUNK INC.
Version each
model you create
Ensure your Service
Health Score is aligned
with known incidents
Ensure
thresholds are set
properly in ITSI
Validate regular
expressions are
capturing correct
values
Make your KPIs
as granular as
possible
Customer ML Tips and Tricks
Predictive Analytics

18. © 2019 SPLUNK INC.
AIOps With Splunk IT Service Intelligence
REDUCE NOISE | REDUCE INCIDENT VOLUME | DECREASE MTTR | INCREASE PRODUCTIVITY
Automatically
alert and notify
the right teams
of the incidents
to take actions
Teams are
notified of the
potential issues
BEFORE they
turn red
Automate
runbooks for
known issues
Alerts correlated across the stack and
prioritized and presented by Service Impact
Machine Learning
Multiple Data
Sources

19. © 2019 SPLUNK INC.
Collaboration and
Remediation with
VictorOps

20. © 2019 SPLUNK INC.
When these products find
broken stuff, they send the
information to VictorOps
VictorOps processes the
stream of event data
VictorOps engages the correct
people to collaboratively solve
the problem
Connect Your Experts with the Right Information

21. © 2019 SPLUNK INC.
TROUBLESHOOTING
MEANINGFUL
ALERTS
Event Analytics
• Reduce Event Noise
• Reduce High Priority
Tickets
• Increase Mean Time
Between Failures
From Monitoring to Collaborative Incident Response
ITSI and VictorOps offer complementary value
Service Insights
• Reduce Mean Time
to Resolution (MTTR)
• Single and Correlated
View of IT and Business KPIs
• Predict and Prevent
Imminent Outages
• On-Call scheduling made simple
• Centralized visibility to alerts
• Customizable Rules and Logic
to automate alerting
• Post-Incident Reviews
and Reporting
• Actionable Mobile Application

22. © 2019 SPLUNK INC.
Demonstration

23. © 2019 SPLUNK INC.
Put AI at the Heart of Your Operations
Splunk ITSI for AIOps
Processed events 8 minutes
faster, on average
15% improvement in SLA
performance
Reduced the number
of IT incidents fivefold,
decreased MTTR
by 65%
Predicted their Service
Health Score’s impact
20-30 minutes into
the future
Effective Proactive Predictive

24. © 2019 SPLUNK INC.
Predict
ITSI and Sophisticated
Machine Learning
Forecast
Statistical Anomalies and
Forecasts (Parts 1,2,3)
Collaborate
Resources
How-To Blogs at Your Disposal

25. © 2019 SPLUNK INC.
What to Remember
and Where to Go if
You Fell Asleep
Key
Takeaways
1. Splunk ITSI provides out of the box KPI Prediction
capabilities
2. Use Machine Learning through MLTK to build
custom prediction models for a repeatable ability to
Predict Service Health
3. Splunk ITSI allows for Rapid Service, KPI, Entity
creation and alerting
4. VictorOps makes on-call suck less through
collaboration and improves the Mean Time to
Remediate Availability Impacting Situations
5. Read the blogs!

26. © 2019 SPLUNK INC.
Questions?
Please feel free