Learn about ways to improve you IT Operational Intelligence by using Splunk for troubleshooting, monitoring and service-level visibility. In this hands-on session we will cover recommended approaches for end-to-end troubleshooting and monitoring across applications, OSes, and devices to resolve problems faster, reduce downtime and improve user satisfaction and customer retention. Topics will include: monitoring critical services, using commonly deployed apps and TAs to gather data for IT infrastructure uses, and using of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
2. Session
Agenda
• Splunk
for
ITOps
-‐
IntroducFon
• Splunk
Apps
• Introducing
Splunk
IT
Service
Intelligence
• Wrap
Up
3. Disclaimer
3
During
the
course
of
this
presentaFon,
we
may
make
forward
looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cauFon
you
that
such
statements
reflect
our
current
expectaFons
and
esFmates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐
looking
statements
made
in
the
this
presentaFon
are
being
made
as
of
the
Fme
and
date
of
its
live
presentaFon.
If
reviewed
aSer
its
live
presentaFon,
this
presentaFon
may
not
contain
current
or
accurate
informaFon.
We
do
not
assume
any
obligaFon
to
update
any
forward
looking
statements
we
may
make.
In
addiFon,
any
informaFon
about
our
roadmap
outlines
our
general
product
direcFon
and
is
subject
to
change
at
any
Fme
without
noFce.
It
is
for
informaFonal
purposes
only
and
shall
not,
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obligaFon
either
to
develop
the
features
or
funcFonality
described
or
to
include
any
such
feature
or
funcFonality
in
a
future
release.
5. Snippets
from
Rick
Fitz
5
● how
can
we
organize
data
in
to
services
● how
can
we
show
the
machine
data
to
our
bosses
● work
together
as
one
● complete
view
of
criFcal
it
services
6. 6
Unified
insights:
data
integraFons
from
other
tools
11,000
to
100s
Reduced
incident
Fckets
Aler%ng
on
service
KPI’s
instead
of
server
performance
Usage
baselines
to
idenFfy
anomalies
Splunk
IT
Service
Intelligence
at
8. EscalaFng
IT
Complexity…
SERVERS
STORAGE
NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
IdenFty
VPN
IP
Phone
HR
Email
Finance
App
Svr
DB
Web
Svr
SaaS/PaaS
IaaS
9. …
Plaguing
IT
OperaFons
SERVERS
STORAGE
NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
IdenFty
VPN
IP
Phone
HR
Email
Finance
App
Svr
DB
Web
Svr
SaaS/PaaS
IaaS
Complex,
silo-‐based
technologies
Disconnected
and
outdated
point
soluFons
ReacFve
brute-‐force
problem
resoluFon
Over
80%
of
Fme
on
maintaining
not
innovaFng
10. Industry
Leading
Plaform
for
Machine
Data
Any
Machine
Data
Online
Services
Web
Services
Servers
Security
GPS
LocaFon
Storage
Desktops
Networks
Packaged
ApplicaFons
Custom
ApplicaFons
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search
and
Inves%ga%on
Proac%ve
Monitoring
Opera%onal
Visibility
Real-‐%me
Business
Insights
Opera%onal
Intelligence
11. Industry
Leading
Plaform
for
Machine
Data
Any
Machine
Data
Online
Services
Web
Services
Servers
Security
GPS
LocaFon
Storage
Desktops
Networks
Packaged
ApplicaFons
Custom
ApplicaFons
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search
and
Inves%ga%on
Proac%ve
Monitoring
Opera%onal
Visibility
Real-‐%me
Business
Insights
Opera%onal
Intelligence
Any
amount,
any
locaFon,
any
source
Schema-‐
on-‐the-‐fly
Universal
indexing
No
back-‐end
RDBMS
No
need
to
filter
data
12. Developer
Plaform
(REST
API,
SDKs)
The
Focus
12
ApplicaFon
Delivery
IT
OperaFons
Security,
Compliance,
and
Fraud
Business
AnalyFcs
Industrial
Data
and
the
Internet
of
Things
13. Turning
Machine
Data
Into
OperaFonal
Intelligence
Reac%ve
Search
and
InvesFgate
ProacFve
Monitoring
and
AlerFng
OperaFonal
Visibility
Proac%ve
Real-‐Fme
Business
Insight
13
14. TroubleshooFng
Find
and
fix
problems
faster
14
Reduce
MTTR
Improve
End
User
Experience
Reduce
Costs
Greater
IT
producFvity
15. TroubleshooFng
Find
and
fix
problems
faster
15
Reduced
MTTR
Improve
End
User
Experience
Reduce
Costs
Greater
IT
producFvity
No
more
grepping
through
logs
End-‐to-‐end
correlaFon
16. Monitoring
Find
and
fix
problem
before
it
becomes
a
problem
Increased
upFme
Trends
in
real
Fme
and
Historical
Data
Powerful
VisualizaFons
AlerFng
and
noFficaFons
18. Splunk
Apps
18
Plug-‐Ins,
Templates
and
Apps
Accelerate
Value
From
Machine
Data
No
rigid
schemas–
Add
in
data
from
any
other
source.
API
SDKs
UI
Server, Storage,
Network
Server
Virtualization
Operating
Systems
Custom
Applications
Business
Applications
Cloud
Services
App Performance
MonitoringTicketing/ and
Other
Web
Intelligence
Mobile
Applications
Stream
19. Apps
Provide
Deep
Insights
By
Role
Find
and
resolve
problems
fast
in
individual
technology
areas
Exchange
Admin
Service
Health
Performance
Message
tracking
VMware/Win/
Linux
Admin
Infrastructure
Health
Performance
Anomalies/Outliers
Storage
Admin
Infrastructure
Health
Performance
Anomalies/Outliers
21. What
We
Hear
From
Our
Customers!
21
“My
CIO
is
demanding
we
look
at
IT
from
a
business
service
perspecFve.”
“Splunk
is
great
for
break-‐fix,
but
I
need
to
show
we’re
meeFng
SLAs.”
“I
need
everyone
to
be
able
to
see
the
same
thing
at
the
same
Fme.”
“I
just
want
to
throw
data
at
Splunk
and
have
it
find
problems
for
me.”
“Show
me
what
my
data
can
do
for
me!”
25. What
is
a
Service?
Service
Requests
Responses
In
Splunk
ITSI,
a
Service
is
a
logical
group
of
technology
components
that
a
user
deems
need
to
be
monitored
together.
It
can
oSen
be
generalized
as
a
“black
box”
which
we
send
requests
and
expect
responses
26. What
is
a
Service?
DNS
Requests
Responses
Technical
Services
Auth
Requests
Responses
Web
Requests
Responses
Services
can
be
technology-‐centric…
27. What
is
a
Service?
DNS
Requests
Responses
Technical
Services
Customer
Transac%ons
Requests
Responses
Business
Services
Auth
Requests
Responses
Web
Requests
Responses
Support
Desk
Requests
Responses
…
and
business-‐centric
28. What
is
a
Service?
Packet
Network
Hypervisor
and
Hosts
RBMDBs
Storage
Tier
API
Services
Web
Services
Customer
Transac%ons
Mobile
API/
Middleware
Partner
Portal
DNS
Services
can
encompass
mulFple
Fers
of
the
IT
domain
and
may
also
depend
upon
other
services/micro-‐services
29. What
is
a
KPI?
DNS
Requests
Responses
KPI:
Number
of
requests
KPI:
Error
rate
KPI:
Average
response
Fme
KPI:
Servicer
CPU
load
KPI:
Server
network
I/F
errors
Customer
Transac%ons
Requests
Responses
KPI:
Number
of
transacFons
KPI:
Error
rate
KPI:
Average
response
Fme
KPI:
Count
of
Incident
Tickets
KPI:
SyntheFc
Transx
Health
KPIs
and
Health
scores
consFtute
the
means
by
which
Services
are
monitored.
30. Key
Performance
Indicators
(KPIs)
30
KPI:
A
Splunk
saved
search
defined
in
Splunk
ITSI
that
helps
monitor
a
specific
field
like
CPU,
Memory
and
so
on.
KPIs
are
contained
within
Services.
31. Service
Health
Scores
31
A
Health
score
is
a
score
from
0-‐100
that
helps
determine
the
health
of
a
Service.
It
is
calculated
based
on
all
KPIs
importance
and
its
status
once
every
minute.
33. Service
Analyzer,
Glass
Tables,
Deep
Dives
33
Service
Analyzer:
Auto
generated
filterable
and
Fled
view
of
Service
health
scores
and
KPIs
Glass
Tables:
Customizable
free
form
drawing
dashboards
to
view
health
scores
and
KPIs
of
choice
with
visual
tools
to
create
context
Deep
Dives:
Swim
lane
analysis
dashboard
to
show
all
those
indicators
over
Fme
for
invesFgaFons
34. MulF
KPI
Alerts,
Notable
Events
34
Mul%
KPI
Alerts:
Correla%on
searches
on
service
degrada%on
Notable
Events:
Event
framework
for
Mul%
KPI
Alerts
36. What
Makes
Splunk
ITSI
Different!
36
Search-‐Based
KPIs
• Easy
to
write,
manage
and
change
both
services
and
KPIs
• Reflects
business
and
technology
prioriFes
• Benefit:
Rapidly
generate
and
change
KPIs
to
align
service
health
with
business
• Fiserv
–
1000s
in
just
weeks
Full
Fidelity
Service
Health
• Adaptable
and
flexible
definiFons
of
service
health
• One
soluFon
to
go
seamlessly
from
service
reports
to
root
cause,
including
raw
data
• Remains
adaptable
and
yet
sFll
maintains
complete
historical
context
Universal
Data
Plaform
• Data
driven:
All
IT
data
including
events,
metrics
and
logs
• Schema
on-‐the-‐Fly
• Ask
any
quesFon
of
the
data
• Fast
Fme
to
value
• Data
fidelity
38. Why
Enterprises
Use
Splunk
for
IT
Opera%ons
Increased
Up%me
to
99.9%
Availability
Reduced
MTTR
from
2-‐3
days
to
few
minutes
Improved
Margins
by
protecFng
millions
in
ad-‐revenue
Consolidated
Tools
by
reFring
27
monitoring
soluFons
Op%mized
Capacity
by
saving
$500K
in
SW,
HW
&
licenses
Drives
Innova%on
with
usage
analyFcs
on
product
features
39. 39
Unified
insights:
data
integraFons
from
other
tools
11,000
to
100s
Reduced
incident
Fckets
Aler%ng
on
service
KPI’s
instead
of
server
performance
Usage
baselines
to
idenFfy
anomalies
Splunk
IT
Service
Intelligence
at
40. 40
Server-‐based
to
Services-‐based
monitoring
Top-‐down
and
deep-‐
dive
service
insights
200+
services
and
1500+
KPIs
monitored
Flexible
creaFon
and
modificaFon
of
services
and
KPIs
Aler%ng
on
service
KPIs
instead
of
server
performance
Real-‐Fme,
holisFc
and
proacFve
“client”
view
Splunk
IT
Service
Intelligence
at
41. Splunk
IT
Service
Intelligence
at
41
Replaced
home-‐
grown
tools
Real-‐%me
service
insights
to
LOBs
Reduced
%me
to
resolu%on