Copyright©2015SplunkInc.

GettingStartedwithITServiceIntelligenceNamanJoshiSnrSalesEngineer

Agenda

2

ITSICoreConcepts

3

WhatisaService?

Service RequestsResponses

InITSI,aService isalogicalgroupoftechnologycomponents thatauserdeemsneedtobemonitoredtogether.

Itcanoftenbegeneralizedasa“blackbox”whichwesendrequests,andexpectresponses

4

WhatisaService?

DNS RequestsResponses

TechnicalServices

Auth RequestsResponses

Web RequestsResponses

Servicescanbelowerlevel(technical)…

5

WhatisaService?

DNS RequestsResponses

TechnicalServices

CustomerTransactions

RequestsResponses

BusinessServices

Auth RequestsResponses

Web RequestsResponses

SupportDesk RequestsResponses

Servicescanalsobehigherlevel(business)…

6

WhatisaService?

PacketNetwork

HypervisorandHosts

RBMDBs

StorageTier

APIServices

WebServices

CustomerTransactions

Mobile

API/Middlew

are

PartnerPortal

DNS

ServicescanencompassmultipletiersoftheITdomain.Servicesmayalsodependupon otherservices

7

WhatisaKPI?

DNS RequestsResponses

KPI:NumberofrequestsKPI:ErrorrateKPI:Averageresponse timeKPI:ServerCPUloadKPI:ServernetworkI/Ferrors

CustomerTransactions

RequestsResponses

KPI:NumberoftransactionsKPI:ErrorrateKPI:Averageresponse timeKPI:CountofIncidentTicketsKPI:SyntheticTransxHealth

KPIsandHealthscoresconstitutethemeansbywhichServicesaremonitored.

8

KeyPerformanceIndicators(KPIs)

9

AKeyPerformanceIndicator(KPI)isaSplunksavedsearchcreatedwithintheITSIUIthathelpsmonitoraspecificfieldlikeCPU,Memory,NumberofErrors

andsoon. KPIsarecontainedwithinServices.

ServiceHealthScores

10

AHealthscoreisascoreform0-100(0beingcriticaland100beingnormal)thathelpsdeterminethehealthofaService.ItiscalculatedbasedonallKPIs

importanceanditsstatus(e.g.green,orange,red),onceeveryminute.

Let’sTalkEntities

11

● Entitiesaretherelevantcomponentsthatsupportaservice(oftenbutnotalwayshosts)

● Selectthecorrectentitieswithfilters,ANDs,ORs

● EntitylistcancomefromaCMDB,aspreadsheet,aSplunksearch…

ServiceDecomposition

12

ServiceDecompositioninITSI

13

CLICK“GlassTables”

ServiceDecompositioninITSI

14

CLICK(openinnewtab)“ButtercupGamesBusiness Process(INPROGRESS)”

ServiceDecompositioninITSI

15

CLICK(openinnewtab)“ButtercupGamesOnlineStore”

ServiceDecompositioninITSI

16

Identifyahigh-valuebusinessservice

ServiceDecompositioninITSI

17

Identifytheprocessflowandunderlyingsub-services(Web->Middleware->DB->Middleware->Web)

ServiceDecompositioninITSI

18

Foreachsub-service,identifyKPIsthatwillshowhealthandstatus(Requests,responsetime,errors,OShealth…)

ServiceDecompositioninITSI

19

ForeachKPI,defineaSplunksearch

ServiceDecompositioninITSI

20

ITSIDemo

21

ServiceDecomp:TheBusinessProcesses

22

ServiceDecomp:End-To-EndProcessFlow

23

NewRequirements!

24

● CreateanewKPIfortheDBService:● NetworkUtilization

● Modify theExecutiveGlassTableinordertoshowofftheservicesyouslaveover

“WEonlyhaveabout15minTODOWHAT???!!???”

Thinkabouthowlongthiswouldtakeyoutoday?

25

ConfigurationofDBService

Click Configure >Click Services

AKPIin5minutes?Absolutely!

26

ClickNew– GenericKPI

Select DataModel● HostOperatingSystem● Network● #bytes● Next

KPIsContinued….

27

SplunkBuildsSearchesforyou–OhYeah,that’shappeningJ

● Select Yesfor Splitby& Filteroptions● Select hostfor EntityLookup& Aliasoptions● Click Next

AlmostThere…

28

Select● KPISearchSchedule:EveryMinute● EntityCalculation: Average● Service/AggCalculation: Average● Calculation Window: LastMinute● Click Next

● Unit:Bps● Click Next

FinalSteps…

29

Setyourthresholds:● Aggregate (All)● PerEntity

● Click “Add Threshold”TWICE● MaketheNeapolitanicecreamcolors

Yellow,Green,Yellow● Dragthesliders aroundinordertoget

thecurrentdatagraphentirelyinside theGreen(normal) band

● Click Finish● Otheroptions arealsoavailable,

including adaptivethresholds andanomalydetection

AdaptiveThresholds

30

WhatifyourKPIdatalookslikethis?

31

AdaptiveThresholdsStaticthresholds willnotwork…

32

AdaptiveThresholdsAdaptiveThresholding worksbeautifullywithcyclical(andotherdynamic)data

AnomalyDetection

33

● MachineLearning

● Workswellfordatawithpatterns

● Requiressome“training”(trial&error)tozeroinonbestsensitivity

ITSIDemo–Troubleshooting

34

NamethatKPI!

35

FromthelistofKPIs,selectyournewone(atthebottom)● Clickonthelittlepencilnexttothename● Callit“NetworkUtilization”,

withyourusernameupfront

● ClickonSave atbottomrightwhenfinished!

Let’sFixthatGlassTable

36

ClonetheGlassTable

37

ReturntoSavedGlassTablespage(click onGlassTablesintheuppermenubar)

CLICKEdit for“ButtercupGamesBusiness Process(INPROGRESS)”• Select Clone• Title:Add yourusername

tothefront• Permissions:SharedinApp• Click ClonePage

• Click onyournewGlassTablefromthelist,toviewit

Edit&HaveFun!

38

ClickonEdit intheupperrightcornerofyourGlassTable

Usethe“Services”panelonthelefttoselectIndividual KPIs,or Aggregate ServiceHealthScores• Choose 2KPIsfromOnline Store thatwouldbeuseful in

the“OrderProcess”section• Dragtheselectedwidgetsontothecanvas,positioning in

thegrayoval

• What’s thedifferencebetweenthe

and toolsatthetopleft?

MoreFunwiththeGlassTableEditor…

39

UsetheConfigurations panelontherighttoeditaselectedwidget• Canchangethevisualization type,drilldown

behavior, andothersettings

• Youshould hitSave frequently• IwonderwhatAutoLayoutdoes?• (YIKES!)RevertAllChangesmightbehelpful

Finishingup…

40

• AddaServiceHealthScorewidgetforOnlineStoreunder Buttercup

• Choose aVizTypewithasparklinegraph,thenresizetomakeitlookpretty

• Modify theCustomDrilldownactiontogotothesavedglasstable,ButtercupGamesOnline Store

• BonusPoints:Makethelabelbigger,morereadable

• Click Save• View whendone

ATroubleshootingExercise

41

Let’suseITSItotroubleshootanoutage● StartatyourGlassTable,“<UserName>ButtercupBusiness Process”● CustomerCarereportsthatunhappy customersarecomplaining offailures

andlongdelayswhentryingtopurchase● Thecallsbegancominginataroundtenminutesafterthehour.● IntheupperrightcorneroftheGlassTable,changethetimepickerfromNow

toXX:10:00.0,whereXXistheappropriatehour.Forexample,ifitiscurrently14:05,setthetimepickerto13:10:00.0,thenApply

● Thisishowwecan“timetravel”backtoseeconditions ataparticularoutage– ohyeah!

ATroubleshootingExercise,cont’d

42

● TheOnline Storeseemstobedegraded,justasCustomerCarereported.Clickonthewidgetunder Buttercuptodrilldown further

ATroubleshootingExercise,cont’d.

43

● TheOnline StoreGlassTableshows amuchmoredetailedview,including theimpactedcustomer-facingKPIsatthefarleft(Revenue,etc)

● Basedonthisviewofalltherelevantservices,wheredoyouthink therootcauselies?

● Which serviceshouldwetroubleshoot first?● ClickonHealthwidgetforthatservice, to

drilldowntoaDeepDive

DeepDive

44

● DeepDiveshowsmultiple KPIsandHealthScoresinparallel“swimlanes”.

● TheHealthScoreforthisServiceisthetopswimlane.Canyouseewhenitbeginstodegradefrom100%?

● Mousing overthispointintime,canyouspottheKPIwiththeleadingfaultindication, i.e.,whatfailedfirst?

Multi-KPIAlertsandNotableEvents

45

● Click onNotableEventsReview● MultipleKPIsandHealthscorescan

becombinedinsophisticatedwaystocreateMulti-KPIalerts

● WhenaMulti-KPIalertfires,oneoftheoutcomesisthecreationofaNotableEvent

● NotableEventsallowNOCpersonnel andotherstotriageandcoordinateeventmanagementefforts

ServiceAnalyzer

46

● Click onServiceAnalyzer> DefaultServiceAnalyzer

● Backwherewestarted!● Thisviewshows a“no-frills” listof

services (top)andhottestKPIs(bottom)

● Provides aquickjumping offpointintoDeepDivesandtheNotableEventsReview

● Itisuseful forNOCs andotherswhoneedahigh-levelsituationalview

WrapUp- Review

47

● High-valueservicescanbedecomposed andmodeled inITSI,usingmachinedatafromtherelevantsystems

● Services andKPIs canbecreatedinminutes,withsophisticatedthresholdingtechniques todistinguish “normal”from“notnormal”

● GlassTablesallowservicehealthandKPImetricstobedisplayedinawaythatmakessensetospecificgroups, suchasExecutiveLeadership,BusinessServiceOwners,theNOC,DevOps&Others

● DeepDivesallowKPIstobecomparedside-by-sideacrossanytimerange,acceleratingrootcauseanalysisandsignificantly reducingMTTR

● Multi-KPIAlertsandNotableEventsreducealertnoise,producing actionableeventsandameanstomanagethem

● …andit’sfuntobuild!

Wanttoexploreonyourown?

48

Signupforyourveryownseven-dayfreesandbox!http://splunk.com/ITSI

Thenclick:

You’llfindaSandboxGuideintheDashboards!IntheITSIappofyoursandbox, gotoSearch>Dashboards>ITSISandboxGuide

NorthernCalTechTalks!MonthlyWebExSessions• TedTalk stylepresentation• Q&AChatforum

Sowhat’snextontheagenda?• April20th@10AMPST- Top5mostuseful

searchcommands.• May18th @10AMPST– SplunkforIT

ServiceIntelligence

Seemoreat:http://live.splunk.com/NorCalTechTalks

50

SEPT26-29,2016WALTDISNEYWORLD,ORLANDOSWANANDDOLPHINRESORTS

• 5000+IT&BusinessProfessionals• 3daysoftechnicalcontent• 165+sessions• 80+CustomerSpeakers• 35+Apps inSplunkAppsShowcase• 75+TechnologyPartners• 1:1networking:AskTheExpertsandSecurityExperts,BirdsofaFeatherandChalkTalks

• NEWhands-on labs!• Expandedshowfloor,DashboardsControlRoom&Clinic,andMORE!

The7th AnnualSplunkWorldwideUsers’Conference

PLUSSplunkUniversity• Threedays:Sept24-26,2016• GetSplunkCertifiedforFREE!• GetCPE creditsforCISSP,CAP,SSCP• Savethousands onSplunkeducation!

A flying start to Service Intelligence

Start With A problem worth solving

Collaborate with Subject Matter Experts

Design Before Configuring

SignUpHere- We’reHereToHelp!Harnessthecreativityanddomainknowledgeofyourorganizationtounlockthevalueofdataandsolveanimportantserviceproblemthroughajoint

serviceintelligenceworkshopwithkeystakeholders

Definemethodsfor:

• Proactiveservicemonitoring

• Reducedriskandfailures

• Fasterissueresolution

• Increasedbusiness

performance

Whatisit?

• 1DayOnsiteWorkshop

• Tightlylinkedwithvalue

• Collaborativeapproach

• BuildyourownSplunk

ITSIGlassTable……

ThankYou