Upload
vokiet
View
217
Download
0
Embed Size (px)
Citation preview
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
Splunk IT Service IntelligencePresentation Subhead (on two lines, if you need it)
Presenter’s Name | Title & Specialization
Date | Location
© 2017 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward-looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.
Forward-Looking Statements
THIS SLIDE IS REQUIRED FOR ALL 3 PARTY PRESENTATIONS.
© 2017 SPLUNK INC.
Challenges Facing Today’s IT
High cost of IT Operation
Inefficient use of resources
Lower customer satisfaction
Lost revenue
$$
$
© 2017 SPLUNK INC.
Desired Outcomes for IT Operations
Reduce tool complexity and
costs
Become more predictive and preventative
Use resources efficiently
Optimize the consumer experience
© 2017 SPLUNK INC.
▶ The way many in IT think of their world
▶ Each layer is a silo
▶ A dedicated team of experts (with domain tools) focus just on the health of that layer
▶ Their view of the health of that layer is based on the aggregated health of each component in the layer
▶ If 2 out of 100 DBs are struggling, you’re still having a good day
How IT Operates Today: IT Stack POV
Physical Server (Dell, HP, CISCO blades or servers)
Guest OS (Windows/Linux/*Nix)
Database (Oracle, SQL Server, MySQL)
Hypervisor (ESX, HyperV, Citrix)
Web Server (Apache, TomCat)
App Server (WebLogic, JBoss EAP, WebSphere)
Applications, business/mission services
SAN/NAS Storage (EMC, NetApp)
Network
© 2017 SPLUNK INC.
▶ The aggregated health of the layer is irrelevant
▶ Dependencies now matter
▶ The health of the app depends on the health of each component of each layer that that app depends upon
▶ If your app depends on 1 or more of those 2 struggling DB servers, you’re about to have a bad day!
▶ What about those VMs that are red?
What’s Needed: Service/App POV
Physical Server (1,2,3,4,5,6,7,8,9,10…N)
Guest OS (1,2,3,4,5,6,7,8,9,10…N)
Database (1,2,3,4,5,6,7,8,9,10…100)
VM/Hypervisor (1,2,3,4,5,6,7,8,9,10…N)
Web Server (1,2,3,4,5,6,7,8,9,10…N)
App Server (1,2,3,4,5,6,7,8,9,10…N)
Service/App Claims
SAN/NAS Storage (1,2,3,4,5,6,7,8,9,10…N)
Network
Status
100%
100%
98%
100%
95%
100%
100%
100%
Outage!
© 2017 SPLUNK INC.
Rethink and Improve How IT OperatesUsing Artificial Intelligence for IT Operations
Traditional IT
▶Structured data
▶Brittle tools and integrations
▶Obsession with “faults” and “traps”
▶Focus on components parts
▶Search oriented
Data-Driven IT
0101101
0010101
▶Structured and unstructured data
▶Robust data integrations
▶Real-time insights from big data
▶Focus on the whole service
▶Machine learning-driven analytics
© 2017 SPLUNK INC.
What Is Service Intelligence?
Enabling a business-aware ITMeasuring and reporting on indicators that matter
Unlocking operational efficienciesCollaborating across silos to improve service operations
Data-based decision makingSolving problems and anticipating pitfalls with sophisticated
analytics and powerful insights
© 2017 SPLUNK INC.
Connecting the “Data Dots” for Service Intelligence
Business-
driven IT
Root-cause
analysisInvestigationIncident
triage
Incident
detection
Maintain high service levels and availability, prevent
outages and recover quickly when things break down
Improve productivity and share understanding of
business service criticality, impact and incident
Monitor, visualize and present real-time insights into
service health against KPIs to drive operational and
business decisions
Service
restoration
Unlocking operational efficiencies
Business-aware IT
Data-driven decisions
© 2017 SPLUNK INC.
Artificial Intelligence for IT Operations
Powered by machine learning and analytics for real-time service insights,
simplified operations and root-cause isolation
© 2017 SPLUNK INC.
Splunk ITSI: Multiple Use Cases, One Solution
SERVICE INSIGHTS EVENT ANALYTICS
Service health scores
calculated from KPIs
Baseline KPI trends based
on operational patterns and
identify abnormal conditions
Organized view of KPIs
and trends for fast triage
and analysis
Deep insights into
technology domains to
speed investigation
Machine learning to reduce
noise and find alerts on root
causes of issues
Initiate incident response
and remediation actions
Service insights on events to
prioritize triage and
investigation
Sophisticated analytics and
incident workflow to
automate managing events
© 2017 SPLUNK INC.
Breadth of Machine Learning CapabilitiesMake IT Effective, Proactive and Predictive
Dynamic Thresholding
Thresholds adapt in real time
Trend and alert on anomalous
behavior
Prevent service degradation
Event Clustering
Detect and highlight the
events that matter
Prioritize events that need
action taken
Anomaly Detection
Alerts triggered automatically
by anomalous activity
Incident responders can see
across all silos to find a
quicker MTTR
Prediction
Predict outages and anomalies
before they occur
Act on these predictions so
your services are not affected
Platform for Machine Data
© 2017 SPLUNK INC.
▶ Effective
• Respond to alerts associated together using Machine Learning clustering
• Provide starting point or inference for business-impacting event cause
▶ Results
• Reduce employee churn
• Increase of time investment for strategic projects
▶ Example
• Leidos decreased event noise 95-98%
• 3,500-5,000 alerts per day down to 100-200 actionable events
Effective Clustering: Order from Chaos
© 2017 SPLUNK INC.
Event Analytics – Become More Effective
$ Impact
Time
Effective
Impacting
Fault
Events
ExistingNOC alerted
Splunk Event Analytics
MTTR
MTTR
© 2017 SPLUNK INC.
▶ Proactive
• Respond to alerts with Service Context
• Engage the right IT partners the 1st Time for faster resolution
• Engage in the automation (self healing) of high fidelity/high confidence incident
▶ Results
• Respond to alerts with Service Context
• Engage the right IT partners the 1st Time for resolution
• Engage in the automation (self healing) of high fidelity/high confidence incident
▶ Example
• Molina Healthcare gained visibility and correlation across its stack, which reduced the number of IT incidents by 30-45% and MTTR by 70-90%.
ProactiveAnomalies in the Now
© 2017 SPLUNK INC.
Move to a Proactive Posture
$ Impact
Time
Effective
Proactive
(add logs and metrics)
Impacting
Fault
Events
ExistingNOC alerted
Splunk ML Alert
Automated
Resolution
MTTR
MTTR
MTTR
© 2017 SPLUNK INC.
▶ Predictive
• Predict your Services Health Score ~ 30min into the FUTURE
• Leverage Key Performance Indicators (KPIs) and Dependency Modeling
• Respond to business-impacting events BEFORE they CAN occur
▶ Results
• Reduction in MTTR, problems and changes
• Provide the business early warning of revenue-impacting events
• Instill confidence in the business for operations teams
• Re-invest time given back to team in the organization’s strategy
▶ Example
• Your organization!
PredictiveIt’s Like We Know the Future
© 2017 SPLUNK INC.
Prevent Incidents From Occurring
PredictiveNO MTTR !!
$ Impact
Time
Effective
Proactive
(add logs and metrics)
Events
ExistingNOC alerted
Splunk ML Alert
Automated
Resolution
MTTR
MTTR
MTTR
Cost of Impact
Time Return
to Business
© 2017 SPLUNK INC.
Clustered Notable Events
Automated Actions
Assisted Deep Dive Investigation
Machine Learning in ITSI
ANOMALY DETECTION
MachineLearning
Adaptive Thresholds
Anomaly Detection
Cohesion Detection
MLTK Customization
MachineLearning
Application
logs
Network logs
Metrics*
Server logs
Any Time
Series in
Splunk
Other Events & Alarms
INTELLIGENCEKPIs
Custom from MLTK
© 2017 SPLUNK INC.
95-99% reduction in event noise, taking 3,500-5,000 down to 50-200 actionable
events
Reduce the number of IT incidents by 30-40%,
decrease MTTR by 70-90%
Predict their Service Health Score’s impact 20-30 minutes into the future
Splunk Customer Examples
Effective Proactive Predictive
© 2017 SPLUNK INC.
▶ Visualize contextual inter-relationships across service delivery components
▶ Illustrate business and service activity using indicators aligned to strategic goals
▶ Drive decisions by monitoring service health against performance indicators
▶ Create sophisticated dashboards in minutes
Personalized Visualizations of Your Services
© 2017 SPLUNK INC.
▶ Organize and correlate KPIs to speed up investigations and diagnosis
▶ Compare performance over time and in real time to understand trends and identify issues
▶ Enable broad and deep investigation with contextual drill-downs
▶ Investigate anomalous activity in your KPIs to proactively address emerging issues
Organized View of Performance Indicators
© 2017 SPLUNK INC.
▶ Get early warning of emerging incidents with a heat map of service health and KPI scores, metrics, sparklines and alerts
▶ Drill down into service and entity details for in-depth triage
Real-Time View of Service and KPI Health Scores
© 2017 SPLUNK INC.
Insights Into the Origin of Service Disruptions
Profile an entity to troubleshoot
outages and service degradations
Identify contributing services and
entities of the worst performing KPIs
© 2017 SPLUNK INC.
Correlation Rules Generate Notable Events
Run predefined correlation searches against learned indicators to
generate notable events based on status and composite scores
© 2017 SPLUNK INC.
▶ Reduce event clutter and false positives with multivariate anomaly detection
▶ Use machine learning Smart Mode to group related events and generate human-scale alerts
▶ Create custom aggregation policies to filter event noise
▶ Easily sift through events by filtering, tagging and sorting
▶ Enrich and add context to events to prioritize investigation and ensure business-service availability
Sophisticated Event Analytics
© 2017 SPLUNK INC.
1Risk-based security
Fast Incident Review and Investigation
Triage notable events by criticality, trigger new alert actions and
automatically initiate defined incident and remediation responses
© 2017 SPLUNK INC.
Machine Learning Made Mainstream
Adaptive Thresholds Anomaly Detection Event Correlation
Manage and maintain KPI thresholds by dynamically adapting to changing operational patterns
Catch issues that thresholds can’t—baseline normal operations and alert on anomalous conditions
Reduce event clutter, false positives and rules maintenance by auto-grouping related events
© 2017 SPLUNK INC.
Baseline Operational Patterns and Adapt Thresholds
Use machine learning to dynamically
adapt KPI thresholds by time
Maintain and preserve learned thresholds
to monitor KPI and service behavior
© 2017 SPLUNK INC.
Detect Normal and Abnormal Behavior
Baseline normal operations and
alert on anomalous conditions
Identify abnormal trends and
patterns in KPI data
© 2017 SPLUNK INC.
Reduce Event Clutter
Elicit patterns and real-time correlations to cluster and group relevant
events with easy-to-use and sophisticated machine learning algorithms
© 2017 SPLUNK INC.
Integrate With Existing Incident Workflows
Automatically initiate
defined incident and
remediation responses
Leverage inbuilt integrations
with ServiceNow, BMC
Remedy, xMatters, PagerDuty
to initiate incident resolution
Easily build custom integrations,
execute remedial actions and
extend functionality with
powerful APIs
© 2017 SPLUNK INC.
▶ Fast-track data collection without costly add-ons, customizations and manual configurations
▶ Gain deep service-oriented insights with built-in dashboards
▶ Simplify creation and deployment of third-party and custom modules
Deep Service-Oriented Insights Into Technology Domains
© 2017 SPLUNK INC.
Reduce the Administrative Hurdle
Enable mass changes to thresholds and searches with templates,
reducing the number of searches and improving performance
Set services and entities into “maintenance” to suppress alerts and
accurately reflect health scores
Create highly available Splunk ITSI environments, revert configurations
to previous versions and ensure continuous delivery
Manage granular permissions and authorize access to various views
Fast Search
Performance
Maintenance
Windows
Backup and
Restore
Role-Based
Access Controls
Eliminate manual rules management with built-in machine learning to
group related events and establish normal vs. abnormal patternsML-Powered AI
© 2017 SPLUNK INC.
Operational Intelligence
Proactive
Monitoring
Search and
Investigation
Operational
Visibility
Real-Time
Business
Insights
Enterprise
Scalability
Splunk IT Service Intelligence
▶ Visualize entire tech stack – bare metal through business layer
▶ View the entire ecosystem with customized views for execs
▶ Apply context to events to prioritize investigation based on impact
Dynamic Service Model
Machine Learning▶ Adaptive threshold automation to minimize false alerts
▶ Behavior anomaly alerts to proactively address issues
▶ Automatic correlation of data into intelligence, mitigating SME dependency
▶ Accelerators minimize SPL coding
▶ Trend aggregation to enable rapid visualization
▶ Multi KPI Alerts for proactive irregularity identification
Search-Based KPIs
▶ Time Series Index
▶ Schema on Read
▶ Handle any and all data
Platform for Operational Intelligence
© 2017 SPLUNK INC.
Built on a Scalable Platform
Universal Data PlatformSchema on-the-Fly Agile reporting, analytics
and visualizations Desktop to Datacenter
Reliably collect, index and
store any type of data, at
any volume, from tens of
thousands of sources, in
real time
Apply structure to data
at search time, enabling
customizable pivots on
any and ALL data
Flexible, easy-to-use
interface to create ad hoc
reports and custom
dashboards for IT and
business users on-the-fly
and on demand
Operate in a single
datacenter or globally
across multiple
datacenters, on-premises
or in the cloud
© 2017 SPLUNK INC.
Unified Insights for Data-Driven Actions
From Data to
IntelligenceMathematical
SophisticationReduced ComplexityFull Fidelity Service
Health
Deliver actionable intelligence
to IT and the business with
service insights and event
analytics
Apply data science and
sophisticated algorithms for
an analytics-driven IT
operations
Fewer tools, fewer
administrators and reduced
infrastructure capacity
Move seamlessly from
business service reports to
investigation to remediation
© 2017 SPLUNK INC.
Unified Insights for Data-Driven Actions
Simplified rules
managementMachine Learning
Improved incident
workflowsService Context
Eliminate command-line
rules configurations and
JavaScript vulnerabilities
Alert on anomalous
conditions based on
operational baselines to
reduce event clutter
Use built-in integrations into
incident management tools
with powerful APIs to
enable custom integrations
Deliver context on events
to prioritize alerts and
events based on business
impact
© 2017 SPLUNK INC.
Splunk ITSI for Event AnalyticsSimplify Your Operations With Artificial Intelligence and Service Context
Find and fix the most
important issues
Transform IT operations with
machine learningGet a full view of your IT
environment
Service Context Artificial Intelligence Scalable Platform
Reduce time-to-resolution on
business-critical services
Enable IT with intelligence for
data-driven decisions
Share customized insights across the
enterprise to enable business-centric IT
Contextualize and prioritizeSeparate valuable signal
in noise
Respond collaboratively
and simplify operations
10010010100010
01010011001101
0110010111000110
11010111010101100010011101011000
© 2017 SPLUNK INC.
Splunk IT Service IntelligenceData-driven service monitoring and analytics
Splunk IT Service Intelligence
Time-Series Index
Platform for Operational Intelligence
Dynamic
Service Models
Schema-on-Read Data ModelCommon
Information Model
At-a-Glance
Problem Analysis
Early Warning
on DeviationsEvent Analytics
Simplified Incident
Workflows
© 2017 SPLUNK INC.
▶ Reduced time-to-investigate and resolution withreal-time insights
▶ Reduced incidents across global auctions by 90%
▶ Improved end-user experience and service reliability
▶ Scaling the implementation with Splunk Cloud
Real-Time Car Auctions Delivered With Intelligence
“With Splunk ITSI, we have proactive infrastructure monitoring to ensure a consistent level of customer service for interested buyers to bid on cars.”
– VP Technology Application Development & Operations, Cox Automotive
ONLINE SERVICES – CLOUD SOLUTIONS, IT OPERATIONS
© 2017 SPLUNK INC.
▶ Ability to monitor network resources leads to improved service delivery
▶ Greater customer satisfaction via service-centric health reporting, end-to-end visibility and advanced analytics to detect patterns, anomalies and trends
▶ More efficient IT operations with full visibility into complex processes
AdvancedMD: Strengthening Customer Satisfaction
“Splunk ITSI ensures customer satisfaction by giving us service-centric health reporting, end-to-end visibility and advanced analytics to detect patterns, anomalies and trends.”
– Director, Platform Operations, AdvancedMD
HEALTHCARE – IT OPERATIONS, BUSINESS ANALYTICS
© 2017 SPLUNK INC.
▶ Improved service accessibility, reliability and security
▶ Enhanced ability to troubleshoot persistent service problems
▶ Gained end-to-end visibility into overall IT performance
Improved Satellite Operations With Real-Time Infrastructure Visibility
“Using Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously. This has directly led to improvements in areas such as troubleshooting and security awareness.”
– Daniel Nye, CTO, Surrey Satellite
TECHNOLOGY – IT OPERATIONS
© 2017 SPLUNK INC.
▶ Enhanced service reliability and incident response
▶ Ease and flexibility in creating business level dashboards ad hoc and on-the-fly
▶ Integrations with BMC Remedy to simplify incident response and action
▶ Tracing business transactions end to end
FINANCIAL SERVICES – IT OPERATIONS
Modernizing Enterprise Monitoring at the International World Development Bank
Financial
Services
© 2017 SPLUNK INC.
▶ Reduce time-to-resolution
• Consolidated services view across entire IT infrastructure
▶ Identify anomalous activity and ensure governance
• Adaptive thresholds and alerts improve security posture
▶ Proactively improve customer experience
• Comprehensive analytics to reduce service disruption
TECHNOLOGY – IT OPERATIONS
Supporting, Monitoring and Securing Services 24/7
© 2017 SPLUNK INC.
▶ Unified insights: data integrations from other tools
▶ Reduced incident tickets
▶ Usage baselines to identify anomalies
Splunk IT Service Intelligence at Vodafone
“Splunk IT Service Intelligence gives Vodafone a real-time understanding of how our services are performing overall and at the more granular level.”– Oliver Hoppe, solutions architect, Vodafone
COMMUNICATIONS – IT OPERATIONS
© 2017 SPLUNK INC.
▶ Server-based to
services-based
monitoring
▶ 200+ services and 1,500+ KPIs monitored
▶ Alerting on service KPIs instead of server performance
FINANCIAL SERVICES – IT OPERATIONS
Splunk IT Service Intelligence at
▶ Top-down and deep-dive service insights
▶ Flexible creation and
modification of services
and KPIs
▶ Real-time, holistic and proactive “client” view
▶ Server-based to
services-based
monitoring
▶ 200+ services and 1,500+ KPIs monitored
▶ Alerting on service KPIs instead of server performance
FINANCIAL SERVICES – IT OPERATIONS
Splunk IT Service Intelligence at Fiserv
▶ Top-down and deep-dive service insights
▶ Flexible creation and
modification of services
and KPIs
▶ Real-time, holistic and proactive “client” view
© 2017 SPLUNK INC.
▶ Operational visibility and real-time views into enterprise infrastructure and application management
▶ Comprehensive insight into business intelligence and performance metrics
▶ Tracking call center management
▶ MTTR, customer service and troubleshooting
Molina Healthcare: Splunk ITSI as Platform for Multiple Use Cases
“You can derive value from Splunk at any level of the business, from the CEO down to any user the first day starting out.”– Enterprise Infrastructure Leader, Molina Healthcare
HEALTHCARE – IT OPERATIONS
© 2017 SPLUNK INC.
Strategic,
Business-Centric
View of IT
Accelerated
Value for IT
Data-Centric
Approach to Service
Mapping
Splunk IT Service Intelligence
© 2017 SPLUNK INC.
How Do You Get Splunk ITSI?
Online Sandbox Value Assurance
7 days of access to a free, personal
environment in the cloud, with
prepopulated data
Engage in a proof-of-concept to index
your data and experience Splunk ITSI
© 2017 SPLUNK INC.
What is it?
▶ 1-day on-site workshop
▶ Tightly linked with value
▶ Collaborative approach
▶ Build your own Splunk ITSI Glass Table
Splunk-Sponsored Guided Workshop
Define methods for:
▶Proactive service monitoring
▶Reduced risk and failures
▶Faster issue resolution
▶ Increased business performance
© 2017 SPLUNK INC.
Splunk is the Backbone of ITBroad ecosystem of integrations
Applications
Development
Infrastructure
Applications
Project & Issue
Tracking Storage
Code Repository
Cloud
Automation
Server
Network
© 2017 SPLUNK INC.
Solution Architecture
DATA
SOURCES
SOLUTIONS
Cloud Open Source Database Automation
Host Container Hypervisor ApplicationServer
Service InsightsEvent Analytics
PLATFORM
Automation Tools(THIRD PARTY)
Service Mgmt Tools(THIRD PARTY)
TOOLS & APIs
METRICS
Tro
ub
les
ho
oti
ng
M
on
ito
rin
g
Platform for Machine Data
Network OS Application MobileStorage Wire DataLOGS
INFRASTRUCTURE MONITORING APPLICATION ANALYTICS
Infrastructure Troubleshooting Cloud Monitoring & Optimization
Container Monitor & Troubleshoot Server Monitor & Troubleshooting
Custom App Troubleshooting Release Analytics
Custom Experience Monitoring Build Analytics
APM CMDB
ARTIFICIAL
INTELLIGENCE
Re
me
dia
tio
n
PATTERN DETECTION CLUSTERINGANOMALY
DETECTIONPREDICTION
© 2017 SPLUNK INC.
What We Hear From Our Customers!
“My CIO is demanding we look at IT from a business service perspective.”
“Splunk is great for break/fix, but I need to show we’re meeting SLAs.”
“I need everyone to be able to see the same thing at the same time.”
“I just want to throw data at Splunk and have it find problems for me.”
“Show me what my data can do for me!”
© 2017 SPLUNK INC.
Why Another Splunk Solution?
A data-centric approach is needed
Service context maximizes Splunk value
An integrated solution accelerates customer success
© 2017 SPLUNK INC.
Augment Conventional MonitoringDeliver Insights Based on Integrated Data, Not Integrated Products
APM NPM
Operations and
Infrastructure
Management
Domain Tools
Splunk IT Service Intelligence
© 2017 SPLUNK INC.
Splunk IT Service Intelligence
Get dataDefine services,
entities and KPIs
Monitor and troubleshoot
Analyze and detect
Data-Defined, Data-Driven Service Insights
© 2017 SPLUNK INC.
Volume Discounts Built In
Daily Peak Indexing
Volume (GB)
Splunk IT Service
Intelligence
$/GB Built-in Volume
Discount
1 $5,000 $5000
2 $7,500 $3750 25%
5 $12,500 $2500 50%
10 $18,000 $1800 64%
20 $27,000 $1350 73%
50 $47,500 $950 81%
100 $60,000 $600 88%
200 $90,000 $450 91%
500 $162,500 $325 93.5%
1000 $300,000 $300 94%
© 2017 SPLUNK INC.
Enterprise
License
Splunk ITSI
License
Education Professional
Services
.conf
Passes
Value
Assurance
Edition
Services
Edition
Platform
Edition
Splunk Quick Start for Service Intelligence
* Splunk ITSI 6-month license
*
© 2017 SPLUNK INC.
Key Terminology
Logical
grouping of
operations
Online banking,
authentication,
virtualization
EXAMPLES
Services
Set of actions
performed with
specific business
goals
Sell products,
fulfill orders,
process payroll
Business
Processes
Component
required to deliver
a service
Hosts, users,
OS processes
Entities
Metrics used
to evaluate
success
Service health,
order revenue,
latency
Key Performance
Indicators
EXAMPLES EXAMPLES EXAMPLES
© 2017 SPLUNK INC.
Splunk IT Service Intelligence – Core ConceptsServices
Requests
ResponsesWeb
Mobile
API/Middleware
Requests
Responses
DNSRequests
Responses
Technical Services Business Services
Requests
Responses
Customer
Transactions
Support DeskRequests
Responses
Services
© 2017 SPLUNK INC.
Splunk IT Service Intelligence – Core ConceptsServices
Requests
ResponsesWeb
Technical Services Business Services
Requests
Responses
Customer
Transactions
Packet Network
Hypervisor and Hosts
RDBMSs
Storage Tier
API Services
Web Services In Splunk ITSI, a service
is a logical group of
technology components
that a user deems need to
be monitored togetherM
ob
ile
AP
I/Mid
dle
wa
re
Su
pp
ort D
esk
DN
S
Cu
sto
me
r Tra
nsa
ctio
ns
We
b
© 2017 SPLUNK INC.
▶ An entity is an optional sub-element of a KPI
▶ A KPI can be filtered by entities and viewed on a per-entity basis or as an aggregate
▶ KPI web requests might use web servers as entities; user logins could use accounts
▶ Splunk ITSI can import entities from CMDBs & other sources
What’s an Entity?
© 2017 SPLUNK INC.
▶ A health score is a score from 0-100 (0 = critical and 100 = normal) that helps determine the health of a service.
▶ It is calculated based on importance and status (e.g., green, orange, red) of all KPIs, once every minute.
Service Health Scores
© 2017 SPLUNK INC.
▶ Self descriptive message that tells a user that something happened.
▶ Usually contain some sort of title, severity, and description.
▶ Used to determine in the moment health.
▶ Often very noisy.
▶ Think alarm data coming out of tools like Nagios, Solarwinds, APM, Netcool, etc.
What’s an Event?
Example Event
1502642822 src_host="splunk_sh-
01" omd_site ="SJC"
perfdata="SERVICEPERFDATA"
name="check_dhcp" severity="OK"
attempt="1" statetype="HARD"
executiontime="0.000"
latency="0.000" reason="OK:
Received 1 DHCPOFFER(s), max
lease time = 600 sec." result="OK"