Copyright  ©  2015  Splunk  Inc.

IT  Service  IntelligenceSplunkSummit Canberra  2015

Andrew  GoodallSenior  Sales  Engineer,  Federal  Governmentagoodall@splunk.com

What  We  Hear  From  Our  Customers!

2

“My  CIO  is  demanding  we  look  at  IT  from  a  business  service  perspective.”

“Splunk  is  great  for  break-­‐fix,  but  I  need  to  show  we’re  meeting  SLAs.”

“I  need  everyone  to  be  able  to  see  the  same  thing  at  the  same  time.”

“I  just  want  to  throw  data  at  Splunk  and  have  it  find  problems  for  me.”

“Show  me  what  my  data  can  do  for  me!”

Why  Another  Splunk  Solution?

3

Data-­‐centric  approach  is  needed

Service  context  maximises Splunk  value  

Integrated  solution  accelerates  customer  successes

Data-­‐driven  service  insights  for  root-­‐cause  isolation  and  improved  service  operations

INTRODUCING

Splunk  IT  Service  Intelligence  Deploy  flexible  and  scalable  solution  in  days,  not  months

5

Any  IT  data  (metrics  and  events)  from  anywhere

Quick  to  install,  immediate  value  and  on-­‐the-­‐fly  customisation

Flexible  deployment  options   (on-­‐premises,   Cloud  and  hybrid)

Scale  and  robustness  of  the  Splunk  platform

Splunk  IT  Service  Intelligence  Transform  IT  monitoring  with  data-­‐driven  analytics

6

Dynamically  adapting  KPIs  for  dynamic  thresholds

Machine  learning   to  baseline  normal  operations

Detection  of  anomalous  behavior  to  drive  meaningful   actions

Correlation  searches  to  create  meaningful   “alerts”  off  KPIs

Splunk  IT  Service  Intelligence  Redefine  the  role  of  IT  (as  a  strategic  business  partner)  with  service  awareness

7

Data-­‐driven  insights  – ask  any  question,  any  time

Flexible  and  powerful   framework  to  map  data  into  services

Easy  definition   of  KPIs  to  easily  measure  what  matters  most

Drill  downs  for  in-­‐depth   investigation  and  resolution

What  is  a  Service?

Service RequestsResponses

In  Splunk  ITSI,  a  Service is  a  logical  group  of  technology  components   that  a  user  deems  need  to  be  monitored  together.It  can  often  be  generalized  as  a  “black  box”  which  we  send  requests  and  expect  responses

What  is  a  Service?

DNS RequestsResponses

Technical  Services

Auth RequestsResponses

Web RequestsResponses

Services  can  be  technology-­‐centric…

What  is  a  Service?

DNS RequestsResponses

Technical  Services

Customer  Transactions

RequestsResponses

Business  Services

Auth RequestsResponses

Web RequestsResponses

Support  Desk RequestsResponses

…  and  business-­‐centric

What  is  a  Service?

Packet  Network

Hypervisor  and  Hosts

RBMDBs

Storage  Tier

API  Services

Web  Services

Customer  Transactions

Mobile  

API/Middlew

are

Partner  Portal

DNS

Services  can  encompass  multiple  tiers  of  the  IT  domain  and  may  also  depend  upon  other  services/micro-­‐services

What  is  a  KPI?

DNS RequestsResponses

KPI:  Number  of  requestsKPI:  Error  rateKPI:  Average  response   timeKPI:  Servicer  CPU  loadKPI:  Server  network  I/F  errors

Customer  Transactions

RequestsResponses

KPI:  Number  of  transactionsKPI:  Error  rateKPI:  Average  response   timeKPI:  Count  of  Incident  TicketsKPI:  Synthetic  Transx Health

KPIs  and  Health  scores  constitute  the  means  by  which  Services  are  monitored.

Key  Performance  Indicators  (KPIs)

13

KPI:  A  Splunk  saved  search  defined  in  Splunk  ITSI  that  helps  monitor  a  specific  field  like  CPU,  Memory  and  so  on.      KPIs  are  contained  within  Services.

Service  Health  Scores

14

A  Health  score  is  a  score  from  0-­‐100  that  helps  determine  the  health  of  a  Service.  It  is  calculated  based  on  all  KPIs  importance  and  its  status  once  every  minute.

Demo

Achieve  Service  Visibility  FasterService  AnalyzerHigh-­‐level  view  of  services  and  composite  health  scores

Glass  TablesPersonalized  visualisations of  your  services

Deep  DivesOrganized  view  of  performance  indicators  across  silos

Multi  KPI  AlertsCorrelation  rules  to  generate  notable  events

Notable  EventsEasy-­‐to-­‐understand   report  on  results  of  correlation  searches

Anomaly  Detection  and  Adaptive  Thresholds  Machine  learning  to  baseline  normal  operations  and  identify   anomalous   behavior

16

Splunk  IT  Service  Intelligence

17

What  Makes  Splunk  ITSI  Different!

18

Search-­‐Based   KPIs• Easy  to  write,  manage  and  change  both  services   and  KPIs

• Reflects business   and  technology  priorities  

• Benefit:  Rapidly  generate  and  change  KPIs  to  align  service  health  with  business

• Fiserv – 1000s   in  just  weeks  

Full  Fidelity  Service Health

• Adaptable  and  flexible  definitions   of  service  health

• One  solution   to  go  seamlessly  from  service  reports  to  root  cause, including  raw  data

• Remains  adaptable  and  yet  still  maintains  complete  historical  context  

Universal  Data  Platform

• Data  driven:  All  IT  data  including  events,  metrics  and  logs

• Schema  on-­‐the-­‐Fly  • Ask  any  question   of  the  data

• Fast  time  to  value

• Data  fidelity

Case  Studies

20

Unified  insights:  data  integrations  from  other  tools

11,000  to  100s

Reduced  incident  tickets

Alerting  on  service  KPI’s  instead  of  

server  performance

Usage  baselines  to  identify  anomalies

Splunk  IT  Service  Intelligence  at

21

Server-­‐based  to  Services-­‐based  monitoring

Top-­‐down  and  deep-­‐dive  service insights

200+  services  and  1500+  KPIs  monitored

Flexible  creation  and  modification  of  services  and  KPIs

Alerting  on  service  KPIs  instead  of  

server  performance

Real-­‐time,  holisticand  proactive  “client”  view  

Splunk  IT  Service  Intelligence  at

Splunk  IT  Service  Intelligence  at

22

Replaced  home-­‐grown  tools

Real-­‐time  service  insights to  LOBs

Reduced  time  to  resolution

Splunk  IT  Service  IntelligenceData-­‐driven  service  monitoring  and  analytics

23

SPLUNK  IT  SERVICE  INTELLIGENCE

Time-­‐Series  Index

Platform  for  Machine  Data

Dynamic  Service  Models

Schema-­‐on-­‐Read Data  Model Common  Information  Model

At-­‐a-­‐Glance  Problem  Analysis

Early  Warning  on  Deviations

Simplified   Incident  Workflows

Thank  You

Feature  Drilldown

Correlate  KPIs  from  multiple  services

Generates  notable  events  to  detect  emerging  problems  and  streamline  incident  investigations

Accelerates  seamless  workflow  integrations  for  incident  resolution

26

Early  Warning  on  Deviation

27

Customisable Visualisations of  Services  (Glass  Table)

28

Easy  Access  to  Actionable  Information  (Deep  Dive)

Simplify  problem  resolution  by  unifying  data  across  your  IT  silos

In-­‐context  drill  down  for  troubleshooting

Gain  a  single  view  of  your  service  stack

Proactively  address  emerging  operational  issues and  prevent  service  degradations  in  real  time

Augment  Conventional  Monitoring

Splunk  IT  Service  Intelligence

APM NPM Operations  &  Infra  Mgmt. Domain  Tools

Deliver  Insights  Based  on  Integrated  Data,  Not  Integrated  Products

30

Splunk  IT  Service  Intelligence

Get  Data Define  services,  entities  and  KPIs

Monitor  and  troubleshoot

Analyse and  detect

Data-­‐Defined,  Data-­‐Driven  Service  Insights

How  Do  You  Get  It?

31

ONLINE  SANDBOX TRIAL

15  days  of  access  to  a  free,  personal  environment  in  the  Cloud,  with  pre-­‐

populated  data

Engage  in  a  proof-­‐of-­‐concept  to  index  your  data  and  experience  the  

power  of  Splunk  ITSI