the phantom of the opera(tions)
TRANSCRIPT
![Page 1: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/1.jpg)
© 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C .
The Phantom of the Opera(tions)
Dirk Nitschke & Andreas BuisStaff (Consulting|Solution) Engineers | Splunk
![Page 2: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/2.jpg)
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved
Forward-LookingStatements
![Page 3: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/3.jpg)
© 2 0 2 0 S P L U N K I N C .
Staff Consulting Engineer & Staff Solution Engineer | Splunk
Dirk Nitschke & Andreas Buis
![Page 4: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/4.jpg)
© 2 0 2 0 S P L U N K I N C .
AgendaThe orchestra
Act 1, scene 1: PreludeIntroduction
Act 1, scene 2: Today’s FocusOAR
Act 1, scene 3: The AlertITOps receives an Alert
Act 2, scene 1: Automation / OrchestrationThe interaction
Act 3, scene 1: The Time Machinetransformation from manual to automatic
Act 3, scene 2: The Big FinaleSummary: Advantages of an OAR
![Page 5: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/5.jpg)
© 2 0 2 0 S P L U N K I N C .
PreludeIntroduction
![Page 6: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/6.jpg)
© 2 0 2 0 S P L U N K I N C .
Who’s Been In This Situation? Everyone!
“Is this a déjà vu?I’m sure I have done this before!”
![Page 7: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/7.jpg)
© 2 0 2 0 S P L U N K I N C .
Recurring Activities Cost Time and Money
Think about it:• How many recurring activities do you have to do
during the day?• How much would you save if you could avoid them?
…and are boring
![Page 8: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/8.jpg)
© 2 0 2 0 S P L U N K I N C .
Possible Solution
Automation and orchestrationof the individual manual activities
![Page 9: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/9.jpg)
© 2 0 2 0 S P L U N K I N C .
Typical Incident Management Tasks
Investigation and DiagnosisIdentify and test initial hypothesis, work on solution, update ticket
Resolution and RecoveryGet approval for change, apply fix or workaround, confirm service has been restored, update ticket
Incident ClosureConfirm service has been restored, close ticket
Known Problem with Workaround
3
2
1
![Page 10: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/10.jpg)
© 2 0 2 0 S P L U N K I N C .
The Big Question is:
“What should I focus on?”
![Page 11: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/11.jpg)
© 2 0 2 0 S P L U N K I N C .
The Answer is:
Monitor, investigate, analyzeandact
![Page 12: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/12.jpg)
© 2 0 2 0 S P L U N K I N C .
Today’s FocusOAR
![Page 13: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/13.jpg)
© 2 0 2 0 S P L U N K I N C .
Today’s Focus
OAR = Orchestration Automation and Response
![Page 14: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/14.jpg)
© 2 0 2 0 S P L U N K I N C .
The AlertITOps receives an alert
![Page 15: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/15.jpg)
© 2 0 2 0 S P L U N K I N C .
Incident:Service Web Server
![Page 16: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/16.jpg)
© 2 0 2 0 S P L U N K I N C .
Automation / OrchestrationThe interaction
![Page 17: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/17.jpg)
© 2 0 2 0 S P L U N K I N C .
Automate & Orchestrate These Steps
Investigation / Remediation • Collect information• Use a Privilege Access
Management (PAM) system to connect with server
• Restart service• Or setup new instance
Approval Process• Approval process with a
detailed description• Response based on the
decision made
Ticketing System• Create, update and resolve
ticket• Document all information in
the ticket
![Page 18: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/18.jpg)
© 2 0 2 0 S P L U N K I N C .
The Time MachineTransformation from manual to automatic
![Page 19: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/19.jpg)
© 2 0 2 0 S P L U N K I N C .
Timeline: 18:52:05 to 18:53:30Episode: ~120 seconds from “New” to “Resolved”
18:52:05 18:52:16 18:52:39 18:53:50 18:56:04
Episode created Collect information Create Splunk ITSI Maintenance Window
Service Now Ticket “Resolved”
Episode “closed” due to ticket status
Notable Event Action executed
Create Service Now Ticket
Restart service Splunk ITSI episode “Resolved”
Check service status
Splunk PhantomSplunk ITSI Splunk ITSI
Get approvalSplunk Mobile
Get approvalSplunk Mobile
![Page 20: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/20.jpg)
© 2 0 2 0 S P L U N K I N C .
The Big FinaleSummary: Advantages of an OAR
![Page 21: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/21.jpg)
© 2 0 2 0 S P L U N K I N C .
Summary
• Orchestration, automation, and response in IT Operations can improve MTTR, efficiency, and effectiveness
• Leverage the powerful features and integration of the Splunk portfolio:– Splunk Phantom
– Splunk IT Service Intelligence Splunk
– Splunk Mobile, and
– VictorOps
![Page 22: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/22.jpg)
© 2 0 2 0 S P L U N K I N C .
What is your IT Operations Use Case?
• Apply workaround for known error
• Get approval for new devices connecting to network
• User Lifecycle Management
• Vulnerability Management
• Exception Handling
We can think of the following
![Page 23: The Phantom of the Opera(tions)](https://reader030.vdocuments.us/reader030/viewer/2022012410/616a562511a7b741a3516337/html5/thumbnails/23.jpg)
SESSION SURVEYPlease provide feedback via the
© 2 0 2 0 S P L U N K I N C .