3. Who is in theAudience?
AdministratorManager Programmer
Service Owner
Architect
Analyst
4. Splunk IT Service Intelligence
SPLUNK IT SERVICE INTELLIGENCE
Time-series Index
Platform for Machine Data
Dynamic
Service Models
Schema-on-read Data Model
Common
Information Model
At-a-Glance
Problem Analysis
Early Warning
on Deviations
Simplify Incident
Workflows
5. What we hear from our customers…
“Service Intelligence is new to us. How do we get started?”
“Do you have best practices to help us with Service Intelligence?”
6. Service Analyzer: Auto generated filterable and tiled view of Service health scores and KPIs
Deep Dives: Swim lane analysis dashboard to show all those indicators over time for investigations
Glass Tables: Customizable free form drawing dashboards to view health scores and KPIs of choice with visual
tools to create context
ITSI Visualizations
6
10. We’re here to help!
Harness the creativity and domain knowledge of your organization
to unlock the value of data and solve an important Business
Service problem through a joint service intelligence workshop
with key stakeholders
Define methods for:
› Proactive service monitoring
› Reduced risk and failures
› Faster issue resolution
› Increased business performance
What is it?
› 1 Day Onsite Workshop
› Tightly linked with value
› Collaborative approach
› Build your own Glass Table
11. Identifying the Problem
• What Are The Critical Services?
• Customer Experience
• Customer Satisfaction
• Customer Value
12. Identifying the Problem
• What Are The Critical Services?
• Issue Frequency
• How Often
• Resolution
• Co-Operation
13. • Critical Business Services
• Issue Frequency
• Impact
• Customer Experience
• Financial Impact
• Resolution Effort
Identifying the Problem
14. • Critical Business Services
• Issue Frequency
• Impact
• Customer Experience
• Financial Impact
• Resolution Effort
Identifying the Problem
16. Collaboration is Key
Escalation Manager
Enterprise Architect
Administrators
Business functions
Performance indicators
Common business
issues
Frequency of issues
Business impact of
issues
Service Owners
Common issues
Performance indicators
Resolution processes
Tools used for resolving
issues
Frequency of issues
IT impact of issues
Current tools and
usage, and adoption
levels
Splunk expertise
Environment expertise
Business processes
Key inputs and outputs
Technology architecture
Data architecture
Common issues
17. Design Methodology: Service Decomposition
Start With
Business Function
& Flow
Define
Scope &
Depth
Link
Supporting
Technology
Start with
Business
Function & Flow
Measure health and impact 73%
-36%
20. The Problem For Buttercup Games
Critical Services Impacted
• Supply Chain Visibility
• New Online Store Customer Satisfaction Issues
21. The Problem For Buttercup Games
Occurs Frequently
• Twice Weekly
• 4-8 Subject Matter Experts required to resolve issues
22. The Problem For Buttercup Games
Impact
Customer Outage Lasts up to1 hour
$48,000 In Lost Revenue Per Week
32 Man Hours Spent Resolving Issues each time
28. Sign On Overall Health
Service Health Transactions
Revenue
ERP
Notification
Utilization
Tracking
Logistics
Receipt
Order Analysis – Core Splunk
Manufacturing History
Logistic Analysis
Robotic State Analysis
29. Call Center
Service
Service Health Transactions
ACD Analysis – Core Splunk
Call Wait History
Inbound Analysis
Social Media
Online Msg
Social Media
Mail SupportVOIP Serivce
Inbound Calls
30. Aflying start to Service Intelligence
Start With A problem worth solving
Collaborate with Subject Matter Experts
Design Before Configuring
31. Sign Up Now – We’re here to help!
Harness the creativity and domain knowledge of your organization
to unlock the value of data and solve an important Business
Service problem through a joint service intelligence workshop
with key stakeholders
Define methods for:
› Proactive service monitoring
› Reduced risk and failures
› Faster issue resolution
› Increased business performance
What is it?
› 1 Day Onsite Workshop
› Tightly linked with value
› Collaborative approach
› Build your own Glass Table
32. 39
SEPT 26-29, 2016
WALT DISNEY WORLD, ORLANDO
SWAN AND DOLPHIN RESORTS
• 5000+ IT & Business Professionals
• 3 days of technical content
• 165+ sessions
• 80+ Customer Speakers
• 35+ Apps in Splunk Apps Showcase
• 75+ Technology Partners
• 1:1 networking: Ask The Experts and Security
Experts, Birds of a Feather and Chalk Talks
• NEW hands-on labs!
• Expanded show floor, Dashboards Control
Room & Clinic, and MORE!
The 7th Annual Splunk Worldwide Users’ Conference
PLUS Splunk University
• Three days: Sept 24-26, 2016
• Get Splunk Certified for FREE!
• Get CPE credits for CISSP, CAP, SSCP
• Save thousands on Splunk education!
#splunkconf2016
Notes de l'éditeur
With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational use cases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business.
The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
These are the 4 main dashboards that are in ITSI, SA is for the quick view and quick filtering to see only the Services and KPIs of choice, Glass table is for those who want to represent their own workflow and want to take the time to make things look pretty. Deep Dive is for the investigative work when things go wrong, Multi KPI alerts is to build alerts for when there is a desire to be alerted by email or just view the notable event review dashboard (like Incident review in ES).
Think ES when talking about notable events. They are nearly identical to ES notable events other than the fact that they are some other fields like Service and the actions you can perform on them are a little different. Like going to Deep Dive or creating ticket in service now. The correlation searches that create these notable events can be designed through the correlation search interface like in ES, or through the Multi KPI alert UI. They are stored in the notable events summary index.
Bring up live system
So how do you drive Service Intelligence in your own organization?
Providing service-level intelligence requires overcoming the difficulties that legacy methods have imposed upon the industry for years including: handling data sources of variable formats, working with poorly integrated controllers, scalability, bottom up discovery and alignment and lengthy complex deployments . Customers have told us we need a new approach. One that provides out-of-the-box visibility into operational health, scalability and management ease, top/down and in depth real-time visibility; correlation and anomaly detection, adaptive thresholding and new visualizations with quick time-to-deploy and additive value.
ITSI reinvents traditional monitoring and analytics with a data-driven approach to provide service-level intelligence to your services. The solution gives you a centralized, connected view of dynamic IT services.
What are Services? A service is a way of providing value to customers, both internal and external. This can span a broad range of definitions, including: • An application or group of applications • An infrastructure tier • A business service, such as an online marketplace, that could include multiple infrastructure components or entities (such as web servers, databases and load balancers)
What are Entities? Entities are the components that make up your services. An entity could be a server, a switch port, a user or anything else that meets your needs. Services can be bound to specific entities, and will have metrics defined to help people across your organization easily understand the status of key business services.
What are KPIs? Key performance indicators (KPIs) are metrics that are used to evaluate the overall status of a service. KPIs are configured using Splunk searches, so you have the ability to define any KPI that best meets your needs.
What service in the organization is impactful and requires oversight. Think about a service in your organization that supports the business, it may maintain any number of SLA’s and can be measured to understand how a service has been performing, how it is performing currently, and how it is projected to perform in the future
Who owns and supports the the service; think about the domain experts, the server, network and database admins, the enterprise architects, the business process owners, the manager and executives. Leveraging the institutional knowledge within the organization and bake that experience into monitoring the service so that the next person that you onboard or assign the monitoring task to doesn’t have to wake you in the middle of the night to determine what is going on.
Think about the metrics that are important in calculating overall health of a service and their supporting entities.
What components do we need to include in the service; db, middleware
What data is needed to drive the metrics; response time, CPU load, revenue generated, social media posts?
Now, in core Splunk we have the ability to alert you when you go from green to yellow, or yellow to red; But if there is a transitory issue where something occurs once and then goes back to normal you don’t want to be alerted necessarily, so in ITSI we have net-new functionality focused on time-based approaches to alerting. So when the database has been in the critical state for more than 20 percent of the last 15 minutes send me an alert or if the database has been in a critical state for more than 80 percent for the last 5 minutes send me an alert.
What are the top business services in your enterprise?
How do you measure the customer experience with these services?
Are customers happy with their experience?
Many of you have probably experienced a critical service or application outage. This about how often it occurs and the process required to resolve and solve these issues; do they happen often, on a regular basis, all the time, or sporadically. Does it take a significant number of people from different disciplines to come together in an ops-bridge environment, a war room, or conference call. Do you have to notify on-call personnel; sometimes in the middle of the night only to dismiss them later when it’s determined they’re domain is not the root cause of the problem.
How often do customers experience issues with the service?
When issues arise, who gets involved in resolving them?
How do teams work together to resolve issues?
How long is the customer experience affected each time there is an issue?
What are the financial impacts when customers have a bad experience with your services?
What’s the effort required to fully eliminate issues?
Service decomposition is an industry best practice designed to increase the granularity of a service subsequent to it implementation. By separating a solution environment we are able to gain increasing visibility into the constituent parts associated with a service without loosing focus on the composite importance of it’s constituent parts.
Traditionally, starting from a bottoms up approach organizations would assess an environment by deploying discovery methodologies, federating the information into a repository such as Asset Management or CMDB and then attempting to develop a service model the reconciles the environment, dynamically correlates the up and down stream relationships all in real time. The theory has always sounded reasonable but practically maintaining all the components to support a model is extremely complex and difficult at best to maintain because of the variability in our environments. Most implementations after significant effort can reach the application layer but rarely do we see a simple path to full end-to-end visibility up into the business and services layer.
Adaptive thresholds and anomaly detection so you don’t have to know what normal is you can have the system intelligently determine that for you.
Bring up live system. Discuss how different objects in our design translate to ITSI.
We’re headed to the East Coast!
2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics!
165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE!
30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you!
Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers.
Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja!
REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!