The document is an agenda for a Splunk conference session on using Splunk for IT operations. The agenda includes an introduction to Splunk for IT operations, a discussion of Splunk apps to accelerate insights, and a presentation on Splunk IT Service Intelligence. It outlines the growing complexity faced by IT operations and how Splunk provides a platform to index and investigate machine data from any source, in order to improve troubleshooting, monitoring, and gaining operational visibility and insights.
6. Escala=ng
IT
Complexity…
SERVERS
STORAGE
NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
Iden=ty
VPN
IP
Phone
HR
Email
Finance
App
Svr
DB
Web
Svr
SaaS/PaaS
IaaS
7. …
Plaguing
IT
Opera=ons
SERVERS
STORAGE
NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
Iden=ty
VPN
IP
Phone
HR
Email
Finance
App
Svr
DB
Web
Svr
SaaS/PaaS
IaaS
Complex,
silo-‐based
technologies
Disconnected
and
outdated
point
solu=ons
Reac=ve
brute-‐force
problem
resolu=on
Over
80%
of
=me
on
maintaining
not
innova=ng
8. Industry
Leading
Pla]orm
for
Machine
Data
Any
Machine
Data
Online
Services
Web
Services
Servers
Security
GPS
Loca=on
Storage
Desktops
Networks
Packaged
Applica=ons
Custom
Applica=ons
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search
and
Inves<ga<on
Proac<ve
Monitoring
Opera<onal
Visibility
Real-‐<me
Business
Insights
Opera<onal
Intelligence
9. Industry
Leading
Pla]orm
for
Machine
Data
Any
Machine
Data
Online
Services
Web
Services
Servers
Security
GPS
Loca=on
Storage
Desktops
Networks
Packaged
Applica=ons
Custom
Applica=ons
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
Enterprise
Scalability
Search
and
Inves<ga<on
Proac<ve
Monitoring
Opera<onal
Visibility
Real-‐<me
Business
Insights
Opera<onal
Intelligence
Any
amount,
any
loca=on,
any
source
Schema-‐
on-‐the-‐fly
Universal
indexing
No
back-‐end
RDBMS
No
need
to
filter
data
10. Developer
Pla]orm
(REST
API,
SDKs)
The
Focus
10
Applica=on
Delivery
IT
Opera=ons
Security,
Compliance,
and
Fraud
Business
Analy=cs
Industrial
Data
and
the
Internet
of
Things
11. Turning
Machine
Data
Into
Opera=onal
Intelligence
Reac<ve
Search
and
Inves=gate
Proac=ve
Monitoring
and
Aler=ng
Opera=onal
Visibility
Proac<ve
Real-‐=me
Business
Insight
11
12. Troubleshoo=ng
Find
and
fix
problems
faster
12
Reduce
MTTR
Improve
End
User
Experience
Reduce
Costs
Greater
IT
produc=vity
13. Troubleshoo=ng
Find
and
fix
problems
faster
13
Reduced
MTTR
Improve
End
User
Experience
Reduce
Costs
Greater
IT
produc=vity
No
more
grepping
through
logs
End-‐to-‐end
correla=on
14. Monitoring
Find
and
fix
problem
before
it
becomes
a
problem
Increased
up=me
Trends
in
real
=me
and
Historical
Data
Powerful
Visualiza=ons
Aler=ng
and
no=fica=ons
16. Splunk
Apps
16
Plug-‐Ins,
Templates
and
Apps
Accelerate
Value
From
Machine
Data
No
rigid
schemas–
Add
in
data
from
any
other
source.
API
SDKs
UI
Server, Storage,
Network
Server
Virtualization
Operating
Systems
Custom
Applications
Business
Applications
Cloud
Services
App Performance
Monitoring
Ticketing/ and Other
Web
Intelligence
Mobile
Applications
Stream
17. Apps
Provide
Deep
Insights
By
Role
Find
and
resolve
problems
fast
in
individual
technology
areas
Exchange
Admin
Service
Health
Performance
Message
tracking
VMware/Win/
Linux
Admin
Infrastructure
Health
Performance
Anomalies/Outliers
Storage
Admin
Infrastructure
Health
Performance
Anomalies/Outliers
19. What
We
Hear
From
Our
Customers!
19
“My
CIO
is
demanding
we
look
at
IT
from
a
business
service
perspec=ve.”
“Splunk
is
great
for
break-‐fix,
but
I
need
to
show
we’re
mee=ng
SLAs.”
“I
need
everyone
to
be
able
to
see
the
same
thing
at
the
same
=me.”
“I
just
want
to
throw
data
at
Splunk
and
have
it
find
problems
for
me.”
“Show
me
what
my
data
can
do
for
me!”
23. What
is
a
Service?
Service
Requests
Responses
In
Splunk
ITSI,
a
Service
is
a
logical
group
of
technology
components
that
a
user
deems
need
to
be
monitored
together.
It
can
onen
be
generalized
as
a
“black
box”
which
we
send
requests
and
expect
responses
24. What
is
a
Service?
DNS
Requests
Responses
Technical
Services
Auth
Requests
Responses
Web
Requests
Responses
Services
can
be
technology-‐centric…
25. What
is
a
Service?
DNS
Requests
Responses
Technical
Services
Customer
Transac<ons
Requests
Responses
Business
Services
Auth
Requests
Responses
Web
Requests
Responses
Support
Desk
Requests
Responses
…
and
business-‐centric
26. What
is
a
Service?
Packet
Network
Hypervisor
and
Hosts
RBMDBs
Storage
Tier
API
Services
Web
Services
Customer
Transac<ons
Mobile
API/
Middleware
Partner
Portal
DNS
Services
can
encompass
mul=ple
=ers
of
the
IT
domain
and
may
also
depend
upon
other
services/micro-‐services
27. What
is
a
KPI?
DNS
Requests
Responses
KPI:
Number
of
requests
KPI:
Error
rate
KPI:
Average
response
=me
KPI:
Servicer
CPU
load
KPI:
Server
network
I/F
errors
Customer
Transac<ons
Requests
Responses
KPI:
Number
of
transac=ons
KPI:
Error
rate
KPI:
Average
response
=me
KPI:
Count
of
Incident
Tickets
KPI:
Synthe=c
Transx
Health
KPIs
and
Health
scores
cons=tute
the
means
by
which
Services
are
monitored.
28. Key
Performance
Indicators
(KPIs)
28
KPI:
A
Splunk
saved
search
defined
in
Splunk
ITSI
that
helps
monitor
a
specific
field
like
CPU,
Memory
and
so
on.
KPIs
are
contained
within
Services.
29. Service
Health
Scores
29
A
Health
score
is
a
score
from
0-‐100
that
helps
determine
the
health
of
a
Service.
It
is
calculated
based
on
all
KPIs
importance
and
its
status
once
every
minute.
31. Service
Analyzer,
Glass
Tables,
Deep
Dives
31
Service
Analyzer:
Auto
generated
filterable
and
=led
view
of
Service
health
scores
and
KPIs
Glass
Tables:
Customizable
free
form
drawing
dashboards
to
view
health
scores
and
KPIs
of
choice
with
visual
tools
to
create
context
Deep
Dives:
Swim
lane
analysis
dashboard
to
show
all
those
indicators
over
=me
for
inves=ga=ons
32. Mul=
KPI
Alerts,
Notable
Events
32
Mul<
KPI
Alerts:
Correla<on
searches
on
service
degrada<on
Notable
Events:
Event
framework
for
Mul<
KPI
Alerts
34. What
Makes
Splunk
ITSI
Different!
34
Search-‐Based
KPIs
• Easy
to
write,
manage
and
change
both
services
and
KPIs
• Reflects
business
and
technology
priori=es
• Benefit:
Rapidly
generate
and
change
KPIs
to
align
service
health
with
business
• Fiserv
–
1000s
in
just
weeks
Full
Fidelity
Service
Health
• Adaptable
and
flexible
defini=ons
of
service
health
• One
solu=on
to
go
seamlessly
from
service
reports
to
root
cause,
including
raw
data
• Remains
adaptable
and
yet
s=ll
maintains
complete
historical
context
Universal
Data
Pla]orm
• Data
driven:
All
IT
data
including
events,
metrics
and
logs
• Schema
on-‐the-‐Fly
• Ask
any
ques=on
of
the
data
• Fast
=me
to
value
• Data
fidelity
36. Why
Enterprises
Use
Splunk
for
IT
Opera<ons
Increased
Up<me
to
99.9%
Availability
Reduced
MTTR
from
2-‐3
days
to
few
minutes
Improved
Margins
by
protec=ng
millions
in
ad-‐revenue
Consolidated
Tools
by
re=ring
27
monitoring
solu=ons
Op<mized
Capacity
by
saving
$500K
in
SW,
HW
&
licenses
Drives
Innova<on
with
usage
analy=cs
on
product
features
37. 37
Unified
insights:
data
integra=ons
from
other
tools
11,000
to
100s
Reduced
incident
=ckets
Aler<ng
on
service
KPI’s
instead
of
server
performance
Usage
baselines
to
iden=fy
anomalies
Splunk
IT
Service
Intelligence
at
38. 38
Server-‐based
to
Services-‐based
monitoring
Top-‐down
and
deep-‐
dive
service
insights
200+
services
and
1500+
KPIs
monitored
Flexible
crea=on
and
modifica=on
of
services
and
KPIs
Aler<ng
on
service
KPIs
instead
of
server
performance
Real-‐=me,
holis=c
and
proac=ve
“client”
view
Splunk
IT
Service
Intelligence
at
39. Splunk
IT
Service
Intelligence
at
39
Replaced
home-‐
grown
tools
Real-‐<me
service
insights
to
LOBs
Reduced
<me
to
resolu<on