Splunk IT Service Intelligence
•
1 gefällt mir•1,477 views
Webinar Slides Splunk IT Service Intelligence
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Ähnlich wie Splunk IT Service Intelligence
Ähnlich wie Splunk IT Service Intelligence (20)
Mehr von Georg Knon
Mehr von Georg Knon (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Splunk IT Service Intelligence
- 1. Copyright © 2015 Splunk Inc. Splunk Enterprise - IT Service Intelligent Juergen Magiera IT SI Lead EMEA
- 2. Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described orto includeany suchfeatureor functionalityina futurerelease.
- 3. Company (NASDAQ: SPLK) ● Founded 2004, first software release in 2006 ● HQ: San Francisco / Regional HQ: London, Hong Kong ● Over 1,800 employees, based in 12 countries Business Model / Products ● Free download to massive scale ● Splunk Enterprise, Splunk Cloud, Splunk Light ● Hunk: Splunk Analytics for Hadoop 10,000+ Customers ● Customers in 100 countries ● 80+ of the Fortune 100 ● Largest license: Over 400 Terabytes per day 3
- 4. Fully-integrated Enterprise Platform 4 Enterprise Scale & HA Secure Operation Splunk Apps Developer SDKs/API Enterprise Integration Any Data Any Source Collect & Index Data Search & Investigate Monitor & Alert Visualize & Report Correlate & Analyze Access Anywhere Manage Operations Platform for Operational Intelligence
- 5. Turn Machine Data into Operational Intelligence INDEX ANY MACHINE DATA: ANY SOURCE, TYPE, VOLUME Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud GAIN REAL-TIME VISIBILITY Application Delivery Security and Compliance Infrastructure Monitoring Business Analytics Internet of Things 5
- 6. Industry Leading Platform For Machine Data Machine Data: Any Location, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Answer Any Question Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search Any amount, any location, any source Schema- on-the-fly Universal indexing No back-end RDBMS No need to filter data 6
- 7. Turning Machine Data Into Operational Intelligence Reactive Search and Investigate Proactive Monitoring and Alerting Operational Visibility Proactive Real-time Business Insight 7
- 8. Mainframe Data VMware Platform for Machine Data The Splunk Portfolio Exchange PCISecurity Relational Databases MobileForwarders Syslog / TCP / Other Sensors & Control Systems Across Data Sources, Use Cases & Consumption Models Wire Data 8 Service Intel Splunk Premium Apps Rich Ecosystem of Apps IT SI
- 9. Copyright © 2015 Splunk Inc. Splunk IT Service Intelligence Product Overview & Positioning
- 10. Key Takeaway For existing Splunk customers, ITSI makes Splunk “service-aware” and accelerates customers’ path to OI Level 3 adoption, providing holistic actionable insights into their IT Services 10
- 11. Current Challenges 11 Can’t access the data that matters Multiple products lack deep integration Complex and customized tools require significant expertise and time IT organizations continue to struggle with aligning operations with business FRAGMENTED INSIGHTS SLOW & REACTIVE INEFFICIENT & UNSCALABLE
- 12. Even More Challenges 12 Increased Business Expectations around – IT Agility, Availability, and Support I am measured on service performance KPI’s focus on components As services change, I need to quickly adapt Previous attempts to model service failed I need to understand what is going on at any point in time (including history) Snapshots in time don’t help with troubleshooting or continuous improvement
- 13. Splunk IT Service Intelligence 13 Data Driven • All IT Data - events, metrics, and logs Service-awareness • Provides actionable insights into high visibility services • Personal contextual visualizations • Mitigate problems before they impact customers. Powerful Platform • Fast correlation across services & KPIs • Deploys Quickly • Scalable, flexible and fast time-to-value • Scalable Universal Platform (any point in time)
- 14. IT Service Intelligence Data-driven insights for root cause isolation and improved service awareness with a marketing catchphrase that is really long
- 15. Introducing Splunk IT Service Intelligence 15
- 16. What Makes Splunk ITSI Different! 16 Search-BasedKPIs Easy to write, manage and change both services and KPIs Reflects business and technology priorities Benefit: Rapidly generate & change KPIs to align service health with business Fiserv – 1000s in just weeks FullFidelityServiceHealth Adaptable and flexible definitions of service health One solution to go seamlessly from service reports to root cause, including raw data Remains adaptable and yet still maintains complete historical context UniversalDataPlatform Data driven: All IT data including events, metrics and logs Schema on-the-Fly Ask any question of the data Fast time to value Data fidelity
- 17. Splunk IT Service Intelligence Data-driven service monitoring and analytics 17 SPLUNK IT SERVICE INTELLIGENCE Time-Series Index Platform for Machine Data Dynamic Service Models Schema-on-Read Data Model Common Information Model At-a-Glance Problem Analysis Early Warning on Deviations Simplified Incident Workflows
- 18. Core Concepts
- 19. IT Service Intelligence – Core Concepts Service Requests Responses Web Technical Services Services Requests Responses Mobile API/Middleware Requests Responses DNS Support Desk Requests Responses Customer Transactions Requests Responses Business Services
- 20. Packet Network Hypervisor and Hosts RBMDBs Storage Tier API Services Web Services In ITSI, a Service is a logical group of technology components that a user deems need to be monitored together. IT Service Intelligence – Core Concepts Service Requests Responses Web Technical Services Services CustomerTransactions Web Customer Transactions Requests Responses Business Services Mobile API/Middleware SupportDesk DNS
- 21. IT Service Intelligence – Core Concepts Service Requests Responses Web Technical Services Packet Network Hypervisor and Hosts RBMDBs Storage Tier API Services Web Services Web KPI: Number of requests KPI: Error rate KPI: Average response time KPI: Servicer CPU load KPI: Server network I/F errors KPIs KPIs and Health scores constitute the means by which Services are monitored. Health Score
- 22. IT Service Intelligence – Core Concepts 22 A Health Score is a score form 0-100 (0 being critical and 100 being normal) that helps determine the health of a Service. It is calculated based on all KPIs importance and its status (e.g. green, orange, red), once every minute. A Key Performance Indicator (KPI) is a Splunk saved search created within the ITSI UI that helps monitor a specific field like CPU, Memory, Number of Errors and so on. KPIs are contained within Services. Service Analyzer – Auto generated filterable and tiled view of Service health scores and KPIs
- 23. IT Service Intelligence – Core Concepts 23 A Glass Table is a customizable free form drawing dashboards to view Health scores and KPIs of choice with visual tools to create context with live widgets Go Deeper to a Deep Dive View
- 24. IT Service Intelligence – Core Concepts 24 Deep Dives – Swim lane analysis dashboard to show all those indicators over time for investigations
- 25. IT Service Intelligence – Core Concepts 25 Multi KPI Alerts – Visual tool to create correlation searches based on KPIs
- 26. Notable Events 26 Notable Events are generated by correlation searches that indicate service degradation. They are like Notable Events in ES but have a slightly different field set The Correlation searches are generated either through the correlation search UI or Multi KPI Alert UI.
- 27. Demo 27
- 28. Thank You
Hinweis der Redaktion
- Splunk safe harbor statement.
- Splunk software provides an open, fully integrated platform. That means you can collect, index, analyze, report and predict on machine-generated data from a single product. It’s enterprise-ready with high availability and disaster recovery features, role-based access control and scales to index hundreds of terabytes per day. It’s an open platform with over 500 Splunk Apps available and allows for custom development.
- Our customers typically start with Splunk to solve a specific problem, and then expand from there to address a broad range of use cases, across application troubleshooting, IT infrastructure monitoring, security, business analytics, Internet of things, and many others that are entirely innovated by our customers. Here’s how it works. Splunk software and cloud services reliably collect and index machine data, from a single source to tens of thousands of sources. All in real time. - Once data is in Splunk, you can search, analyze, report-on and derive insights from all your data - across real-time or historical data that may be stored in Hadoop or other NoSQL data sources.
- Splunk software reliably collects and indexes all the streaming data from IT systems, technology devices and the Internet of Things in real-time - tens of thousands of sources in unpredictable formats and types. Splunk software is optimized for real-time, low latency and interactivity. Organizations use Splunk software and their data the following ways: 1. Find and fix problems dramatically faster 2. Automatically monitor to identify issues, problems and attacks 3. Gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions 4. Gain real-time insight from operational data to make better-informed business decisions This is described as Operational Intelligence: visibility, insights and intelligence from operational data.
- Here's how using Splunk and your machine data can drive significant benefits for your organization. Search and investigation. Using Splunk, organizations identify and resolve issues up to 70% faster and reduce costly escalations by up to 90%. Splunk is one place to find and fix problems, and investigate incidents across all your IT systems and infrastructure. Proactive monitoring. Monitor IT systems in real time to identify issues, problems and attacks before they impact your customers, services and revenue. Splunk keeps watch of specific patterns, trends and thresholds in your machine data so you don't have to. Trigger notifications in real-time via email or RSS, execute a script to take remedial actions, send an SNMP trap to your system management console or generate a service desk ticket. Operational visibility. See the whole picture, track performance and make better decisions. Visualize usage trends to better plan for capacity; spot SLA infractions, track how you are being measured by the business. Do all of this using your existing machine data without spending millions of dollars instrumenting your IT infrastructure. Real-time business insight. Make better-informed business decisions by understanding trends, patterns and gaining Operational Intelligence from your machine data. See the success of new online services by channel or demographic, reconcile 3rd-party service provider fees against actual use, find your heaviest users and heaviest abusers, and more. Because machine data captures every behavior, the possibilities are game changing. You'll find the lead times to get to this intelligence dramatically less than other solutions - measured in minutes/hours instead of months.
- The Splunk platform consists of multiple products and deployment models to fit your needs. Splunk Enterprise – for on-premise deployment Splunk Cloud – Fully managed service with 100% SLA and all the capabilities of Splunk Enterprise…in the Cloud Splunk Light – log search and analytics for small IT environments Hunk – for analytics on data in Hadoop The products can pull in data from virtually any source to support multiple use cases. Splunk Apps extend and simplify deployments by providing pre-packaged content designed for specific use cases and data types.
- session title slide key takeaways the content questions slide thank you slide
- Discovery and CMDB DO NOT WORK in service context - They lack service awareness - Too many assets are discovered - Inability to easily categorize entities - Can’t get the data that matters o Do not have access to right data (inability to troubleshoot, no idea what to do when the light goes red - still go to another system/multiple systems of record) - Cannot see metrics, events and log data together - Aggregated and limited set of metrics gathered o Multiple different products integrated that lack deep integration between the parts - No continuous workflow - complicates the product
- 1. Every IT manager provides individual metrics that show great KPI’s but those don’t always translate into 99% uptime for a service. And KPI’s are typically associated with physical metrics of components. Are those the ONLY metrics you want to focus on for the health of your services? What about one’s from your applications, business processing, etc.? 2. Historically, if you attempted to model your services was it time consuming? What happens if you need to make a change? 3. Say users call and complain about a performance problem yesterday but most of your tools only tell you what is going on NOW. Wouldn’t it be nice to see trends and use historical data to develop a true baseline if there truly was a problem? Even use that historical data as indicators to catch problems before they happen, not after?
- Splunk’s IT SI represents a new approach to service intelligence Rather than bolting a mish-mash of products together, ITSI uses a data-driven approach (all data, across silos) Provides insights into the highest-visibility services-- the ones which directly impact business and operations with – personal, meaningful contextual visualizations. Provides sophisticated alerting mechanisms and workflow, to catch and mitigate problems early, before they impact customers Allows fast correlation across services & KPIs, to quickly determine root cause and reduce MTTR Deploys in days & weeks, rather than weeks & months It’s Scalable, flexible (schema on the fly) and continues to provide fast time-to-value
- What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of. Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises. An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs. One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well. To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time! Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time. The business impact here surrounds the time and expense in identifying root cause and fixing the problem To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation. The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale. Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business. The impact that we hear from Service Owners is that the business perceives IT as being inefficient. So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs. Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies. Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
- With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational usecases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business. The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
- Think of a service as a “black box” which we send requests, and expect responses. In IT SI a Service is a logical group of technology components a user deems need to be monitored together. A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- Think of a service as a “black box” which we send requests, and expect responses. In IT SI a Service is a logical group of technology components a user deems need to be monitored together. It could be technical in nature, like Web, Mobile API Middlewear, or DNS. It can even be business related, like Customer Transactions or Support Desk related. A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- Think of a service as a “black box” which we send requests, and expect responses. In IT SI a Service is a logical group of technology components a user deems need to be monitored together. It could be technical in nature, like Web, Mobile API Middlewear, or DNS. It can even be business related, like Customer Transactions or Support Desk related. A services can literally be sources of data a customer wants to group together to monitor in a single healthscore or just wants to logically group together because they need to be managed by a specific team or needs to be reported in such a way. Services derive their value when KPIs are defined within them or dependencies are defined to other services. Therefore you could have a more abstractly defined service which only depends on other services to derive its own health. E.g. Partner portal is a conceptual service which depends on the API service which in turn has its own KPIs but depends on Web Services. Alternatively you could have Partner portal depend on each and every one in blue, or not even have all the ones in blue and have all the Kpis be inside Partner portal. Everything you see in the diagram above could be a service in ITSI.
- Multi KPI alerts is to build alerts for when there is a desire to be alerted by email or just view the notable event review dashboard (like Incident review in ES).
- Think ES when talking about notable events. They are nearly identical to ES notable events other than the fact that they are some other fields like Service and the actions you can perform on them are a little different. Like going to Deep Dive or creating ticket in service now. The correlation searches that create these notable events can be designed through the correlation search interface like in ES, or through the Multi KPI alert UI. They are stored in the notable events summary index.
- We’ll use a simulated failure scenario which a NOC might encounter We’ll show how to isolate a particular problem, from a NOC operator's perspective We’ll show how to significantly reduce MTTR and provide actionable alerts to avoid outages in the future