Daten getriebene Service Intelligence mit Splunk ITSI

Editor's Notes

• #5: Splunk is a scalable platform for machine data, that allows you to interact with the data to solve various use-cases. Initially we were founded one enabling IT administrators to solve IT challenges but over the years we’ve manifested this into various other use cases including Application Management, Security and Compliance (the top 3 being our core use-cases) and the evolving use cases are around Business Analytics and IoT, all of which has been led by our customers. As our customers grow their asks from Splunk also began to evolve. They were looking for an integrated holistic packaged solution that will not only help them break-down silos, but apply machine learning to enable their IT practitioners to help arm them with the right data at the right time. They want to exploit the data they have within Splunk to discover new ways to improve their operations and drive business priorities and growth. Our customers wanted to up-level the insight machine data gave them. Not only did they want to immediately address the operational problems but also wanted visibility into whether they are meeting SLA’s, what impact performance is having to the business.
• #7: That brings us to Splunk IT Service Intelligence – a packaged solution that enables real-time visibility into services driven by machine data. Splunk ITSI speeds and simplifies service monitoring and analytics and enables IT to make better, smarter and informed business decisions. This solution allows you to gain a deep understanding of your services. With Splunk ITSI, you have real-time views into the health of your services, and can use advanced analytics to find patterns, detect anomalies and trends to proactively monitor and address issues. As a result you have improved service visibility, reduced resolution times, and a transformative approach to monitoring and analytics driven by machine-data.
• #9: In order to solve these evolving needs, a certain class of customers began to leverage the platform and take advantage of the data they already had indexed within Splunk. They built some pretty sophisticated use-cases to improve operational efficiencies. And they way they are doing this is by adding a service perspective to the data they already have in Splunk. What became apparent as we spoke to those customers was that we have the ability to transform this age-old problem of troubleshooting and monitoring with a new approach driven by machine data. Given our customers had custom built service insights using the data they already had in the platform, it was a natural evolution for us to build an integrated solution based on our customers successes and make Splunk service-aware. This helps our customers to maximize the value they can get from Splunk with a machine data driven approach to monitoring and analytics.
• #22: What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of. Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises. An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs. One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well. To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time! Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time. The business impact here surrounds the time and expense in identifying root cause and fixing the problem To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation. The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale. Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business. The impact that we hear from Service Owners is that the business perceives IT as being inefficient. So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs. Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies. Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
• #23: What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of. Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises. An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs. One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well. To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time! Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time. The business impact here surrounds the time and expense in identifying root cause and fixing the problem To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation. The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale. Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business. The impact that we hear from Service Owners is that the business perceives IT as being inefficient. So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs. Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies. Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
• #24: Fiserv is a global financial services technology provider behind essential services such as mobile and online banking, payments, risk management, data analytics and core account processing - more than 1 in 3 U.S. financial institutions rely on Fiserv for core processing services. Lacking a consistent monitoring approach and frustrated with too many tools, Fiserv initially deployed Splunk Enterprise to deploy Splunk to collect and process data that can feed into existing incident management process. While Splunk Enterprise was supporting faster troubleshooting and issue resolutions, Fiserv needed a way to quickly react to changing environment conditions to alert and prevent reoccurring events BEFORE they happened. The team was struggling to build Splunk dashboards that surfaced the right information and led to decisive action. Fiserv also needed to perform continual education across business units, across support tiers and across shifts on the latest dashboards that looks for specific client impacting conditions. The team had a mandate to achieve these goals in just 90 days. Enter Splunk IT Service Intelligence – with Splunk ITSI, Fiserv was able to: Deliver service based monitoring in a much shorter time frame Empower a tier 1 user with a tool kit to triage and act as a higher tier Develop model out of a problem review to add new KPIs to roll into the service as a hole. Easily correlate issues through a drill down and determine cause vs effect and then dive right into the logs Fiserv leveraged Splunk IT Service Intelligence to enhance their service-based monitoring and empower their users. With Splunk IT Service Intelligence, the Fiserv team is able to collect and process data from multiple sources and locations and integrate that data into an existing incident management process. …all within 90 days from inception to delivery.
• #25: Splunk was brought into the organization nearly 3 years ago, primarily to solve security use cases. IT ops teams were struggling with a variety of different monitoring tools, managed by different teams and showing different perspectives of the same data. Needed to consolidate all this data and visualizations and needed a flexible way to create business dashboards and consolidate the the different tools and data into a single console and replace their Manager of Managers solution. With (Splunk IT Service Intelligence) ITSI World Bank has realized the ease with which these tools can be integrated, events brought in and parsing the message from these events and to make sure that only what’s being displayed to the console are actionable meaningful alert. Example service is the was with the treasury department. There are financial penalties if trades aren’t released in a certain amount of time, as you can imagine. If it goes into the next day, interest rates may change that could cause a lot of problems for the trading desk. With ITSI, they were able to put together a holistic dashboard that shows what the user experience is, how much time it takes for traders to log in, how many traders are still logged into the system and then when it comes to their business, how many trades have been released, how many are not released, how many are stuck, how many are completed, and then, what that overall processing time is, so that their treasury line managers can see on their desktop a holistic picture of real-time trading activity and what is happening now and do they need to take actions. They didn’t have to spend weeks and months to integrate data sources to them, customize portlets and other things. With Splunk ITSI, thet were able to build exactly what they needed quickly within hours. They’ve also built in integration into BMC Remedy to automoate incident workflows.
• #26: Challenges: In the past, Cox Automotive encountered uptime and application stability challenges during its auto auctions, but had little visibility into the root cause. When a problem occurred, their operations teams lacked visibility into whether the disruption was broad across the network or isolated to a single lane that needed investigation. It also lacked the ability to prioritize incident investigations and needed real-time insights into the performance and availability of each auction lane. Solution: Cox Automotive decided to standardize its data aggregation strategy on Splunk IT Service Intelligence to gain much-needed Operational Intelligence. With Manheim, AutoTrader.com and Kelley Blue Book, Cox Automotive is changing the car buying and selling business and enabling people to buy and sell cars from their homes, offices and mobile devices. Since Cox Automotive implemented Splunk ITSI, the platform has delivered tremendous value and helped drive down key metrics such as mean-time-to-investigate (MTTI) and mean-time-to-resolution. As Cox deploys Splunk ITSI across all of its brands, the solution is already providing nearly instantaneous returns and is improving end-user-experience and service reliability Now, if an incident with a camera, microphone or other device occurs, staff members get an alert within seconds, can troubleshoot quickly, and rapidly identify the issue and exact location for an auction technician to minimize disruption. Moreover, using advanced analytics and machine learning, staff can predict outages and can even monitor equipment degradation for proactive replacement. Splunk Cloud: Given the enormous amount of data at Cox Automotive, they are pleased with the company’s cloud strategy and notes that the ability to have all data flow to one place instead of distributing it among different data centers has been a godsend. With the Splunk platform, the company no longer has to depend on on-premises storage and it has the flexibility to scale on demand. With Splunk ITSI being adopted as the enterprise monitoring and analytics solution, Splunk Cloud has made it possible to scale their implementation and adoption across various brands within Cox Automotive.   Beyond the data associated with Manheim car auctions, Cox is ingesting approximately 2TB of data per day from across its infrastructure into the Splunk Cloud platform. This is enabling teams to not only understand the health and well-being of production systems but also giving release engineering and application development teams insights into new software releases.
• #27: Real-time visibility improves security effectiveness SSTL was unable to search  through security data due to limitations in its disparate security solutions. By using Splunk Enterprise to centrally store, index and provide insight to a range of data sources including firewall, Active Directory, email hosting and website traffic, the organization now is able to rapidly search through data and establish alerts in a way that wasn’t possible previously. This has significantly improved the organization’s ability to understand and respond to potential insider and advanced persistent threats , with alerts established to recognize anomalies such as employees logging in at work when they haven’t swiped into the office.   Insight into IT health and performance Since deploying Splunk ITSI, SSTL has gained overarching insights into the performance of the organization’s key services through a Service Health. Powerful visualizations provide easily digestible data and analytics in the form of a dashboards that the business services team uses to better understand real-time performance and business impact. This end-to-end view into IT highlights how potential problems such as a high load being exerted on the SQL server estate affects other key IT services. The team can then drill down into the data to accelerate root cause analysis and problem resolution. With Splunk ITSI, SSTL has been able to improve performance issues and ensure IT services are accessible, reliable and secure for all employees. “Using Splunk Enterprise and Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously,” says Surrey Satellite Technology Chief Technology Officer, Daniel Nye. “This has directly led to improvements in areas such as troubleshooting and security awareness , which is allowing us to focus more on how we can support our engineers and researchers.”  
• #28: With Splunk ITSI, customers get the higher level benefits based on the underlying platform. So, from deep-in-the-weeds solving IT operational use cases with Splunk enterprise, we’re up-leveling the use cases and making IT more relevant to the business. The can visualize meaningful and contextual data and inter-relationships with dynamic service models, organize and correlate performance indicators for at-a-glance problem analysis, get proactive with early warnings on anomalies, deviations and pre-configured correlated alerts, and simplify workflows.
• #29: So, let’s look at a simple visual to discuss how it works? In four simple steps, customers can achieve data driven service insights. They Get the data in. (all the data…) They quickly define services, entities, and KPIs They monitor and troubleshoot They analyze and detect Through these steps, the customers is able to realize the value of Data Defined, Data Driven Service Insights.