Solving Big IT Problems with Splunk IT Service Intelligence

Copyright © 2015 Splunk Inc. Solving Big IT Problems with Splunk IT Service Intelligence Bill Babilon, IT Specialist, Splunk Public Sector JusDn Brown, IT Engineer, Pacific Northwest NaDonal Lab

Transcript of Solving Big IT Problems with Splunk IT Service Intelligence

Page 1: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  

Solving  Big  IT  Problems  with  Splunk  IT  Service  Intelligence    Bill  Babilon,  IT  Specialist,  Splunk  Public  Sector  

JusDn  Brown,  IT  Engineer,  Pacific  Northwest  NaDonal  Lab  

Page 2: Solving Big IT Problems with Splunk IT Service Intelligence



During  the  course  of  this  presentaDon,  we  may  make  forward  looking  statements  regarding  future  events  or  the  expected  performance  of  the  company.  We  cauDon  you  that  such  statements  reflect  our  current  expectaDons  and  esDmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaDon  are  being  made  as  of  the  Dme  and  date  of  its  live  presentaDon.  If  reviewed  aRer  its  live  presentaDon,  this  presentaDon  may  not  contain  current  or  

accurate  informaDon.  We  do  not  assume  any  obligaDon  to  update  any  forward  looking  statements  we  may  make.  In  addiDon,  any  informaDon  about  our  roadmap  outlines  our  general  product  direcDon  and  is  

subject  to  change  at  any  Dme  without  noDce.  It  is  for  informaDonal  purposes  only  and  shall  not,  be  incorporated  into  any  contract  or  other  commitment.  Splunk  undertakes  no  obligaDon  either  to  develop  the  features  or  funcDonality  described  or  to  include  any  such  feature  or  funcDonality  in  a  future  release.  

Page 3: Solving Big IT Problems with Splunk IT Service Intelligence

About  Your  Presenters  

Bill  Babilon  –      IT  OperaDons  Specialist  for  Splunk  Public  Sector  



JusDn  Brown  –      IT  Engineer,  Pacific  Northwest  NaDonal  Labs    

Page 4: Solving Big IT Problems with Splunk IT Service Intelligence


•  ITSI  Concepts  •  Forest,  Trees  and  Leaves  •  Demo  •  Pacific  Northwest  NaDonal  Lab  Case  Study  •  QuesDons    


Page 5: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  


Page 6: Solving Big IT Problems with Splunk IT Service Intelligence

Apps/IT  Stack  •  This  is  the  way  many  in  ‘IT’  think  

of  their  ‘world’  •  Each  layer  is  a  ‘silo’  –  a  dedicated  

team  of  experts  focus  just  on  the  health  of  that  parDcular  layer  

•  Their  view  of  the  ‘health’  of  that  layer  is  based  on  the  aggregated  ‘health’  of  each  component  in  the  layer  (ex:  Lead  DBA,  98  out  of  100  DB  instances  are  ‘okay,  2  are  ‘struggling’  =>  my  team  is  having  a  ‘good  day’)  

•  Really  ?!?!?!!!!  

 Physical  Server  (Dell,  HP,  CISCO  blades  or  servers)  

 Guest  OS  (Windows/Linux/*Nix)  

 Database  (Oracle,  SQL  Server,  MySQL)  

 Hypervisor  (ESX,  HyperV,  Citrix)    

Web  Server  (Apache,  TomCat)  

   App  Server  (WebLogic,  Jboss  EAP,  WebSphere)  


ApplicaDons,  business/mission  services  

 SAN/NAS  Storage  (EMC,  AppNet)  


Page 7: Solving Big IT Problems with Splunk IT Service Intelligence

ApplicaDon  POV  •  The  aggregated  health  of  the  

layer  is  irrelevant.  •  Dependencies  now  mamer  •  The  ‘health’  of  the  app  depends  

greatly  on  the  health  of  each  components  of  each  layer  that  that  app  depends  upon.  

•  If  your  app  depends  on  one  or  more  of  those  two  (2)    ‘struggling’  DB  servers,  you  are  about  to  have  a  ‘bad’  day!  

•  What  about  those  VM’s  that  are  ‘yellow’?  

Physical  Server  (1,2,3,4,5,6,7,8,9,10…N)  

Guest  OS    (1,2,3,4,5,6,7,8,9,10…N)  

Database    (1,2,3,4,5,6,7,8,9,10…100)  

VM/Hypervisor  (1,2,3,4,5,6,7,8,9,10…N)  

Web  Server    (1,2,3,4,5,6,7,8,9,10…N)    

App  Server    (1,2,3,4,5,6,7,8,9,10…N)  


Apps                      WPaaS      

SAN/NAS  Storage  (1,2,3,4,5,6,7,8,9,10…N)  


Page 8: Solving Big IT Problems with Splunk IT Service Intelligence

How  IT  SI  complements  core  Splunk  •  Think  of  core  Splunk  as  collecDng  

data  at  each  horizontal  layer  •  IT  SI  is  a  ‘ver>cal  slice’  that  only  

focuses  on  the  components  in  the  layer  that  rollup  to  a  given  app  

•  ASP  –  ApplicaDon  Service  Provider  (many,  each  app  or  service)  

•  ISP  –  Infrastructure  Service  Provider  (usually  only  a  few  –  the  data  centers  or  cloud  provider)      Physical  Server  (Dell,  HP,  CISCO  blades  or  servers)  

 Guest  OS  (Windows/Linux/*Nix)  

 Database  (Oracle,  SQL  Server,  MySQL)  

 Hypervisor  (ESX,  HyperV,  Citrix)    

Web  Server  (Apache,  TomCat)  

   App  Server  (WebLogic,  Jboss  EAP,  WebSphere)  


ApplicaDons,  business/mission  services  

 SAN/NAS  Storage  (EMC,  AppNet)  


Full  Stack  Custom  App  

REST  based  service  

 ASP    ISP  


Page 9: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  

Forest,  Trees  and  Leaves  

Page 10: Solving Big IT Problems with Splunk IT Service Intelligence

Service  Analyzer,  Glass  Tables,  Deep  Dives  


Service  Analyzer:  Auto  generated  filterable  and  Dled  view  of  Service  health  scores  and  KPIs  

Glass  Tables:  Customizable  free  form  drawing  dashboards  to  view  health  scores  and  KPIs  of  choice  with  visual  tools  to  create  context  

Deep  Dives:  Swim  lane  analysis  dashboard  to  show  all  those  indicators  over  Dme  for  invesDgaDons  

Page 11: Solving Big IT Problems with Splunk IT Service Intelligence

MulD  KPI  Alerts,  Notable  Events  


Mul>  KPI  Alerts:  Correla>on  searches  on  service  degrada>on  

Notable  Events:  Event  framework  for  Mul>  KPI  Alerts  

Page 12: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  


Page 13: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  

JusDn  Brown  Pacific  Northwest  NaDonal  Lab  

Page 14: Solving Big IT Problems with Splunk IT Service Intelligence

First  Approach  

Page 15: Solving Big IT Problems with Splunk IT Service Intelligence

First  Approach  

Page 16: Solving Big IT Problems with Splunk IT Service Intelligence

Using  ITSI  

Page 17: Solving Big IT Problems with Splunk IT Service Intelligence

Using  ITSI  

Page 18: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  

5  More  minutes  please  ….  

Page 19: Solving Big IT Problems with Splunk IT Service Intelligence

Key  Takeaways  •  Rapid  Time  to  Mission/Time  to  value  –  Hours/days,  not  weeks  •  At  a  glance  problem  idenDficaDon  –  Service  Analyzer  •  ‘In  context’  data  visualizaDon/View  the  data  in  a  way  that  is  meaningful  to  you              

 –  Glass  Tables  •  Time  based  KPI  review/Compare  to  past  trends  –  Deep  Dives  •  ProacDve  alerDng  –  moving  out  of  the  ‘green  zone’  –  MulDple  KPI  Alerts    



Page 20: Solving Big IT Problems with Splunk IT Service Intelligence

Try  it:    SPLUNK.COM/ITSI  Free  trial.  In  Splunk  Cloud.  

Page 21: Solving Big IT Problems with Splunk IT Service Intelligence

Upcoming  Splunk  IT  Service  Intelligence  Events  "   10/29  Webcast:    Transform  Monitoring  with  Splunk  IT  Service  Intelligence  hmp://­‐us/events.html  

"   11/12  Webcast:  Splunk  IT  Service  Intelligence:    Next-­‐Genera>on  IT  Analy>cs  and  Opera>on  Intelligence  PlaXorm    featuring  Pacific  Northwest  NaDonal  Laboratory  (PNNL)  hmp://  

"   12/3  SplunkLive!  Bal>more    hmp://  


Page 22: Solving Big IT Problems with Splunk IT Service Intelligence

Support  Our  Military  Kids  


Take  our  Survey!  Splunk  will  Donate  $10  to  Our  Military  Kids  

Plus  a  bonus  if  we  hit  350  completed  surveys  onsite.      

Page 23: Solving Big IT Problems with Splunk IT Service Intelligence

Copyright  ©  2015  Splunk  Inc.  

QuesDons  ?  

Page 24: Solving Big IT Problems with Splunk IT Service Intelligence
Page 25: Solving Big IT Problems with Splunk IT Service Intelligence


Page 26: Solving Big IT Problems with Splunk IT Service Intelligence


Page 27: Solving Big IT Problems with Splunk IT Service Intelligence


Page 28: Solving Big IT Problems with Splunk IT Service Intelligence


Page 29: Solving Big IT Problems with Splunk IT Service Intelligence


Page 30: Solving Big IT Problems with Splunk IT Service Intelligence


Page 31: Solving Big IT Problems with Splunk IT Service Intelligence

Splunk  IT  Service  Intelligence  at  


Replaced  home-­‐grown  tools  

Real-­‐>me  service  insights  to  LOBs  

Reduced  >me  to  resolu>on  

Page 32: Solving Big IT Problems with Splunk IT Service Intelligence


Unified  insights:  data  integraDons  from  other  tools  

11,000  to  100s  

Reduced  incident  Dckets  

Aler>ng  on  service  KPI’s  instead  of  

server  performance  

Usage  baselines  to  idenDfy  anomalies  

Splunk  IT  Service  Intelligence  at  

Page 33: Solving Big IT Problems with Splunk IT Service Intelligence


Server-­‐based  to  Services-­‐based  monitoring  

Top-­‐down  and  deep-­‐dive  service  insights  

200+  services  and  1500+  KPIs  monitored  

Flexible  creaDon  and  modificaDon  of  services  and  KPIs  

Aler>ng  on  service  KPIs  instead  of  

server  performance  

Real-­‐Dme,  holisDc  and  proacDve  “client”  view    

Splunk  IT  Service  Intelligence  at