For those of you at .conf2017: The 8th Annual Splunk Conference, you heard in our IT Operations Technology Day Keynote that we’ve built the “Easy Button” for managing events through Splunk IT Service Intelligence (ITSI), so you can do what you need to—focus on the right issues and easily find and fix what’s broken. You might think this is just another event management tool, but Splunk ITSI for Event Analytics isn’t! Let me explain.
Your Current Tools Are Failing You
Today your job often involves spending several hours or days looking at hundreds of thousands of alerts from across your environment to determine whether an event is a “smoking gun” or a “false alarm.” Your current tools that use rules engines, complex scripts or machine learning algorithms help you reduce some of this event noise.
That’s great, but not all events need to be addressed with the same level of priority. Some are less urgent than others. How do you know which events you need to focus on and investigate first? To prioritize your investigation, you need to know the potential damage an incident may cause and for that you need context behind your events and alerts.
You Need Something Better
To be sure that your team is enabled to be as productive as possible, you need to:
1. See the full picture of what’s going on across your service stack.
Splunk ITSI helps you monitor service-wide patterns to prevent flooding your teams with meaningless alerts. You can relate event data with service context to understand the business-level impact of infrastructure performance and appropriately prioritize incident investigation
2. Decrease event noise to produce human-scale actionable alerts.
With artificial intelligence powered by machine learning, Splunk ITSI discovers patterns in large volumes of data and generates alerts at realistic volumes with specific actionable information. This helps your team avoid event paralysis and ticket flooding. You can also:
Dynamically adapt thresholds to avoid being alerted on expected conditions. Use built-in statistical measurements to understand historical behavior, determine threshold variability patterns by hour, day, week or month, and baseline normal operations
Extract real-time correlations easily on your events and KPIs to reduce event clutter and complexity and overhead of managing rules
Detect abnormalities based on the learned normal operational patterns to highlight and alert on anomalies and outlier activity that need investigation and action
3. Automate your response workflow.
It’s not enough to have access to analytics and data if you can’t do anything to respond faster. Splunk ITSI now comes with built-in integrations into your existing incident management and automation tools such as ServiceNow, BMC Remedy, Puppet, xMatters and PagerDuty. And you can build custom integrations easily with the power of the Splunk ITSI APIs.
4. Have a single place with all of your data to fully understand all your problems.
The beauty of Splunk ITSI is that it’s built on the power of the Splunk platform, so it’s a highly scalable data repository that enables open integration with every vendor technology. This means open standards without proprietary extensions. Use the power of the Splunk platform to seek out new forms of data to look where you current tools can’t—logs, events, metrics, wire data, application data and more, in any format—structured and unstructured and at any volume . You can leverage all of these sources to provide a running feed of the activity of your entire service environment.
What Can You Do Next?
If you already have a Splunk ITSI license, you will be able to download the latest version of Splunk IT Service Intelligence with these enhancements on October 19 from Splunkbase. In the meantime, you can:
Learn how Leidos migrated from its old event management tool and now uses Splunk ITSI as its IT monitoring hub
Read how the "Make Your Events Less Eventful" white paper
Play around in our free Splunk ITSI Sandbox
If you’re attending .conf2017, you won’t want to miss the session "Splunk IT Service Intelligence (ITSI): Event Management Is Dead – Event Analytics Is Revolutionizing IT," which dives into Splunk ITSI for Event Analytics. Here’s a comprehensive list of all the Splunk ITSI sessions by seasoned ITSI Splunkers, partners and customers that you can choose from.
Follow all the conversations coming out of #splunkconf17!