A Beginner’s Guide to Event Analytics

Whether you've been in IT for two or 20 years, you know event management is nothing new. But the terms and concepts associated with event management have evolved and it’s time we set the record straight. Event management, the technical process of resolving and triaging in an IT environment, includes ensuring the availability and uptime in an environment given the services your team is responsible for.

Let’s dive into the important terms for how the industry is talking about event management today and the pain points currently associated with event management. A warning: this is not the end-all-be-all for IT definitions. It’s just simply a way for you to better understand how Splunk and the industry talks about events and the event management space.

  • What’s an event?
    An event is a state change about a particular “thing.” It is a time-series message describing a change of state for a target entity. Therefore an event isn’t always a bad thing. It usually includes a target component. For example server 5 is down, file system is full, the car is on fire!

  • What is time-series data?
    This is the stuff that Splunk indexes. This includes all data types, including logged data, metric data and wire data. Want more examples? Check out the Essential Guide to Machine Data e-Book.


  • What is an incident?  
    An incident is an unplanned interruption or reduction in quality of an IT or business service. It is a higher level concept dealing with the process of an outage or a service interruption. Find out how much critical IT incidents are costing you with our Critical IT Incident Calculator.

  • What is an event manager, element manager or monitor?
    Regardless of title, these individuals are the unsung heros of IT—the ones who monitor operations and spew large numbers of events.

  • What is this new term “event analytics”?
    Event analytics is Splunk’s vision for revolutionizing traditional event management.

What is Splunk doing that is differentiating us from the legacy players?

Some background: Originally, an event was a message from a computer. Every event was intended be seen by a human and acted upon. But as more applications were added, more computers and network devices were also added. As a result of this more complex infrastructure, all these events have become overwhelming.

Thus the event manager was born, and with that so were IT silos—so managers could focus on a particular space. Eventually, managers of managers were created to reduce, deduplicate and rules-engine our way to fewer events. But our rapidly growing environments have become extremely complex, and the number of events continues to increase exponentially.

Event analytics is relieving all these pains. It enables you to see across all the IT silos in one platform, making it easy to determine the root cause of an incident. Oh, and that little thing called machine learning is embedded as well. These unique algorithms analyze your events to determine if they are a smoking gun or not—saving you time from sifting through the hefty event floods. All of this built on top of the scalable Splunk platform.

Learn how you can Make Your IT Events Less Eventful, listen to the .conf2017 presentation "Event Management is Dead" by Splunk ITOA Specialist David Millis, or try event analytics out for yourself in our Splunk ITSI Sandbox.

Taylor Crump

Posted by



A Beginner’s Guide to Event Analytics

Show All Tags
Show Less Tags

Join the Discussion