Splunk IT Service Intelligence and VictorOps: Closing the Loop Between Event Management and Incident Response

Following Splunk’s acquisition of VictorOps last year, our teams have been working toward a tightly-integrated solution for event management and incident response. At .conf18, we delivered an updated Splunk Enterprise integration and added two new integrations with Splunk IT Service Intelligence (ITSI) and Splunk Insights for Infrastructure (SII).

In this blog, we’ll dive into how Splunk ITSI and VictorOps work together to give engineers a headstart on tackling the problems that create downtime.

What is Splunk ITSI, and What is VictorOps?

Splunk IT Service Intelligence (ITSI) is a monitoring and analytics solution that uses AI to predict and prevent problems before they impact revenue and customer experience. It helps you shift from reactive to predictive IT and delivers insights across both your IT and business services, applications and infrastructure.

Put another way, Splunk ITSI gives you amazing visualizations into service health while also providing powerful predictive analytics that generate event episodes (groupings of related events) that not only help you focus on what really requires attention, but also what will require attention.

Here’s where VictorOps comes in.

Instead of passing along attention-worthy events to absolutely everyone in an all-hands-on-deck sort of way, VictorOps can pass them along to the right people or teams. At VictorOps, our mission is to make on-call suck less. VictorOps takes alerts from your monitoring tools—including Splunk ITSI—and applies on-call schedules and rules to engage the right teams so the right people can start resolving problems faster, and everyone else can rest worry-free. Customers like PSCU have taken Mean Time to Acknowledge (MTTA) from 4 hours down to 2 minutes with VictorOps.

So how does it all work? Once your team is in a “firefight,” VictorOps engages the right experts and teams over a native mobile app or web interface to make collaborating easier and faster. Out-of-the-box reporting enables your team to provide better retrospectives, so you can continuously improve incident response. Collaboration and analytics drive shorter outages, less waste in resources, improved utilization of your team’s “tribal knowledge” and a more empowering, collaborative and enjoyable on-call experience.

Splunk ITSI and VictorOps: Working Together!

We designed an integration that makes Splunk ITSI and VictorOps work in a way that’s easy to deploy while still supporting key events and incident management workflows. With the integration, a simple dropdown in Splunk ITSI lets you set alerts to be sent into VictorOps, where your team can collaborate to resolve the incident. Splunk ITSI reduces alert fatigue in VictorOps and provides more actionable context through machine learning and predictive analytics. Once you have an event aggregation policy created, alerts can both be triggered and recovered based on action rules from inside ITSI.

Why This Matters

For you, this means on-call experts—everyone from the NOC to developers—can work smarter, not harder. Splunk + VictorOps creates a holistic solution for intelligent system monitoring and powerful incident response, deepening visibility and improving collaboration across your entire team. Mean Time to Resolve goes down, the cost of downtime decrease as a result, and your team gets to be more productive by focusing their time on the right issues.

Using Splunk and VictorOps together allows you to better leverage your machine data, creating a deeper understanding of your services, applications and infrastructure. Move from a reactive monitoring and incident management process to proactive reliability—and consistent availability—with the power of Splunk and VictorOps.

You can try out the Splunk ITSI + VictorOps integration for yourself! It’s as easy as signing up for your own 14-day, free trial—no credit card required.

Happy Splunking,

Posted by