From Data to Action: Accelerate ITOps with Splunk ITSI and Red Hat Ansible

ITOps teams that use Splunk IT Service Intelligence (ITSI) and Red Hat Ansible Automation Platform have made two great choices. Splunk ITSI gives you a live view of your IT and business services, predicting and detecting incidents with AIOps and analytics so you can proactively prevent outages and incidents. And Event-Driven Ansible, part of Red Hat Ansible Automation Platform, automates actions for your team, enabling AIOps-powered response and resolution to issues and alerts, for greater speed, consistency, and resiliency.

Now a new free integration between Splunk ITSI and Red Hat Event-Driven Ansible lets you connect the dots from Splunk alerts to Red Hat actions, turning observability into automated operational resilience. Event-Driven Ansible gives teams the power to act on what Splunk observes—instantly and consistently. Available today in Splunk Base, the Red Hat Event Driven Ansible Add-on for Splunk, is ready to turn insight into action. If you are attending .conf25, come by the Red Hat booth to see it in action.

“This isn’t just about alerts—it’s about outcomes. With Red Hat Ansible, we’re giving Splunk customers a better way to accelerate and simplify automated responses for faster MTTR,” says Anush Jayaraman, Director of Partner Solutions Engineering. It’s a powerful example of how Red Hat and Splunk are co-innovating for the future of AIOps and digital resilience.

Closing the Gap Between Detection and Resolution

The IT and business systems that power your organization produce volumes of telemetry data. Just imagine a manufacturing scenario where smart automation and IoT sensors are streaming terabytes of real time data from the production floor to ITOps analysts using ITSI. Splunk is there, capturing and making sense of it all—visualizing dependencies, detecting patterns, and identifying anomalies before they hit production, but seeing an issue is only half the battle.

Now, with Splunk and Event-Driven Ansible working together, you can:

• Quickly correlate and identify business-critical issues captured by Splunk
• Flag specific events and notifications of concern
• Automatically self-heal and respond with Ansible—flexibly in the way you choose

That immediately adds up to fewer service tickets, faster response, and lower faster mean time to resolution (MTTR). If you already use Splunk ITSI and Red Hat Ansible Automation Platform, you have everything you need.

How It Works: From Insight to Automation

Connecting ITSI to Event-Driven Ansible is easy using a webhook or Kafka, an open-source digital delivery system for streaming real-time data and supported through the new add-on. Event-Driven Ansible uses a receive-decide-respond model to take action. Once configured and Splunk generates an alert, here's what happens:

1. Receive – Splunk sends the alert to Ansible
2. Decide – Ansible evaluates the event using predefined rulebooks
3. Respond – If the specific conditions are met, Ansible automatically executes the action—whether that’s running an Ansible Playbook, taking diagnostics steps, or triggering notifications.

If you are attending .conf25, come by the Red Hat booth (#12) to see it in action or learn more in this Red Hat blog and Splunk Lantern: Automating IT remediation with ITSI and Red Hat Ansible.

Start Small. Think Big

Splunk and Red Hat help you close the loop between what you know and what you can do. It’s a powerful step forward for any IT, AIOps, or security team that’s ready to stop reacting—and start automating.

Splunk and Red Hat recommend getting started with a simple use case like auto-generating incident tickets or notifying on-call teams. Once you get familiar and realize some immediate benefits, expand toward advanced workflows like building Ansible rulebooks and threshold triggered responses. A few ideas to look forward to automating include:

• Fact gathering for service tickets
• Automatically remediating certificate issues
• Closed-loop remediation
• Compliance and drift correction
• AI/ML-driven incident response
• SOC automation and change auditing

Get Started at .conf25

Splunk is excited to partner with Red Hat at .conf25, where you can find them at the Technical Integration Partner Showcase in the Pavillion. If you’re attending .conf25, put these two don’t-miss Red Hat and Splunk sessions on your agenda.

OBS2770 - Splunk and Red Hat Unifying Observability and Automation
Tuesday, Sept. 9 at 3 – 3:20 p.m.

Red Hat and Splunk experts will tell you more about the partnership and all the new integrations, key use cases, and ways to optimize the resilience across your IT operations.

OBS1740 - Automate the Chaos: Splunk ITSI and Red Hat Ansible Unite for Self-Healing IT!
Wednesday, Sept. 10 at 9 – 9:30 a.m.

See the new Splunk ITSI and Red Hat Ansible solution in action and learn how to configure, create alerts, and trigger playbooks using Ansible Rulebooks.

With Splunk ITSI at the center of your observability strategy and Ansible ready to act, your automation maturity can grow over time—without complexity. And stay tuned for information about other Splunk and Red Hat integrations that are also available, including Red Hat OpenShift Container Platform (OCP) and Red Hat Advanced Cluster Security (ACS) for Kubernetes. 

Here's how to begin:

🔗 Download the add-on from Splunkbase
📘 Read the how-to article on Splunk Lantern
💻 Explore Red Hat’s Event-Driven Ansible page

Let us know how you’re using it. We can’t wait to see what you automate next.

Follow all the conversations coming out of #splunkconf25!

Follow @splunk