solving big it problems with splunk it service intelligence
TRANSCRIPT
Copyright © 2015 Splunk Inc.
Solving Big IT Problems with Splunk IT Service Intelligence Bill Babilon, IT Specialist, Splunk Public Sector
JusDn Brown, IT Engineer, Pacific Northwest NaDonal Lab
Disclaimer
2
During the course of this presentaDon, we may make forward looking statements regarding future events or the expected performance of the company. We cauDon you that such statements reflect our current expectaDons and esDmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in the this presentaDon are being made as of the Dme and date of its live presentaDon. If reviewed aRer its live presentaDon, this presentaDon may not contain current or
accurate informaDon. We do not assume any obligaDon to update any forward looking statements we may make. In addiDon, any informaDon about our roadmap outlines our general product direcDon and is
subject to change at any Dme without noDce. It is for informaDonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaDon either to develop the features or funcDonality described or to include any such feature or funcDonality in a future release.
About Your Presenters
Bill Babilon – IT OperaDons Specialist for Splunk Public Sector
3
JusDn Brown – IT Engineer, Pacific Northwest NaDonal Labs
Agenda
• ITSI Concepts • Forest, Trees and Leaves • Demo • Pacific Northwest NaDonal Lab Case Study • QuesDons
4
Copyright © 2015 Splunk Inc.
Concepts
Apps/IT Stack • This is the way many in ‘IT’ think
of their ‘world’ • Each layer is a ‘silo’ – a dedicated
team of experts focus just on the health of that parDcular layer
• Their view of the ‘health’ of that layer is based on the aggregated ‘health’ of each component in the layer (ex: Lead DBA, 98 out of 100 DB instances are ‘okay, 2 are ‘struggling’ => my team is having a ‘good day’)
• Really ?!?!?!!!!
Physical Server (Dell, HP, CISCO blades or servers)
Guest OS (Windows/Linux/*Nix)
Database (Oracle, SQL Server, MySQL)
Hypervisor (ESX, HyperV, Citrix)
Web Server (Apache, TomCat)
App Server (WebLogic, Jboss EAP, WebSphere)
6
ApplicaDons, business/mission services
SAN/NAS Storage (EMC, AppNet)
Network
ApplicaDon POV • The aggregated health of the
layer is irrelevant. • Dependencies now mamer • The ‘health’ of the app depends
greatly on the health of each components of each layer that that app depends upon.
• If your app depends on one or more of those two (2) ‘struggling’ DB servers, you are about to have a ‘bad’ day!
• What about those VM’s that are ‘yellow’?
Physical Server (1,2,3,4,5,6,7,8,9,10…N)
Guest OS (1,2,3,4,5,6,7,8,9,10…N)
Database (1,2,3,4,5,6,7,8,9,10…100)
VM/Hypervisor (1,2,3,4,5,6,7,8,9,10…N)
Web Server (1,2,3,4,5,6,7,8,9,10…N)
App Server (1,2,3,4,5,6,7,8,9,10…N)
7
Apps WPaaS
SAN/NAS Storage (1,2,3,4,5,6,7,8,9,10…N)
Network
How IT SI complements core Splunk • Think of core Splunk as collecDng
data at each horizontal layer • IT SI is a ‘ver>cal slice’ that only
focuses on the components in the layer that rollup to a given app
• ASP – ApplicaDon Service Provider (many, each app or service)
• ISP – Infrastructure Service Provider (usually only a few – the data centers or cloud provider) Physical Server (Dell, HP, CISCO blades or servers)
Guest OS (Windows/Linux/*Nix)
Database (Oracle, SQL Server, MySQL)
Hypervisor (ESX, HyperV, Citrix)
Web Server (Apache, TomCat)
App Server (WebLogic, Jboss EAP, WebSphere)
8
ApplicaDons, business/mission services
SAN/NAS Storage (EMC, AppNet)
Network
Full Stack Custom App
REST based service
ASP ISP
Cloud
Copyright © 2015 Splunk Inc.
Forest, Trees and Leaves
Service Analyzer, Glass Tables, Deep Dives
10
Service Analyzer: Auto generated filterable and Dled view of Service health scores and KPIs
Glass Tables: Customizable free form drawing dashboards to view health scores and KPIs of choice with visual tools to create context
Deep Dives: Swim lane analysis dashboard to show all those indicators over Dme for invesDgaDons
MulD KPI Alerts, Notable Events
11
Mul> KPI Alerts: Correla>on searches on service degrada>on
Notable Events: Event framework for Mul> KPI Alerts
Copyright © 2015 Splunk Inc.
Demo
Copyright © 2015 Splunk Inc.
JusDn Brown Pacific Northwest NaDonal Lab
First Approach
First Approach
Using ITSI
Using ITSI
Copyright © 2015 Splunk Inc.
5 More minutes please ….
Key Takeaways • Rapid Time to Mission/Time to value – Hours/days, not weeks • At a glance problem idenDficaDon – Service Analyzer • ‘In context’ data visualizaDon/View the data in a way that is meaningful to you
– Glass Tables • Time based KPI review/Compare to past trends – Deep Dives • ProacDve alerDng – moving out of the ‘green zone’ – MulDple KPI Alerts
19
Try it: SPLUNK.COM/ITSI Free trial. In Splunk Cloud.
Upcoming Splunk IT Service Intelligence Events " 10/29 Webcast: Transform Monitoring with Splunk IT Service Intelligence hmp://www.splunk.com/en_us/about-‐us/events.html
" 11/12 Webcast: Splunk IT Service Intelligence: Next-‐Genera>on IT Analy>cs and Opera>on Intelligence PlaXorm featuring Pacific Northwest NaDonal Laboratory (PNNL) hmp://www.doyouknowsplunk.com
" 12/3 SplunkLive! Bal>more hmp://live.splunk.com/BalDmore
21
Support Our Military Kids
22
Take our Survey! Splunk will Donate $10 to Our Military Kids
Plus a bonus if we hit 350 completed surveys onsite.
Copyright © 2015 Splunk Inc.
QuesDons ?
25
26
27
28
29
30
Splunk IT Service Intelligence at
31
Replaced home-‐grown tools
Real-‐>me service insights to LOBs
Reduced >me to resolu>on
32
Unified insights: data integraDons from other tools
11,000 to 100s
Reduced incident Dckets
Aler>ng on service KPI’s instead of
server performance
Usage baselines to idenDfy anomalies
Splunk IT Service Intelligence at
33
Server-‐based to Services-‐based monitoring
Top-‐down and deep-‐dive service insights
200+ services and 1500+ KPIs monitored
Flexible creaDon and modificaDon of services and KPIs
Aler>ng on service KPIs instead of
server performance
Real-‐Dme, holisDc and proacDve “client” view
Splunk IT Service Intelligence at