splunk for it operations and it service intelligence
TRANSCRIPT
Copyright©2015,SplunkInc.
SplunkforITOpera>onsandITServiceIntelligence14.April2016Moscow
PhilippDriegerSalesEngineerDACH&EEEMEACentralSMEIoT&ML
Copyright©2015,SplunkInc.
Agenda
• SplunkOverview• SplunkforITOpera>ons• ExtendandAcceleratewithApps• SplunkITServiceIntelligence(ITSI)• SplunkforBusinessAnaly>cs
Copyright©2015,SplunkInc.
SplunkOverview
Copyright©2015,SplunkInc.Copyright©2015SplunkInc.
BigDataComesfromMachinesVolume | Velocity | Variety | Variability
GPS,RFID,
Hypervisor,WebServers,
Email,MessagingClickstreams,Mobile,
Telephony,IVR,Databases,Sensors,TelemaEcs,Storage,
Servers,SecurityDevices,Desktops4
Copyright©2015,SplunkInc.Copyright©2015SplunkInc.
TurnMachineDataintoOpera>onalIntelligenceINDEXANYMACHINEDATA:ANYSOURCE,TYPE,VOLUME
OnlineServices Web
Services
ServersSecurity GPS
Loca>on
StorageDesktops
Networks
PackagedApplica>ons
CustomApplica>onsMessaging
TelecomsOnline
ShoppingCart
WebClickstreams
Databases
EnergyMeters
CallDetailRecords
SmartphonesandDevices
RFID
On-Premises
PrivateCloud
PublicCloud
GAINREAL-TIMEVISIBILITY
ApplicaEonDelivery
SecurityandCompliance
InfrastructureMonitoring
BusinessAnalyEcs
InternetofThings
5
Copyright©2015,SplunkInc.
SplunkforITOpera>ons
Copyright©2015,SplunkInc.
CIOObstacle:Escala>ngITComplexity
SERVERS STORAGE NETWORKING
VIRTUALIZATION
INFRASTRUCTUREAPPLICATIONS
PACKAGEDAPPLICATIONS
CUSTOMAPPLICATIONS
Iden>ty
VPN
IPPhone
HR
Finance
AppSvr
DB
WebSvr SaaS/PaaS
IaaS
Copyright©2015,SplunkInc.
CIOObstacle:Escala>ngITComplexity
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTUREAPPLICATIONS
PACKAGEDAPPLICATIONS
CUSTOMAPPLICATIONS
Iden>ty
VPN
IPPhone
HR
Finance
AppSvr
DB
WebSvr SaaS/PaaS
IaaS
Complex,silo-basedtechnologies
Disconnectedandoutdatedpointsolu>ons
Over70%of>mespentonmaintaining,notinnova>ng
Copyright©2015,SplunkInc.
Before Splunk
Data Gathering
DBApp NW
Storage
Now What?
….War Room
Outage Occurs
Human latency measured in hours or days
Не удается отобразить рисунок. Возможно, рисунок поврежден или недостаточно памяти для его открытия. Перезагрузите компьютер, а затем снова откройте файл. Если вместо рисунка все еще отображается красный крестик, попробуйте удалить рисунок и вставить его заново.
Copyright©2015,SplunkInc.
From Days to Minutes With Splunk
“First Responder”
2012-12-05 07:04:44 Id=Rd910EAJ City=New York [email protected] product_id=product_i BD-
66.57.19.112 ..[05/Dec/2012 07:05:22:152]”GET /card.do?action=addtocart &itemid=K9
[1208/12 02:39:03:209 UTC] 000000c6 ConnectionEve A J2CA00561: ConnectionExeception:[IBM][CLI Driver] SQL1224N
Report and analyze
Custom dashboards
Monitor and alert
Ad hoc search
2012-12-05 07:04:44 Id=Rd910EAJ City=New York [email protected]
product_id=product_i BD-
66.57.19.112 ..[05/Dec/2012 07:05:22:152]”GET /card.do?
action=addtocart &itemid=K9
[1208/12 02:39:03:209 UTC] 000000c6 ConnectionEve A
J2CA00561: ConnectionExeception:
[IBM][CLI Driver] SQL1224N
Outage Occurs
Copyright©2015,SplunkInc.
“Splunkreducedourescala>onsby90%andourproblemresolu>on>meby67%.
“EscalaEonsreducedby90%andMTTRdroppedby67%”
SplunkatServiceDesk:Vodafone
PauloCarvalhoDirectorOpera>ons
Theoldway:DisparateITsilosimpactCustomerService• Manuallyintensive,error-proneprocessesresultinconstantescala>onsandlongdelays
• Expensive,home-growntoolsforlogcollec>onandanalysisdon’tprovidethecompletepicture• Disconnectedsystemscreatetroubleinmee>ngsecurityandcompliancemandates
Thenewway:Providecomprehensivevisibilityandcontrol✓ AsingleTier1supportpersoncannowperformitera>vesearchesacrossalltheirITdatato
inves>gate,iden>fy,andfixtheproblem–escala>onsreducedby90percent
✓ Splunkconsolidateslogsfromdisparatesystemsintoasingleview,providingvisibilityacrossend-to-endservicedeliveryfromoneplace->metoproblemresolu>ondroppedby67%
✓ Role-basedsecureaccesstologsviaSplunkensuresSOXcompliance
✓ MonitorITdataandfindissuesbeforetheybecomevisibletocustomers
Copyright©2015,SplunkInc.
Splunk:TheBeherApproachForIT
12
CustomerFacingData
OutsidetheDatacenter
ApplicaEons Weblogs Log4J,JMS,JMX .NETevents Codeandscripts
Networking Configura>ons syslog SNMP nejlow
Databases Configura>ons Audit/querylogs Tables Schemas
VirtualizaEon&Cloud Hypervisor GuestOS,Apps Cloud
Linux/Unix Configura>ons syslog Filesystemps,iostat,top
Windows Registry Eventlogs Filesystemsysinternals
Logfiles Configs Messages TrapsAlerts
Metrics Scripts TicketsChanges
Click-streamdata Shoppingcartdata Onlinetransac>ondata
Manufacturing,logis>cs… CDRs&IPDRs Powerconsump>on RFIDdata GPSdata
Powerful,end-to-end,real->meplajormforMachineData
Copyright©2015,SplunkInc.
Splunk:TheBeherApproachForIT
13
CustomerFacingData
OutsidetheDatacenter
ApplicaEons Weblogs Log4J,JMS,JMX .NETevents Codeandscripts
Networking Configura>ons syslog SNMP nejlow
Databases Configura>ons Audit/querylogs Tables Schemas
VirtualizaEon&Cloud Hypervisor GuestOS,Apps Cloud
Linux/Unix Configura>ons syslog Filesystem ps,iostat,top
Windows Registry Eventlogs Filesystemsysinternals
Logfiles Configs Messages TrapsAlerts
Metrics Scripts TicketsChanges
Click-streamdata Shoppingcartdata Onlinetransac>ondata
Manufacturing,logis>cs… CDRs&IPDRs Powerconsump>on RFIDdata GPSdata
Powerful,end-to-end,real->meplajormforMachineData
NoupfrontschemaNocustomconnectorsNoRDBMS
• Anyamount,anyloca>on,anysource.
Copyright©2015,SplunkInc.
ExtendandAcceleratewithApps
Copyright©2015,SplunkInc.
AppsProvideDeepInsightsByRole
15
Findandresolveproblemsfastinindividualtechnologyareas
ExchangeAdmin
ServiceHealthPerformance
Messagetracking
VMware/Win/LinuxAdmin
InfrastructureHealthPerformance
Anomalies/Outliers
StorageAdmin
InfrastructureHealthPerformance
Anomalies/Outliers
Copyright©2015,SplunkInc.
ReduceCosts:Consolidatetools,eliminatesilos,findrootcausefaster!
ExchangeAdmin
Linux/WinAdminNetworkAdmin Applica>ons
AdminLineofBusiness
User
Applica>onSupport
VMware/Linux/WinAdmin
SecurityAdmin StorageAdmin ITManagement
Copyright©2015,SplunkInc.
Splunk:PlajormForITOpera>onalIntelligence
17
Plug-Ins,TemplatesandAppsAccelerateValueFromMachineData
Norigidschemas–Addindatafromanyothersource.
APISDKs UI
Server, Storage, Network
Server Virtualization
Operating Systems
Custom Applications
Business Applications
Cloud Services
App Performance Monitoring Ticketing/ and Other
WebIntelligence
Mobile Applications
Stream
Copyright©2015,SplunkInc.
SplunkForOpera>ngSystems
Proactive Monitoring
Operational Analytics
End-to-End Visibility
Getinstantinsightintoinfrastructurehealth
OSMetricsforPerformance,Capacity&ResourceAllocaAonAnalyses
ScaleAndCorrelateAcrossAllTiersOfYourTechnologyStack
18
Copyright©2015,SplunkInc.
SplunkForVirtualiza>on&Storage
Proactive Monitoring
Operational Analytics
End-to-End Visibility
Real-AmeacAonableinsightsintoproblemspotsandhealthissues
Real-Ame&historicalinsightsintoperformance,security,capacity,forecasAngandchangetracking
ScalableBigDatasoluAonforholisAcvisibilityacrossalltechnologyAers
19
Copyright©2015,SplunkInc.
SplunkforITServiceIntelligence
Copyright©2015,SplunkInc.
INTRODUCING
Data-drivenserviceinsightsforroot-causeisola>onandimprovedserviceopera>ons
Copyright©2015,SplunkInc.Copyright©2015SplunkInc.
CurrentChallenges
22
Can’taccessthedatathatmahers
Mul>pleproductslackdeepintegra>on
Complexandcustomizedtoolsrequiresignificantexper>seand>me
ITorganizaAonsconAnuetostrugglewithaligningoperaAonswithbusiness
FRAGMENTEDINSIGHTS
SLOW&REACTIVE
INEFFICIENT&UNSCALABLE
Copyright©2015,SplunkInc.
SplunkITServiceIntelligence
23
DataDriven• AllITData-events,metrics,andlogs
Service-awareness• Providesac>onableinsightsintohighvisibilityservices• Personalcontextualvisualiza>ons• Mi>gateproblemsbeforetheyimpactcustomers.
PowerfulPlajorm• Fastcorrela>onacrossservices&KPIs• DeploysQuickly• Scalable,flexibleandfast>me-to-value• ScalableUniversalPlajorm(anypointin>me)
Copyright©2015,SplunkInc.
WhatMakesSplunkITSIDifferent!
24
Search-BasedKPIsEasytowrite,manageandchangebothservicesandKPIs
Reflectsbusinessandtechnologypriori>es
Benefit:Rapidlygenerate&changeKPIstoalignservicehealthwithbusiness
Fiserv–1000sinjustweeks
FullFidelityServiceHealth
Adaptableandflexibledefini>onsofservicehealth
Onesolu>ontogoseamlesslyfromservicereportstorootcause,includingrawdata
Remainsadaptableandyets>llmaintainscompletehistoricalcontext
UniversalDataPlajormDatadriven:AllITdataincludingevents,metricsandlogs
Schemaon-the-FlyAskanyques>onofthedata
FastEmetovalue
Datafidelity
Copyright©2015,SplunkInc.
SplunkITServiceIntelligenceData-drivenservicemonitoringandanaly>cs
25
SPLUNKITSERVICEINTELLIGENCE
Time-SeriesIndex
PlajormforMachineData
DynamicServiceModels
Schema-on-Read DataModel CommonInformaEonModel
At-a-GlanceProblemAnalysis
EarlyWarningonDevia>ons
SimplifiedIncidentWorkflows
Copyright©2015,SplunkInc.
ITSICoreConcepts
Copyright©2015,SplunkInc.
ITServiceIntelligence–CoreConcepts
Service RequestsResponses
Web
TechnicalServices Services
RequestsResponses
MobileAPI/Middleware
RequestsResponses
DNS
SupportDeskRequestsResponses
CustomerTransacEons
RequestsResponses
BusinessServices
Copyright©2015,SplunkInc.
PacketNetwork
HypervisorandHosts
RDBMSs
StorageTier
APIServices
WebServices InITSI,aServiceisalogicalgroupoftechnology
componentsthatauserdeemsneedtobemonitored
together.
ITServiceIntelligence–CoreConcepts
Service RequestsResponses
Web
TechnicalServices Services
CustomerTransacEons
Web
CustomerTransacEons
RequestsResponses
BusinessServices
MobileAPI/
Middlew
are
SupportDesk
DNS
Copyright©2015,SplunkInc.
ITServiceIntelligence–CoreConcepts
Service RequestsResponses
Web
TechnicalServices
PacketNetwork
HypervisorandHosts
RDBMSs
StorageTier
APIServices
WebServices
Web
KPI:NumberofrequestsKPI:ErrorrateKPI:Averageresponse>meKPI:ServicerCPUloadKPI:ServernetworkI/Ferrors
KPIs
KPIsandHealthscorescons>tutethemeansbywhichServicesare
monitored.
HealthScore
Copyright©2015,SplunkInc.
ITServiceIntelligence–CoreConcepts
30
AHealthScoreisascoreform0-100(0beingcri>caland100beingnormal)thathelpsdeterminethehealthofaService.ItiscalculatedbasedonallKPIsimportanceanditsstatus(e.g.green,orange,red),onceeveryminute.
AKeyPerformanceIndicator(KPI)isaSplunksavedsearchcreatedwithintheITSIUIthathelpsmonitora
specificfieldlikeCPU,Memory,NumberofErrorsandsoon.KPIsarecontainedwithinServices.
ServiceAnalyzer–Autogeneratedfilterableand>ledviewofServicehealthscoresandKPIs
Copyright©2015,SplunkInc.
ITServiceIntelligence–CoreConcepts
31
AGlassTableisacustomizablefreeformdrawingdashboardstoviewHealthscoresand
KPIsofchoicewithvisualtoolstocreatecontextwithlivewidgets
GoDeepertoaDeepDiveView
Copyright©2015,SplunkInc.
ITServiceIntelligence–CoreConcepts
32
DeepDives–Swimlaneanalysisdashboardtoshowallthoseindicatorsover>mefor
inves>ga>ons
Copyright©2015,SplunkInc.
ITServiceIntelligence–CoreConcepts
33
MulEKPIAlerts–Visualtooltocreatecorrela>onsearchesbasedonKPIs
Copyright©2015,SplunkInc.
NotableEvents
34
NotableEventsaregeneratedbycorrela>onsearchesthatindicateservicedegrada>on.TheyarelikeNotableEventsinESbuthaveaslightlydifferent
fieldsetTheCorrela>onsearchesaregeneratedeitherthroughthecorrela>onsearchUIorMul>KPIAlertUI.
Copyright©2015,SplunkInc.
SplunkforBusinessAnaly>cs
Copyright©2015,SplunkInc.Copyright©2015SplunkInc.
RealTimeClevelGlasstable…
Copyright©2015,SplunkInc.Copyright©2015SplunkInc.
..drillsdowntoindividualBPAStakeholdertglasstable….
37
Copyright©2015,SplunkInc.Copyright©2015SplunkInc. 38
..drillsdowntotheindividualpa>entjourney
Copyright©2015,SplunkInc.
Adap>veThresholding
Copyright©2015,SplunkInc.
Copyright©2015,SplunkInc.
Copyright©2015,SplunkInc.
Copyright©2015,SplunkInc.
Thanks–Q&A