Copyright©2015SplunkInc.
ITServiceIntelligence
BillBabilon,ITSpecialist,SplunkPublicSector
Disclaimer
DuringthecourseofthispresentaDon,wemaymakeforwardlookingstatementsregardingfuture
eventsortheexpectedperformanceofthecompany.WecauDonyouthatsuchstatementsreflectour
currentexpectaDonsandesDmatesbasedonfactorscurrentlyknowntousandthatactualeventsor
resultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose
containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.TheforwardlookingstatementsmadeinthethispresentaDonarebeingmadeasoftheDmeanddateofitslive
presentaDon.IfreviewedaOeritslivepresentaDon,thispresentaDonmaynotcontaincurrentor
accurateinformaDon.WedonotassumeanyobligaDontoupdateanyforwardlookingstatementswe
maymake.InaddiDon,anyinformaDonaboutourroadmapoutlinesourgeneralproductdirecDonandis
subjecttochangeatanyDmewithoutnoDce.ItisforinformaDonalpurposesonlyandshallnot,be
incorporatedintoanycontractorothercommitment.SplunkundertakesnoobligaDoneithertodevelop
thefeaturesorfuncDonalitydescribedortoincludeanysuchfeatureorfuncDonalityinafuturerelease.
2
Agenda
• 
BLUF
ITSIIntro
Forest,TreesandLeaves–Demo
CustomerSuccessStories
TakingtheIToutofITSI
• 
QuesDons
• 
• 
• 
• 
3
Copyright©2015SplunkInc.
BLUF
SplunkDashboard
ITSIGlassTable
UsingITSI
UsingITSI
TurningMachineDataIntoOperaDonalIntelligence
OperaDonal
Visibility
Search
and
InvesDgate
Real-Dme
Business
Insight
Proac(ve
ProacDve
Monitoring
andAlerDng
Reac(ve
10
WhatWeHearFromOurCustomers!
“MyCIOisdemandingwelookatITfromabusinessserviceperspecDve.”
“Splunkisgreatforbreak-fix,butIneedtoshowwe’remeeDngSLAs.”
“IneedeveryonetobeabletoseethesamethingatthesameDme.”
“IjustwanttothrowdataatSplunkandhaveitfindproblemsforme.”
“Showmewhatmydatacandoforme!”
11
INTRODUCING
Data-drivenserviceinsights
forroot-causeisolaDonandimprovedserviceoperaDons
SplunkITServiceIntelligence
13
Copyright©2015SplunkInc.
Concepts
Apps/ITStack
• 
• 
• 
• 
Thisisthewaymanyin‘IT’think
oftheir‘world’
Eachlayerisa‘silo’–adedicated
teamofexpertsfocusjustonthe
healthofthatparDcularlayer
Theirviewofthe‘health’ofthat
layerisbasedontheaggregated
‘health’ofeachcomponentin
thelayer(ex:LeadDBA,98out
of100DBinstancesare‘okay,2
are‘struggling’=>myteamis
havinga‘goodday’)
Really?!?!?!!!!
ApplicaDons,business/missionservices
WebServer(Apache,TomCat)
AppServer(WebLogic,JbossEAP,WebSphere)
Database(Oracle,SQLServer,MySQL)
GuestOS(Windows/Linux/*Nix)
Hypervisor(ESX,HyperV,Citrix)
PhysicalServer(Dell,HP,CISCObladesorservers)
SAN/NASStorage(EMC,AppNet)
Network
15
ApplicaDonPOV
• 
• 
• 
• 
• 
Theaggregatedhealthofthe
layerisirrelevant.
Dependenciesnowmaoer
The‘health’oftheappdepends
greatlyonthehealthofeach
componentsofeachlayerthat
thatappdependsupon.
Apps
VDI WebServer
(1,2,3,4,5,6,7,8,9,10…N)
AppServer
(1,2,3,4,5,6,7,8,9,10…N)
Database
(1,2,3,4,5,6,7,8,9,10…100)
GuestOS
(1,2,3,4,5,6,7,8,9,10…N)
Ifyourappdependsononeor
moreofthosetwo(2)
‘struggling’DBservers,youare
abouttohavea‘bad’day!
VM/Hypervisor
(1,2,3,4,5,6,7,8,9,10…N)
PhysicalServer
(1,2,3,4,5,6,7,8,9,10…N)
WhataboutthoseVM’sthatare
‘yellow’?
SAN/NASStorage (1,2,3,4,5,6,7,8,9,10…N)
Network
16
HowITSIcomplementscoreSplunk
ITSIisa‘ver(calslice’thatonly
focusesonthecomponentsinthe
layerthatrolluptoagivenapp
• 
• 
ASP–ApplicaDonServiceProvider
(many,eachapporservice)
WebServer(Apache,TomCat)
AppServer(WebLogic,JbossEAP,WebSphere)
Database(Oracle,SQLServer,MySQL)
GuestOS(Windows/Linux/*Nix)
Hypervisor(ESX,HyperV,Citrix)
SAN/NASStorage(EMC,AppNet)
Network
17
ISP
PhysicalServer(Dell,HP,CISCObladesorservers)
Cloud
ISP–InfrastructureService
Provider(usuallyonlyafew–the
datacentersorcloudprovider)
ApplicaDons,business/missionservices
ASP
• 
RESTbasedservice
ThinkofcoreSplunkascollecDng
dataateachhorizontallayer
FullStackCustomApp
• 
WhatisaService?
Service
Requests
Responses
InSplunkITSI,aServiceisalogicalgroupoftechnologycomponentsthatauser
deemsneedtobemonitoredtogether.
ItcanoOenbegeneralizedasa“blackbox”whichwesendrequestsandexpect
responses
WhatisaService?
TechnicalServices
DNS
Requests
Responses
Auth
Requests
Responses
Web
Requests
Responses
Servicescanbetechnology-centric…
WhatisaService?
TechnicalServices
BusinessServices
DNS
Requests
Responses
Auth
Requests
Responses
Web
Requests
Responses
Customer
Transac(ons
Requests
Responses
SupportDesk
Requests
Responses
…andbusiness-centric
WhatisaService?
WebServices
RBMDBs
HypervisorandHosts
DNS
StorageTier
MobileAPI/
Middleware
PartnerPortal
CustomerTransac(ons
APIServices
PacketNetwork
ServicescanencompassmulDpleDersoftheITdomainandmayalso
dependuponotherservices/micro-services
WhatisaKPI?
DNS
Requests
Responses
KPI:Numberofrequests
KPI:Errorrate
KPI:AverageresponseDme
KPI:ServicerCPUload
KPI:ServernetworkI/Ferrors
Customer
Transac(ons
Requests
Responses
KPI:NumberoftransacDons
KPI:Errorrate
KPI:AverageresponseDme
KPI:CountofIncidentTickets
KPI:SyntheDcTransxHealth
KPIsandHealthscoresconsDtutethemeansbywhichServicesaremonitored.
KeyPerformanceIndicators(KPIs)
KPI:ASplunksavedsearchdefinedinSplunkITSIthathelpsmonitoraspecificfieldlikeCPU,
Memoryandsoon.KPIsarecontainedwithinServices.
23
ServiceHealthScores
AHealthscoreisascorefrom0-100thathelpsdeterminethehealthofaService.It
iscalculatedbasedonallKPIsimportanceanditsstatusonceeveryminute.
24
Copyright©2015SplunkInc.
ITSIFuncDonality
ServiceAnalyzer,GlassTables,DeepDives
ServiceAnalyzer:AutogeneratedfilterableandDledviewofServicehealthscoresandKPIs
GlassTables:CustomizablefreeformdrawingdashboardstoviewhealthscoresandKPIsofchoice
withvisualtoolstocreatecontext
DeepDives:SwimlaneanalysisdashboardtoshowallthoseindicatorsoverDmeforinvesDgaDons
26
MulDKPIAlerts,NotableEvents
Mul(KPIAlerts:Correla(onsearchesonservicedegrada(on
NotableEvents:EventframeworkforMul(KPIAlerts
27