Writing Actionable Alerts

Is your Splunk environment spamming you? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk is losing its purpose and value because users have no choice but to ignore it?

I’ve been there. I inherited a system like that. And what follows is an evolution of how I matured those alerts from spams to saviors.

Let it be known that Splunk does contain a number of awesome search commands to help with anomaly detection. If you enjoy what you read here, be sure to check them out since they may simplify similar efforts. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commandsbycategory#Find_anomalies

Stage 1: Messages of Concern

Some of the first alerts created are going to be searches …

» Continue reading

My Splunk Origin Story

A World Without Splunk

In my pre-Splunk days, I spent significant time leading the vision for standards and automation in our company’s large distributed IBM WebSphere Network Deployment environment. Even though we used standard build tools and a mature change process, significant entropy and deviations were introduced into the environment as a product of requirements for tuning, business, infrastructure, security, and compliance.

As a result, we were unable to recognize the scope of impact when it came to security vulnerabilities or violations with 3rd party compliance. Even worse for us, we spent way too many staff-hours trying to replicate issues between production and quality assurance environments because we had no easy way to recognize the contributing configuration differences.

It’s a Bird, It’s a

» Continue reading

How’s my driving?

It was the summer of 2014. I was well into my big data addiction thanks to Splunk. I was looking for a fix anywhere: Splunk my home? Splunk my computer usage? Splunk my health? There were so many data points out there for me to Splunk but none of them would payoff like Splunking my driving…

Rocky Road

At the time, my commute was rough. Roads with drastically changing speeds, backups at hills and merges, and ultimately way more stop and go than I could stomach. But how bad was my commute? Was I having as bad an impact on the environment as I feared? Was my fuel efficiency much worse than my quiet cruise-controlled trips between New York and Boston? …

» Continue reading

What is Operational Intelligence? Real-World Examples

Having run through the four levels of Operational Intelligence (level 1, level 2level 3level 4) I thought it made sense to end this blog series with some customer examples. I’ve tried to pick an example from each industry and try to cover IT Operations, Security and Customer Experience. I’ve also included a link to a case study or press release where possible.


Financial Services

UniCredit uses Splunk Enterprise for real-time insights into multiple terabytes of operational data and to monitor key business metrics. Proactive incident management has resulted in about 40% of incidents managed before becoming evident to end users, while problem solving and troubleshooting time has been reduced by 70%. UniCredit has improved …

» Continue reading

What is Operational Intelligence? Level 4

We’re at level 4 of Operational Intelligence adoption (feel free to catch up level 1, level 2 or level 3) where data gives an organisation real-time insight in order to make key business and IT decisions.
OI Levels

At level 4, Operational Intelligence will be delivering value to many parts of a company and giving real-time analytics to support business decisions and planning. The amount of data may well be “big data” from potentially hundreds of different sources used for multiple use cases (IT operations, security and customer experience). The machine data generated by an organisation will be augmented with other data – relational sources, mobile devices and social network information. Operational Intelligence level 4 enables a data driven approach to transforming a business. 

» Continue reading

The race to deliver real time business analytics

I spoke at the Nimbus Ninety Ignite conference late last year, which is recognised as having one of the most influential audiences in the areas of business innovation and transformation. My presentation focussed on how all organisations can unlock the business value in their data in order to be successful, regardless of whether they are a data-driven digital start up or an established player with complex legacy systems.


Reflecting the importance of having a data-driven culture, analytics has recently been quoted as the No. 1 priority for CIO’s by Gartner. It is clear that data – be it Big, not Big, structured, semi-structured, or unstructured – is on the mind of every business right now. And quite rightly so!…

» Continue reading

IT Service Intelligence – A Bridge between Business and Technical Teams

Recently, after working with a Business Team and the Technical Team that supports them at one of our customers, we had an opportunity to witness, first-hand, the struggles each of us in IT Operations has felt at some point. In the words of a wise man, they were experiencing “Mutual Mystification.” The Business Team was concerned with a Product Line and multiple business processes. The Technical Team was trying to translate the technical details of the underlying micro services and how they were related to the Product Line. Within the first 15 minutes, both teams were becoming frustrated and didn’t feel like they were communicating well. This led to a consensus that the meeting was not going to achieve the results …

» Continue reading

Planes, Trains, Automobiles (and Shopping). European Business Analytics at .conf2015



So far in this blog series wrapping up .conf2015 from an EMEA perspective, we’ve explained how to bring sexy back to IT Ops whilst dropping your security breaches.


We wanted to wrap up with some of those exciting analytics use cases outside of IT Ops and Security. EMEA had some great customers talking about their use of Splunk for business analytics and we had case studies of planes, trains and automobiles (and very large omni-channel retailers).




As we’re increasingly seeing here at Splunk, one of the secrets to getting value from your data is to collect it once and use it for multiple purposes. Analytics plays a key part in enabling everyone inside a company …

» Continue reading

Earning a Seat at the Table: Why Containers Matter

Docker-logo Container technologies like Docker matter to the enterprise for three key reasons:

1. Density
2. Portability
3. DevOps

Density is about extracting as much value from your infrastructure as possible. Private clouds deployed using traditional VM’s are memory-bound, which is why most private clouds still run with single or low double digit CPU utilization. I was able to run my private cloud at roughly 2 VM’s per core, where each VM hosted an application server instance. Using containers, I was able to get roughly 10 containers per core, where each container hosted an application server instance with an identical configuration.

Screen Shot 2015-08-21 at 3.24.53 PM

Similar to virtual machines, containers are inherently portable – they abstract the underlying hardware from the app, enabling the app …

» Continue reading

Like Malcolm Gladwell, Splunk Cloud Helps You See Things Others Don’t

As I’m sitting in my home office, I glance over at my credenza and I spy the Malcolm Gladwell non-fiction book, “David and Goliath: Underdogs, Misfits, and the Art of Battling Giants.”  I’m a big Gladwell fan.  While I enjoy how he uses powerful story-telling to reshape the way we think about life and the world around us, I also like how he uses research and data to make discoveries many of us might miss.  Much like the capabilities offered to companies through Splunk software, Gladwell inspires me to dig deeper and look at things from a different perspective.


The premise of Gladwell’s “David and Goliath” book is the Old Testament account about the shepherd boy who takes down a …

» Continue reading