Writing Actionable Alerts
Is your Splunk environment spamming you? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk is losing its purpose and value because users have no choice but to ignore it?
I’ve been there. I inherited a system like that. And what follows is an evolution of how I matured those alerts from spams to saviors.
Let it be known that Splunk does contain a number of awesome search commands to help with anomaly detection. If you enjoy what you read here, be sure to check them out since they may simplify similar efforts. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Commandsbycategory#Find_anomalies
Stage 1: Messages of Concern
Some of the first alerts created are going to be searches …
My Splunk Origin Story
A World Without Splunk
In my pre-Splunk days, I spent significant time leading the vision for standards and automation in our company’s large distributed IBM WebSphere Network Deployment environment. Even though we used standard build tools and a mature change process, significant entropy and deviations were introduced into the environment as a product of requirements for tuning, business, infrastructure, security, and compliance.
As a result, we were unable to recognize the scope of impact when it came to security vulnerabilities or violations with 3rd party compliance. Even worse for us, we spent way too many staff-hours trying to replicate issues between production and quality assurance environments because we had no easy way to recognize the contributing configuration differences.
It’s a Bird, It’s a …
How’s my driving?
It was the summer of 2014. I was well into my big data addiction thanks to Splunk. I was looking for a fix anywhere: Splunk my home? Splunk my computer usage? Splunk my health? There were so many data points out there for me to Splunk but none of them would payoff like Splunking my driving…
At the time, my commute was rough. Roads with drastically changing speeds, backups at hills and merges, and ultimately way more stop and go than I could stomach. But how bad was my commute? Was I having as bad an impact on the environment as I feared? Was my fuel efficiency much worse than my quiet cruise-controlled trips between New York and Boston? …
What is Operational Intelligence? Real-World Examples
Having run through the four levels of Operational Intelligence (level 1, level 2, level 3, level 4) I thought it made sense to end this blog series with some customer examples. I’ve tried to pick an example from each industry and try to cover IT Operations, Security and Customer Experience. I’ve also included a link to a case study or press release where possible.
UniCredit uses Splunk Enterprise for real-time insights into multiple terabytes of operational data and to monitor key business metrics. Proactive incident management has resulted in about 40% of incidents managed before becoming evident to end users, while problem solving and troubleshooting time has been reduced by 70%. UniCredit has improved …
What is Operational Intelligence? Level 4
We’re at level 4 of Operational Intelligence adoption (feel free to catch up level 1, level 2 or level 3) where data gives an organisation real-time insight in order to make key business and IT decisions.
At level 4, Operational Intelligence will be delivering value to many parts of a company and giving real-time analytics to support business decisions and planning. The amount of data may well be “big data” from potentially hundreds of different sources used for multiple use cases (IT operations, security and customer experience). The machine data generated by an organisation will be augmented with other data – relational sources, mobile devices and social network information. Operational Intelligence level 4 enables a data driven approach to transforming a business. …
The race to deliver real time business analytics
I spoke at the Nimbus Ninety Ignite conference late last year, which is recognised as having one of the most influential audiences in the areas of business innovation and transformation. My presentation focussed on how all organisations can unlock the business value in their data in order to be successful, regardless of whether they are a data-driven digital start up or an established player with complex legacy systems.
Reflecting the importance of having a data-driven culture, analytics has recently been quoted as the No. 1 priority for CIO’s by Gartner. It is clear that data – be it Big, not Big, structured, semi-structured, or unstructured – is on the mind of every business right now. And quite rightly so!…
IT Service Intelligence – A Bridge between Business and Technical Teams
Recently, after working with a Business Team and the Technical Team that supports them at one of our customers, we had an opportunity to witness, first-hand, the struggles each of us in IT Operations has felt at some point. In the words of a wise man, they were experiencing “Mutual Mystification.” The Business Team was concerned with a Product Line and multiple business processes. The Technical Team was trying to translate the technical details of the underlying micro services and how they were related to the Product Line. Within the first 15 minutes, both teams were becoming frustrated and didn’t feel like they were communicating well. This led to a consensus that the meeting was not going to achieve the results …
Planes, Trains, Automobiles (and Shopping). European Business Analytics at .conf2015
We wanted to wrap up with some of those exciting analytics use cases outside of IT Ops and Security. EMEA had some great customers talking about their use of Splunk for business analytics and we had case studies of planes, trains and automobiles (and very large omni-channel retailers).
As we’re increasingly seeing here at Splunk, one of the secrets to getting value from your data is to collect it once and use it for multiple purposes. Analytics plays a key part in enabling everyone inside a company …
Earning a Seat at the Table: Why Containers Matter
Container technologies like Docker matter to the enterprise for three key reasons:
Density is about extracting as much value from your infrastructure as possible. Private clouds deployed using traditional VM’s are memory-bound, which is why most private clouds still run with single or low double digit CPU utilization. I was able to run my private cloud at roughly 2 VM’s per core, where each VM hosted an application server instance. Using containers, I was able to get roughly 10 containers per core, where each container hosted an application server instance with an identical configuration.
Similar to virtual machines, containers are inherently portable – they abstract the underlying hardware from the app, enabling the app …
Like Malcolm Gladwell, Splunk Cloud Helps You See Things Others Don’t
As I’m sitting in my home office, I glance over at my credenza and I spy the Malcolm Gladwell non-fiction book, “David and Goliath: Underdogs, Misfits, and the Art of Battling Giants.” I’m a big Gladwell fan. While I enjoy how he uses powerful story-telling to reshape the way we think about life and the world around us, I also like how he uses research and data to make discoveries many of us might miss. Much like the capabilities offered to companies through Splunk software, Gladwell inspires me to dig deeper and look at things from a different perspective.
The premise of Gladwell’s “David and Goliath” book is the Old Testament account about the shepherd boy who takes down a …