The Phantom of the Opera(tions) - Dirk Nitschke & Andreas Buis Staff (Consulting|Solution) Engineers | Splunk - Splunk Conf
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
© 2020 SPLUNK INC.
© 2020 SPLUNK INC.
The Phantom of
the Opera(tions)
Dirk Nitschke & Andreas Buis
Staff (Consulting|Solution) Engineers | Splunk
Forward- During the course of this presentation, we may make forward‐looking statements regarding
future events or plans of the company. We caution you that such statements reflect our
Looking current expectations and estimates based on factors currently known to us and that actual
events or results may differ materially. The forward-looking statements made in the this
Statements presentation are being made as of the time and date of its live presentation. If reviewed after
its live presentation, it may not contain current or accurate information. We do not assume
any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is
subject to change at any time without notice. It is for informational purposes only, and shall
not be incorporated into any contract or other commitment. Splunk undertakes no obligation
either to develop the features or functionalities described or to include any such feature or
functionality in a future release.
Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States
and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved
© 2020 SPLUNK INC. Dirk Nitschke & Andreas Buis Staff Consulting Engineer & Staff Solution Engineer | Splunk
© 2020 SPLUNK INC.
Agenda Act 1, scene 1: Prelude
Introduction
The orchestra
Act 1, scene 2: Today’s Focus
OAR
Act 1, scene 3: The Alert
ITOps receives an Alert
Act 2, scene 1: Automation / Orchestration
The interaction
Act 3, scene 1: The Time Machine
transformation from manual to automatic
Act 3, scene 2: The Big Finale
Summary: Advantages of an OAR
© 2020 SPLUNK INC. Prelude Introduction
© 2020 SPLUNK INC.
Who’s Been In This Situation? Everyone!
“Is this a déjà vu?
I’m sure I have done this before!”© 2020 SPLUNK INC.
Recurring Activities Cost Time and Money
…and are boring
Think about it:
• How many recurring activities do you have to do
during the day?
• How much would you save if you could avoid them?© 2020 SPLUNK INC.
Possible Solution
Automation and orchestration
of the individual manual activities© 2020 SPLUNK INC.
Typical Incident Management Tasks
Known Problem with Workaround
Investigation and Diagnosis
1 Identify and test initial hypothesis, work on solution, update ticket
Resolution and Recovery
2 Get approval for change, apply fix or workaround, confirm service has been restored, update ticket
Incident Closure
3 Confirm service has been restored, close ticket© 2020 SPLUNK INC.
The Big Question is:
“What should I focus on?”© 2020 SPLUNK INC.
The Answer is:
Monitor, investigate, analyze
and
act© 2020 SPLUNK INC. Today’s Focus OAR
© 2020 SPLUNK INC. Today’s Focus OAR = Orchestration Automation and Response
© 2020 SPLUNK INC. The Alert ITOps receives an alert
© 2020 SPLUNK INC. Incident: Service Web Server
© 2020 SPLUNK INC. Automation / Orchestration The interaction
© 2020 SPLUNK INC.
Automate & Orchestrate These Steps
Ticketing System Approval Process Investigation / Remediation
• Create, update and resolve • Approval process with a • Collect information
ticket detailed description • Use a Privilege Access
• Document all information in • Response based on the Management (PAM) system to
the ticket decision made connect with server
• Restart service
• Or setup new instance© 2020 SPLUNK INC. The Time Machine Transformation from manual to automatic
© 2020 SPLUNK INC.
Timeline: 18:52:05 to 18:53:30
Episode: ~120 seconds from “New” to “Resolved”
18:52:05 18:52:16 18:52:39 18:53:50 18:56:04
Splunk ITSI Splunk Phantom Splunk ITSI
Episode created Collect information Create Splunk ITSI Service Now Ticket Episode “closed” due
Maintenance Window “Resolved” to ticket status
Notable Event Action Create Service Now Restart service Splunk ITSI episode
executed Ticket “Resolved”
Check service status
Splunk Mobile Splunk Mobile
Get approval Get approval© 2020 SPLUNK INC. The Big Finale Summary: Advantages of an OAR
© 2020 SPLUNK INC.
Summary
• Orchestration, automation, and response in IT Operations can improve MTTR,
efficiency, and effectiveness
• Leverage the powerful features and integration of the Splunk portfolio:
– Splunk Phantom
– Splunk IT Service Intelligence Splunk
– Splunk Mobile, and
– VictorOps© 2020 SPLUNK INC. What is your IT Operations Use Case? We can think of the following • Apply workaround for known error • Get approval for new devices connecting to network • User Lifecycle Management • Vulnerability Management • Exception Handling
© 2020 SPLUNK INC. Please provide feedback via the SESSION SURVEY
You can also read
