ba1710 – splunk business flow for it operations workflows
TRANSCRIPT
Tom MartinStaff Practitioner Splunk
BA1710 – Splunk Business Flow for IT Operations Workflows
.conf19 SPEAKERS: Please use this slide as your title slide.Add your headshot to the circle below by clicking the icon in the center.
© 2019 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved.
Forward-Looking Statements
THIS SLIDE IS REQUIRED, DO NOT DELETE
© 2019 SPLUNK INC.
Process Mining 101What is Process Mining? http://www.processmining.org/
© 2019 SPLUNK INC.
▶ Process Mining is a family of techniques in the field of process management that support the analysis of business processes based on event logs. During process mining, specialized data mining algorithms are applied to event log data in order to identify trends, patterns and details contained in event logs recorded by an information system.
- Wikipedia
▶ Video: Intro to Process Mining (2 min)https://www.youtube.com/watch?v=7oat7MatU_U
▶ http://www.processmining.org/
Process Mining Defined
© 2019 SPLUNK INC.
JourneyThe fundamental unit of Process Mining
Start
Step 1
Step 2
Step 3
End
© 2019 SPLUNK INC.
Journeys can get complicatedJourneys are comprised of Steps
End
Start
Step 1a
Step 1b Step 4
Step 2 Step 3
© 2019 SPLUNK INC.
Reality often differs from expectations
End
Start
Step 1
Step 2
Step 3
© 2019 SPLUNK INC.
1 Process + 3 Users = Multiple Journeys3 Unique Journeys
Create Account
Add to Cart
Apply Coupon
Submit
Payment Declined
Purchase Rejected
Add to Cart
Submit
Payment Accepted
Purchase Accepted
Add to Cart
Submit
Payment Accepted
user 789user 456user 123
© 2019 SPLUNK INC.
Example End-To-End Process: Telco SIM Card Activation
Initialize Credit Check
Plan Activate
Set LiveSystem Activate
Credit Activate
© 2019 SPLUNK INC.
Example End-To-End Process: Telco SIM Card Activation Data
Initialize Credit Check
Plan Activate
Set LiveSystem Activate
Credit Activate
Credit Service
Mainframe Unix Based Systems
Billing Setup
© 2019 SPLUNK INC.
Splunk Can Mine Your Existing Data To Better Understand Your Business
Online Services
Networks
Security
Call Detail RecordsWeb
Services
Telecoms
Web Clickstreams
Online Shopping Cart
Smartphones and Devices
CustomApplications
Energy Meters
Storage Containers
Servers GPS Location
RFIDDatabases
Messaging
Firewall
APM
Tracing
Social Media
Faster cycle times of critical business processes
Higher conversion rates of critical customer experiences
More consistent achievement ofservice delivery
© 2019 SPLUNK INC.
Splunk Business Flow enablesprocess mining
using your existing data in Splunk!
because your data can tell stories...
© 2019 SPLUNK INC.
Introducing Splunk Business Flow
End-to-end process discovery through
event stitching
Investigate drill-down with
exploration interface
Side-by-sideA/B comparisonof process flows
Conformancechecking and
deviation notifications
SPLUNK BUSINESS FLOW
© 2019 SPLUNK INC.
► Quickly discover and identify anomalous pathways in any existing end-to-end business processes
► Easily explore the impact of planned changes and investigate the root causes of unplanned, incomplete or delayed processes
► Determine conformance of actual processes against reference processes and performance thresholds (new for October 2019!)
Splunk Business FlowSplunk Business Flow is a fast, flexible, and intuitive process mining solution for
interactive discovery, investigation, and conformance checking of any business process
Premium application on top of Splunk platform
© 2019 SPLUNK INC.
SBF for IT OpsServiceNow, Kubernetes, GitLab, Web Logs & more
© 2019 SPLUNK INC.
ServiceNow internally @ SplunkGet Help from Anywhere, Anytime, Any Device
▶ Slack
▶ Service Portal
▶ Walk Up Service
© 2019 SPLUNK INC.
We Live Our Culture Through Focus on Customer Satisfaction
Maintaining this high level of customer
satisfaction requires obsessive focus on reducing mean time
to resolution and increasing on-time
resolutions in spite of our growth
as a company
© 2019 SPLUNK INC.
1) “Black Holes”• Tickets are supposed to flow through an
efficient path of triage from L1 teams to the appropriate resolvers
• When tickets are not triaged appropriately, the incidents are misclassified and main go through a undesirable loop / chain of handoffs
• This can lead to tickets that are never resolved and left in a black hole state
2) “Breached SLAs”• Even when tickets are eventually resolved,
they often exceed the expected SLA
• A breached SLA can be indicative of a systemic issue that is inhibiting our capacity to resolve incidents
• Understanding bottlenecks and delays in resolution helps us meet SLAs more confidentially in the future
Two Use Cases For Splunk Business FlowIn Service Now Operations
This Photo by Unknown Author is licensed under CC BY-SA-NC
This Photo by Unknown Author is licensed under CC BY-SA
© 2019 SPLUNK INC.
Questions▶ Why are tickets going cold?▶ What's contributing to it?▶ Where can we optimize?
Investigation▶ SPL search: untouched incidents >14 days▶ Identify further by category trends
Identifying Black Holes
© 2019 SPLUNK INC.
Investigation with SBF▶ Investigate categories and
subcategories that have a high volume of problems
▶ Instant insights to my data by entering an incident number
▶ Flow diagram view ▶ List view for deeper insights to
attributes contributing to my problem▶ Set Thresholds rather than run Reports!
Identifying Black Holes with SBFSee it, Investigate it, Fix it!
© 2019 SPLUNK INC.
1) “Black Holes”• Tickets are supposed to flow through an
efficient path of triage from L1 teams to the appropriate resolvers
• When tickets are not triaged appropriately, the incidents are misclassified and main go through a undesirable loop / chain of handoffs
• This can lead to tickets that are never resolved and left in a black hole state
2) “Breached SLAs”• Even when tickets are eventually resolved,
they often exceed the expected SLA
• A breached SLA can be indicative of a systemic issue that is inhibiting our capacity to resolve incidents
• Understanding bottlenecks and delays in resolution helps us meet SLAs more confidentially in the future
Two Use Cases For Splunk Business FlowIn Service Now Operations
This Photo by Unknown Author is licensed under CC BY-SA-NC
This Photo by Unknown Author is licensed under CC BY-SA
© 2019 SPLUNK INC.
Investigation▶ SPL search: response breach = true▶ Identify further by category trends
Breached SLA’s
© 2019 SPLUNK INC.
Findings▶ Incident shows a response▶ Incident did not get assigned▶ Easy access to comments shows there was
activity in assigned group
Results are driven by the ability to split the data into lanes via SBFConvenience of having one place to review all transactions.Optimize workflows to insure we will meet SLA’s
Breached SLA’s with SBF
© 2019 SPLUNK INC.
OK, What else?Pods, Containers, Commits, Logs, Traces and more…
© 2019 SPLUNK INC.
Visualize & Observe Kubernetes Object
Lifecycles & Developer Usage of the
Kubernetes API
The Business of k8s Pods
© 2019 SPLUNK INC.
Visualizing your code commits in a whole
new way.
GitLab & SBF
© 2019 SPLUNK INC.
Visualizing your users journeys across your
web properties
Web Logs & SBF
© 2019 SPLUNK INC.
Visualizing Zipkin traces and spans
(with Cloud Accelerated Flow Models in SBF )
Zipkin & SBF
© 2019 SPLUNK INC.
Demo?SBF for ITOps
© 2019 SPLUNK INC.
You!Thank
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
Process Discovery
• What does my data tell me the actual business process is? • Are there unexpected dead ends, delays, loops, variances?• Are any of the steps or series of steps creating a bottleneck?• Does it validate what I should monitor?• How does a case attribute (e.g. age, credit score, geography)
influence a process?
Flowchart Tab
© 2019 SPLUNK INC.
Investigation & Troubleshooting
• What was the journey for a specific case or customer?
• What steps did they go through?
• How long did it take between steps?
• What attributes were associated with this case at each step in the flow?
List Tab
© 2019 SPLUNK INC.
Segmentation and Analysis
• What does a chart of this attribute look like?
• How does the chart change if I filter the data?
• How does the chart change if I filter the data by a particular flow cluster or series of steps?
• No SPL is required.
Attributes Tab
© 2019 SPLUNK INC.
Conversions, Churn & Comparisons
• What is my conversion funnel?
• How does it change based on the mix of steps?
• What steps are hurting my conversion rates?
• How do conversion rates vary based on different attributes?
Conversion Tab