splunk forum frankfurt - 15th nov 2017 - machine learning for event management

© 2017 SPLUNK INC.

Machine Learning fürEvent Management

Hans-Henning Gehrts, SE / ITOA SME

RAGE WITH THE MACHINE, NOT AGAINST IT

▶ 15.11.2017

© 2017 SPLUNK INC.

During the course of this presentation, we may make forward-looking statements regarding future events or

the expected performance of the company. We caution you that such statements reflect our current

expectations and estimates based on factors currently known to us and that actual events or results could

differ materially. For important factors that may cause actual results to differ from those contained in our

forward-looking statements, please review our filings with the SEC.

The forward-looking statements made in this presentation are being made as of the time and date of its live

presentation. If reviewed after its live presentation, this presentation may not contain current or accurate

information. We do not assume any obligation to update any forward looking statements we may make. In

addition, any information about our roadmap outlines our general product direction and is subject to change

at any time without notice. It is for informational purposes only and shall not be incorporated into any contract

or other commitment. Splunk undertakes no obligation either to develop the features or functionality

described or to include any such feature or functionality in a future release.

Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in

the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.

Forward-Looking Statements

THIS SLIDE IS REQUIRED FOR ALL 3 PARTY PRESENTATIONS.

© 2017 SPLUNK INC.

Wer bin ich

• IT Betriebsarchitekt

• IT Operations Management

• ITOA

• ITIL Expert

• TMF eTOM, NGOSS, SID, TIM,

TAM

• Telco, Enterprise, SPs,…

• ITIL Event Management

• Leitstand

• Operation Support Systeme

• SaaS, PaaS

• Als System Betreuer, bei

Herstellern, System Integratoren,

Trainer, BeraternHans-Henning Gehrts

SE / ITOA SME

@tiras_de

© 2017 SPLUNK INC.

Worum geht’s

ML im praktischen Einsatz bei IT

Wie Google Photo uns inspiriert hat

Wie Splunk bei MTTD hilft

Macht das schon wer?

1

2

3

4

© 2017 SPLUNK INC.

We’re living in a digital revolution

© 2017 SPLUNK INC.

Wir alsKunde erwarten vielvon Diensten

I don’t want to

deal with delays

I expect you to know

who I am when I call

I expect to be able to track

my baggage in real-time

I expect the

lowest price

I expect you to respond

quickly to my issues

I expect you to help me

make my connection

I expect a perfect

safety record

© 2017 SPLUNK INC.

No one is too big to fail

© 2017 SPLUNK INC.

This requires IT to focus on

• Aligning with the business

• Improving customer experience

• Accelerating time to value

• Develop new digital services

© 2017 SPLUNK INC.

Aber mal ehrlich, wieviel Zeitverbringen wir mit…?

Searching lots of data in silosCreating static rules

MonitoringTroubleshooting

Root Cause AnalysisCapacity Planning

War RoomsForecasting

….

© 2017 SPLUNK INC.

Einige Aufgaben sind

“beyond human

scale”

© 2017 SPLUNK INC.

So many

screens

© 2017 SPLUNK INC.

How do you manage your events & alerts today?

• Increasing number

to manage

• Different formats and

fields

• Difficult to parse

• Required to

aggregate

• Very little context


Common problems with managing events

Event overload | Silos of “monitoring” | Loss of data fidelity | Manual events interpretation

Custom integrations | Rules management overhead | Context and impact blindness

Bloated

Products

and

Features

Complex

Integrations

Alerts

Storm

Cumbersome

Rules

Management

Duplicate Incidents | Repeat Incidents

© 2017 SPLUNK INC.

Machine Skills

• Creative

• Design

• Empathy

• Intuition

• Sales

• Marketing

• Business Acumen

• Analyzing high-velocity

data

• Analyzing big data sets

• Complex data sets

• Predicting future values

• Detect Anomalies

• Complex patterns

Human Skills

© 2017 SPLUNK INC.

Rethink and Improve How IT Operates

Traditional IT

▶ Structured data

▶ Brittle tools and integrations

▶ Obsession with “faults” and “traps”

▶ Focus on components parts

▶ Search oriented

Data Driven IT

0101101

0010101

▶ Structured and unstructured data

▶ Robust data integrations

▶ Real-time insights from big data

▶ Focus on the whole service

▶ Machine learning-driven analytics

Using Artificial Intelligence for IT Operations

© 2017 SPLUNK INC.

How do we sort your images?

© 2017 SPLUNK INC.

Do I need to be a

data scientist for

this?

Do I need to

understand what

algorithms are being

used?

© 2017 SPLUNK INC.

Intelligently grouped

through machine

learning.

No programming or

configuration

involved

© 2017 SPLUNK INC.

Manage the Incident, Not the Event

Collect ALL data De-spam: Separate

valuable signal from

noise

Add context: Prioritize

resolution to ensure

service availability

Shared insights

Collaborative response

Data-enabled IT

Intelligent operations

SALES SSO

CLAIMS

© 2017 SPLUNK INC.

Machine Learning Made Mainstream

Adaptive Thresholds Anomaly Detection Event Correlation

Manage and maintain KPI thresholds by dynamically adapting to changing operational patterns

Catch issues that thresholds can’t—baseline normal operations and alert on anomalous conditions

Reduce event clutter, false positives and rules maintenance by auto-grouping related events

© 2017 SPLUNK INC.

Build on top of our platform

Network

Infr

astr

uctu

re L

ayer

Packet, Payload, Traffic,

Utilization, Perf

Storage

Utilization, Capacity,

Performance

Server

Performance, Usage,

Dependency

Ap

plica

tio

n L

ayer

User Experience

Usage, Response Time,

Failed Interactions

Byte Code Instrumentation

Usage, Experience,

Performance, Quality

Business Performance

Corporate Data, Intake,

Output, Throughput

Splunk Approach:

▶ Single repository for ALL data

▶ Data in original raw format

▶ Machine learning

▶ Simplified architecture

▶ Fewer resources to manage

▶ Collaborative approach

MACHINE

DATA

© 2017 SPLUNK INC.

Splunk ITSI in Action (Demo)

© 2017 SPLUNK INC.

Splunk ITSI for Event AnalyticsSimplify Your Operations With Artificial Intelligence and Service Context

Find and fix the most

important issues

Transform IT operations with

machine learningGet a full view of your IT

environment

Service Context Artificial Intelligence Scalable Platform

Reduce time-to-resolution on

business-critical services

Enable IT with intelligence for

data-driven decisions

Share customized insights across the

enterprise to enable business-centric IT

Contextualize and prioritizeSeparate valuable signal

in noise

Respond collaboratively

and simplify operations

10010010100010

01010011001101

0110010111000110

11010111010101100010011101011000

© 2017 SPLUNK INC.

Thanks to the integrated machine learning in Splunk ITSI, we now have a reduced number of events to process and the streamlined event analytics framework allows us to process events eight minutes more quicklyLaurent Amouroux,

Technical Director

Econocom Infrastructure Management Services

15% increased

SLA Performance

60% reduction

In number of events

10x reduction in number of system

performance events through

machine learning

© 2017 SPLUNK INC.

We’re Here to Help!

Harness the creativity and domain knowledge of your organization to

unlock the value of data and solve an important business

service problem through a joint service intelligence workshop

with key stakeholders

Define methods for:

• Increased business performance

• Improved customer satisfaction

• Continuous improvement

• Proactive service monitoring

What is it?

• Collaborative workshop

• Tightly linked with business

value

• Build a functioning example


Q&A


THANK YOU


NOVEMBER 15 | FRANKFURT

© 2017 SPLUNK INC.

During the course of this presentation, we may make forward-looking statements regarding future events or

the expected performance of the company. We caution you that such statements reflect our current

expectations and estimates based on factors currently known to us and that actual events or results could

differ materially. For important factors that may cause actual results to differ from those contained in our

forward-looking statements, please review our filings with the SEC.

The forward-looking statements made in this presentation are being made as of the time and date of its live

presentation. If reviewed after its live presentation, this presentation may not contain current or accurate

information. We do not assume any obligation to update any forward looking statements we may make. In

addition, any information about our roadmap outlines our general product direction and is subject to change

at any time without notice. It is for informational purposes only and shall not be incorporated into any contract

or other commitment. Splunk undertakes no obligation either to develop the features or functionality

described or to include any such feature or functionality in a future release.

Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in

the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.

Forward-Looking Statements

THIS SLIDE IS REQUIRED FOR ALL 3 PARTY PRESENTATIONS.

splunk forum frankfurt - 15th nov 2017 - machine learning for event management

Technology