The Phantom of the Opera(tions)
Transcript of The Phantom of the Opera(tions)
© 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C .
The Phantom of the Opera(tions)
Dirk Nitschke & Andreas BuisStaff (Consulting|Solution) Engineers | Splunk
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved
Forward-LookingStatements
© 2 0 2 0 S P L U N K I N C .
Staff Consulting Engineer & Staff Solution Engineer | Splunk
Dirk Nitschke & Andreas Buis
© 2 0 2 0 S P L U N K I N C .
AgendaThe orchestra
Act 1, scene 1: PreludeIntroduction
Act 1, scene 2: Today’s FocusOAR
Act 1, scene 3: The AlertITOps receives an Alert
Act 2, scene 1: Automation / OrchestrationThe interaction
Act 3, scene 1: The Time Machinetransformation from manual to automatic
Act 3, scene 2: The Big FinaleSummary: Advantages of an OAR
© 2 0 2 0 S P L U N K I N C .
PreludeIntroduction
© 2 0 2 0 S P L U N K I N C .
Who’s Been In This Situation? Everyone!
“Is this a déjà vu?I’m sure I have done this before!”
© 2 0 2 0 S P L U N K I N C .
Recurring Activities Cost Time and Money
Think about it:• How many recurring activities do you have to do
during the day?• How much would you save if you could avoid them?
…and are boring
© 2 0 2 0 S P L U N K I N C .
Possible Solution
Automation and orchestrationof the individual manual activities
© 2 0 2 0 S P L U N K I N C .
Typical Incident Management Tasks
Investigation and DiagnosisIdentify and test initial hypothesis, work on solution, update ticket
Resolution and RecoveryGet approval for change, apply fix or workaround, confirm service has been restored, update ticket
Incident ClosureConfirm service has been restored, close ticket
Known Problem with Workaround
3
2
1
© 2 0 2 0 S P L U N K I N C .
The Big Question is:
“What should I focus on?”
© 2 0 2 0 S P L U N K I N C .
The Answer is:
Monitor, investigate, analyzeandact
© 2 0 2 0 S P L U N K I N C .
Today’s FocusOAR
© 2 0 2 0 S P L U N K I N C .
Today’s Focus
OAR = Orchestration Automation and Response
© 2 0 2 0 S P L U N K I N C .
The AlertITOps receives an alert
© 2 0 2 0 S P L U N K I N C .
Incident:Service Web Server
© 2 0 2 0 S P L U N K I N C .
Automation / OrchestrationThe interaction
© 2 0 2 0 S P L U N K I N C .
Automate & Orchestrate These Steps
Investigation / Remediation • Collect information• Use a Privilege Access
Management (PAM) system to connect with server
• Restart service• Or setup new instance
Approval Process• Approval process with a
detailed description• Response based on the
decision made
Ticketing System• Create, update and resolve
ticket• Document all information in
the ticket
© 2 0 2 0 S P L U N K I N C .
The Time MachineTransformation from manual to automatic
© 2 0 2 0 S P L U N K I N C .
Timeline: 18:52:05 to 18:53:30Episode: ~120 seconds from “New” to “Resolved”
18:52:05 18:52:16 18:52:39 18:53:50 18:56:04
Episode created Collect information Create Splunk ITSI Maintenance Window
Service Now Ticket “Resolved”
Episode “closed” due to ticket status
Notable Event Action executed
Create Service Now Ticket
Restart service Splunk ITSI episode “Resolved”
Check service status
Splunk PhantomSplunk ITSI Splunk ITSI
Get approvalSplunk Mobile
Get approvalSplunk Mobile
© 2 0 2 0 S P L U N K I N C .
The Big FinaleSummary: Advantages of an OAR
© 2 0 2 0 S P L U N K I N C .
Summary
• Orchestration, automation, and response in IT Operations can improve MTTR, efficiency, and effectiveness
• Leverage the powerful features and integration of the Splunk portfolio:– Splunk Phantom
– Splunk IT Service Intelligence Splunk
– Splunk Mobile, and
– VictorOps
© 2 0 2 0 S P L U N K I N C .
What is your IT Operations Use Case?
• Apply workaround for known error
• Get approval for new devices connecting to network
• User Lifecycle Management
• Vulnerability Management
• Exception Handling
We can think of the following
SESSION SURVEYPlease provide feedback via the
© 2 0 2 0 S P L U N K I N C .