Make IT Data a Strategic Asset
Transcription
Make IT Data a Strategic Asset
IT Silos Are Hurting Your Company Make Machine Data a Strategic Asset Wh ite pape r wh ite pape r Abstract: Existing Approaches Are Cumbersome, Costly and Don’t Scale As competitive pressures grow more intense, the ability to gain operational intelligence from IT infrastructures has become a business-critical measure of success for today’s organizations. New technology layers, strict governance practices, regulatory mandates and evolving security threats have all combined to increase the cost and complexity of running IT. According to a report by Gartner, Inc., in 2013 organizations spent $3.8 trillion globally on IT.1 Traditional approaches to managing machine data are limited and locked into technology or functional silos. A separate tool is required for each kind of data and every type of task. As IT complexity increases, organizations now find themselves with many point solutions that don’t work together, are expensive to maintain, can’t run virtualized or be deployed in the cloud, and don’t deliver the answers they need. Such high-level management systems often filter out much of the essential data, requiring people to pick through information manually. The key to effectively managing, securing and gaining better intelligence from IT is locked in the data IT systems generate. This machine-generated data holds the answers to what customers, users, applications, networks and devices have been doing. In the past, companies have had to manually traverse silos of data to get value from this information—a cumbersome and expensive activity, far removed from the business decisionmaking process. In order to integrate all this machine data and provide visibility, regardless of format or location, a dramatic shift in approach is needed to ensure the right information is available to the right people at the right time. This paper outlines the struggles organizations face managing silos of machine data and discusses some of the ways they are seeing immediate value from Splunk software. By enabling organizations to search and analyze their machine data from a single location in real time, Splunk Enterprise is changing how these organizations manage, secure and gain operational intelligence from IT and machine-generated data. Splunk Enterprise allows organizations to troubleshoot application outages, investigate security incidents and gain new levels of insight in seconds or minutes, not hours or days. IT Silos Are Hurting Your Company Legacy Systems Prevent Innovation The tools companies have to manage IT have not kept pace with the rapid changes in technology. Innovations designed to help organizations maximize resources, like service-oriented architecture (SOA), virtualization and cloud computing, can’t be realized due to ineffective legacy technologies. Even as far back as 2003, an average company was spending 60%-80% of its IT budget on legacy systems, including support, maintenance, application troubleshooting, security and compliance. 2 A more recent study has shown that legacy systems are preventing 79% of European businesses from taking full advantage of innovative technologies. 3 In the US, both public sector4 and privately held businesses risk losing a competitive advantage by investing too much in managing their legacy IT infrastructures. IT Silos Drive Enormous Inefficiencies Take a look at the time consuming, manual labor-based, application troubleshooting scenario in Figure 1. Service Desk Log call. The console says everything is green. Escalate. App Support App Developer Java monitoring tools don’t show anything either. Stop working on new code to troubleshoot. Need production logs! Escalate. Call developer. Escalate. Sys Admin App Developer Database Admin Stop what they are doing to identify/gather production logs for developer. Manual investigation establishes net application problem. DBA analyses audit logs which points to bad query. Respond. Escalate. Now what? Figure 1. Time spent (8.5 hours) in human latency to troubleshoot a failure. Is this picture familiar? Hundreds of times a day, in every IT organization, trouble tickets, security incidents and requests for compliance audits arrive at the service desk. Lacking information, the service desk staff will create tickets and escalate the issue to other teams. Silos of data, tools and processes hinder any effective collaboration, and the escalations bounce around IT departments like pinballs. Manually traversing these silos of machine data takes hours or days, when in fact the business needs answers immediately. According to industry analyst firm Forrester, when an online service fails, 75% of consumers move to another channel5, which can have a tremendous financial and brand impact. In today’s scaled out, virtualized and dynamic IT environments, achieving better results requires thinking differently. Managing and monitoring the IT infrastructure the same way today as ten years ago—swiveling from one console/silo to another—is no longer the answer. Organizations must gain new levels of visibility and insight across IT silos to address the massive inefficiencies and ensure that the right information is available to the right people at the right time. 2 wh ite pape r “The product innovation needed to meet some of today’s IT infrastructure challenges remains in the hands of the smaller, more-agile vendors.” Gartner A New Approach: Real-time Visibility Into All Your Machine Data The Rise of Machine Data Splunk has recognized that the key to managing, securing and auditing IT more effectively is locked inside the data generated by IT systems and infrastructure. This machine-generated data is the critical source of key information regarding what’s happening within an IT infrastructure whether on premises, virtualized or running in the cloud. It’s vital for identifying application failures, understanding cyberattacks, investigating who accessed sensitive data, or summarizing authorized and unauthorized configurations. Insight into this data is also needed for maintaining and improving service levels, providing proof of compliance and ensuring security. The traditional challenge has been getting access to and making sense of all this data. In the Trenches With Splunk In the scenario described above, troubleshooting an application failure resulted in an escalation to network operations, application development, database administration, security and then systems administration. Using Splunk Enterprise, the service desk can search and analyze all of an organization’s machine-generated data from one place in real time (see Figure 2). Users can search on a combination of IP address, database errors and permission changes to correlate diagnostic information across different silos of data, identifying the root cause in minutes, instead of the 24 hours seen in the earlier example. The blame game is eliminated, root causes are identified and IT teams can focus on proactive service delivery versus reactive troubleshooting. Search on IP address shows related Web session and User ID Search at same time reveals database error and permission failure Search at permission changes shows change without ticket number Enter Splunk Splunk Enterprise is a fully featured, powerful platform that collects and indexes any machine data from virtually any source in real time, such as network traffic, web servers, clickstream data, custom applications, application servers, hypervisors, GPS systems, stock market feeds, social media, preexisting structured databases and more. Splunk software delivers an understanding of what’s happening and deep analysis of what’s happened across your IT systems and infrastructure. It turns your machine data into the insights you need to make informed decisions. Splunk Enterprise makes an organization’s machine data available for a variety of functions—from application management, to security, to operations management, business analytics and digital intelligence. Using Splunk software, organizations can analyze their machine data from a central location in real time regardless of the source, format, location or volume. Both technical and business users can search, alert, report and analyze IT activities and do in minutes what used to take hours or days. By providing the means to manage IT more efficiently and leverage the full value of machine data, Splunk software provides a competitive advantage for businesses seeking new operational insights and immediate, real-time visibility across their infrastructure. After searching, monitoring, analyzing and visualizing their machine-generated data in Splunk, departments and functions no longer need to operate as individual silos with limited views. The key capabilities of Splunk Enterprise are as follows (See Figure 3): • Universally index machine data, regardless of format or location • Search real-time and historical data using the same search interface • Interact with search results in real time • Automatically discover knowledge from the data and let users add their own information • Correlate complex events • Monitor data and provide real-time alerts when specific conditions arise • Provide powerful reporting and analysis • Provide the ability to create custom dashboards and views for different roles • Scale efficiently using commodity hardware Figure 2. In the trenches and troubleshooting with Splunk takes just minutes. • Provide granular role-based security and access controls • Support multi-tenancy and be flexibly deployed 3 wh ite pape r Power mobile apps Log directly to Splunk Extract Splunk data Customer dashboards Integrate with Integrate BI tools Splunk services Web Framework SDKs Rest API “We’re spending less with Splunk than we did with our other tools and we’re getting far greater value. We can share Splunk and the data we capture among all our groups, which increases our efficiency and provides a central resource for all.” SurveyMonkey “We require optics into every facet of our business, from building and deploying solutions, monitoring performance across multiple clouds to billing our customers. For these reasons, Splunk is an essential part of our technology infrastructure that we leverage across nearly all business processes.” Message Bus Higher Productivity and Significant Time Savings • Quickly investigate and resolve incidents Focus on the Users: See Immediate Value New Levels of Operational Visibility and Real-time Business Insights • Use dashboards, events and predictive models to prevent problems and seize opportunities “Splunk collects and analyzes machine-generated data from IT infrastructures, but it also offers invaluable insight into usergenerated data. What makes Splunk special is the ease and precision with which we can extract business intelligence from hundreds of gigabytes of data, then graphically display any metrics we want in dashboards.” Socialize “Splunk software automates the laborious process of sifting through logs and other machine-generated data, which saves time and trouble identifying the source of problems. Splunk gives us both holistic and granular views of our IT environment, enabling us to do root-cause analyses very quickly.” Nevada Department of Transportation • Make better-informed business decisions “Splunk helped us establish the baseline for our company’s operational model and helped us identify and understand anomalies to that baseline. And as the business has evolved and changed, Splunk has helped us understand how the baseline is changing.” “Searches that used to take ten minutes can now be done in seconds with Splunk. When an analyst has to do that several times per day, the savings add up… Splunk software helps us identify and create signatures for new threats and deploy those signatures much faster.” University of Texas at Austin • Centralize data management “We have such a diverse environment with so many servers providing different services that we used to have to go into each server, one at a time, to find what we were looking for. With Splunk, we can aggregate and correlate everything in one spot. We can solve problems in minutes rather than hours. We can create alerts that allow us to be more proactive and efficient.” Riverbed Technology “We used to have to go to many different application and server system logs trying to figure out patterns or track messages. Now, all of those logs are in Splunk and we can search them quickly in one place.” Manitoba Hydro • Avoid escalations and reduce MTTR “By being our central data handler, Splunk makes it possible for us to carry out very fast and high quality analysis of our data. Splunk’s integration with other applications enables us to reduce MTTR and improve service quality.” Otto Group iRhythm 4 wh ite pape r Improved Customer Satisfaction Recognized by the Industry • Find and resolve problems before they affect customers “Splunk allows us to see the percentage of customers who are receiving an error message and resolve those issues quickly before it has an adverse effect on sales or service.” In addition to a growing community of users and partners, leading analysts have taken notice of Splunk: “Splunk is pushing things to the next level with easy and straightforward visualizations and analytics on machine data.” Tesco.com Ventana Research “Splunk helps us detect possible issues with integrating customer applications and narrow down what they are. This helps us be even more proactive with customers and inform them of potential problems before they notice themselves.” “Splunk’s ability to provide self-service analytics is very powerful—the company is giving companies access to the data they need, making Splunk products very well received.” ThreatMetrix • Gain key insights into the customer experience “Splunk closes the gap between people and data… The satisfaction of our users is key to our business success, so we are extremely pleased to have improved the availability of our gaming platform so significantly, thus also optimizing the user experience on the web site.” Swisslos “Splunk enables us to connect our technical and business metrics and see the correlations between site performance and the customer experience. The real-time dashboards we’ve built with Splunk provide information that can’t be obtained any other way.” ideeli Value Across the Enterprise Splunk Enterprise is available as a free download and has a rich set of capabilities out-of-the-box. A Splunk Enterprise deployment can start small, pulling logs, metrics or configurations from a single source. As users exploit the value of their machine data, they find other strategic uses for Splunk, typically in one of the following areas—security & compliance, application management, IT operations, digital intelligence and more. Over time, organizations find the value of Splunk and their machine data belongs enterprise-wide, expanding to more sites, geographies and data sources. Ultimately, Splunk software becomes the enterprise standard for multiple use cases and multiple diverse roles in the organization. Splunk software deployments have become distributed and mission critical for thousands of organizations worldwide. Enterprise Management Associates “Splunk Enterprise makes it possible for IT and business users to get powerful insights from machine data—without the need for business users to master complex coding or query languages.” 451 Research Conclusion Technology and functional silos hinder productivity and the ability of IT to meet the needs of the business. At a time when IT is challenged to do more with less, Splunk offers a single software solution that collects machine data and allows users to search, monitor, create alerts and visualize the results of the searches with dashboard views. With its ability to index data from virtually any source, Splunk software breaks down traditional technology and people silos and empowers users to significantly improve the efficiency of IT, delivering relevant information to the people who need it, in less time and with fewer resources. This ultimately enables IT teams to be proactive instead of reactive. The power of Splunk software is the exponential value it delivers to users and to the business. Machine data is vast in volume, unstructured, dynamic and captive in silos of traditional point solutions. Splunk has brought a new approach to managing machine data and unlocking its enormous value. Splunk software is simple to deploy, scales from a single server deployment to global large-scale operations and delivers fast payback. Using Splunk as the platform to search and analyze machine data is changing the way users do their jobs and elevating the role of IT in their organizations. 1http://www.gartner.com/newsroom/id/2394415 2http://www.computerworld.com/s/article/86137/How_to_plan_a_road_map_for_ application_modernization 3http://socialbarrel.com/ricoh-study-finds-ageing-legacy-systems-hold-79-of-europeanbusinesses-from-new-technologies/45195/ 4http://fcw.com/articles/2012/12/10/legacy-systems.aspx 5http://blogs.forrester.com/kate_leggett/13-02-28-four_steps_for_optimizing_customer_ service_operations 250 Brannan St., San Francisco, CA 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.apps.splunk.com www.splunk.com © 2014 Splunk Inc. All rights reserved. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Storm and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. Item # WP-Splunk-ITSilos Hurt-103