Make IT Data a Strategic Asset

IT Silos Are Hurting Your Company
Make Machine Data a Strategic Asset
Wh ite pape r
wh ite pape r
Abstract:
Existing Approaches Are Cumbersome, Costly
and Don’t Scale
As competitive pressures grow more intense, the
ability to gain operational intelligence from IT
infrastructures has become a business-critical measure
of success for today’s organizations. New technology
layers, strict governance practices, regulatory
mandates and evolving security threats have all
combined to increase the cost and complexity of
running IT. According to a report by Gartner, Inc., in
2013 organizations spent $3.8 trillion globally on IT.1
Traditional approaches to managing machine data are limited
and locked into technology or functional silos. A separate tool
is required for each kind of data and every type of task. As IT
complexity increases, organizations now find themselves with
many point solutions that don’t work together, are expensive
to maintain, can’t run virtualized or be deployed in the cloud,
and don’t deliver the answers they need. Such high-level
management systems often filter out much of the essential data,
requiring people to pick through information manually.
The key to effectively managing, securing and gaining better
intelligence from IT is locked in the data IT systems generate.
This machine-generated data holds the answers to what
customers, users, applications, networks and devices have been
doing. In the past, companies have had to manually traverse
silos of data to get value from this information—a cumbersome
and expensive activity, far removed from the business decisionmaking process. In order to integrate all this machine data and
provide visibility, regardless of format or location, a dramatic
shift in approach is needed to ensure the right information is
available to the right people at the right time.
This paper outlines the struggles organizations face managing
silos of machine data and discusses some of the ways they are
seeing immediate value from Splunk software. By enabling
organizations to search and analyze their machine data from
a single location in real time, Splunk Enterprise is changing
how these organizations manage, secure and gain operational
intelligence from IT and machine-generated data. Splunk
Enterprise allows organizations to troubleshoot application
outages, investigate security incidents and gain new levels of
insight in seconds or minutes, not hours or days.
IT Silos Are Hurting Your Company
Legacy Systems Prevent Innovation
The tools companies have to manage IT have not kept pace
with the rapid changes in technology. Innovations designed to
help organizations maximize resources, like service-oriented
architecture (SOA), virtualization and cloud computing, can’t
be realized due to ineffective legacy technologies. Even as far
back as 2003, an average company was spending 60%-80% of
its IT budget on legacy systems, including support, maintenance,
application troubleshooting, security and compliance. 2 A more
recent study has shown that legacy systems are preventing 79%
of European businesses from taking full advantage of innovative
technologies. 3 In the US, both public sector4 and privately held
businesses risk losing a competitive advantage by investing too
much in managing their legacy IT infrastructures.
IT Silos Drive Enormous Inefficiencies
Take a look at the time consuming, manual labor-based,
application troubleshooting scenario in Figure 1.
Service
Desk
Log call. The
console says
everything
is green.
Escalate.
App
Support
App
Developer
Java monitoring
tools don’t show
anything either.
Stop working on
new code to
troubleshoot.
Need production
logs!
Escalate.
Call developer.
Escalate.
Sys
Admin
App
Developer
Database
Admin
Stop what they
are doing to
identify/gather
production logs
for developer.
Manual
investigation
establishes net
application
problem.
DBA analyses
audit logs which
points to bad
query.
Respond.
Escalate.
Now what?
Figure 1. Time spent (8.5 hours) in human latency to troubleshoot a failure.
Is this picture familiar? Hundreds of times a day, in every IT
organization, trouble tickets, security incidents and requests
for compliance audits arrive at the service desk. Lacking
information, the service desk staff will create tickets and escalate
the issue to other teams. Silos of data, tools and processes
hinder any effective collaboration, and the escalations bounce
around IT departments like pinballs.
Manually traversing these silos of machine data takes hours or
days, when in fact the business needs answers immediately.
According to industry analyst firm Forrester, when an online
service fails, 75% of consumers move to another channel5, which
can have a tremendous financial and brand impact.
In today’s scaled out, virtualized and dynamic IT environments,
achieving better results requires thinking differently. Managing
and monitoring the IT infrastructure the same way today as
ten years ago—swiveling from one console/silo to another—is
no longer the answer. Organizations must gain new levels of
visibility and insight across IT silos to address the massive
inefficiencies and ensure that the right information is available to
the right people at the right time.
2
wh ite pape r
“The product innovation needed to meet some of
today’s IT infrastructure challenges remains in the
hands of the smaller, more-agile vendors.”
Gartner
A New Approach: Real-time Visibility Into All
Your Machine Data
The Rise of Machine Data
Splunk has recognized that the key to managing, securing and
auditing IT more effectively is locked inside the data generated
by IT systems and infrastructure. This machine-generated
data is the critical source of key information regarding what’s
happening within an IT infrastructure whether on premises,
virtualized or running in the cloud. It’s vital for identifying
application failures, understanding cyberattacks, investigating
who accessed sensitive data, or summarizing authorized and
unauthorized configurations. Insight into this data is also needed
for maintaining and improving service levels, providing proof of
compliance and ensuring security. The traditional challenge has
been getting access to and making sense of all this data.
In the Trenches With Splunk
In the scenario described above, troubleshooting an application
failure resulted in an escalation to network operations,
application development, database administration, security
and then systems administration. Using Splunk Enterprise, the
service desk can search and analyze all of an organization’s
machine-generated data from one place in real time (see
Figure 2). Users can search on a combination of IP address,
database errors and permission changes to correlate diagnostic
information across different silos of data, identifying the root
cause in minutes, instead of the 24 hours seen in the earlier
example. The blame game is eliminated, root causes are
identified and IT teams can focus on proactive service delivery
versus reactive troubleshooting.
Search on IP address
shows related Web
session and User ID
Search at same time
reveals database
error and permission
failure
Search at permission
changes shows
change without
ticket number
Enter Splunk
Splunk Enterprise is a fully featured, powerful platform that
collects and indexes any machine data from virtually any source
in real time, such as network traffic, web servers, clickstream
data, custom applications, application servers, hypervisors, GPS
systems, stock market feeds, social media, preexisting structured
databases and more. Splunk software delivers an understanding
of what’s happening and deep analysis of what’s happened across
your IT systems and infrastructure. It turns your machine data into
the insights you need to make informed decisions.
Splunk Enterprise makes an organization’s machine data
available for a variety of functions—from application
management, to security, to operations management, business
analytics and digital intelligence. Using Splunk software,
organizations can analyze their machine data from a central
location in real time regardless of the source, format, location
or volume. Both technical and business users can search, alert,
report and analyze IT activities and do in minutes what used to
take hours or days.
By providing the means to manage IT more efficiently and
leverage the full value of machine data, Splunk software
provides a competitive advantage for businesses seeking new
operational insights and immediate, real-time visibility across
their infrastructure. After searching, monitoring, analyzing and
visualizing their machine-generated data in Splunk, departments
and functions no longer need to operate as individual silos with
limited views.
The key capabilities of Splunk Enterprise are as follows (See
Figure 3):
• Universally index machine data, regardless of format or
location
• Search real-time and historical data using the same search
interface
• Interact with search results in real time
• Automatically discover knowledge from the data and let
users add their own information
• Correlate complex events
• Monitor data and provide real-time alerts when specific
conditions arise
• Provide powerful reporting and analysis
• Provide the ability to create custom dashboards and views
for different roles
• Scale efficiently using commodity hardware
Figure 2. In the trenches and troubleshooting with Splunk takes just minutes.
• Provide granular role-based security and access controls
• Support multi-tenancy and be flexibly deployed
3
wh ite pape r
Power
mobile apps
Log directly
to Splunk
Extract
Splunk data
Customer
dashboards
Integrate with
Integrate
BI tools
Splunk services
Web Framework
SDKs
Rest API
“We’re spending less with Splunk than we did with our other
tools and we’re getting far greater value. We can share Splunk
and the data we capture among all our groups, which increases
our efficiency and provides a central resource for all.”
SurveyMonkey
“We require optics into every facet of our business, from
building and deploying solutions, monitoring performance
across multiple clouds to billing our customers. For these
reasons, Splunk is an essential part of our technology
infrastructure that we leverage across nearly all business
processes.”
Message Bus
Higher Productivity and Significant Time Savings
• Quickly investigate and resolve incidents
Focus on the Users: See Immediate Value
New Levels of Operational Visibility and Real-time
Business Insights
• Use dashboards, events and predictive models to prevent
problems and seize opportunities
“Splunk collects and analyzes machine-generated data from IT
infrastructures, but it also offers invaluable insight into usergenerated data. What makes Splunk special is the ease and
precision with which we can extract business intelligence from
hundreds of gigabytes of data, then graphically display any
metrics we want in dashboards.”
Socialize
“Splunk software automates the laborious process of sifting
through logs and other machine-generated data, which saves
time and trouble identifying the source of problems. Splunk
gives us both holistic and granular views of our IT environment,
enabling us to do root-cause analyses very quickly.”
Nevada Department of Transportation
• Make better-informed business decisions
“Splunk helped us establish the baseline for our company’s
operational model and helped us identify and understand
anomalies to that baseline. And as the business has evolved and
changed, Splunk has helped us understand how the baseline is
changing.”
“Searches that used to take ten minutes can now be done in
seconds with Splunk. When an analyst has to do that several
times per day, the savings add up… Splunk software helps us
identify and create signatures for new threats and deploy those
signatures much faster.”
University of Texas at Austin
• Centralize data management
“We have such a diverse environment with so many servers
providing different services that we used to have to go into
each server, one at a time, to find what we were looking for.
With Splunk, we can aggregate and correlate everything in
one spot. We can solve problems in minutes rather than hours.
We can create alerts that allow us to be more proactive and
efficient.”
Riverbed Technology
“We used to have to go to many different application and server
system logs trying to figure out patterns or track messages.
Now, all of those logs are in Splunk and we can search them
quickly in one place.”
Manitoba Hydro
• Avoid escalations and reduce MTTR
“By being our central data handler, Splunk makes it possible
for us to carry out very fast and high quality analysis of our
data. Splunk’s integration with other applications enables us to
reduce MTTR and improve service quality.”
Otto Group
iRhythm
4
wh ite pape r
Improved Customer Satisfaction
Recognized by the Industry
• Find and resolve problems before they affect customers
“Splunk allows us to see the percentage of customers who are
receiving an error message and resolve those issues quickly
before it has an adverse effect on sales or service.”
In addition to a growing community of users and partners,
leading analysts have taken notice of Splunk:
“Splunk is pushing things to the next level with easy and
straightforward visualizations and analytics on machine data.”
Tesco.com
Ventana Research
“Splunk helps us detect possible issues with integrating
customer applications and narrow down what they are. This
helps us be even more proactive with customers and inform
them of potential problems before they notice themselves.”
“Splunk’s ability to provide self-service analytics is very
powerful—the company is giving companies access to the data
they need, making Splunk products very well received.”
ThreatMetrix
• Gain key insights into the customer experience
“Splunk closes the gap between people and data… The
satisfaction of our users is key to our business success, so we
are extremely pleased to have improved the availability of our
gaming platform so significantly, thus also optimizing the user
experience on the web site.”
Swisslos
“Splunk enables us to connect our technical and business
metrics and see the correlations between site performance and
the customer experience. The real-time dashboards we’ve built
with Splunk provide information that can’t be obtained any
other way.”
ideeli
Value Across the Enterprise
Splunk Enterprise is available as a free download and has a
rich set of capabilities out-of-the-box. A Splunk Enterprise
deployment can start small, pulling logs, metrics or
configurations from a single source. As users exploit the value
of their machine data, they find other strategic uses for Splunk,
typically in one of the following areas—security & compliance,
application management, IT operations, digital intelligence
and more. Over time, organizations find the value of Splunk
and their machine data belongs enterprise-wide, expanding to
more sites, geographies and data sources. Ultimately, Splunk
software becomes the enterprise standard for multiple use cases
and multiple diverse roles in the organization. Splunk software
deployments have become distributed and mission critical for
thousands of organizations worldwide.
Enterprise Management Associates
“Splunk Enterprise makes it possible for IT and business users
to get powerful insights from machine data—without the
need for business users to master complex coding or query
languages.”
451 Research
Conclusion
Technology and functional silos hinder productivity and the
ability of IT to meet the needs of the business. At a time when
IT is challenged to do more with less, Splunk offers a single
software solution that collects machine data and allows users
to search, monitor, create alerts and visualize the results of
the searches with dashboard views. With its ability to index
data from virtually any source, Splunk software breaks down
traditional technology and people silos and empowers users
to significantly improve the efficiency of IT, delivering relevant
information to the people who need it, in less time and with
fewer resources. This ultimately enables IT teams to be proactive
instead of reactive.
The power of Splunk software is the exponential value it delivers
to users and to the business. Machine data is vast in volume,
unstructured, dynamic and captive in silos of traditional point
solutions. Splunk has brought a new approach to managing
machine data and unlocking its enormous value. Splunk software
is simple to deploy, scales from a single server deployment to
global large-scale operations and delivers fast payback. Using
Splunk as the platform to search and analyze machine data is
changing the way users do their jobs and elevating the role of IT
in their organizations.
1http://www.gartner.com/newsroom/id/2394415
2http://www.computerworld.com/s/article/86137/How_to_plan_a_road_map_for_
application_modernization
3http://socialbarrel.com/ricoh-study-finds-ageing-legacy-systems-hold-79-of-europeanbusinesses-from-new-technologies/45195/
4http://fcw.com/articles/2012/12/10/legacy-systems.aspx
5http://blogs.forrester.com/kate_leggett/13-02-28-four_steps_for_optimizing_customer_
service_operations
250 Brannan St., San Francisco, CA 94107
[email protected] | [email protected]
866-438-7758 | 415-848-8400
www.apps.splunk.com
www.splunk.com
© 2014 Splunk Inc. All rights reserved. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Storm and SPL are trademarks and
registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.
Item # WP-Splunk-ITSilos Hurt-103