Splunk Tech Talks
Deep-dives for technical practitioners.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
New Article

Part 1: Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in Splunk IT Service Intelligence

LesediK
Splunk Employee
Splunk Employee
‎09-14-2022 02:16 PM

Part 1 | Getting Started with AIOps:
Event Correlation Basics and Alert Storm Detection in Splunk IT Service Intelligence

LesediK_7-1676518142760.png

 

(view in My Videos)

WATCH NOW 

 You’ll learn how to leverage the Content Pack for Monitoring and Alerting with ITSI to quickly create and group notable events from ITSI services & 3rd party monitoring tools, and answer questions like:

  • Is the volume of incoming alerts higher, lower, or the same as what I typically see?
  • Which hosts, checks, KPIs, and Services are contributing to the highest volumes of alerts and episodes?
  • During an alert storm, what types of alerts are major contributors to the sudden increase in alert volume?

 

LesediK_7-1676518142760.png

Want to Learn More? 

Part 2 | Diving Deeper With AIOps

Learn More

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence

 

 

2 Comments
mehmetgunertr
Explorer
‎09-28-2022 04:31 AM

Thanks for sharing 

0 Karma
LesediK
Splunk Employee
Splunk Employee
‎09-29-2022 10:08 AM

A few questions and answers from the live Tech Talk that you may find helpful:

 

Q. Are the ITSI Analytics services part of the CORE ITSI install or a management pack? I do not see those services in either 4.13 or 4.14.

A. It is part of the "Monitoring and Alerting" content pack that is available in Splunk App for Content Packs 1.7 release.. you need this on top of ITSI.

 

Q. Can we use AI to "auto" resolve issues?

A. While fully auto-remediating is right behind magic today, ML can help you determine possible scenarios to automate remediation. I'd suggest checking out this tech talk when you get a chance: https://events.splunk.com/simplify-ticket-remediation? Splunk SOAR today also provides the ability to resolve and execute actions via automated playbooks. Learn more here  

 

Q. Can ITSI get alerts from Dynatrace ?

A. Yes , using third-party APM content pack

 

Q. How do you see the integration between ITSI/AIoP and Splunk Observability Cloud

A. We have an ITSI content pack called "Splunk Observability Cloud Content Pack" that helps bring data from Splunk O11y Cloud into ITSI for e2e visibility. The data is brought from Infra Mon, APM, Synthetics and RUM components using Splunk Infra Mon Add-on (for Infra Mon, RUM, APM data) and Synthetics Add-on (for Synthetics data)

 

Q. Does Splunk depend on its own db or repository or an external repository (i.e. CMDB) to make inferenced or references that the root cause of multiple alerts is linked to a failed infrastructure element vs. some of cybersecurity threat?

A. The value add of ITSI in Splunk is providing the ability to correlate across multiple external sources and app stacks.

0 Karma
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...