Part 1: Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in Splunk IT Service Intelligence

Thanks for sharing 

A few questions and answers from the live Tech Talk that you may find helpful:

Q. Are the ITSI Analytics services part of the CORE ITSI install or a management pack? I do not see those services in either 4.13 or 4.14.

A. It is part of the "Monitoring and Alerting" content pack that is available in Splunk App for Content Packs 1.7 release.. you need this on top of ITSI.

Q. Can we use AI to "auto" resolve issues?

A. While fully auto-remediating is right behind magic today, ML can help you determine possible scenarios to automate remediation. I'd suggest checking out this tech talk when you get a chance: https://events.splunk.com/simplify-ticket-remediation? Splunk SOAR today also provides the ability to resolve and execute actions via automated playbooks. Learn more here  

Q. Can ITSI get alerts from Dynatrace ?

A. Yes , using third-party APM content pack

Q. How do you see the integration between ITSI/AIoP and Splunk Observability Cloud

A. We have an ITSI content pack called "Splunk Observability Cloud Content Pack" that helps bring data from Splunk O11y Cloud into ITSI for e2e visibility. The data is brought from Infra Mon, APM, Synthetics and RUM components using Splunk Infra Mon Add-on (for Infra Mon, RUM, APM data) and Synthetics Add-on (for Synthetics data)

Q. Does Splunk depend on its own db or repository or an external repository (i.e. CMDB) to make inferenced or references that the root cause of multiple alerts is linked to a failed infrastructure element vs. some of cybersecurity threat?

A. The value add of ITSI in Splunk is providing the ability to correlate across multiple external sources and app stacks.