Splunk ITSI & Correlated Network Visibility

Here are a few resources you might find interesting:

Product Documentation

• ThousandEyes Integration, Content Pack for ThousandEyes, ITSI Content Packs
• Preview Sign-up for Enterprise Networks Content Pack (Catalyst Center and Meraki in Splunk ITSI)
• Links to Splunkbase Apps: Meraki Technical Add-on, Catalyst Technical Add-on, Enterprise Networking App, ThousandEyes App

Blogs and Community Posts

• Why Modern Incident Response Strategies Need Network and Service Intelligence: Part 1
• Why Modern Incident Response Strategies Need Network and Service Intelligence: Part 2
• The Visibility Gap: Hybrid Networks and IT Services
• Almost too Eventful Assurance: Part 1
• Almost too Eventful Assurance: Part 2

Reports

State of the Observability Report 2024

Here are a few top of mind questions from the live Tech Talk

Q. There are several integrations with Cisco products, can you please let us know if the same value would be given from topology metrics and events from other vendors like SolarWinds, OpenText Dynatrace, etc...?

A. Yes, Splunk ITSI is designed as a cross-domain visibility tool and supports integration with a wide range of third-party vendors and tools, not just Cisco products. The platform can ingest, correlate, and analyze topology, metrics, and event data from other major vendors such as SolarWinds, OpenText, Dynatrace, BMC, and more.

Q. How does observability licensing work?

A. The Splunk Observability platform is licensed based on host, ingestion, and/or workload - and each observability capability has licensing specifics to each product: https://www.splunk.com/en_us/products/pricing/observability.html 
FAQ: https://www.splunk.com/en_us/products/pricing/faqs/observability.html 

Q. How does this relate to your OLI Cloud Solution?

A. ITSI is related to our Observability Cloud Solution in that ITSI is a premium application that sits on top of Splunk Observability Cloud or Splunk Enterprise.

Q. Can ITSI pull in data from other vendor products e.g. Aruba?

A. Yes, Splunk ITSI can ingest and correlate data from a wide variety of third-party vendor products, including Aruba and many others. As long as the data (such as logs, metrics, events, or flow data) can be sent to or collected by Splunk, ITSI can use it for analytics, alerting, and service correlation.

Q. Is there a way to see flow data for individual devices in ITSI?

A. Yes, Splunk ITSI can display flow data and other metrics for individual devices, provided that the necessary data is ingested into Splunk from your network tools. Through integrations and technical add-ons with products like Cisco ThousandEyes, Catalyst Center, and Meraki, as well as third-party solutions, you can bring in device-level flow data (such as NetFlow, sFlow, or similar telemetry).

Q. Here is a quick guided tour showcasing glass tables and service monitoring:

A. Splunk IT Service Intelligence Guided Product Tour.

Q. How does ITSI sit on top of the Splunk Observability Cloud, I thought it sat on top of the Splunk Core?

A. ITSI sits on top of the Splunk Core product, there are integrations available between Splunk Observability Cloud and ITSI. The two can complement each other in a hybrid environment, but they are architecturally distinct.

Q. Would this be a layer on top or integrated with AWS or Azure services?

A. Splunk ITSI and the observability solutions can be deployed either on-premises or in the cloud, including on AWS or Azure. They act as both a layer on top of your cloud services and can be directly integrated with AWS, Azure, and other cloud platforms.

Q. Will AI/ML capabilities be expanded to automate correlation and anomaly detection in ITSI?

A. There are capabilities to help with correlation powered by AI/ML namely Event IQ. ITSI leverages anomaly detection to model KPI behavior and generates alerts when these KPI's deviate from an expected pattern. Cisco and Splunk Strengthen Enterprise Digital Resilience in the AI Era  

Q. If there is a network service and service tree/dependency with location in ServiceNow, is it possible to import the topology to ITSI and keep it updated from there, or is there a smarter way?

A. Yes, it is possible to import service topologies (including dependencies and locations) from ServiceNow into Splunk ITSI. Splunk provides a ServiceNow technical add-on that supports this integration. This add-on can pull in data such as service trees, dependencies, and location details from ServiceNow’s CMDB or ITOM modules and bring them into ITSI for use in service monitoring and correlation.

Additionally, ITSI supports ongoing synchronization, so updates made to service topologies in ServiceNow can be reflected in ITSI, keeping your monitoring environment up to date. The process is designed to reduce manual configuration and streamline service modeling within ITSI.

Q. Does service topology need to be created manually or dynamically?

A. Service topology in Splunk ITSI can be created both manually and dynamically, but the platform is designed to make dynamic (automated) creation as easy as possible.

Q. Can you share a Demo and POC for customers who are interested in Splunk?

A. Here is the link to request a demo Splunk IT Service Intelligence (ITSI) 

Q. Is Catalyst Center the same as Cisco DNAC?

A. Yes, Cisco Catalyst Center is the new name for what was previously known as Cisco DNA Center (DNAC). Cisco rebranded DNA Center to Catalyst Center, but it is essentially the same platform for network management, automation, and analytics.

Q. Does this also track alerts in ThousandEyes, and sync respectively?

A. Yes, Splunk ITSI can track alerts from ThousandEyes. The integration pulls in alerts, metrics, and test results from ThousandEyes into ITSI, allowing those alerts to be correlated with other events and displayed in dashboards and incident views within ITSI.