Splunk Tech Talks
Deep-dives for technical practitioners.

Using Splunk for On-Call Insights

melissap
Splunk Employee
Splunk Employee

View our DevOps Tech Talk: Using Splunk for On-Call Insights  

If you’re like most Splunk Enterprise and Splunk Cloud customers, you’re getting all kinds of insights about your systems, applications, and services. But, have you thought about how effectively and efficiently your teams are responding to incidents?

How many fires are you fighting?

How many incidents have resolution owners?

What kinds of incidents are most frequent?

Do your alerts find an owner right away, or are they being passed around like a hot potato?

Insights to all these questions — and acting on them — can be a game-changer for shortening outages, operating more efficiently, and reducing burnout in operations teams. This tech talk demonstrates the insights you can gain based on incident response from Splunk On-Call, and what you can do to get started.

 

Tune in to learn:

  • What kind of incident response metrics and insights can I gain with Splunk
  • What is Splunk On-Call
  • How can I easily send on-call data into Splunk
melissap
Splunk Employee
Splunk Employee

Here are some questions from the live Tech Talk.

Q: Can you link splunk on-call to Jira or service now in such a way that it adds the disparate alerts and slack comments to a ticket to preserve the history?

A: For both Jira and ServiceNow, both have OOTB integration apps which facilitate centralizing disparate communications and alerts, funneling them into a single ticket and keeping the status in sync in real time.

 
Q: How to get the full message from Splunk alert in Splunk On-Call incident? I only get first line of my alert.
 
A: This would be best handled by modifying the alert action in Splunk enterprise. You can reference any event field iwht $token$ syntax and customize your own alert message. The full docs are here: https://help.victorops.com/knowledge-base/splunk-integration-guide
melissap
Splunk Employee
Splunk Employee

Here are additional resources to continue on your journey.

 

Learn more about Splunk On-Call and try for free

View our .conf presentations

 

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...