Splunk is great for alot of things, Event Management is one of the new budding Capabilities that recently was brought to the forefront via the release of IT Service Intelligence 2.4. The short answer of can it replace Netcool/Omnibus/Webtop etc... is "it depends and does a journey outside of conventional Alert Management make sense to you and your organization". The longer answer is below.
To assure anyone with this question -yes, IT Service Intelligence is a Premium App, however it is built entirely on Splunk Core Concepts and was built from the ground up be used with Splunk Core Capabilities. No bolt on action occurred.
Netcool/Omnibus can indeed dedup events and ITSI 2.4 has this built in to Notable Events Aggregation Policy activities now. Most teams only want to see one event, and also want to see any other subsequent events after the fact, usually for Root Cause Analysis.
Now to the nuts and bolts of what are the dependencies of making a replacement possible.
Splunk is great at taking in datasets in masse and presenting correlations (either through know or through Machine Learning) for YOUR environment from both endpoints and other Tools, like in the description above, SNMP Polling or Receiving. Typically Splunk is not leveraged to do this work, however once mapping of OIDS to MIBS occurs it definitely makes sense to feed this detail into Splunk.
If you choose to use ITSI now this detail can present a much fuller picture when combined with other network, endpoint, APM, RUM, and Application level detail. These activities are then mapped to Technology and/or Business Services <- is what IT Services Intelligence does remarkable well.
... View more