Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI and how to address key IT challenges. Here in Part 2, we will share insight and recommendations on how to advance your usage, optimization, and ways to leverage additional tooling. 

Strategies to Enhance Performance

In order to take performance a step further, it's essential to implement techniques that take advantage of customization, optimization, and predictability. Maturing the use of these capabilities will help you fine-tune your ITSI setup to more closely match your organization’s specific needs: 

1. Utilize Custom KPIs: Tailor ITSI to your organization's needs by creating and implementing custom KPIs. For instance, a financial services company could monitor the latency of critical transaction processing systems, or business stakeholders at a hospital could monitor ambulance availability. By leveraging custom KPIs, organizations can gain insights beyond revenue and drive higher value decision-making across various functions. In addition, see best practices for using metrics to create KPIs.
   
   
2. Mature Your Alerting Strategies: Learn how to set up multi-KPI alerts for changes in service KPIs and be sure that you are notified of critical events without being overwhelmed by noise. 
   
   
3. Know Adaptive Thresholding Configuration: Setup Adaptive Thresholding by creating adaptive KPI thresholds and watching a simple step-by-step thresholding process. Next, make sure to monitor and optimize the health of your ITSI environment by taking advantage of ITSI’s Configuration Assistant. This feature will help identify configuration issues for your services, KPIs, entities, and at a glance resolve issues, and apply changes to your objects in bulk. Once setup, review our best practices and take your optimization further by utilizing the ‘ML-Assisted Adaptive Thresholding’ feature. Powered by Splunk AI, ML-Assisted Adaptive Thresholding provides automated adaptive threshold configuration recommendations.  
   
   
   
   
4. Optimize Entity Rules: Streamline your ITSI setup by learning how to define and manage entity rules for maximum efficiency and accuracy.
   
   
5. Deploy Predictive Analytics: Start Implementing predictive analytics (at the right time) to anticipate issues before they impact services. 
   
   
6. Enhance Incident Response: Refine correlation rules that reduce noise and focus on actionable events. Explore detailed methods for optimizing the rules and additional guidance on configuring the Notable Event Aggregation Policy so it can further manage event noise.

Already ahead of the curve and interested to know what’s new to help fine-tune your setup? The new pre-checks in the recently released ITSI 4.19 Upgrade Readiness Dashboard now help identify actionable insights, such as entities associated with deleted or non-existent services, and issues with entity filtering to ensure a smooth upgrade process.

Maintenance and Optimization

Setting the foundation for continuous improvement starts with setting up ways to maintain and optimize your deployment. Updating your growing IT environment, regular performance tuning and best practice workflows will help keep your ITSI setup adaptable to the evolving needs of your business. Follow the embedded links in each:

1. Update Environment Changes: Regularly review and update your ITSI setup to reflect your evolving IT environment, and learn how to conduct a comprehensive review. Remember to go back to Splunkbase to reference other preconfigured IT use cases directly to be used within ITSI. Leverage those prepackaged ITSI for new monitoring use cases in your growing environment. 
   
   
2. Maintain Adaptive Thresholds: Ensure thresholds applied to service KPIs represent good service function and can address issues before they escalate.
   
   
3. Use Best Practice Workflows: Follow best-practice workflows from identification to remediation. 
   
   
4. Harness Machine Learning: Leverage the power of machine-learning to uncover hidden patterns and trends in your IT data by discovering ways to train and deploy ML-models in ITSI.
   
   

Integrate Other Splunk Products

Integrating Splunk ITSI to take advantage of other Splunk products doesn’t have to be challenging. Take the next step in creating a more unified and resilient IT environment by leveraging these must-have integration recommendations: 

1. Critical Notifications: Integrate with your preferred incident response tool, like Splunk On-Call, to ensure actionable episodes reach the right teams quickly. 
   
2. Precise Business Transactions: Utilize APM Business Workflows in ITSI for automatic service creation using service topologies. 
   
   
3. Application Alerts: Take advantage of the ITSI integration with AppDynamics to help accelerate your onboarding of application availability, performance, end user experience, health rule violations, and events data. Use this to deep-link into AppDynamics applications from within an ITSI entity or ITSI event. Another must-have is being able to send alerts from Observability Cloud to an ITSI event index.
   
   
4. Secure Visibility: Enhance collaboration between NOC and SOC teams by sharing data between Splunk ITSI and Splunk Enterprise Security. 

Curious how other customers are safeguarding their data? The ITSI backup and restore process enhancements in the 4.19 release allow users to protect critical data and ensure the continuity of their services by viewing any missing dependent objects in backup files and preventing restore job failures.

Conclusion

As we conclude our exploration of advanced strategies, maintenance practices, and integration opportunities for Splunk ITSI, it's clear that optimizing your IT operations is an ongoing journey. By implementing these advanced techniques, regularly maintaining your ITSI environment, and integrating other powerful Splunk products, you can ensure that your IT infrastructure remains robust, efficient, and aligned with business goals. Stay connected with our community and resources for continuous learning and support, and keep pushing the boundaries of what your ITSI deployment can achieve. Thank you for joining us in this series, and we look forward to seeing the remarkable outcomes your organization will achieve with Splunk ITSI.

Try Our Latest Innovations

• To learn more about simulating your services and their health scores, read our Service Sandbox documentation. 
  
• To learn more about our one-stop-shop for bulk configuration updates for KPIs with the ITSI Configuration Assistant, read more here. 
  
• To identify the origin of problems and reduce manual investigations, read more about ITSI’s Service Impact Analysis here. 
  
• Read about our other features in Preview and release notes here.