Skip to main content
Splunk Lantern の記事が日本語で利用できるようになりました。.
Splunk Lantern

Use Case Explorer for Observability


Observability improves digital resilience by lowering the cost of unplanned downtime. Downtime can include availability problems, performance problems, and usability problems. The costs include lost revenue, overspending on tool sprawl and overprovisioning, and opportunity cost in longer time-to-market. Teams struggling with their observability strategies often report the following issues:

  • Fragmented visibility. They might have too many tools but also limited access to the tools they really need.
  • Excessive alerts. Teams are burned out from too many alerts, especially alerts without enough context to know what and how to act on.
  • Guesswork. Teams often don't know the right solutions or how to minimize customer impact.

Splunk provides a unified platform experience for maximum accessibility and control of your environment. The Splunk suite of observability products helps teams proactively detect and prioritize incidents that impact the business, and it provides guided root cause analysis for faster triage. With a good observability strategy, teams can see the following results:

  • Up to ten times reduction in downtime
  • Twice the likelihood of detecting issues in mere minutes
  • Up to 69 percent faster time-to-resolution

The Use Case Explorer for Observability provides the guidance you need to build a solid strategy from foundational visibility all the way to optimized experiences, giving your organization the digital resilience it needs to succeed.

Use Case Explorer for Observability
foundation_black.png prioritize_black.png proactive_black.png optimize_black.png

Troubleshoot Mission-Critical Apps and Infrastructure

Optimize Cloud Monitoring

Reduce Alert Noise

Analyze IT Service Health

Understand the Impact of Changes

Prevent Outages

Debug Problems in Microservices

Optimize End User Experiences

Enable Self-Service Observability

Align IT and Business with Service Monitoring

Is this your first time using the Use Case Explorer for Observability?

Click here to learn how to use it.

Learning how to use the Use Case Explorer is important to help you successfully get started and to get the most out of your Splunk Security solution, as well as help you see incremental value when incorporating additional solutions. The following video provides a brief but informative overview of the three use case explorers in Lantern: Platform, Security, and Observability. Wherever you are in your resilience journey and whatever use cases you need to accomplish, the content in the explorers can help.

To use the Use Case Explorer effectively, you'll need to implement and follow a Value Realization Cycle within your organization. The Value Realization Cycle is a continuous process for identifying, implementing, and evaluating the value of new use cases that your business adopts.

In order to get maximum value out of your investment in Splunk Observability products, it's vital to intentionally put a Value Realization Cycle in place. We recommend that your organization establishes a use case planning session at least every other month to ideate and refresh new use cases to be deployed.

value realization cycle.jpeg

The Value Realization Cycle consist of a few different steps:

  • Step 1 - Define a situation and goal. This can be a very targeted tactical challenge or a more expansive one. For example, you might aim to reduce MTTR of storage-related incidents, or start full-stack availability monitoring of your flagship web store.
  • Step 2 - Identify and record use cases. There could be one or more use cases that help you improve the situation and achieve the goal you defined in step 1. For example, you may wish to configure discrete monitoring only for storage devices, or you may have separate use cases for storage, authentication services, application, user experience, database, and other technologies. Use the Explorer Map to help you identify use cases you can apply.
  • Step 3 - Deploy use case(s) and document the value achieved. Use the Registry to help you track and document your progress. In Observability, sometimes just having visibility where you had blind spots before is of high value.

And then, repeat!

The Use Case Registry

The Use Case Registry is a tool used to track the specific use cases to be deployed, along with the names of use case implementation owners and timelines for completion.

As well as running a regular use case planning session at least every other month, we recommend that you have weekly or bi-weekly team meetings focused on the Use Case Registry to checkpoint and track your progress in achieving the value you've identified from the use cases you choose to implement.

You can create the Use Case Registry in a spreadsheet or project management tool of your choice. Here is an example of a Use Case Registry you can use, or you can download this template file. You might want to add extra columns to these examples to track additional information such as status, prerequisites, or comments.

Category Use Case Product Expected Value Owner Target Date OnDemand Credits
Digital Experience Monitor user response time Synthetics Understand the customer experience via SLI Michelle Jackson July 15  
Application Observe function call trace time APM Reduce MTTD Michelle Jackson July 20  
Infrastructure Monitor Kubernetes pods for pending state Infrastructure Monitoring Reduce MTTD Jack Handley July 15  
Infrastructure Monitor AWS EC2 availability Infrastructure Monitoring Reduce MTTD Jack Handley July 15 10
Event Analytics Identify causal component so that notification can be routed to correct support team ITSI Reduce mean time to isolate Siraj Chaudry July 25 10