Act is a critical stage of the AIOps lifecycle because it drives operational excellence, as well as mean-time-to-detect (MTTD) and mean-time-to-restore (MTTR) improvements. During this stage, teams investigate, determine root cause (RCA), reroute the incident if appropriate, and remediate the incident to bring the service or monitored component back to normal. The aim is to improve:
- Productivity. Eliminate the manual effort involved with isolating the offending component. This costly effort is commonly referred to as war-rooms, swarms, or round-robin calls.
- Disruption impact. Shorten the duration of a disruption so that there is less impact.
Most Splunk Splunk Observability Cloud products can assist with this stage, including: Splunk Log Observer, Splunk APM, Splunk Infrastructure Monitoring, Splunk Synthetic Monitoring, Splunk Real User Monitoring, and Splunk ITSI.
Explore Act focal areas and find your use cases
If you're at the Act stage of your journey, explore the following focal areas to find use cases you should apply.
- Incident investigation overview
- During observability incident investigation, engaging the right team with the right level of speed and urgency requires a systematic approach.
- Remediation overview
- After the root cause of an incident is determined, the incident might need to be rerouted to the appropriate support team to remediate and bring the service back to normal.