Skip to main content


Splunk Lantern




Engage is the stage in which data collected and analyzed in the Observe stage is centralized via events and alerts for further analysis such as a correlation or anomaly detection to identify the offending technology causing the issue (aka root cause analysis), prioritize the incident, and notify correct team about the incident. 

With Splunk ITSI and Splunk On-Call, teams can leverage the Engage stage to drive value to the business, specifically MTTD, MTTR, alert noise reduction, and business service quality improvements. The benefits teams target to address with event analytics and notification include:

  • Productivity. Eliminate the manual effort involved with isolating the offending component (commonly referred to as costly 'war-rooms', 'swarms', and round-robin) calls.
  • Accurate incident prioritization. Immediately determine that the offending component is part of a critical system and if the incident is impacting customer. experience assists in getting the proper awareness and attention to remediating the issue accordingly. 
  • Accurate incident logging. Quickly and completely log the details in an incident ticket. 

Explore Engage focal areas and find your use cases

If you're at the Engage stage of your journey, explore the following focal areas to find use cases you should apply.  

  • Event analytics overview
    In the Event Analytics stage of the AIOps workflow, alerts are normalized, correlated, grouped into meaningful actionable groups called episodes in Splunk ITSI.
  • Notification overview
    Episodes perform notifications that create an automated incident with the appropriate severity, so that the group responsible for remediation can be notified.