Skip to main content

 

Splunk Lantern

Notification overview

 

After episodes are created in Splunk ITSI during Event Analytics, the group responsible for remediation must be notified. Episodes perform notifications that create an automated incident with the appropriate severity.

The notification step is done with Splunk On-Call in the examples shared here, but you could use any incident management or incident response tool such as ServiceNow or Remedy. The guidance here is a prescriptive solution, but all organizational DevOps and ITOps processes are a little different, so it is important to design this out in the context of your organization for maximum value realization. Conceptually they should be very much the same, but, for example, your organization might require all alerts and events to go upstream to a manager of managers, who then takes over at this point and in the Act AIOps stage.

The guides in this section use a fictitious company called CSCorp that hosts a cloud native application called Online Boutique deployed in a Kubernetes cluster. The guides show how the different focal areas in the Full Observability Stack can be consolidated. In the context of the application Online Boutique, the alerts coming from Splunk APM, Splunk Real User Monitoring, and Splunk Synthetic Monitoring detectors are consolidated as a single observational episode. The guides also demonstrate monitoring the Kubernetes cluster and sub-components for alerts. The pink arrows in the diagram above, (ITSI - Event Analytics) points to the area the guides focus on. Also, note the pink dotted lines, which represent an AIOps workflow that harvests the insights from the observe stage (metrics, traces, logs, and alerts), correlates and notifies (the Engage stage) as an Splunk On-Call incident in the context of a service or application (the Act stage).

customer-uce-engage.jpg

Notification prescriptive outcome guides

If this is your first time reviewing these guides, make sure that you have completed the guides in the Event analytics focal area first. Each of these guides build upon each other, so we recommend you do these in sequential order if this is your first time reviewing them. You will apply the concepts taught to your environment, so you will need your own licenses or trial versions of the Splunk products. Click the Free Splunk button in the upper-right corner if you do not have an environment.

What to do if you get stuck

Still having trouble? Splunk has many resources available to help get you back on track.

Next steps 

Now you're doing more with your data, get even more value through implementing additional use cases.