Skip to main content
Splunk Lantern の記事が日本語で利用できるようになりました。.
Splunk Lantern

Prevent Outages


Your ITOps teams might be too reactive, constantly fighting fires and taking too long to figure out who to contact and how to fix issues. This struggle to understand what’s happening will only become harder as the data from multiple existing monitoring tools, apps and critical business services continues to increase. As a result, you end up frustrated and too busy reacting to problems instead of proactively fixing issues before they cause more problems.

This traditional reactive approach to incident responses is inefficient, often ineffective, and can lead to team burnout. Artificial intelligence (AI) and machine learning (ML) were developed to quickly find patterns in amounts of data beyond the abilities of a single person. Your ITOps teams need to enlist AI and ML to use historical data to help avoid incidents by more accurately alerting teams, detecting the patterns that can lead to degradations in business service KPIs, and helping identify potential root cause. This way, your teams can be alerted before a potential incident occurs, rather than reacting after the fact.

How can Splunk ITSI help with preventing outages?

Get more accurate AI-driven alerting

More accurate alerting and anomaly detection can help your ITOps teams proactively address potential issues. Static baselines can cause false positive alerts when normal changes occur, like folks opening their laptops at the start of a work day. Adaptive thresholding uses machine learning to find daily or weekly patterns in historical data, and then sets thresholds to match. If there is an anomaly in the historical data, adaptive thresholding can find it and exclude those outliers to ensure the threshold is accurate. This tailored threshold reduces alert fatigue, proactively prevents false positives and helps you direct your energy towards the most critical issues. For fewer, more accurate alerts, you can create a multi-KPI alert so that a notification is sent only if the defined conditions are met for two or more of the KPIs. Along with deep dives, this can help you identify causal relationships and investigate root causes.

Detect and triage incoming alert storms

An incident can often cause a cascade of alerts as different systems and assets are affected. This storm of alerts can quickly inundate a team. Out of the box, the Splunk ITSI Content Pack for Monitoring and Alerting gives you an early warning that alert storms are coming, noting when alert volume is trending up compared to historical norms. In addition to giving you time to proactively take action, clusters of related alerts can be detected, helping you quickly isolate and triage the incident.

Prevent outages before they occur

To help give your ITOps teams early warning before an incident occurs, alerts in Splunk ITSI can be configured across a severity spectrum (for example, low, medium, high, and critical). For a mature approach to preventing outages, the degradation of service health can be predicted up to 30 minutes in advance. This forecasted service health score is dynamically derived from historic patterns detected in the underlying KPIs. Teams are able to see a view of live service performance as well as the forecast of future near-term performance.  

Use case guidance