Skip to main content
Splunk Lantern

Use Case Explorer

o11y-ucx-main.jpg

You can benefit from using Splunk Use Case Explorer to successfully get started and to continuously get the most out of your solution as well as help plan incremental value when incorporating additional solutions.

Splunk's UCX is a set of capabilities, use cases, and best practices to help you to take a systematic approach toward improving visibility and response to incidents that have occurred, are occurring, and impending situations. 

► About

Background: The AIOps workflow

Let's introduce you to a few concepts and set the stage.  Splunk's UCX for Observability aligns to Gartner's industry-defined AIOps diagram that we use to help define your journey.undefined  As you can see by the diagram, at the core is a Splunk primary strength - big data analytics and continuous insights.

On the outer ring, feeding and consuming the data are the AIOps stages.  Using Machine Learning and AI are incorporated throughout each of thee stages and is why this AIOps is different from prior generations of solutions that did not take a big data/analytics approach and were more about manual processes.

AIOps Workflow Stages:

Observe - collecting and analyzing data (metrics, logs, traces) about the things occurring in your environment used to detect, troubleshoot, improve, and optimize. 

Engage - centralizing events and alerts an further correlating them to identify the offending technology causing the issue, prioritizing the incident, notifying right team about the incident

Act - Performing root-cause diagnostics and remediating or auto-remediating a situation.

Splunk Use Case Explorer (UCX) components 

There are 3 components that comprise the Splunk Use Case Explorer - the Explorer Map, Use Case Repository, Use Case Registry as follows:

Value Realization Cycle & Registry  - a continuous process for identifying additional use cases and a tracking tool that will be used to track the specific use cases to be deployed along with the names of the tasks's owners and timelines. Explorer Map - high-level planning guide to ensure you are targeting all areas of AIOps and Observability for your business/mission. Use Case Library - a set of prescriptive and descriptive use cases that help you get value faster, and continuously gain incremental value. These will be tracked via the use case registry.

 

► How to use

I. Value Realization cycle & registry  

we use the simple 3-step cycle to accomplish continuous value realization.

Splunk UCX VR Cycle.jpg

Step 1 - Define a Situation & Goal.  This can be a very targeted tactical challenge or a more expansive one.  For example, 'reducing MTTR of storage-related incidents' or 'Full-stack availabiltiy monitoring of our flagship web store'.

Step 2 - Identify & Record Use Cases. There could be one more unique use cases that fall out of the problem/goal defined in Step 1.  For example, you may wish to configure discrete monitoring only for storage devices, or you may have a separate use case for storage, authentication services, application, user experience, database, etc.

Step 3 - Deploy Use Case(s) & Document Value. Here is where the rubber meets the road and you'll actually deploy the use cases.  Be sure to check-in to see if the value you expected was achieved.  In Observability, sometimes just having visibility where you had blind spots before is of high value.

Repeat.

It is important that your organization intentionally institute a Value Realization Cycle.  As part of Splunk UCX, we recommend that your organization establishes a use case planning session at least every other month to ideate and refresh new use-cases to the registry to be deployed.  Using the Explorer Map below to help guide which areas to address.

A use case registry itself is simply a tracking tool - spreadsheet, project management, etc. - that you choose to use.  You may wish to track additional information such as status, prerequisites, comments, etc. as well.  Regardless of which tool you utilize to track, it is recommended that you have weekly/bi-weekly team progress check-points.

Sample Registry:


II.  Explorer map  

The Explorer Map acts as your high-level journey map - ensuring you gain complete visibility and optimal MTTR workflow efficiency.  Across the top are the Gartner AIOps Workflow Stages (Observe, Engage, Act) and aligned below each are the focal areas which comprise use-cases and best practice guidance to make your adoption journey as easy as possible.

We recommend utilizing 'full-stack' observability as the best practice approach to adopting observability.  That is, monitor the entire stack for a particular critical service.  If your organization is only monitoring a particular layer of the stack or if your organization has only automated one Workflow Stage, then your users and/or customers remain at risk of disruption, longer mean-times-to-repair, and your operational efficiency is not as fully optimized or scalable as it can be. 

 

o11y-ucx-main (1).jpg

When the entire workflow is employed for a single component within a stack layer (e.g. a server, an application, a database, etc.) it is expected that your MTTR will reduce dramatically for that component.  Further, when the entire workflow is employed for the full-stack of a service (e.g. an application and all of the supporting technologies) it is expected that you will realize less user/business/mission disruption, higher availability, faster remediation of issues, and better utilization of your staff’s time.

 


III.  Use Case Repository  

The Use Case Repository contains both prescriptive and descriptive use cases that help you get started faster and continue to incrementally increase the value of your solution.  By design, it is not meant to be an exhaustive list of use cases.  Rather you should be inspired and guided by the types of use cases to help you think about the other use cases that you will employ.  We will continue to add more use cases to the repository over time so you should check back periodically.

 

 

 

The Splunk Online Boutique guided journey

To help with comprehension, we use a fictitious company called CS Corp. (for Customer Success Corp...) that has an online store called the Splunk Online Boutique.  It is representative of a real-world Splunk Online Boutique Site.jpgapplication and underpinning infrastructure.  Although your specific application and infrastructure may differ, the approach that you will be guided thru here via a curated set of prescriptive use cases is universal and can be applied to any environment. 

Using the Splunk Online Boutique, we will demonstrate a proven method to establish Observe, Engage, and Act capabilities.