Our Use Case PDFs and blog images are only available in German. If you are interested in further information, we are happy to assist you personally. Please don’t hesitate to contact us directly.
Download the PDF here: Root Cause Analysis as a Splunk Managed Service
1. The Initial Situation
Let’s start with a customer quote from the initial appointment: “Our users are complaining that SAP is so slow at various locations. We can’t find the cause and therefore want to analyze the client data. Can Splunk solve the problem and can you support us in the long term with the implementation of the project?”
You may have asked yourself these or similar questions.
Sporadically occurring performance problems in the network make employees unhappy. There is no proper error description and all investigations lead nowhere or show that it “should actually work”.
Each system by itself: server, router, laptops, wireless components, application and database look great – “Everything is green!”
And yet users call and report errors, long response times and failures.
How can targeted troubleshooting identify sources of error and increase user experience?
In most cases, there is a lack of comprehensive analysis and evaluation of the collected data across all systems used in the company.
The Key: Root Cause Analysis as a Splunk Managed Service at the Highest Level!
The Root Cause Analysis includes the recording of errors, evaluates this data comprehensively and analyzes its origin. This leads not only to measures to reduce errors, but also to a reduction in costs.
This is what a data platform service* should offer you:
- Machine Learning and AI
Predict and prevent, instead of just reacting! With data evaluations at machine speed, you improve both security and your business results.
- Data streaming
With the help of real-time stream processing, you can capture, process and distribute data to Splunk and other destinations in milliseconds.
- Scalable index
You capture and collect your data in terabyte sizes from thousands of sources – and the trend is rising.
- Collaboration tools
Functions for mobile, TV and augmented reality ensure location-independent interaction and collaboration.
- Federated search
Company-wide data analysis through searches with correlated results that capture your entire data ecosystem (including local and third-party storage).
- Meaningful dashboards
With your own dashboards, which you can set up easily and intuitively, you can vividly communicate even the most complex data stories.
*Source: splunk.com
2. The Use Case
Our client, a company from Germany, manufactures innovative technologies based on polyurethane. Over 300 employees specialize in custom-made systems and have been active in the European market for many years. Recently, a change of company name took place, in which the entire infrastructure was redesigned and developed towards cloud and services. To manage these new structures, the NetDescribe S@ND team was involved.
In the course of discussions with the customer, it became clear that all attempts to analyze the performance problems had failed. The IT department checked servers, routers, wireless components, applications and databases and found no source of error. Each individual system indicates that everything is OK. Since there was no central monitoring system, there were repeated delays in the search for problems.
The Solution from NetDescribe
Search, analyze and visualize your data with the Splunk Cloud Platform and take the right measures based on this. Thanks to the targeted use of a premium app from Splunkbase and the consulting services of NetDescribe, the problem was successfully solved for the customer.
For the continuation of the project, the operation and development of the use cases was outsourced to the NetDescribe Managed Services Team S@ND.
3. The Implementation
After a convincing Splunk Operational-Information-Demo, the PoC followed, which was deliberately carried out in the Splunk Cloud. This brought significantly more visibility, but did not yet show the desired success. Only the selection and addition of a precisely fitting premium app from the Splunkbase finally led to the solution. In parts of the building there was only inadequate coverage of the WLAN signal. This could ultimately only be understood by evaluating the client data.
An application developed by the customer itself generated an unusually large number of “Reconnects” on the clients. This error was recognized because Splunk made a historical analysis of the data possible for the first time. The cause could be easily eliminated. In the next step, Splunk Cloud was implemented by the experts from NetDescribe.
After the initial “Quick Win”, the number of calls from users was significantly reduced. During the takeover by the S@ND team, it was decided together with the customer to index and evaluate further security-relevant data (firewall logs, Windows event logs, AWS logs) in Splunk Cloud.
The result: Within six months, the volume of data analyzed with Splunk quadrupled and provided a comprehensive picture of the systems used.
Conclusion: To the customer’s complete satisfaction, sources of error can be quickly identified and eliminated at any time. In addition, the customer’s IT team is significantly relieved by the S@ND Services.
Central views of all users*
Timechart: WLAN signal quality from a user*
Average latency*
Splunkbase* – The Splunk Machine Learning Toolkit app delivers new SPL commands, custom visualizations, wizards, and examples to explore a variety of machine learning concepts.
Splunk Cloud* – Turn data into answers – with Splunk as a Service
Splunk Cloud is a flexible platform to search, analyze, and visualize the data in your cloud environment.
With it you can:
- Capture and collect terabyte-sized data to use in Splunk and other destinations
- Search all types of data in your ecosystem
- Predict and avoid security and performance problems using machine learning
- Effortlessly convey complex data stories with dashboards
- Collaborate from anywhere via mobile devices and augmented reality
Data collection at the endpoint* (here with Splunk UF and Premium App from the SplunkBase)
Source graphics: Splunk
4. The Results
- By deciding to use Splunk Cloud, the customer’s initial problems could be solved within a few days – without the provision of new servers.
- Today, the customer is able to display all relevant machine data in one interface. He can search, analyze and thus make targeted, data-based decisions according to various aspects. The error costs decrease and customer satisfaction increases.
- The customer benefits on the one hand from a high time saving in the search for the causes of error sources and on the other hand from a significant cost reduction.
- Through permanent analysis of the data and immediate alerting in the event of anomalies, the support team has an overview at all times and can act in a targeted manner.
- The Splunk Cloud Platform helps the customer to exploit the full potential of its data. At the same time, the legal data protection regulations and compliance standards are met.
- Save resources with NetDescribe Managed Services: With the external services, the customer buys IT resources and expert knowledge without having to train their own employees for a long time and withdraw them from other important projects.
- Security at the highest level: Small and medium-sized companies in particular benefit from the concentrated know-how within the S@ND team. Many years of expertise of our SOC analysts ensures the protection of your sensitive data and the maintenance of a strong cybersecurity structure.
The Splunkbase – Ensure Maximum Performance
In the Splunkbase you can choose from 1000+ Splunk Apps from partners and from the community. For your individual requirement, every data source, every system.
As a Splunk customer, benefit from access to numerous free and paid apps and add-ons.
Develop your own app or add-on, publish your application in the Splunkbase to share it with the Splunk community.
GET MORE OUT OF SPLUNK WITH APPLICATIONS! CLICK HERE SPLUNKBASE
The Splunk Portfolio
Splunk platform.
Splunk Enterprise collects and indexes in real time all machine data generated in physical, virtual, or cloud environments. This can include data from applications, servers, networks, sensors, or telecommunications equipment. The solution correlates complex events, enables meaningful insights into machine data and simplifies analyses.
Splunk for security.
Splunk Enterprise Security improves all security processes and, as an analysis-driven SIEM (Security Information and Event Management) solution, gives you the holistic view to securely use generated machine data (e.g. information about networks, endpoints, accesses, vulnerabilities and identity data) and to reduce security breaches.
Splunk for IT and Business Services.
Splunk IT Service Intelligence (ITSI) visualizes, as a monitoring and analysis solution, status data and key performance indicators (KPIs) of critical IT and business services. ITSI uses machine-driven (artificial) intelligence, identifies existing and potential problems, prioritizes the rapid recovery of business-critical services, and provides analytically driven IT operations.
The Splunk Functions at a Glance
Collection and indexing of machine data – Real-time event capture, universal indexing, adapter elimination, use of metric data, timestamps for events
Search and verification – Real-time search, transaction search, interactive results
Correlation and analysis – Machine-learning-based AI, correlation of complex events, event annotations, pattern recognition
Visualization and reporting – Dashboard creation, report automation
Monitoring and alerting – Monitoring of events and KPIs, proactive notifications
Security and administration – Encrypted access to data streams, secure user access
OPERATIONAL INTELLIGENCE & SECURITY WITH SPLUNK ENTERPRISE AND NETDESCRIBE!
Download the PDF here: Root Cause Analysis as a Splunk Managed Service
