APP1219B - Splunk Observability

© 2020 SPLUNK INC.
© 2020 SPLUNK INC.
From Monitoring
to Observability
Dave McAllister
Sr. Technical Evangelist
Stephane Estevez
Product Marketing Director EMEA, IT Markets
Forward- During the course of this presentation, we may make forward‐looking statements regarding
future events or plans of the company. We caution you that such statements reflect our
Looking current expectations and estimates based on factors currently known to us and that actual
events or results may differ materially. The forward-looking statements made in the this
Statements presentation are being made as of the time and date of its live presentation. If reviewed after
its live presentation, it may not contain current or accurate information. We do not assume
any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is
subject to change at any time without notice. It is for informational purposes only, and shall
not be incorporated into any contract or other commitment. Splunk undertakes no obligation
either to develop the features or functionalities described or to include any such feature or
functionality in a future release.
Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States
and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved
© 2020 SPLUNK INC.
New Names, Same Great Technologies
VictorOps is now Splunk On-Call
SignalFx
Infrastructure Monitoring is now Splunk Infrastructure Monitoring
SignalFx
Microservices APM is now Splunk APM
© 2020 SPLUNK INC.
Observability Allows Us to Monitor For the

Unknown Unknowns
Today’s knowns are yesterday unknowns
Known Unknown
Things we are aware of Things we are aware of but
AND understand DON’T understand
Known
Things we are NOT aware Things we are NOT aware of

of but understand and DON’T understand
Unknown
© 2020 SPLUNK INC.

Unknown Unknowns
Known Unknown
Known Monitoring

Unknown
© 2020 SPLUNK INC.

Unknown Unknowns
Known Unknown
Known Monitoring

Unknown Observability
© 2020 SPLUNK INC.
Monitoring Observability
Looking for expected problems, e.g.: Looking for new and missing
• Applications data to enhance monitoring
• Overloaded CPU • Existing Environments
• High Memory Utilization • Containers
• Disk Space • Serverless
• High Response Latency • Microservices
• High Error Rate • Multi-clouds
• Service Availability • Anything else that can fail, but hasn’t (yet)
© 2020 SPLUNK INC.
Observability… The Word Starts Spreading

Because failure is shifting to application code and into production system behavior
© 2020 SPLUNK INC.
Turning Observability into Action

Act
Analyze
Monitoring
A Verb
Something you do to determine the state of
an application, a system, a service…
Observability
A Noun
A thing you have –
a property of a system
© 2020 SPLUNK INC.

Act
Analyze
Monitoring
A Verb
Observability
If you are observable A Noun
© 2020 SPLUNK INC.

Act
Analyze
Monitoring
A Verb
Observability
I can monitor you
© 2020 SPLUNK INC.

Act
Analyze
Monitoring
A Verb
Observability
I can monitor you
find patterns
© 2020 SPLUNK INC.

Act
Analyze
Monitoring
A Verb
Observability
I can monitor you
find patterns
and take actions

© 2020 SPLUNK INC.
Understanding Observability Mindset

Survivorship bias or survival bias is the logical error of concentrating on the people or things that made it past
some selection process, and overlooking those that did not, typically because of their lack of visibility. This can lead
to false conclusions in several different ways.
Source: Wikipedia
© 2020 SPLUNK INC.
Understanding Observability Mindset

Survivorship bias or survival bias is the logical error of concentrating on the people or things that made it
past some selection process, and overlooking those that did not, typically because of their lack of visibility.
This can lead to false conclusions in several different ways.
A shot down aircraft

doesn’t externalize
its state
Source: Wikipedia
© 2020 SPLUNK INC.
So What is “Focus on what you can’t see,

the unknowns. If the root cause
Observability? of a failure stays invisible (the
bullet holes) your IT-plane will
be shot down again.”
© 2020 SPLUNK INC.
Observability
The Three Pillars
WHAT’S HAPPENING? METRICS

Detect
© 2020 SPLUNK INC.
Observability
The Three Pillars

Detect
WHERE IS IT HAPPENING? TRACES

Troubleshoot
© 2020 SPLUNK INC.
Observability
The Three Pillars

Detect

Troubleshoot
WHY IS IT HAPPENING? EVENTS / LOGS

Pinpoint
© 2020 SPLUNK INC.
Observability
The Three Pillars

Detect

Troubleshoot
WHY IS IT HAPPENING? EVENTS / LOGS

Pinpoint
© 2020 SPLUNK INC.
Observability Drives
Evidence-based Debugging
Debugging for complex systems is iterative
Start with a high-level metric
Drill down and detangle based on

fine-grained data/observations
Make the right deductions based on the evidence

© 2020 SPLUNK INC.
Enhancing Incident / Problem Management

Incident Response
AIOps
Automation Correlation / Investigation
Monitoring / Alerting
I monitor you
VM VM VM VM VM VM
Private Public
© 2020 SPLUNK INC.
Enhancing Incident / Problem Management

Incident Response
AIOps
Automation Correlation / Investigation
Monitoring / Alerting
I monitor you Observability
I am observable
LOGS METRICS TRACES
VM VM VM VM VM VM
Private Public Private Public

© 2020 SPLUNK INC.
Connect Search Add to cart Checkout Payment
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
A A 0 1 2 P P P A A 0 1 2 P P P A A 0 1 2 P P P A A 0 1 2 P P P
M M A A P M M M M M A A P M M M M M A A P M M M M M A A P M M M
M M M M M M M M M M M M
© 2020 SPLUNK INC.
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
© 2020 SPLUNK INC.
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
Sessions
Monitoring Business
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
© 2020 SPLUNK INC.
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
Sessions
Monitoring Business
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
DB Monitoring DBA
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Service
Change mgnt
8 9 1 1 1 1 2 3 8 9 1 1 1 1 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Mgnt
2
Problem
Log analysis
Mgnt
© 2020 SPLUNK INC.
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
Sessions
Monitoring Business
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
DB Monitoring DBA
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
© 2020 SPLUNK INC.
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
Sessions
Monitoring Business
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
DB Monitoring DBA
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Service
Change mgnt
8 9 1 1 1 1 2 3 8 9 1 1 1 1 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Mgnt
2
Problem
Log analysis
Mgnt
© 2020 SPLUNK INC.
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
Sessions
Monitoring Business
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
DB Monitoring DBA
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Service
Change mgnt
8 9 1 1 1 1 2 3 8 9 1 1 1 1 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Mgnt
2
Problem
Log analysis
Mgnt
© 2020 SPLUNK INC.
Tracing
Tracing Dev
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
1 1
1
Metrics
0
0
%
0 0
Ops
0 0
% %
Monitoring 0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
0
%
8
A
M
9
A
M
1
0
A
M
1
1
A
M
1
2
P
M
1
P
M
2
P
M
3
P
M
Sessions
Monitoring Business
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
DB Monitoring DBA
8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Service
Change mgnt
8 9 1 1 1 1 2 3 8 9 1 1 1 1 3 8 9 1 1 1 1 2 3 8 9 1 1 1 1 2 3
Mgnt
2
Problem
Log analysis
Mgnt
© 2020 SPLUNK INC.
Debug the Unforeseen
• An alert on one service (Monitoring)

• Leads to a timeout error (Tracing)
• Leads to an infrastructure problem (Monitoring)
• Leads to a configuration issue (Monitoring)
• Leads to a memory leak in an app (Logs)
© 2020 SPLUNK INC.
A Customer Happiness Proxy
External (customer’s)
view is singular
• Request, and its latency
and success
Operator’s view is over

a workload
• Requests latency, rates,
and concurrency
• System resources/
components
© 2020 SPLUNK INC.
Why Now?
© 2020 SPLUNK INC.
Cloud-Native Journey Increases

Operating Complexity
Retain & Optimize Lift & Shift Re-Factor Re-Architect/
Cloud-Native
DEV OPS DEV OPS DEV OPS DEV OPS
Cloud Managed e.g. RDS, Cloud First Architecture

DynamoDB, SaaS
Tightly Coupled Apps, Primarily using More Modular, but Loosely Coupled
Slow Deployment Cycles Cloud IaaS Dependent App Microservices, and
Components Serverless Functions
VM VM VM VM VM VM VM VM VM
VM VM VM VM VM VM
Private Public Private Public Private Public

© 2020 SPLUNK INC.
What’s Different?
Cloud-native boosts velocity, but also increases complexity
Elastic,
Complex Short-Lived “You Build It,
Interdependencies Infrastructure You Run It”
• 10s or even 100s of loosely • Multi-cloud, abstracted • Monitoring is not limited to Ops –
coupled, polyglot services infrastructure is extremely developers are key users
• System behavior is dynamic • No single user has an accurate
unpredictable and changes • Volume of objects and mental model – troubleshooting is
over time metrics to monitor skyrockets a team sport
© 2020 SPLUNK INC.
“Observability is not the

microscope. It’s the clarity of the
slide under the microscope.”
Baron Schwartz
© 2020 SPLUNK INC.
Data is the Driving Factor For Observability
AI/ML driven Directed Troubleshooting
Unlimited Cardinality
Streaming/RT data, incl. Monitoring and Alerting
Full-fidelity metrics and traces
Open standards, open source data ingest

© 2020 SPLUNK INC.
Data Collection
Standards-based agents, cloud-integration
Automated code instrumentation
Support for developer frameworks
Any code, any time
No cardinality limits
Data
Visualization
• Monitoring, Analytics,
Response tooling
• OOTB and customizable
dashboards
• Real-time feeds
• Real-time smart alerting
• No lost data
• And more
© 2020 SPLUNK INC.

© 2020 SPLUNK INC.
Why Splunk Observability

Use all your data and leave no question unanswered
ALL your data, Open standards Answers & action,

any scale data collection not just data
• Unlimited cardinality metrics • Founder & leading contributor • AI-driven directed troubleshooting
• NoSample™ full-fidelity traces • Intelligent & automated response
• No schema, streaming logs
© 2020 SPLUNK INC.
Real-Time, Enterprise-Grade Observability

Monitoring Analytics Troubleshooting Closed-Loop Automation
Service Bureau & Cloud Cost Management

Teams & Permissions | Usage Report | APIs | Mirrored Dashboards
Instant Visualization Real-Time Alerts Deep Business Insights Directed Troubleshooting
Real-Time Streaming NoSampleTM Real-Time Streaming

Metrics Analytics Distributed Tracing Log Analytics
Open Instrumentation
Metrics Agents | Cloud APIs | Function Wrappers | Tracing Auto-Instrumentation
ON-PREM | PRIVATE CLOUD | PUBLIC CLOUD | CLOUD SERVICES | MICROSERVICES

© 2020 SPLUNK INC.
Fastest Time to Value on Your Data Journey

Real-time streaming analytics for instant insights
Analyze Data in Flight AI-driven Insights

Open, Flexible Collection Streaming architecture applies advanced Recommendations and directed
Open source- and open standards-based analytics to correlate data and find troubleshooting to accelerate
instrumentation and data collection patterns all in real time investigation and issue resolution
OBSERVABILITY
All Data, Any Source, Any Scale
Unlimited cardinality metrics, NoSample™ full-fidelity Immediate Detection
traces and unstructured logs from infrastructure, Discover unknown unknowns, catch all
apps/services and business processes outliers and anomalies, alert in seconds
© 2020 SPLUNK INC.
“The most effective debugging

tool is still careful thought,
coupled with judiciously placed
print statements.’'
Brian Kernighan
Unix for Beginners 1979
© 2020 SPLUNK INC.
Observability Use Cases

For SREs, platform operators, DevOps teams and developers
Cloud Migration Cloud Monitoring App Optimization
• Hybrid cloud monitoring • Cloud services monitoring • Application modernization

• Cloud cost management • Kubernetes & container • Microservices monitoring &
• Cloud capacity planning monitoring troubleshooting
• Serverless monitoring • Business SLx monitoring
• KPI monitoring w/ custom • DevOps application
metrics lifecycle monitoring
• Observability-as-a-Service
Drive Rapid
Innovation
50-70% improvement in
developer efficiency
• Detect and pinpoint problems

in your applications 60-80%
faster with real-time anomaly
detection and AI-driven
directed troubleshooting
• Identify performance
bottlenecks and outages in
cloud infrastructure
• Enable your teams to adopt
DevOps practices and
collaborative workflows no
matter where they are in
the world
© 2020 SPLUNK INC.

© 2020 SPLUNK INC.
What is Observability Really About?

More productive developers and happier customers
8X 100X 80% 80%

Faster code releases More visibility Reduction in MTTD Reduction in
MTTA & MTTR
Never miss outliers or Faster detection with
anomalies alerts in seconds
© 2020 SPLUNK INC.
Key • Observability is based on the acquisition of

data that allows you to ask questions you
Takeaways didn’t know you have and solve
problems that you never thought of
• Observability is all about data:

At scale, at speed and analytics-driven
• Observability drives new approaches to

monitoring, analytics and response
• Start now with the right tools to grow with

your needs
© 2020 SPLUNK INC.
Please provide feedback via the
SESSION SURVEY

APP1219B - Splunk Observability

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

APP1219B - Splunk Observability

Uploaded by

Copyright:

Available Formats

© 2020 SPLUNK INC.

© 2020 SPLUNK INC.

New Names, Same Great Technologies

VictorOps is now Splunk On-Call

Observability Allows Us to Monitor For the

Things we are NOT aware Things we are NOT aware of

Observability Allows Us to Monitor For the

Things we are NOT aware Things we are NOT aware of

Observability Allows Us to Monitor For the

Things we are NOT aware Things we are NOT aware of

Observability… The Word Starts Spreading

Turning Observability into Action

Turning Observability into Action

Turning Observability into Action

Turning Observability into Action

Turning Observability into Action

and take actions

Understanding Observability Mindset

Understanding Observability Mindset

A shot down aircraft

So What is “Focus on what you can’t see,

WHAT’S HAPPENING? METRICS

WHAT’S HAPPENING? METRICS

WHERE IS IT HAPPENING? TRACES

WHAT’S HAPPENING? METRICS

WHERE IS IT HAPPENING? TRACES

WHY IS IT HAPPENING? EVENTS / LOGS

WHAT’S HAPPENING? METRICS

WHERE IS IT HAPPENING? TRACES

WHY IS IT HAPPENING? EVENTS / LOGS

Debugging for complex systems is iterative

Start with a high-level metric

Drill down and detangle based on

Make the right deductions based on the evidence

Enhancing Incident / Problem Management

Automation Correlation / Investigation

Enhancing Incident / Problem Management

Automation Correlation / Investigation

I monitor you Observability

Private Public Private Public

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Connect Search Add to cart Checkout Payment

Debug the Unforeseen

• An alert on one service (Monitoring)

A Customer Happiness Proxy

Operator’s view is over

Cloud-Native Journey Increases

Cloud Managed e.g. RDS, Cloud First Architecture

Private Public Private Public Private Public

“Observability is not the

Data is the Driving Factor For Observability

AI/ML driven Directed Troubleshooting

Streaming/RT data, incl. Monitoring and Alerting

Full-fidelity metrics and traces

Open standards, open source data ingest

Standards-based agents, cloud-integration

Automated code instrumentation

Support for developer frameworks