This app is designed to allow users to apply a number of techniques to get the most out of ITSI using machine learning.
In more detail you can use the app to:
- Predict potential outages using an improved workflow for generating predictive health scores in ITSI;
- Determine similarity between different services using graph analytics, and use the similarity to generate episodes;
- Identify root cause from episodes by analysing the relationships between the affected services and the KPIs they rely on; and
- Help configure your KPI importance by presenting insights around the correlation between a service health score and the KPIs it relies on.
ITSI Predictive Analytics Workflow
Using this dashboard you can select a service to initiate the predictive analytics workflow. On selecting a service you will be taken to the service analysis section of the workflow where you can see some reports about the behaviour of the service. Progressing on from the service analysis section takes you to the correlation analysis stage, where the KPIs the service relies on are compared against the future health score. If the correlation analysis identifies good predictive indicators in the data for the service health score then you will be able to progress to the final stage of the workflow where you can train a set of predictive models and a recommendation will be made as to the most performant model for your data. If there is not good correlation in your data you can look at the ITSI KPI Assessment dashboard to see if tuning your KPI importance may lead to better results.
ITSI Service Tree Analysis
This dashboard allows you to analyse your service models using a label propagation algorithm. This algorithm will identify similar types of services based on the connections across all of the service trees in ITSI. The identified groups can be saved as a lookup, which can then be used to enrich your correlation search results and ultimately be used to group alerts into episodes.
ITSI Episode Analysis
On this dashboard you can view the episodes in ITSI and when clicking on an episode in the table root cause analysis against will be run to see the KPIs that appear to have the most impact on the services affected by the episode. Once the analysis is complete you can click on the root cause analysis table to view the episode in deep dive, where the service health score and root cause KPIs will be presented to you.
ITSI KPI Assessment
On this dashboard you can select a service to analyse, and the panels will present the results of some correlation and causation analysis. Depending on the results of the analysis the dashboard may make some recommendations about how you could tune your KPI importance weights.
The app contains a single macro `predict_health_score(4)`, which expects four arguments: the id of the KPI you are predicting, the id of the KPI with hyphens replaced with underscores, a list of the KPIs used to make the prediction and the initials of the algorithm used to make the prediction. This macro is used in the predictive workflow section of the app.
| Dashboard | Machine Learning Toolkit | Deep Learning Toolkit | 3D Graph Network Topology Visualisation | Force Directed |
|---|---|---|---|---|
| Predictive Analytics | Version 5.2 | |||
| Service Tree Analysis | Version 5.x | Version 1.2 | ||
| Episode Analysis | Version 5.x | Version 3.4 | Version 3.x | |
| KPI Assessment | Version 5.x | Version 3.4 | Version 3.x |
Note that for the DLTK it is possible to run the container on the same infrastructure as your Splunk ITSI search head given the compute requirements for causal analysis are reasonably light in the app (it is predominantly used for near-term analysis). You can find more details about how to set up and configure the DLTK from the DLTK app details page.
Minor bug fixes related to episode analysis dashboard.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.