Splunk’s Machine Data into Resolution: Lessons Learned at Splunk.Conf18

Resolve Systems was a Tera-level sponsor of Splunk.conf18 in Orlando, Florida this year and Larry Lien, Chief Product Officer of Resolve Systems, had the opportunity to share his views on automation with a sold-out audience. Whether IT Operations, Security Operations, or Network Operations, 10,000 Splunk users attended hundreds of sessions including Resolve Systems’ “Be an Incident Resolution Superhero! Fight Incidents with Automation & Orchestration: Find it with Splunk, Fix it with Resolve.” The conference continues to scale year-over-year to a massive audience and Splunk user base from Splunk Enterprise, Splunk ITSI, and Splunk Enterprise Security with six different learning tracks.

On the tradeshow floor, the Resolve Systems team discussed challenges with manual Network, Security, and IT Incident Resolution and how to reduce risk and MTTR by validating, diagnosing, and resolving incidents with Resolve’s Incident Resolution Automation and Orchestration platform straight from a Splunk query or Notable Event.

Whether in the Resolve Systems booth or attending the presentation, automation was the topic of focus to decrease OpEx, cybersecurity risk, and MTTR for IT Incidents.

The Talk of Splunk.Conf18: Solutions with Incident Resolution Automation

Resolve Engineers Discuss Incident Resolution at Splunk.Conf18

This year, we started to see the convergence between the challenges that both IT Operations and Security Operations teams face. How do you automate more of our business? How do you minimize damage? And how do you take Splunk’s Machine Data and turn it into resolution action? With automation, operations teams can focus on standardized processes to reduce the siloed groups running independent automation scripts. Need a way to control and manage cross functional departments? A unified platform with high maintainability can use the scripts you already have running for all your different groups, and create runbooks and playbooks to reduce the siloed scripts running in the backend. Monitor your current scripts and ensure they are running properly with an Incident Resolution Automation platform.

Taking a Splunk query or Splunk Notable Event through Resolve’s automation and orchestration platform from validation and triage through diagnostics and containment to finally remediation reduces escalations and shifts left expertise to your L1s since 71% of IT teams think automation allows operations teams to focus on higher value activities.

Take your Splunk Insight into Resolution Action: Scan the Infographic Now

The Solution for Not Trusting Automation

We heard repeatedly from Splunk users that automation is daunting and overwhelming when attempting to roll out an entire end-to-end automation strategy. You are not alone! Trusting Machine Learning, or even an untrained Level 1, can be nerve racking when considering the criticality of your incidents and breaches. There are automation alternatives that will provide your team the need to intervene, start or stop an automated playbook/runbook, and take control of resolution; own your automation process with human-guided automation. With process guidance, timely information to facilitate decision-making, and packaged commands, Resolve provides something we like to call “human-guided automation”.

Learn more about incremental Incident Resolution Automation with 451 Research.

With a human involved and guiding the validation, diagnosis, and resolution as part of a larger workflow or runbook, you can have more insight into the process and trust a L1 to do more, which reduces escalations and improves overall efficiency.

“At least 30% of Splunk queries and Notable Events are false. Resolve allows you to validate this automatically and trigger activity on the back-end,” said Larry Lien during his Splunk.conf18 presentation. “This provides for automated validation, diagnosis, and resolution. With Resolve’s human-guided automation to walk an L1 through the defined and standardized process, you’re not only accelerating incident resolution but also left shifting your subject matter expertise.”

With human actions embedded into your automation, your incident resolution capabilities bring together your three most important aspects in a scalable incident resolution strategy: people, processes, and technology.

Incident Resolution Superheroes Fight Incidents with Automation & Orchestration

larry lien presents at splunk.conf18

Larry Lien presented to a standing room only crowd of IT, security, network, and service desk Splunk users on how to “Be an Incident Resolution Superhero! Fight Incidents with Automation & Orchestration: Find it with Splunk, Fix it with Resolve.” The presentation was focused on how you can automate incident resolution to rapidly extract value from your current Splunk Enterprise, Splunk ITSI, or Splunk Enterprise Security investments. With Fortune 500 companies building departments to manage their current scripts and automation, large enterprises are zoning in on how to automate more for cross-department standardized processes.

“We often hear enterprises say they need to integrate with upwards of 20 different systems as your infrastructure is becoming more and more complex. Resolve integrates with your entire environment; simply put, find it with Splunk, fix it with Resolve,” presented Lien, Chief Product Officer.

Over 250 people got the chance to hear from Larry who showcased how Resolve, integrated with Splunk, accelerates Incident Resolution with automation and orchestration. With the capabilities of human-guided automation, Resolve has been deployed by the largest global Enterprises, Communications Service Providers, and Managed Service Providers with rapid time to value and high maintainability.

Ready to Learn More about Human-Guided Incident Resolution Automation? Read the White Paper.