It's About Time: Business Insights With Calendar Window Analytics

Ever wish you could monitor the total number of widgets produced by your service since the actual beginning of the day in New York, rather than interpret a sum calculated over, say, the last 10 or 24 hours?

What about a real-world view of the SLA for a service you manage, showing the maximum latency reported for closed months and quarters, with the results neatly plotted at the ends of those months and quarters? Interested in comparing request latency for your service and the cost of operating it in March with the values calculated over February, and alerting on the delta?

Ever wish you could monitor the total number of widgets produced by your service since the actual beginning of the day in New York, rather than interpret a sum calculated over, say, the last 10 or 24 hours?

What about a real-world view of the SLA for a service you manage, showing the maximum latency reported for closed months and quarters, with the results neatly plotted at the ends of those months and quarters? Interested in comparing request latency for your service and the cost of operating it in March with the values calculated over February, and alerting on the delta? You can do all this and more with Splunk Calendar Window Analytics!

Splunk Infrastructure Monitoring analytics functions can now be calculated over true calendar intervals in addition to the existing functionality of evaluating them over rolling time windows. Releasing this capability is part of our commitment to enabling powerful business use-cases with Splunk, while continuing to enhance the streaming analytics and monitoring capabilities that make Splunk Infrastructure Monitoring popular with application developers and operators.

Unlocking Business Insights

When organizations get started on the path to cloud-native and invest in monitoring, initial interest tends to focus on relatively low level signals such as infrastructure metrics from cloud providers. As the adoption of cloud and modern architectures becomes more prevalent and mature, higher level signals are used to monitor service health and Key Performance Indicators (indicators of customer experience, custom application metrics, distributed traces, RED and USE, the four golden signals).

The natural next desire is to interpret existing signals (e.g. request counts) for business users and to start consuming new signals (e.g. the number of streaming sessions started) specifically to enable business use cases. In doing so, it becomes possible to correlate the behavior of digital systems with business performance, and provide every member of the organization with real-time visibility using a shared analytics platform.

However, business use cases often require or expect measurements over true calendar intervals, such as over a month or a day, rather than over a fixed rolling window of 30 days, or 28 days, or 24 hours looking back from every given point in time.

Calendar Windows are not Rolling Windows 

Calendar windows are not the same as what we refer to as rolling (or moving) time windows. For instance, calculating the cost of running a service over the current or a past calendar month is more useful (and relatable to real-world facts such as billing cycles and accounting periods) than the same calculation done over the previous 30 days.

Splunk calendar window analytics functions are a powerful new capability for application and infrastructure monitoring. However, when used to make operational and application data meaningful and consumable in a business context, their value is even more compelling.

Furthermore, calendar window analytics functions can be freely used throughout Splunk Infrastructure Monitoring charts and detectors – in contrast to time measurement features provided by other monitoring solutions, calendar windows are not a simple UI control or a hard-coded view for a specific time interval. 

The doctor orders calendar window functions when:

1. You want your calculations to line up with calendar boundaries in the real world. For example, you may be tracking usage of your cloud infrastructure and want to map it directly to the bill you receive from your cloud provider every month.
   As another example, you may want the day from your “average response time over a day” calculation to align exactly with the calendar day committed to in your SLA contract.
2. The signal you are monitoring follows a recurring pattern relative to some calendar cycle.
   For example your website traffic may peak over the weekends, but drop on weekdays. Summing the orders processed over calendar days faithfully captures this pattern.
    

The following chart displays the sum of API requests over a rolling window of 7 days, calculated every 6 hours:

You can now use the Chart Builder in Splunk Infrastructure Monitoring (or create charts programmatically, via our API) to specify a calendar window instead of a rolling window:

Which transforms your view of the same data. A single value is now emitted at the end of Saturday every week:

If you choose to view partial values, you can also see the sums calculated up to various points of time during the course of the week, as well as the final value at the end of the week:

Clearly, the result of applying an analytics function on your signals can be vastly different based on whether you choose a rolling window or a calendar window. The ability to do analytics over calendar windows opens up a number of interesting use cases and we have provided some examples below.

Illustrative Examples 

API Request Volume and SLA Performance Measured Day-Over-Day

Let’s say you make money by providing a financial transaction processing API that your customers call. You may want to track the number of requests made to that API daily, as well as monitor SLA performance.

Using calendar time analytics, you can easily calculate request volume and maximum latency for your service over the current day, compare that to the previous day, and visualize longer term trends. When commitments are expressed in real-world calendar terms, the intervals over which calculations are performed will precisely match what you have contractually agreed to with your customers.

By applying a timeshift of one cycle, you can compare each day’s value with the previous day’s and plot a growth curve.

Splunk Infrastructure Monitoring functions do the math right when calculations and timeshifts are done over months or quarters, accounting for the fact that one month or quarter can be longer or shorter than another month or quarter.

With these capabilities, your signals become directly consumable and relatable in a business context.

Streaming Sessions Started – Time Zone-Specific Views

The beginning and end of a day in Tokyo is five hours ahead of the beginning and end of the same day in Los Angeles. Calendar time analytics performs the correct math over the correct interval by allowing you to define cycles relative to a time zone.

Let’s say you run a video distribution and streaming platform. If you are measuring the number of streaming sessions started in three different regions (North America, Europe, and Asia), you can visualize the sessions started for a calendar day beginning and ending at the correct instants as specified by each time zone.

Plotting daily, weekly, and monthly sums allows you to quickly see the perspective from different zoom levels. You can also customize the start of every cycle. For example, in the United States the traditional first day of the week is Sunday, whereas in Europe, Monday is widely accepted as the first day.

With charts using accurate region specific calendar windows plotted next to each other, patterns across zones may also be more easily spotted.

The Cost of Running a Service and the Value Delivered – Daily, Monthly, and Quarterly Trends

In general, if you have metrics that are of interest to your finance team, you can align them with accounting/reporting cycles in the calendar year.

In Splunk Infrastructure Monitoring, the AWS Optimizer collects up to the minute cost and utilization metrics for your AWS environment. Applying calendar window functions to those metrics means your charts will more closely reflect how you think about that usage and how you are billed.

The charts below show a products AWS cost trends day by day and month over month. You can also see the cost data placed next to operational data (cost of running the service next to the number of API requests processed by the service in the same time window). This is essentially a view of the value delivered next to cost incurred in delivering that value.

Quarterly cost is also shown in the dashboard above. Flexibility in specifying the start of a cycle allows the first quarter to start in March, aligned with the start of this company’s financial year.

We have always focused on building Splunk to be best-in-class at providing real-time monitoring and alerting for those who build and operate software. More and more organizations are recognizing digital services as being critical to their business value. They are taking on the challenge of building ever improving and observable services, while also embracing a fast moving, data driven business culture. In this world it is evident that DevOps needs and business needs for monitoring critical signals are rapidly converging.

Today’s organizations need true calendar time support in their monitoring solution. This need is not met by simple UI level controls for selecting intervals to view, or by custom UI elements that present a hard-coded view for some time interval.

Our thorough and flexible solution for evaluating your data over calendar intervals brings the full force of the Splunk analytics engine to bear on use cases that are of particular interest to the business user. Crucial business insights will be more easily discoverable and actionable than ever before.

We’re excited to see how you’ll make use of Splunk Calendar Analytics. Get visibility into your entire stack today with a free 14-day trial of Splunk Infrastructure Monitoring.

Thanks,
Suhail Rashid, Aaron Sun and Difan Zhao