Extend Splunk ITSI with the New xMatters Integration

Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.

The following is a guest post from Dan Goldberg, Senior Manager, Content Marketing at xMatters. He has 15 years in technology and more than 25 years in writing, editing and strategy.

There is an idea that the key to keeping your systems healthy is having the data, but look at where organizations are struggling. It’s not the data itself—it’s how you use the data. Without the intelligence to analyze it and act on it, the data can overwhelm and paralyze your organization.

Splunk IT Service Intelligence (ITSI) delivers that intelligence by parsing qualified information so you can take action and resolve problems more quickly. One critical factor for faster incident resolution is collaborating with your peers; this is where the integration between xMatters and Splunk IT Service Intelligence is powerful with xMatters Actionable Alerts for Splunk ITSI.

Extending Data into Action with xMatters

Using xMatters with Splunk ITSI allows organizations to reduce their time to respond to incidents. The integration enables you to send automated notifications to the appropriate on-call response teams and allows users to interact with the built-in Splunk ITSI workflow or other systems in their toolchain.

The integration is triggered through Notable Event Alert actions. When triggered, xMatters identifies the appropriate on-call personnel and delivers a notification with one or more events. xMatters orders these events by severity for easy scanning and quick assessment. Users are presented with four options that tie back to the Notable Event’s status: acknowledge, escalate, resolve, or close.

^{Selecting xMatters - Notable Event Alert from the Splunk ITSI module}

Acknowledge assigns the issue to the appropriate person and updates the Notable Event status to “In Progress.”

Escalate notifies the next available on-call resource if the current user needs to indicate they are unavailable or need more help.

Resolve updates the Notable Event status to “Resolved” to indicate the issue is fixed.

Close updates the Notable Event status to “Closed” and closes the event in xMatters.

^{Creating Action Rules}

^{Assigning to a group}

xMatters creates a record of each notification and action in Splunk ITSI and Splunk Enterprise. This provides you with a complete timeline of activity for post mortems and to improve processes over time.

Additionally, xMatters supports integration to other key elements of the toolchain so information can be shared across systems like HipChat, JIRA, StatusPage or other collaboration systems.

^{Record of actions in the Splunk console}

During triage and issue resolution, xMatters integrations help teams by automatically moving data between systems and targeted people. So whether you want to move data from Splunk ITSI into JIRA, StatusPage or another system, xMatters can do it.

Splunk ITSI: Next-Gen Monitoring and Analytics

Splunk ITSI is a monitoring and analytics solution that uses machine learning and event analytics to simplify operations, prioritize problem resolution and align IT with the business. With ITSI, you can see the results and KPIs that you really want to see, rather than making the best of what a monitoring system can present.

ITSI gives you total control of your monitoring experience, whether you want to see real-time results as they happen or review past results to look for long-term trends. ITSI delivers one-of-a-kind visualizations so you can monitor business and service activity using metrics and performance indicators that are aligned with organizational goals and objectives.

Built on the powerful Splunk platform, Splunk ITSI can scale to process petabytes of data so you can begin interacting with it for unparalleled analytics and insights. Splunk ITSI also democratizes machine learning to baseline normal vs. abnormal operations, detects anomalies, and groups related events to relieve you from being paralyzed with too many alerts.

Learn more about these capabilities in the Splunk IT Service Intelligence product brief.

If you see an exception in your data, drill into the offending data and start integrating with other systems. A perfect way to execute this issue resolution is with the built-in Splunk ITSI integration with xMatters.

You can get hands-on with Splunk ITSI; request access to the 7-day free Splunk IT Service Intelligence Sandbox and start getting the most out of your monitoring today.

If you're headed to Splunk .conf2017, make sure you check out the xMatters and Splunk session “Triggering Alerts with xMatters and Achieving Automated Recovery Actions From ITSI” on Wednesday, September 27 at 1:10pm. We—the Splunk team and xMatters together—will deep-dive into the common external integrations delivered with ITSI, how to use the xMatters integration easily, and will also demonstrate it for you, so mark your calendars! If you haven’t registered to attend, you can do it easily at conf.splunk.com.

Dan Goldberg
Senior Manager, Content Marketing
xMatters