Populating content

Author: derkkila

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/1-getting-started/1-access-cloud-instances.md

@@ -0,0 +1,9 @@
+---
+title: How to connect to your workshop environment
+linkTitle: 1.1 How to connect to your workshop environment
+weight: 2
+---
+
+Access Show and sping up Workshop
+
+TBD

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/1-getting-started/_index.md

@@ -0,0 +1,52 @@
+---
+title: Getting Started
+linkTitle: 1. Getting Started
+weight: 1
+---
+
+# Monitoring and Alerting with Splunk, AppDynamics, and Splunk Observability Cloud
+
+## Introduction and Overview
+
+In today's complex IT landscape, ensuring the performance and availability of applications and services is paramount.  This workshop will introduce you to a powerful combination of tools – Splunk, AppDynamics, Splunk Observability Cloud, and Splunk IT Service Intelligence (ITSI) – that work together to provide comprehensive monitoring and alerting capabilities.
+
+### The Challenge of Modern Monitoring
+
+Modern applications often rely on distributed architectures, microservices, and cloud infrastructure.  This complexity makes it challenging to pinpoint the root cause of performance issues or outages.  Traditional monitoring tools often focus on individual components, leaving gaps in understanding the overall health and performance of a service.
+
+### The Solution: Integrated Observability
+
+A comprehensive observability strategy requires integrating data from various sources and correlating it to gain actionable insights.  This workshop will demonstrate how Splunk, AppDynamics, Splunk Observability Cloud, and ITSI work together to achieve this:
+
+* **Splunk:**  Acts as the central platform for log analytics, security information and event management (SIEM), and broader data analysis.  It ingests data from AppDynamics, Splunk Observability Cloud, and other sources, enabling powerful search, visualization, and correlation capabilities.  Splunk provides a holistic view of your IT environment.
+
+* **Splunk Observability Cloud:** Offers full-stack observability, encompassing infrastructure metrics, distributed traces, and logs. It provides a unified view of the health and performance of your entire infrastructure, from servers and containers to cloud services and custom applications. Splunk Observability Cloud helps correlate performance issues across the entire stack.
+
+* **AppDynamics:**  Provides deep Application Performance Monitoring (APM).  It instruments applications to capture detailed performance metrics, including transaction traces, code-level diagnostics, and user experience data.  AppDynamics excels at identifying performance bottlenecks *within* the application.
+
+* **Splunk IT Service Intelligence (ITSI):**  Provides service intelligence by correlating data from all the other platforms.  ITSI allows you to define services, map dependencies, and monitor Key Performance Indicators (KPIs) that reflect the overall health and performance of those services.  ITSI is essential for understanding the *business impact* of IT issues.
+
+### Data Flow and Integration
+
+A key concept to understand is how data flows between these platforms:
+
+1. **Splunk Observability Cloud and AppDynamics collect data:**  They monitor applications and infrastructure, gathering performance metrics and traces.
+
+2. **Data is sent to Splunk:**  AppDynamics and Splunk Observability Cloud integrate with Splunk to forward their collected data alongside logs sent directly to Splunk.
+
+3. **Splunk analyzes and indexes data:** Splunk processes and stores the data, making it searchable and analyzable.
+
+4. **ITSI leverages Splunk data:** ITSI uses the data in Splunk to create services, define KPIs, and monitor the overall health of your IT operations.
+
+### Workshop Objectives
+
+By the end of this workshop, you will:
+
+* Understand the complementary roles of Splunk, AppDynamics, Splunk Observability Cloud, and ITSI.
+* Create basic alerts in Splunk, Observability Cloud and AppDynamics.
+* Configure a new Service and a simple KPI and alerting in ITSI.
+* Understand the concept of episodes in ITSI.
+
+This workshop provides a foundation for building a robust observability practice. We will focus on the alerting configuration workflows, preparing you to explore more advanced features and configurations in your own environment. We will **not** be covering ITSI or Add-On installation and configuration.
+
+Here are the instructions on how to access your pre-configured [Splunk Enterprise Cloud](./1-access-cloud-instances/) instance.

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/2-creating-basic-alerts/_index.md

@@ -0,0 +1,83 @@
+---
+title: Creating Basic Alerts
+linkTitle: 2. Creating Basic Alerts
+weight: 1
+---
+
+# Setting Up Basic Alerts in Splunk Enterprise, AppDynamics, and Splunk Observability Cloud
+
+This section covers the creation of basic alerts in Splunk Enterprise, AppDynamics, and Splunk Observability Cloud.  These examples focus on simplicity and demonstrating the core concepts.  Remember that real-world alerting scenarios often require more complex configurations and thresholds.
+
+## 1. Splunk Enterprise Alerts
+
+Splunk alerts are triggered by search results that match specific criteria. We'll create a real-time alert that notifies us when a certain condition is met.
+
+**Scenario:**  Alert when the number of "error" events in the "application_logs" index exceeds 10 in the last 5 minutes.
+
+**Steps:**
+
+1. **Create a Search:** Start by creating a Splunk search that identifies the events you want to alert on. For example:
+
+   ```splunk
+   index=application_logs level=error
+   ```
+    Use the time picker to select "Relative" and set the timespan to 10.
+
+2. **Configure the Alert:**
+   * Click "Save As" and select "Alert."
+   * Give your alert a descriptive name (e.g., "Application Error Alert").
+   * **Trigger Condition:**
+      * **Scheduled:** Choose "Scheduled" to evaluate the search on a set schedule. Below scheduled will be the button to select the frequency, select "Run on Cron Schedule". If the time Range below that is different than 10 minutes, update it.
+      * **Triggered when:** Select "Number of results" "is greater than" "10."
+      * **Time Range:** Set to "5 minutes."
+   * **Trigger Actions:**
+      * For this basic example, choose "Add to Triggered Alerts."  In a real-world scenario, you'd configure email notifications, Slack integrations, or other actions.
+   * **Save:** Save the alert.
+
+**Explanation:** This alert runs the search every 10 minutes and triggers if the search returns more than 10 results. The "Add to Triggered Alerts" action simply adds a Alert to the Splunk Triggered Alerts list.
+
+**Time Ranges and Frequency:** Since everything in Splunk core is a search, you need to consider the search timespan and frequency so that you are not a) searching the same data multiple times with an overlap timespan, b) missing events because of a gap between timespan and frequency, c) running too frequently and adding overhead or d) running too infrequently and experiencing delays in alerting.
+
+
+## 2. AppDynamics Alerts (Health Rule Violations)
+
+**2. Create a Health Rule (or modify an existing one):**
+   * Click "Create Rule" (or edit an existing rule that applies to your application).
+   * Give the health rule a descriptive name (e.g., "Order Service Response Time Alert").
+   * **Scope:**  Select the application and tier (e.g., "OrderService").
+   * **Conditions:**
+      * Choose the metric "Average Response Time."
+      * Set the threshold: "is greater than" "500" "milliseconds."
+      * Configure the evaluation frequency (how often AppDynamics checks the metric).
+   * **Actions:**
+      * For this basic example, choose "Log to console."  In a real-world scenario, you would configure email, SMS, or other notification channels.
+   * **Save:** Save the health rule.
+
+**Explanation:** This health rule continuously monitors the average response time of the "OrderService." If the response time exceeds 500ms, the health rule is violated, triggering the alert and the configured actions.
+
+
+## 3. Splunk Observability Cloud Alerts (Detectors) (Continued)
+
+**2. Create a Detector:**
+   * Click "Create Detector."
+   * Give the detector a descriptive name (e.g., "High CPU Utilization Alert").
+   * **Signal:**
+      * Select the metric you want to monitor (e.g., "host.cpu.utilization").  Use the metric finder to locate the correct metric.
+      * Add any necessary filters to specify the host (e.g., `host:my-hostname`).
+   * **Condition:**
+      * Set the threshold: "is above" "80" "%."
+      * Configure the evaluation frequency and the "for" duration (how long the condition must be true before the alert triggers).
+   * **Notifications:**
+      * For this example, choose a simple notification method (e.g., a test webhook). In a real-world scenario, you would configure integrations with PagerDuty, Slack, or other notification systems.
+   * **Save:** Save the detector.
+
+**Explanation:** This detector monitors the CPU utilization metric for the specified host.  If the CPU utilization exceeds 80% for the configured "for" duration, the detector triggers the alert and sends a notification.
+
+**Important Considerations for All Platforms:**
+
+* **Thresholds:** Carefully consider the thresholds you set for your alerts.  Too sensitive thresholds can lead to alert fatigue, while thresholds that are too high might miss critical issues.
+* **Notification Channels:**  Integrate your alerting systems with appropriate notification channels (email, SMS, Slack, PagerDuty) to ensure that alerts are delivered to the right people at the right time.
+* **Alert Grouping and Correlation:**  For complex systems, implement alert grouping and correlation to reduce noise and focus on actionable insights.  ITSI plays a critical role in this.
+* **Documentation:** Document your alerts clearly, including the conditions that trigger them and the appropriate response procedures.
+
+These examples provide a starting point for creating basic alerts.  As you become more familiar with these platforms, you can explore more advanced alerting features and configurations to meet your specific monitoring needs.

content/en/ninja-workshops/12-alerting_monitoring_with_itsi/3-creating-services-in-itsi/_index.md

@@ -0,0 +1,14 @@
+---
+title: Creating Basic Alerts
+linkTitle: 3. Creating Services in ITSI
+weight: 1
+---
+
+# Creating Services in ITSI with Dependencies Based on Entity Type
+
+This workshop outlines how to create a service in Splunk IT Service Intelligence (ITSI) using an existing entity and establishing dependencies based on the entity's type. We'll differentiate between entities representing business workflows from Splunk Observability Cloud and those representing AppDynamics Business Transactions.
+
+**Scenario:**
+
+We have two existing services: "Astronomy Shop" (representing an application running in Kubernetes and being monitored by Splunk Observability Cloud) and "AD.ECommerce" (representing an application monitored by AppDynamics). We want to create a new service and add it as a dependent of one of those services. It is not necessary to create a service for both during your first run through this workshop so pick one that you are more interested in to start with.
+