Putting predictive analytics to work - Prelert Anomaly Detective for Splunk

I recently had a chance to speak with Kevin Conklin, Prelert's VP of Marketing, about application and system performance management, assuring application reliability and availability and how predictive analytics, or "machine intelligence" can be pressed into service to help. We then went on to discuss Prelert's add-in to Splunk Enterprise that is designed to bring the newest generation of predictive analytics to bear to help IT administrators and developers address performance anomolies before they have a chance to become problems.

The Challenge

In Prelert's view, the challenge is that today's workloads are a complex combination of individual services that are linked together. These services are often composed of a mix of mainframe-based databases and transactional systems; midrange UNIX workloads; networking and security technologies, as well as industry standard (X86) Windows and Linux workloads. Adding to this complex environment is these workloads are being accessed by individuals using a constellation of end-point devices that could be desktop PCs or Macs; laptop computers; smartphones or tablets; or some other intelligent device.

Given the tools that most IT organizations have at hand to track everything that is going on in this complex environment, the task requires impractical investments of human expertise and effort. It's become quite difficult to proactively sift through the large and rapidly growing logs for each of the operating systems, database engines, application frameworks, applications, network services and storage service to keep on top of what is happening moment to moment.

Splunk developed a tool that does an excellent job of big data collection, management, indexing and data mining and provided a "Google-like" search tool that allowed IT administrators and developers to probe deeply into the log files created by systems and their components. While very powerful, multidisciplinary expertise and time are often required when addressing a performance anomaly. Unfortunately, when anomalies come to view, a costly slowdown or outage is underway and there is no time to spare to find a solution.

Prelert Anomaly Detective

Prelert has gathered together a team of people who have implemented predictive analytics tools many times before and has used their skills and experience to create tools that put machine intelligence to work to:

  • Discover for themselves what operational characteristics in a complex environment can be considered "normal"
  • Discover situations that fall outside of the range of normal
  • Call IT administrators' and developers' attention to abnormal behavior in time to prevent problems.

This time, Prelert is offering its technology in the form of an add-in to the Splunk environment.

What does it do?

Prelert describes Anomaly Detective for Splunk in the following way:

Anomaly Detective’s self-learning predictive analytics with machine intelligence assistance recognize both normal and abnormal machine behavior. Using highly advanced pattern recognition algorithms, Anomaly Detective identifies developing issues and provides detailed diagnostic data, enabling IT experts to avoid problems or diagnose them as much as 90 percent faster than previously possible. IT personnel who utilize Splunk Enterprise software in infrastructure, applications performance and security can now additionally benefit from machine learning to automatically spot anomalies and isolate their root causes in minutes, saving time and resolving problems before the business is impacted.

Snapshot analysis

Tools today need to go beyond “human understanding” of how the IT infrastructure and overall environment behaves. Given the dynamic nature of today’s IT architectures, predictive analytics tools need to use a combination of big data techniques and artificial intelligences to fully self-learn the operating characteristics of the environment from a self-generated model it creates and maintains, and does so without any human input.

Big Data techniques, including predictive analytics based on machine intelligence, can and should be used to help IT administrators and developers find, isolate and address operational anomalies without their “help.” Prelert's Anomaly Detective for Splunk is an excellent example of a product that can significantly reduce the time it takes to predict and identify the root cause of many problems that are lurking in IT systems and make an IT manager’s life easier. It also positively impacts the bottom-line by reducing the time and level of expertise required to catch issues before they become customer and business problems.

Prelert isn't alone in walking down this path towards a solution. Suppliers such as CA, IBM, Netuitive, Zenoss and a number of others are doing something similar. Prelert hopes that its advanced self-learning capabilities will convince organizations that its approach is the best.

Conversations with some Prelert users indicate that the company is making some headway in that direction.

Kusnetzky Group LLC © 2006-2014