“I need to be notified if there’s a significant event ongoing with SignalFx.” This is what I tell my team. However, despite being the CTO...by Arijit Mukherji
September 19, 2018
Big data is old news. Today, the key to leveraging data effectively is to do fast data.
In a similar fashion, traditional incident management—which entails collecting and analyzing large volumes of monitoring information—is no longer enough. Organizations must also now do “fast monitoring,” which means not only collecting monitoring data; but making it actionable in real-time.
This post examines what fast monitoring means, and explains how incident management teams can implement this approach to realize great benefits.
To understand the concept of fast monitoring, you have to understand fast data — one of the newest innovations in the big data world.
Very simply put, fast data is big data done in a fast way. Whereas big data traditionally meant storing large amounts of information and analyzing it later, fast data means performing data analytics on large amounts of information as quickly as possible—ideally, in real-time. The goal is to analyze the data when it is as actionable and relevant as possible.
Being able to stream data from its source into an analytics platform is an important part of leveraging fast data. This is why big data tools like Apache Spark have become popular in recent years. By supporting streaming data collection, as well as in-memory processing, Spark can ingest and analyze large amounts of information at speeds much faster than non-streaming, on-disk data analytics platforms.
Incident management is a different field from data analytics, but incident management admins can learn a lot from the fast data trend. In the infrastructure monitoring and incident management world, being able to analyze large amounts of monitoring and alert data in real-time to improve response is now more important than ever.
From traditional incident management to fast incident management
The connection between fast data and fast monitoring is not a coincidence. In many ways, the evolution of incident management mirrors the evolution of data analytics.
Until about ten years ago, data, like infrastructure, was relatively small. There was no need for most organizations to analyze petabytes of data because they didn’t generate that much. Similarly, most organizations had no need for monitoring solutions that could support large and diverse infrastructures. They could instead get away with basic monitoring systems to keep track of relatively small and uncomplicated networks of servers and workstations.
Then, in the mid-2000s, both data and infrastructure started getting much bigger. The digitization of everything meant that organizations started collecting reams of information, giving rise to big data. Meanwhile, the proliferation of mobile devices, the rise of virtualization and the need for ever-more computing power made infrastructure much larger and more complicated. This new landscape required big monitoring.
And within the past few years, another sea of change has taken place. In an age when information is constantly changing, performing analytics on data that is even just a few hours old undercuts the value of analytics. Similarly, performing incident management on the basis of monitoring information that is not up-to-date prevents admins from triaging and responding to incidents effectively.
So, while fast data and fast monitoring may require different toolsets, the principles and motivations behind both trends are the same. Incident management teams seeking to keep infrastructure and apps running as smoothly as possible would do well to emulate their data-analyst colleagues by focusing on fast monitoring.
Collecting and reacting to monitoring information quickly may sound simple enough — but how can you make fast monitoring work in practice? The major guidelines to follow include:
All of these practices minimize the amount of manual analysis required from incident management admins during a crucial incident. In turn, they minimize the time between alert collection and action, making it feasible for incident management staff to react to incidents as quickly as they occur, and truly turn fast monitoring into real-time response for improved uptime.
Delaney, Ozzy. “Speeding.” Jan 20, 2015. Online image. <https://www.flickr.com/photos/24931020@N02/15854782234/>