We are on a journey to move from distributed disjointed monitoring and alerting by each silo to an enterprise observability approach. We use SNOWas our CMDB also have Splunk for logging. If you've been down this road, what advice can you give?
Sort by:
If possible, create a stale devices report that can help you track devices that are not being used for return, reset and redeployment. We preach communication, but that always seems to be the first point of human failure.
We are a smaller company, and the solutions we have work for our needs (Atera for servers and endpoints, JamF for iOS), but in a larger environment, having all the eggs monitored in the same basket would be ideal.
Make sure that you maintain the data in the CMDB, it is not just a one-time effort but a continuous one to keep the information updated and relevant. Involve also your business customers to take onwership of their assets and keeping those updated.
For Splunk, try to log the all necessary information but not more, otherwise, costs can really go out of control.
On the collection side, try to adopt open standards like OpenTelemetry, which give you the flexibility to use open-source collection solutions, commercial solutions, or a mix of both without the concern of vendor lock-in.
On the analysis/consumption side, use the solution that best suits your needs (notification, reporting, dashboarding, model training, etc.). A difficult-to-use solution will diminish its value.
For the integration between collection, storage, and consumption, aim for decoupled integration solutions that allow each component to scale and evolve independently. This will also minimize the chance of the monitoring system bringing down production applications. We have learned serious lessons on this.