One of Evanios’ most recognizable customers, a global leader in the media and entertainment industry, derives revenue from the production, acquisition, and distribution of feature motion pictures and television series. Its parent company (recognized as the world’s fourth largest media conglomerate), boasts a market cap of $57.5b.
This entity has a multitude of monitoring tools residing both on-premise and in the cloud. They chose Evanios to bring alerts from all of these tools into a single pane of glass, thus eliminating alert fatigue. The primary goal was to de-duplicate alerts, reduce false positives, and combine alerts logically into enriched incidents showing all relevant causes of an issue. ROI was apparent immediately: Evanios helped save more than 170 man hours a month, within the first 59 days of go live.
During initial evaluation and Proof of Concept, the customer focused on a few immediately measurable criteria.
According to the Senior Systems Engineer,, “We wanted a native integration to ServiceNow, something that would work directly with our ITSM change management, incident and maintenance systems.” For their architect, a deal-breaker was the inclusion of out of the box integrations and an open API to assist with connections. “Speed was important,” he explained. “We didn’t want to spend months getting all of the alerts into the system of record.” Plus, the monitoring team had a strong preference for bi-directional functionality wherever possible. When an event or incident was closed in ServiceNow or the event management solution, they wanted the resolved status pushed back to the point of origin, too.
The company also had very specific event correlation requirements, including:
A short incident description describing what failed, which CIs were affected, and which events were related (related events should be grouped into a single incident)
Dynamic incident priority, driven by the most critical event. However, correlation logic could not be all-or-nothing; They needed the ability to include or exclude events from correlation based on business logic.
Incidents would only be completed when all of the (underlying) correlated events were resolved. For example, if twenty events were combined into one incident, the incident would only close when the last event was resolved.
Correlation could be based on time, as well as the number of occurrences. A use case would be backups, where an incident should only be created if the same job failed three times in twelve hours, coming from the same backup server.
Evanios met all of these requirements, and because it operates seamlessly with the ServiceNow platform, it was easy for the IT team to immediately understand. Plus, Evanios offered the ability to easily access this customer’s custom apps and import data from custom tables into the event correlation logic. “We immediately saw the natural fit,” Their IT Director says. “Within a few days, we were highly confident that Evanios could do everything we were asking for.”
Within 30 days of go-live, Evanios was leveraging deduplication logic and suppression on change management to reduce incident count by about 28%. Correlation eliminated another 31% for a net reduction of 59%. The command center is on track to meet its intended target (having already reduced single incident count from 5,000 per week to 100 per day), and disruptive false alarms are quickly becoming a thing of the past.
As this media giant migrates additional services to the cloud, they will continue improving filtering, correlation logic and event/ incident routing. Plus, they plan to take advantage of Evanios event scoring and prediction logic. “At the end of the day,” their Sr. Architect explained, “This is about ensuring availability of business services. We need to identify critical issues, and prioritize effort in order to head them off. Evanios will give us the ability to rank events and incidents, and even use leading indicators to predict future events before they become serious problems.” All in all, it sounds like their team has written the script for another smash hit.