Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Infrastructure Operations icon

Engineer Your Event Management Process

Track monitored events purposefully and respond effectively.

Build an event management practice that is situated in the larger service management environment. Purposefully choose valuable events to track and predefine their associated actions to cut down on data clutter.

Our Advice

Critical Insight

Event management is useless in isolation. The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

Impact and Result

Create a repeatable framework to define monitored events, their root cause, and their associated action. Record your monitored events in a catalog to stay organized.


Engineer Your Event Management Process Research & Tools

1. Engineer Your Event Management Deck – A step-by-step document that walks you through how to choose meaningful, monitored events to track and action.

Engineer your event management practice with tracked events informed by the business impact of the related systems, applications, and services. This storyboard will help you properly define and catalog events so you can properly respond when alerted.

2. Event Management Cookbook – A guide to help you walk through every step of scoping event management and defining every event you track in your IT environment.

Use this tool to define your workflow for adding new events to track. This cookbook includes the considerations you need to include for every tracked event as well as the roles and responsibilities of those involved with event management.

3. Event Management Catalog – Using the Event Management Cookbook as a guide, record all your tracked events in the Event Management Catalog.

Use this tool to record your tracked events and alerts in one place. This catalog allows you to record the rationale, root-cause, action, and data governance for all your monitored events.

4. Event Management Workflow – Define your event management handoffs to other service management practices.

Use this template to help define your event management handoffs to other service management practices including change management, incident management, and problem management.

5. Event Management Roadmap – Implement and continually improve upon your event management practice.

Use this tool to implement and continually improve upon your event management process. Record, prioritize, and assign your action items from the event management blueprint.


Engineer Your Event Management Process

Track monitored events purposefully and respond effectively.

EXECUTIVE BRIEF

Analyst Perspective

Event management is useless in isolation.

Event management creates no value when implemented in isolation. However, that does not mean event management is not valuable overall. It must simply be integrated properly in the service management environment to inform and drive the appropriate actions.

Every step of engineering event management, from choosing which events to monitor to actioning the events when they are detected, is a purposeful and explicit activity. Ensuring that event management has open lines of communication and actions tied to related practices (e.g. problem, incident, and change) allows efficient action when needed.

Catalog your monitored events using a standardized framework to allow you to know:

  1. The value of tracking the event.
  2. The impact when the event is detected.
  3. The appropriate, right-sized reaction when the event is detected.
  4. The tool(s) involved in tracking the event.

Properly engineering event management allows you to effectively monitor and understand your IT environment and bolster the proactivity of the related service management practices.

Benedict Chang

Benedict Chang
Research Analyst, Infrastructure & Operations
Info-Tech Research Group

Executive Summary

Your Challenge

Strive for proactivity. Implement event management to reduce response times of technical teams to solve (potential) incidents when system performance degrades.

Build an integrated event management practice where developers, service desk, and operations can all rely on event logs and metrics.

Define the scope of event management including the systems to track, their operational conditions, related configuration items (CIs), and associated actions of the tracked events.

Common Obstacles

Managed services, subscription services, and cloud services have reduced the traditional visibility of on- premises tools.

System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

Info-Tech’s Approach

Clearly define a limited number of operational objectives that may benefit from event management.

Focus only on the key systems whose value is worth the effort and expense of implementing event management.

Understand what event information is available from the CIs of those systems and map those against your operational objectives.

Write a data retention policy that balances operational, audit, and debugging needs against cost and data security needs.

Info-Tech Insight

More is NOT better. Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

Your challenge

This research is designed to help organizations who are facing these challenges or looking to:

  • Build an event management practice that is situated in the larger service management environment.
  • Purposefully choose events and to track as well as their related actions based on business-critical systems, their conditions, and their related CIs.
  • Cut down on the clutter of current events tracked.
  • Create a framework to add new events when new systems are onboarded.

33%

In 2020, 33% of organizations listed network monitoring as their number one priority for network spending. 27% of organizations listed network monitoring infrastructure as their number two priority.
Source: EMA, 2020; n=350

Common obstacles

These barriers make this challenge difficult to address for many organizations:

  • Many organizations have multiple tools across multiple teams and departments that track the current state of infrastructure, making it difficult to consolidate event management into a single practice.
  • Managed services, subscription services, and cloud services have reduced the traditional visibility of on-premises tools
  • System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

Build event management to bring value to the business

33%

33% of all IT organizations reported that end users detected and reported incidents before the network operations team was aware of them.
Source: EMA, 2020; n=350

64%

64% of enterprises use 4-10 monitoring tools to troubleshoot their network.
Source: EMA, 2020; n=350

Info-Tech’s approach

Choose your events purposefully to avoid drowning in data.

A funnel is depicted. along the funnel are the following points: Event Candidates: 1. System Selection by Business Impact; 2. System Decomposition; 3. Event Selection and Thresholding; 4. Event Action; 5. Data Management; Valuable, Monitored, and Actioned Events

The Info-Tech difference:

  1. Start with a list of your most business-critical systems instead of data points to measure.
  2. Decompose your business-critical systems into their configuration items. This gives you a starting point for choosing what to measure.
  3. Choose your events and label them as notifications, warnings, or exceptions. Choose the relevant thresholds for each CI.
  4. Have a pre-defined action tied to each event. That action could be to log the datapoint for a report or to open an incident or problem ticket.
  5. With your event catalog defined, choose how you will measure the events and where to store the data.

Event management is useless in isolation

Define how event management informs other management practices.

Logging, Archiving, and Metrics

Monitoring and event management can be used to establish and analyze your baseline. The more you know about your system baselines, the easier it will be to detect exceptions.

Change Management

Events can inform needed changes to stay compliant or to resolve incidents and problems. However, it doesn’t mean that changes can be implemented without the proper authorization.

Automatic Resolution

The best use case for event management is to detect and resolve incidents and problems before end users or IT are even aware.

Incident Management

Events sitting in isolation are useless if there isn’t an effective way to pass potential tickets off to incident management to mitigate and resolve.

Problem Management

Events can identify problems before they become incidents. However, you must establish proper data logging to inform problem prioritization and actioning.

Info-Tech’s methodology for Engineering Your Event Management Process

1. Situate Event Management in Your Service Management Environment 2. Define Your Monitoring Thresholds and Accompanying Actions 3. Start Monitoring and Implement Event Management

Phase Steps

1.1 Set Operational and Informational Goals

1.2 Scope Monitoring and States of Interest

2.1 Define Conditions and Related CIs

2.2 Set Monitoring Thresholds and Alerts

2.3 Action Your Events

3.1 Define Your Data Policy

3.2 Define Future State

Event Cookbook

Event Catalog

Phase Outcomes

Monitoring and Event Management RACI

Abbreviated BIA

Event Workflow

Event Management Roadmap

Insight summary

Event management is useless in isolation.

The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

Start with business intent.

Trying to organize a catalog of events is difficult when working from the bottom up. Start with the business drivers of event management to keep the scope manageable.

Keep your signal-to-noise ratio as high as possible.

Defining tracked events with their known conditions, root cause, and associated actions allows you to be proactive when events occur.

Improve slowly over time.

Start small if need be. It is better and easier to track a few items with proper actions than to try to analyze events as they occur.

More is NOT better. Avoid drowning in data.

Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

Add correlations in event management to avoid false positives.

Supplement the predictive value of a single event by aggregating it with other events.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable:

This is a screenshot of the Event Management Cookbook

Event Management Cookbook
Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

This is a screenshot of the Event Management RACI

Event Management RACI
Define the roles and responsibilities needed in event management.

This is a screenshot of the event management workflow

Event Management Workflow
Define the lifecycle and handoffs for event management.

This is a screenshot of the Event Catalog

Event Catalog
Consolidate and organize your tracked events.

This is a screenshot of the Event Roadmap

Event Roadmap
Roadmap your initiatives for future improvement.

Blueprint benefits

IT Benefits

  • Provide a mechanism to compare operating performance against design standards and SLAs.
  • Allow for early detection of incidents and escalations.
  • Promote timely actions and ensure proper communications.
  • Provide an entry point for the execution of service management activities.
  • Enable automation activity to be monitored by exception
  • Provide a basis for service assurance, reporting and service improvements.

Business Benefits

  • Less overall downtime via earlier detection and resolution of incidents.
  • Better visibility into SLA performance for supplied services.
  • Better visibility and reporting between IT and the business.
  • Better real-time and overall understanding of the IT environment.

Case Study

An event management script helped one company get in front of support calls.

INDUSTRY - Research and Advisory

SOURCE - Anonymous Interview

Challenge

One staff member’s workstation had been infected with a virus that was probing the network with a wide variety of usernames and passwords, trying to find an entry point. Along with the obvious security threat, there existed the more mundane concern that workers occasionally found themselves locked out of their machine and needed to contact the service desk to regain access.

Solution

The system administrator wrote a script that runs hourly to see if there is a problem with an individual’s workstation. The script records the computer's name, the user involved, the reason for the password lockout, and the number of bad login attempts. If the IT technician on duty notices a greater than normal volume of bad password attempts coming from a single account, they will reach out to the account holder and inquire about potential issues.

Results

The IT department has successfully proactively managed two distinct but related problems: first, they have prevented several instances of unplanned work by reaching out to potential lockouts before they receive an incident report. They have also successfully leveraged event management to probe for indicators of a security threat before there is a breach.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3

Call #1: Scope requirements, objectives, and your specific challenges.

Call #2: Introduce the Cookbook and explore the business impact analysis.

Call #4: Define operational conditions.

Call #6: Define actions and related practices.

Call #8: Identify and prioritize improvements.

Call #3: Define system scope and related CIs/ dependencies.

Call #5: Define thresholds and alerts.

Call #7: Define data policy.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 6 to 12 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4 Day 5
Situate Event Management in Your Service Management Environment Define Your Event Management Scope Define Thresholds and Actions Start Monitoring and Implement Event Management Next Steps and Wrap-Up (offsite)

Activities

1.1 3.1 Set Thresholds to Monitor

3.2 Add Actions and Handoffs to Event Management

Introductions

1.2 Operational and Informational Goals and Challenges

1.3 Event Management Scope

1.4 Roles and Responsibilities

2.1 Define Operational Conditions for Systems

2.2 Define Related CIs and Dependencies

2.3 Define Conditions for CIs

2.4 Perform Root-Cause Analysis for Complex Condition Relationships

2.4 Set Thresholds for CIs

3.1 Set Thresholds to Monitor

3.2 Add Actions and Handoffs to Event Management

4.1 Define Your Data Policy for Event Management

4.2 Identify Areas for Improvement and Future Steps

4.3 Summarize Workshop

5.1 Complete In-Progress Deliverables From Previous Four Days

5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps

Deliverables
  1. Monitoring and Event Management RACI (as part of the Event Management Cookbook)
  2. Abbreviated BIA (as part of the Event Management Cookbook)
  3. Event Management Cookbook
  1. Event Management Catalog
  1. Event Management Catalog
  2. Event Management Workflows
  1. Event Management Catalog
  2. Event Management Roadmap
  1. Workshop Summary

Phase 1

Situate Event Management in Your Service Management Environment

Phase 1 Phase 2 Phase 3

1.1 Set Operational and Informational Goals
1.2 Scope Monitoring and Event Management Using Business Impact

2.1 Define Conditions and Related CIs
2.2 Set Monitoring Thresholds and Alerts
2.3 Action Your Events

3.1 Define Your Data Policy
3.2 Set Your Future of Event Monitoring

Engineer Your Event Management Process

This phase will walk you through the following activities:

1.1.1 List your goals and challenges

1.1.2 Build a RACI chart for event management

1.2.1 Set your scope using business impact

This phase involves the following participants:

Infrastructure management team

IT managers

Step 1.1

Set Operational and Informational Goals

Activities

1.1.1 List your goals and challenges

1.1.2 Build a RACI chart for event management

Situate Event Management in Your Service Management Environment

This step will walk you through the following activities:

Set the overall scope of event management by defining the governing goals. You will also define who is involved in event management as well as their responsibilities.

This step involves the following participants:

Infrastructure management team

IT managers

Outcomes of this step

Define the goals and challenges of event management as well as their data proxies.

Have a RACI matrix to define roles and responsibilities in event management.

Situate event management among related service management practices

This image depicts the relationship between Event Management and related service management practices.

Event management needs to interact with the following service management practices:

  • Incident Management – Event management can provide early detection and/or prevention of incidents.
  • Availability and Capacity Management – Event management helps detect issues with availability and capacity before they become an incident.
  • Problem Management – The data captured in event management can aid in easier detection of root causes of problems.
  • Change Management – Event management can function as the rationale behind needed changes to fix problems and incidents.

Consider both operational and informational goals for event management

Event management may log real-time data for operational goals and non-real time data for informational goals

Event Management

Operational Goals (real-time)

Informational Goals (non-real time)

Incident Response & Prevention

Availability Scaling

Availability Scaling

Modeling and Testing

Investigation/ Compliance

  • Knowing what the outcomes are expected to achieve helps with the design of that process.
  • A process targeted to fewer outcomes will generally be less complex, easier to adhere to, and ultimately, more successful than one targeted to many goals.
  • Iterate for improvement.

1.1.1 List your goals and challenges

Gather a diverse group of IT staff in a room with a whiteboard.

Have each participant write down their top five specific outcomes they want from improved event management.

Consolidate similar ideas.

Prioritize the goals.

Record these goals in your Event Management Cookbook.

Priority Example Goals
1 Reduce response time for incidents
2 Improve audit compliance
3 Improve risk analysis
4 Improve forecasting for resource acquisition
5 More accurate RCAs

Input

  • Pain points

Output

  • Prioritized list of goals and outcomes

Materials

  • Whiteboard/flip charts
  • Sticky notes

Participants

  • Infrastructure management team
  • IT managers

Download the Event Management Cookbook

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Situate Event Management in Your Service Management Environment
  • Call 1: Scope requirements, objectives, and your specific challenges.

Guided Implementation 2: Define Your Monitoring Thresholds and Accompanying Actions
  • Call 1: Introduce the Cookbook and explore the business impact analysis.
  • Call 2: Define system scope and related CIs/ dependencies.
  • Call 3: Define operational conditions.
  • Call 4: Define thresholds and alerts.

Guided Implementation 3: Start Monitoring and Implement Event Management
  • Call 1: Define actions and related practices.
  • Call 2: Define data policy.
  • Call 3: Identify and prioritize improvements.

Authors

Benedict Chang

John Annand

Contributors

  • Scott Young, Principal Research Director, Info-Tech Research Group
  • Darin Stahl, Principal Research Director, Info-Tech Research Group
  • 5 Anonymous contributors
Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019