Engineer Your Event Management Process
Track monitored events purposefully and respond effectively.
Build an event management practice that is situated in the larger service management environment. Purposefully choose valuable events to track and predefine their associated actions to cut down on data clutter.
Our Advice
Critical Insight
Event management is useless in isolation. The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.
Impact and Result
Create a repeatable framework to define monitored events, their root cause, and their associated action. Record your monitored events in a catalog to stay organized.
Engineer Your Event Management Process
Track monitored events purposefully and respond effectively.
EXECUTIVE BRIEF
Analyst Perspective
Event management is useless in isolation.
Event management creates no value when implemented in isolation. However, that does not mean event management is not valuable overall. It must simply be integrated properly in the service management environment to inform and drive the appropriate actions.
Every step of engineering event management, from choosing which events to monitor to actioning the events when they are detected, is a purposeful and explicit activity. Ensuring that event management has open lines of communication and actions tied to related practices (e.g. problem, incident, and change) allows efficient action when needed.
Catalog your monitored events using a standardized framework to allow you to know:
- The value of tracking the event.
- The impact when the event is detected.
- The appropriate, right-sized reaction when the event is detected.
- The tool(s) involved in tracking the event.
Properly engineering event management allows you to effectively monitor and understand your IT environment and bolster the proactivity of the related service management practices.
Benedict Chang
Research Analyst, Infrastructure & Operations
Info-Tech Research Group
Executive Summary
Your Challenge
Strive for proactivity. Implement event management to reduce response times of technical teams to solve (potential) incidents when system performance degrades.
Build an integrated event management practice where developers, service desk, and operations can all rely on event logs and metrics.
Define the scope of event management including the systems to track, their operational conditions, related configuration items (CIs), and associated actions of the tracked events.
Common Obstacles
Managed services, subscription services, and cloud services have reduced the traditional visibility of on- premises tools.
System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.
Info-Tech’s Approach
Clearly define a limited number of operational objectives that may benefit from event management.
Focus only on the key systems whose value is worth the effort and expense of implementing event management.
Understand what event information is available from the CIs of those systems and map those against your operational objectives.
Write a data retention policy that balances operational, audit, and debugging needs against cost and data security needs.
Info-Tech Insight
More is NOT better. Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.
Your challenge
This research is designed to help organizations who are facing these challenges or looking to:
- Build an event management practice that is situated in the larger service management environment.
- Purposefully choose events and to track as well as their related actions based on business-critical systems, their conditions, and their related CIs.
- Cut down on the clutter of current events tracked.
- Create a framework to add new events when new systems are onboarded.
33%
In 2020, 33% of organizations listed network monitoring as their number one priority for network spending. 27% of organizations listed network monitoring infrastructure as their number two priority.
Source: EMA, 2020; n=350
Common obstacles
These barriers make this challenge difficult to address for many organizations:
- Many organizations have multiple tools across multiple teams and departments that track the current state of infrastructure, making it difficult to consolidate event management into a single practice.
- Managed services, subscription services, and cloud services have reduced the traditional visibility of on-premises tools
- System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.
Build event management to bring value to the business
33%
33% of all IT organizations reported that end users detected and reported incidents before the network operations team was aware of them.
Source: EMA, 2020; n=350
64%
64% of enterprises use 4-10 monitoring tools to troubleshoot their network.
Source: EMA, 2020; n=350
Info-Tech’s approach
Choose your events purposefully to avoid drowning in data.
The Info-Tech difference:
- Start with a list of your most business-critical systems instead of data points to measure.
- Decompose your business-critical systems into their configuration items. This gives you a starting point for choosing what to measure.
- Choose your events and label them as notifications, warnings, or exceptions. Choose the relevant thresholds for each CI.
- Have a pre-defined action tied to each event. That action could be to log the datapoint for a report or to open an incident or problem ticket.
- With your event catalog defined, choose how you will measure the events and where to store the data.
Event management is useless in isolation
Define how event management informs other management practices.
Logging, Archiving, and Metrics
Monitoring and event management can be used to establish and analyze your baseline. The more you know about your system baselines, the easier it will be to detect exceptions.
Change Management
Events can inform needed changes to stay compliant or to resolve incidents and problems. However, it doesn’t mean that changes can be implemented without the proper authorization.
Automatic Resolution
The best use case for event management is to detect and resolve incidents and problems before end users or IT are even aware.
Incident Management
Events sitting in isolation are useless if there isn’t an effective way to pass potential tickets off to incident management to mitigate and resolve.
Problem Management
Events can identify problems before they become incidents. However, you must establish proper data logging to inform problem prioritization and actioning.
Info-Tech’s methodology for Engineering Your Event Management Process
| 1. Situate Event Management in Your Service Management Environment | 2. Define Your Monitoring Thresholds and Accompanying Actions | 3. Start Monitoring and Implement Event Management | |
|
Phase Steps |
1.1 Set Operational and Informational Goals 1.2 Scope Monitoring and States of Interest |
2.1 Define Conditions and Related CIs 2.2 Set Monitoring Thresholds and Alerts 2.3 Action Your Events |
3.1 Define Your Data Policy 3.2 Define Future State |
|
Event Cookbook Event Catalog |
|||
|
Phase Outcomes |
Monitoring and Event Management RACI Abbreviated BIA |
Event Workflow |
Event Management Roadmap |
Insight summary
Event management is useless in isolation.
The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.
Start with business intent.
Trying to organize a catalog of events is difficult when working from the bottom up. Start with the business drivers of event management to keep the scope manageable.
Keep your signal-to-noise ratio as high as possible.
Defining tracked events with their known conditions, root cause, and associated actions allows you to be proactive when events occur.
Improve slowly over time.
Start small if need be. It is better and easier to track a few items with proper actions than to try to analyze events as they occur.
More is NOT better. Avoid drowning in data.
Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.
Add correlations in event management to avoid false positives.
Supplement the predictive value of a single event by aggregating it with other events.
Blueprint deliverables
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Key deliverable:
Event Management Cookbook
Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.
Event Management RACI
Define the roles and responsibilities needed in event management.
Event Management Workflow
Define the lifecycle and handoffs for event management.
Event Catalog
Consolidate and organize your tracked events.
Event Roadmap
Roadmap your initiatives for future improvement.
Blueprint benefits
IT Benefits
- Provide a mechanism to compare operating performance against design standards and SLAs.
- Allow for early detection of incidents and escalations.
- Promote timely actions and ensure proper communications.
- Provide an entry point for the execution of service management activities.
- Enable automation activity to be monitored by exception
- Provide a basis for service assurance, reporting and service improvements.
Business Benefits
- Less overall downtime via earlier detection and resolution of incidents.
- Better visibility into SLA performance for supplied services.
- Better visibility and reporting between IT and the business.
- Better real-time and overall understanding of the IT environment.
Case Study
An event management script helped one company get in front of support calls.
INDUSTRY - Research and Advisory
SOURCE - Anonymous Interview
Challenge
One staff member’s workstation had been infected with a virus that was probing the network with a wide variety of usernames and passwords, trying to find an entry point. Along with the obvious security threat, there existed the more mundane concern that workers occasionally found themselves locked out of their machine and needed to contact the service desk to regain access.
Solution
The system administrator wrote a script that runs hourly to see if there is a problem with an individual’s workstation. The script records the computer's name, the user involved, the reason for the password lockout, and the number of bad login attempts. If the IT technician on duty notices a greater than normal volume of bad password attempts coming from a single account, they will reach out to the account holder and inquire about potential issues.
Results
The IT department has successfully proactively managed two distinct but related problems: first, they have prevented several instances of unplanned work by reaching out to potential lockouts before they receive an incident report. They have also successfully leveraged event management to probe for indicators of a security threat before there is a breach.
Info-Tech offers various levels of support to best suit your needs
DIY Toolkit
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
Guided Implementation
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
Workshop
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
Consulting
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Diagnostics and consistent frameworks used throughout all four options
Guided Implementation
What does a typical GI on this topic look like?
| Phase 1 | Phase 2 | Phase 3 |
|---|
|
Call #1: Scope requirements, objectives, and your specific challenges. |
Call #2: Introduce the Cookbook and explore the business impact analysis. |
Call #4: Define operational conditions. |
Call #6: Define actions and related practices. |
Call #8: Identify and prioritize improvements. |
|
Call #3: Define system scope and related CIs/ dependencies. |
Call #5: Define thresholds and alerts. |
Call #7: Define data policy. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 6 to 12 calls over the course of 4 to 6 months.
Workshop Overview
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
| Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
|---|---|---|---|---|---|
| Situate Event Management in Your Service Management Environment | Define Your Event Management Scope | Define Thresholds and Actions | Start Monitoring and Implement Event Management | Next Steps and Wrap-Up (offsite) | |
|
Activities |
1.1 3.1 Set Thresholds to Monitor 3.2 Add Actions and Handoffs to Event Management Introductions 1.2 Operational and Informational Goals and Challenges 1.3 Event Management Scope 1.4 Roles and Responsibilities |
2.1 Define Operational Conditions for Systems 2.2 Define Related CIs and Dependencies 2.3 Define Conditions for CIs 2.4 Perform Root-Cause Analysis for Complex Condition Relationships 2.4 Set Thresholds for CIs |
3.1 Set Thresholds to Monitor 3.2 Add Actions and Handoffs to Event Management |
4.1 Define Your Data Policy for Event Management 4.2 Identify Areas for Improvement and Future Steps 4.3 Summarize Workshop |
5.1 Complete In-Progress Deliverables From Previous Four Days 5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps |
| Deliverables |
|
|
|
|
|
Phase 1
Situate Event Management in Your Service Management Environment
| Phase 1 | Phase 2 | Phase 3 |
|---|---|---|
|
1.1 Set Operational and Informational Goals |
2.1 Define Conditions and Related CIs |
3.1 Define Your Data Policy |
Engineer Your Event Management Process
This phase will walk you through the following activities:
1.1.1 List your goals and challenges
1.1.2 Build a RACI chart for event management
1.2.1 Set your scope using business impact
This phase involves the following participants:
Infrastructure management team
IT managers
Step 1.1
Set Operational and Informational Goals
Activities
1.1.1 List your goals and challenges
1.1.2 Build a RACI chart for event management
Situate Event Management in Your Service Management Environment
This step will walk you through the following activities:
Set the overall scope of event management by defining the governing goals. You will also define who is involved in event management as well as their responsibilities.
This step involves the following participants:
Infrastructure management team
IT managers
Outcomes of this step
Define the goals and challenges of event management as well as their data proxies.
Have a RACI matrix to define roles and responsibilities in event management.
Situate event management among related service management practices
Event management needs to interact with the following service management practices:
- Incident Management – Event management can provide early detection and/or prevention of incidents.
- Availability and Capacity Management – Event management helps detect issues with availability and capacity before they become an incident.
- Problem Management – The data captured in event management can aid in easier detection of root causes of problems.
- Change Management – Event management can function as the rationale behind needed changes to fix problems and incidents.
Consider both operational and informational goals for event management
Event management may log real-time data for operational goals and non-real time data for informational goals
|
Event Management |
||||
|---|---|---|---|---|
|
Operational Goals (real-time) |
Informational Goals (non-real time) |
|||
|
Incident Response & Prevention |
Availability Scaling |
Availability Scaling |
Modeling and Testing |
Investigation/ Compliance |
- Knowing what the outcomes are expected to achieve helps with the design of that process.
- A process targeted to fewer outcomes will generally be less complex, easier to adhere to, and ultimately, more successful than one targeted to many goals.
- Iterate for improvement.
1.1.1 List your goals and challenges
Gather a diverse group of IT staff in a room with a whiteboard.
Have each participant write down their top five specific outcomes they want from improved event management.
Consolidate similar ideas.
Prioritize the goals.
Record these goals in your Event Management Cookbook.
| Priority | Example Goals |
|---|---|
| 1 | Reduce response time for incidents |
| 2 | Improve audit compliance |
| 3 | Improve risk analysis |
| 4 | Improve forecasting for resource acquisition |
| 5 | More accurate RCAs |
Input
- Pain points
Output
- Prioritized list of goals and outcomes
Materials
- Whiteboard/flip charts
- Sticky notes
Participants
- Infrastructure management team
- IT managers
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 3-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Situate Event Management in Your Service Management Environment
- Call 1: Scope requirements, objectives, and your specific challenges.
Guided Implementation 2: Define Your Monitoring Thresholds and Accompanying Actions
- Call 1: Introduce the Cookbook and explore the business impact analysis.
- Call 2: Define system scope and related CIs/ dependencies.
- Call 3: Define operational conditions.
- Call 4: Define thresholds and alerts.
Guided Implementation 3: Start Monitoring and Implement Event Management
- Call 1: Define actions and related practices.
- Call 2: Define data policy.
- Call 3: Identify and prioritize improvements.
Contributors
- Scott Young, Principal Research Director, Info-Tech Research Group
- Darin Stahl, Principal Research Director, Info-Tech Research Group
- 5 Anonymous contributors
Optimize the IT Operations Center
Improve Incident and Problem Management
What is IT change management optimization?
Harness Configuration Management Superpowers
Develop an IT Infrastructure Services Playbook
Develop Infrastructure & Operations Policies and Procedures
Stabilize Release and Deployment Management
Deploy AIOps to Improve IT Operations
Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
Improve IT-Business Alignment Through an Internal SLA
Implement Infrastructure Shared Services
Next-Generation InfraOps
M&A Runbook for Infrastructure and Operations
Reduce Manual Repetitive Work With IT Automation
Take Control of Cloud Costs on AWS
Take Control of Cloud Costs on Microsoft Azure
Govern Shared Services
Responsibly Resume IT Operations in the Office
Take Control of Infrastructure and Operations Metrics
Engineer Your Event Management Process
Design Your Cloud Operations
Build a Continual Improvement Program
Align Projects With the IT Change Lifecycle
Prepare for Microsoft 365 Copilot