A CSI Approach With Topology-Powered Observability

Profielfoto O.Schouws
Olaf Schouws
4 min read

We recently ran a quick poll where we asked, “When an IT incident occurs at your company, what TV show does it most resemble?” Twenty-three percent of respondents told us that "CSI: Crime Scene Investigation" resembled them the most.

We needed to dig into that a little deeper.

Let’s walk through the typical steps of figuring out the root cause, in CSI fashion:

Taking photographs of the crime scene 

Photographs are critical in the world of CSI. They allow you to freeze a moment in time so you can revisit the crime and search for clues you may have missed in person. 

Snapshots are also helpful when it comes to IT observability by helping you reconstruct event sequences that led to failures. Topology, combined with telemetry, provides a picture of your IT landscape and shows how it’s functioning in real-time.  

What if you need to go back to a moment in time so you can see the minute something went wrong? Time-traveling topology enables you to replay the events of the incident, so you can get visibility into what changed, when it changed, and how that affected your IT landscape. 

Identifying and collecting forensic evidence

Clues are another critical area in CSI. They help our main characters ultimately solve and close cases. Magnifying glasses help on the scene, while microscopes in the lab get them an even closer look at the evidence. 

Like a crime scene, topology can get very complicated, very quickly. That’s because there are various relationships in your topology that can grow rapidly.  With tools like the Telemetry Perspective, your IT team can capture all the data to dig deeper into the evidence. 

Looking for associative evidence 

In the world of Crime Scene Investigation, associative evidence links people or items to the crime scene.

When it comes to topology-powered observability, topology and telemetry tools allow people to see how problems relate to each other. You can also see what happens when changes are introduced so you can link incidents to changes in your IT environment. 

Maintaining custody of the evidence

Chain of custody is the process CSI investigators use to provide a chronological history of evidence. It serves as proof that the evidence wasn’t tampered with and is the same evidence found at the scene.

Topology-powered observability takes this to another level. Tracing tools provide end-to-end insight into your complete IT landscape. Tracing integrates with time-traveling topology to capture all changes that occurred over time. 

Comparing the evidence with incident root cause analysis

Knowing the root cause of an incident is key to resolving issues. The steps you take to determine the root cause are critical. Did you overlook any clues? Or maybe there was an angle you didn’t consider. Overlooking any key factors could lead you to the wrong conclusion...and could lead to more unsolved crimes. 

Topology-powered observability enables teams to investigate every event thoroughly and connects each event to real-time topology. It gives you the tools needed to prevent incidents and find the root cause quickly and accurately. Also, with autonomous anomaly detection, you can start reviewing the evidence before a major incident occurs. 

Case closed 

Every investigator needs the right tools for the job to find out “whodunit.” You need the right end-to-end observability platform, rather than disparate monitoring and management tools, to quickly piece together the big picture and respond accordingly. 

The ability to react quickly and identify the root cause is essential, but prevention is better. Topology-powered observability gives you the tools you need to predict events and prevent them from happening in the first place. 

This is why we created StackState. Don’t just take our word for it. Schedule a demo today and see for yourself how StackState can help your business close your IT incidents faster.