SlideShare a Scribd company logo

Conf2014_SearchHeadClustering

Splunk
Splunk

This session covers how Search Head Clustering provides horizontal scalability to support more users and searches, and high availability to ensure users can access their searches at all times. We also cover the architecture, how it works, and best practices guides for large scale deployment.

Technology
1 of 42
Download to read offline
Copyright  ©  2014  Splunk  Inc.   Mustafa  Ahamed   Director,  Product  Management   Eric  Woo   Senior  SoEware  Engineer   Anirban  Rahut   Senior  SoEware  Engineer       What’s  New  In  Search   Head  Clustering  
Disclaimer   2   During  the  course  of  this  presentaLon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauLon  you  that  such  statements  reflect  our  current  expectaLons  and   esLmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaLon  are  being  made  as   of  the  Lme  and  date  of  its  live  presentaLon.  If  reviewed  aEer  its  live  presentaLon,  this  presentaLon  may  not  contain   current  or  accurate  informaLon.  We  do  not  assume  any  obligaLon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiLon,  any  informaLon  about  our  roadmap  outlines  our  general  product  direcLon  and  is  subject  to  change   at  any  Lme  without  noLce.  It  is  for  informaLonal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaLon  either  to  develop  the  features  or  funcLonality  described  or  to   include  any  such  feature  or  funcLonality  in  a  future  release.  
Agenda   !   What  is  Search  Head  Clustering?   !   Business  Benefits  of  Search  Head  Clustering   !   SHC  ConfiguraLon  /  ReplicaLon   !   App  Deployment   !   Tips  and  Tricks     –  MigraLon     !   Q&A     3  
Search  Head  Clustering     Ability  to  group  search  heads  into  a  cluster  in  order    to  provide       Highly  Available  and  Scalable  search  services   4   MISSION   CRITICAL   ENTERPRISE  
5     Horizontal  Scaling           Always-­‐on  Search  Services         Consistent  User  Experience       Easy  to  add  /  manage   premium  contents  (apps)   Business  Benefits  of  SHC  
SHP      vs.      SHC   SHC  SHP   •  Available  since  v4.2   •  Sharing  configuraLons  through  NFS   •  Single  point  of  failure   •  Performance  issues   •  No  NFS   •  ReplicaLon  using  local  storage   •  Commodity  hardware   6   NFS  
    1.  No  Single  Point  of   Failures   2.  “One  ConfiguraLon”   across  SH   3.  Horizontal  Scaling   7   1.  Dynamic  Captain   2.  AutomaLc  Config     replicaLon  across  SH   3.  Ability  to  add/remove   nodes  on  running  cluster   Design  Goals   ImplementaLon  
SHC  –  How  Does  it  Work?   8   1.  Group  search  heads  into  a  cluster   2.  A  captain  gets  elected  dynamically   3.  User  created  reports/dashboards  automaLcally   replicated  to  other  search  heads   1   2   3  
Anatomy  &  Cluster   Bring  up  
Search  Head  Cluster  Bring  Up   10   captain   config-­‐log   {s1,s2,  ...,  sn}   •  Bootstrap  captain   •  Bring-­‐up  members   •  Captain  establishes  authority   •  Members  join/register   •  CLI  based  cluster  scale/shrink        ...   members  
Job  Scheduling  
Use  Case   12   !   Scale  search  capacity   !   Enable  more  reports,  dashboards,  alerts   !   Load  balance  user  sessions  (onboarding)  
•  Captain  is  job  scheduler   •  Eliminates  job-­‐server  need   •  Load-­‐based  heurisLc   Job  Scheduling  OrchestraLon   13   captain   scheduler        ...   search        1   search        2   LOAD   SUCC   FAIL   load   balancer   search      3    
Details   14   !   Captain  updates  RA/DM  summaries  on  indexers.   !   Scheduler  limits  honored  across  the  cluster   !   Real  Lme  scheduled  searches  run  one  instance  across  cluster   !   Auto-­‐failover  –  New  captain  becomes  scheduler   !   captain_is_adhoc_searchhead  knob  to  reduce  captain  load  
Alerts  &  Suppression   15   !   Alerts  fired  when  results  of  search  meet  alerLng  criteria   –  Historical  Searches  –  within  10  seconds  aEer  job  completes   –  RealTime  searches  –  ongoing  basis   !   Captain  merges  and  maintains  global  view  of  alerts   !   Suppression  informaLon  centralized  by  the  captain   !   Merged  Alerts/Suppression  sent  back  to  members  
High  Availability  of   Search  Results  
Search  Results  primer   17   Search  -­‐  HEAD   indexers   stream  results   reduce   map   Other  Names   1.  search  results   2.  search  arLfact   3.  dispatch  directory   4.  SID   $SPLUNK_HOME/var/ run/splunk/dispatch/ scheduler__admin__sear ch__mysearch_at_14107 08600_345   sourcetype  =  access_combined    |  stats  count  by  clienLp   Dispatch  dir  needs  to  be  replicated  to     mulCple  nodes  to  tolerate  node  failures  
ArLfact  ReplicaLon   18        ...   succ   succ   •  Captain  orchestrates  replicaLon   •  Default  replicaLon_factor=3   •  Success  failure  ACK’d  to  captain   •  Asynch  Replicate  on  Proxy     •  ReplicaLon  policy  enforced  by  fixups   replica-­‐1     replica-­‐2     succ   captain   replicate   orig  
     ArLfact  Proxy-­‐ing   19   !   ReplicaLon  Guarantees  HA&DR  but...   !   SID  not  available  on  all  nodes  *locally*   !   RealTime  searches  are  not  replicated   !   We  use  proxy-­‐ing  to  fill  these  gaps   !   Proxying  on  REST  request     captain   over  HB   locaLon     log   r1   proxy   orig   AuthenCcaCon  is   cluster  aware!!   HB  =  Heartbeat   r2   async   replicate  
Adhoc  Search  Management   20   !   Adhoc  search  -­‐  interacLve  search  run  from  a  user  session   !   Adhoc  searches  not  replicated     !   Captain,  however  will  have  global  knowledge  of  all  searches   !   GET  services/search/jobs  will  return  the  global  list  of  searches   !   You  can  proxy  and  access  adhoc  searches  from  any  node  
Reaping  of  Search  ArLfacts   21   !   Reaping  –  DeleLon  of  search  results  when  TTL  (Lme  to  live)  expires   !   Search  ArLfacts  reaped  from  the  origin  node   !   Captain  orchestrates  reaps  of  the  replicas  
Auto  Failover  
HA  &  Auto-­‐Failover   23   Design  Goals   1.  No  Single  Point  of  Failure   2.  ConLnuous  UpLme   3.  Consistent  User  Experience   ImplementaLon   1.  Dynamic  Captain  elecLon   2.  Auto  Failover   3.  Proxying  for  consistent  view  
Dynamic  Captain   24   !   RaE  Consensus  Protocol  from  Stanford   –  Diego  Ongaro  &  John  Osterhout   –  Acknowledge  Diego  Ongaro  for  help!   !   SHC  uses  RAFT  for  LE  and  Auto  Failover   RV  =      Request  Vote       LE  =    Leader  ElecLon   SHC  =    Search  Head  Clustering     S4   S2   S5   S3   S1   captain   new     captain  
Auto-­‐Failover   25   new  captain        ...   members   old  captain   arLfacts   running  jobs   alerts,  etc   search  load   scheduler   Fixups  
ConfiguraLon   Management  
ConfiguraLon  Files   !   Custom  user  content   –  Reports   –  Dashboards   !   Search-­‐Lme  knowledge   –  Field  extracLons   –  Event  types   –  Macros   !   System  configuraLons   –  Inputs,  forwarding,  authenLcaLon  
Goal   28   !   Consistent  user  experience  across  all  search  heads   !   Changes  made  on  one  member  are  reflected  on  all  members  
ConfiguraLon  Changes   29   !   Users  customize  search  and  UI  configuraLons  via  UI/CLI/REST   –  Save  report   –  Add  panel  to  dashboards   –  Create  field  extracLon   !   Administrators  modify  system  configuraLons   –  Configure  forwarding   –  Deploy  centralized  authenLcaLon  (e.g.  LDAP)   –  Install  enLrely  new  app  or  hand-­‐edited  configuraLon  
Search  and  UI  ConfiguraLons   30   !   Changes  to  search  and  UI  configuraLons  are  replicated  across  the   search  head  cluster  automaLcally   !   Goal:  eventual  consistency  
ConfiguraLon  ReplicaLon   31   my_dashboard.xml   C  
Concurrent  Changes   32   C  
Custom  App  Content   33   !   App  devs  may  "opt-­‐in"  their  custom  configuraLons  for  replicaLon   under  search  head  clustering   !   Example  server.conf  from  an  app  would  look  like:    [shclustering]    conf_replicaLon_include.my_custom_file  =  true  
System  ConfiguraLons   34   !   Recall:  only  changes  to  search  and  UI  configuraLons  are  replicated   across  the  search  head  cluster  automaLcally   !   hanges  to  system  configuraLons  are  not  replicated  automaLcally   because  of  their  high  potenLal  impact   !   How  are  system  configuraLons  kept  consistent  then?  
!   Deployer:  a  single,  well-­‐controlled  instance  outside  of  the  cluster   !   ConfiguraLons  should  be  tested  on  dev/QA  instances  prior  to  deploy   D   ConfiguraLon  Deployment   35  
UI   36  
Tips  &  Tricks  
Best  PracLces     !   Deployer  Instance   –  Can  piggyback  Cluster  Master  or  Deployment  Server   –  RecommendaLon  is  to  run  Deployer  on  separate  instance   !   Run  CLI  to  get  status  about  SHC   –  ./splunk  show  shcluster-­‐status       38  
Summary  
Key  Benefits  of  SHC   40     Horizontal  Scaling           Always-­‐on  Search  Services         Consistent  User  Experience       Easy  to  add  /  manage   premium  contents  (apps)  
Q  &  A  
THANK  YOU  

Recommended

Understand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsUnderstand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsC4Media
 
Ground Breakers Romania: Oracle Autonomous Database
Ground Breakers Romania: Oracle Autonomous DatabaseGround Breakers Romania: Oracle Autonomous Database
Ground Breakers Romania: Oracle Autonomous DatabaseMaria Colgan
 
Smart monitoring how does oracle rac manage resource, state ukoug19
Smart monitoring how does oracle rac manage resource, state ukoug19Smart monitoring how does oracle rac manage resource, state ukoug19
Smart monitoring how does oracle rac manage resource, state ukoug19Anil Nair
 
Big Data at Riot Games
Big Data at Riot GamesBig Data at Riot Games
Big Data at Riot GamesDataWorks Summit
 
AWR, ASH with EM13 at HotSos 2016
AWR, ASH with EM13 at HotSos 2016AWR, ASH with EM13 at HotSos 2016
AWR, ASH with EM13 at HotSos 2016Kellyn Pot'Vin-Gorman
 
Oracle Cloud native functions - create application from cli
Oracle Cloud native functions - create application from cliOracle Cloud native functions - create application from cli
Oracle Cloud native functions - create application from cliJohan Louwers
 
Install Redis on Oracle Linux
Install Redis on Oracle LinuxInstall Redis on Oracle Linux
Install Redis on Oracle LinuxJohan Louwers
 
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Chef
 

Recommended

Understand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsUnderstand the Trade-offs Using Compilers for Java Applications
Understand the Trade-offs Using Compilers for Java ApplicationsC4Media
 
Ground Breakers Romania: Oracle Autonomous Database
Ground Breakers Romania: Oracle Autonomous DatabaseGround Breakers Romania: Oracle Autonomous Database
Ground Breakers Romania: Oracle Autonomous DatabaseMaria Colgan
 
Smart monitoring how does oracle rac manage resource, state ukoug19
Smart monitoring how does oracle rac manage resource, state ukoug19Smart monitoring how does oracle rac manage resource, state ukoug19
Smart monitoring how does oracle rac manage resource, state ukoug19Anil Nair
 
Big Data at Riot Games
Big Data at Riot GamesBig Data at Riot Games
Big Data at Riot GamesDataWorks Summit
 
AWR, ASH with EM13 at HotSos 2016
AWR, ASH with EM13 at HotSos 2016AWR, ASH with EM13 at HotSos 2016
AWR, ASH with EM13 at HotSos 2016Kellyn Pot'Vin-Gorman
 
Oracle Cloud native functions - create application from cli
Oracle Cloud native functions - create application from cliOracle Cloud native functions - create application from cli
Oracle Cloud native functions - create application from cliJohan Louwers
 
Install Redis on Oracle Linux
Install Redis on Oracle LinuxInstall Redis on Oracle Linux
Install Redis on Oracle LinuxJohan Louwers
 
Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Overview of Chef - Fundamentals Webinar Series Part 1
Overview of Chef - Fundamentals Webinar Series Part 1Chef
 
Using Machine Learning to Debug Oracle RAC Issues
Using Machine Learning to Debug Oracle RAC IssuesUsing Machine Learning to Debug Oracle RAC Issues
Using Machine Learning to Debug Oracle RAC IssuesAnil Nair
 
Fault Tolerance in Distributed Environment
Fault Tolerance in Distributed EnvironmentFault Tolerance in Distributed Environment
Fault Tolerance in Distributed EnvironmentOrkhan Gasimov
 
AWR and ASH in an EM12c World
AWR and ASH in an EM12c WorldAWR and ASH in an EM12c World
AWR and ASH in an EM12c WorldKellyn Pot'Vin-Gorman
 
Updated Power of the AWR Warehouse, Dallas, HQ, etc.
Updated Power of the AWR Warehouse, Dallas, HQ, etc.Updated Power of the AWR Warehouse, Dallas, HQ, etc.
Updated Power of the AWR Warehouse, Dallas, HQ, etc.Kellyn Pot'Vin-Gorman
 
GoldenGate Monitoring - GOUSER - 4/2014
GoldenGate Monitoring - GOUSER - 4/2014GoldenGate Monitoring - GOUSER - 4/2014
GoldenGate Monitoring - GOUSER - 4/2014Bobby Curtis
 
Using Machine Learning to Debug complex Oracle RAC Issues
Using Machine Learning to Debug complex Oracle RAC IssuesUsing Machine Learning to Debug complex Oracle RAC Issues
Using Machine Learning to Debug complex Oracle RAC IssuesAnil Nair
 
What's New in Primavera P6 16.2
What's New in Primavera P6 16.2What's New in Primavera P6 16.2
What's New in Primavera P6 16.2Plan Academy - Online Primavera P6 Training
 
Performance in the Oracle Cloud
Performance in the Oracle CloudPerformance in the Oracle Cloud
Performance in the Oracle CloudKellyn Pot'Vin-Gorman
 
Optimizing the Enterprise Manager 12c
Optimizing the Enterprise Manager 12cOptimizing the Enterprise Manager 12c
Optimizing the Enterprise Manager 12cKellyn Pot'Vin-Gorman
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
 
Splunk conf2014 - Curating User Experience
Splunk conf2014 - Curating User ExperienceSplunk conf2014 - Curating User Experience
Splunk conf2014 - Curating User ExperienceSplunk
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
 
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...Splunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
 
Splunk conf2014 - Splunk for Data Science
Splunk conf2014 - Splunk for Data ScienceSplunk conf2014 - Splunk for Data Science
Splunk conf2014 - Splunk for Data ScienceSplunk
 
SAP-SuccessFactors Customer Presentation
SAP-SuccessFactors Customer PresentationSAP-SuccessFactors Customer Presentation
SAP-SuccessFactors Customer PresentationSplunk
 
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
 
Marketo Customer Presentation
Marketo Customer PresentationMarketo Customer Presentation
Marketo Customer PresentationSplunk
 
Sephora Customer Presentation
Sephora Customer PresentationSephora Customer Presentation
Sephora Customer PresentationSplunk
 
Splunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 

More Related Content

What's hot

Using Machine Learning to Debug Oracle RAC Issues
Using Machine Learning to Debug Oracle RAC IssuesUsing Machine Learning to Debug Oracle RAC Issues
Using Machine Learning to Debug Oracle RAC IssuesAnil Nair
 
Fault Tolerance in Distributed Environment
Fault Tolerance in Distributed EnvironmentFault Tolerance in Distributed Environment
Fault Tolerance in Distributed EnvironmentOrkhan Gasimov
 
Updated Power of the AWR Warehouse, Dallas, HQ, etc.
Updated Power of the AWR Warehouse, Dallas, HQ, etc.Updated Power of the AWR Warehouse, Dallas, HQ, etc.
Updated Power of the AWR Warehouse, Dallas, HQ, etc.Kellyn Pot'Vin-Gorman
 
GoldenGate Monitoring - GOUSER - 4/2014
GoldenGate Monitoring - GOUSER - 4/2014GoldenGate Monitoring - GOUSER - 4/2014
GoldenGate Monitoring - GOUSER - 4/2014Bobby Curtis
 
Using Machine Learning to Debug complex Oracle RAC Issues
Using Machine Learning to Debug complex Oracle RAC IssuesUsing Machine Learning to Debug complex Oracle RAC Issues
Using Machine Learning to Debug complex Oracle RAC IssuesAnil Nair
 
Optimizing the Enterprise Manager 12c
Optimizing the Enterprise Manager 12cOptimizing the Enterprise Manager 12c
Optimizing the Enterprise Manager 12cKellyn Pot'Vin-Gorman
 

What's hot (9)

Using Machine Learning to Debug Oracle RAC Issues
Using Machine Learning to Debug Oracle RAC IssuesUsing Machine Learning to Debug Oracle RAC Issues
Using Machine Learning to Debug Oracle RAC Issues
 
Fault Tolerance in Distributed Environment
Fault Tolerance in Distributed EnvironmentFault Tolerance in Distributed Environment
Fault Tolerance in Distributed Environment
 
AWR and ASH in an EM12c World
AWR and ASH in an EM12c WorldAWR and ASH in an EM12c World
AWR and ASH in an EM12c World
 
Updated Power of the AWR Warehouse, Dallas, HQ, etc.
Updated Power of the AWR Warehouse, Dallas, HQ, etc.Updated Power of the AWR Warehouse, Dallas, HQ, etc.
Updated Power of the AWR Warehouse, Dallas, HQ, etc.
 
GoldenGate Monitoring - GOUSER - 4/2014
GoldenGate Monitoring - GOUSER - 4/2014GoldenGate Monitoring - GOUSER - 4/2014
GoldenGate Monitoring - GOUSER - 4/2014
 
Using Machine Learning to Debug complex Oracle RAC Issues
Using Machine Learning to Debug complex Oracle RAC IssuesUsing Machine Learning to Debug complex Oracle RAC Issues
Using Machine Learning to Debug complex Oracle RAC Issues
 
What's New in Primavera P6 16.2
What's New in Primavera P6 16.2What's New in Primavera P6 16.2
What's New in Primavera P6 16.2
 
Performance in the Oracle Cloud
Performance in the Oracle CloudPerformance in the Oracle Cloud
Performance in the Oracle Cloud
 
Optimizing the Enterprise Manager 12c
Optimizing the Enterprise Manager 12cOptimizing the Enterprise Manager 12c
Optimizing the Enterprise Manager 12c
 

Viewers also liked

Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
 
Splunk conf2014 - Curating User Experience
Splunk conf2014 - Curating User ExperienceSplunk conf2014 - Curating User Experience
Splunk conf2014 - Curating User ExperienceSplunk
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
 
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...Splunk
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
 
Splunk conf2014 - Splunk for Data Science
Splunk conf2014 - Splunk for Data ScienceSplunk conf2014 - Splunk for Data Science
Splunk conf2014 - Splunk for Data ScienceSplunk
 
SAP-SuccessFactors Customer Presentation
SAP-SuccessFactors Customer PresentationSAP-SuccessFactors Customer Presentation
SAP-SuccessFactors Customer PresentationSplunk
 
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
 
Marketo Customer Presentation
Marketo Customer PresentationMarketo Customer Presentation
Marketo Customer PresentationSplunk
 
Sephora Customer Presentation
Sephora Customer PresentationSephora Customer Presentation
Sephora Customer PresentationSplunk
 
Splunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk
 

Viewers also liked (11)

Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
 
Splunk conf2014 - Curating User Experience
Splunk conf2014 - Curating User ExperienceSplunk conf2014 - Curating User Experience
Splunk conf2014 - Curating User Experience
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
 
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
 
Splunk conf2014 - Splunk for Data Science
Splunk conf2014 - Splunk for Data ScienceSplunk conf2014 - Splunk for Data Science
Splunk conf2014 - Splunk for Data Science
 
SAP-SuccessFactors Customer Presentation
SAP-SuccessFactors Customer PresentationSAP-SuccessFactors Customer Presentation
SAP-SuccessFactors Customer Presentation
 
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
 
Marketo Customer Presentation
Marketo Customer PresentationMarketo Customer Presentation
Marketo Customer Presentation
 
Sephora Customer Presentation
Sephora Customer PresentationSephora Customer Presentation
Sephora Customer Presentation
 
Splunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into Splunk
 

Similar to Conf2014_SearchHeadClustering

Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk
 
Splunk Ninja: New Features, Pivot and Search Dojo
Splunk Ninja: New Features, Pivot and Search Dojo Splunk Ninja: New Features, Pivot and Search Dojo
Splunk Ninja: New Features, Pivot and Search DojoSplunk
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk
 
Splunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsSplunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsTimur Bagirov
 
Deploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do SplunkDeploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do SplunkSplunk
 
Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring Insight
Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring InsightSplunk conf2014 - Using Selenium and Splunk for Transaction Monitoring Insight
Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring InsightSplunk
 
Apache Spark and Oracle Stream Analytics
Apache Spark and Oracle Stream AnalyticsApache Spark and Oracle Stream Analytics
Apache Spark and Oracle Stream AnalyticsPrabhu Thukkaram
 
Kafka Needs No Keeper
Kafka Needs No KeeperKafka Needs No Keeper
Kafka Needs No KeeperC4Media
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunk
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneySplunk
 
Liberate your Application Logging
Liberate your Application LoggingLiberate your Application Logging
Liberate your Application LoggingGlenn Block
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
 
5 Key Metrics to Release Better Software Faster
5 Key Metrics to Release Better Software Faster5 Key Metrics to Release Better Software Faster
5 Key Metrics to Release Better Software FasterDynatrace
 
Spark Summit EU talk by Simon Whitear
Spark Summit EU talk by Simon WhitearSpark Summit EU talk by Simon Whitear
Spark Summit EU talk by Simon WhitearSpark Summit
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 

Similar to Conf2014_SearchHeadClustering (20)

Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - Architecture
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search Dojo
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search Dojo
 
Splunk Ninja: New Features, Pivot and Search Dojo
Splunk Ninja: New Features, Pivot and Search Dojo Splunk Ninja: New Features, Pivot and Search Dojo
Splunk Ninja: New Features, Pivot and Search Dojo
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search Dojo
 
Splunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsSplunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT Operations
 
Deploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do SplunkDeploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do Splunk
 
Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring Insight
Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring InsightSplunk conf2014 - Using Selenium and Splunk for Transaction Monitoring Insight
Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring Insight
 
Apache Spark and Oracle Stream Analytics
Apache Spark and Oracle Stream AnalyticsApache Spark and Oracle Stream Analytics
Apache Spark and Oracle Stream Analytics
 
Kafka Needs No Keeper
Kafka Needs No KeeperKafka Needs No Keeper
Kafka Needs No Keeper
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydney
 
Liberate your Application Logging
Liberate your Application LoggingLiberate your Application Logging
Liberate your Application Logging
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of Two
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search Optimization
 
5 Key Metrics to Release Better Software Faster
5 Key Metrics to Release Better Software Faster5 Key Metrics to Release Better Software Faster
5 Key Metrics to Release Better Software Faster
 
Spark Summit EU talk by Simon Whitear
Spark Summit EU talk by Simon WhitearSpark Summit EU talk by Simon Whitear
Spark Summit EU talk by Simon Whitear
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Conf2014_SearchHeadClustering

  • 1. Copyright  ©  2014  Splunk  Inc.   Mustafa  Ahamed   Director,  Product  Management   Eric  Woo   Senior  SoEware  Engineer   Anirban  Rahut   Senior  SoEware  Engineer       What’s  New  In  Search   Head  Clustering  
  • 2. Disclaimer   2   During  the  course  of  this  presentaLon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauLon  you  that  such  statements  reflect  our  current  expectaLons  and   esLmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaLon  are  being  made  as   of  the  Lme  and  date  of  its  live  presentaLon.  If  reviewed  aEer  its  live  presentaLon,  this  presentaLon  may  not  contain   current  or  accurate  informaLon.  We  do  not  assume  any  obligaLon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiLon,  any  informaLon  about  our  roadmap  outlines  our  general  product  direcLon  and  is  subject  to  change   at  any  Lme  without  noLce.  It  is  for  informaLonal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaLon  either  to  develop  the  features  or  funcLonality  described  or  to   include  any  such  feature  or  funcLonality  in  a  future  release.  
  • 3. Agenda   !   What  is  Search  Head  Clustering?   !   Business  Benefits  of  Search  Head  Clustering   !   SHC  ConfiguraLon  /  ReplicaLon   !   App  Deployment   !   Tips  and  Tricks     –  MigraLon     !   Q&A     3  
  • 4. Search  Head  Clustering     Ability  to  group  search  heads  into  a  cluster  in  order    to  provide       Highly  Available  and  Scalable  search  services   4   MISSION   CRITICAL   ENTERPRISE  
  • 5. 5     Horizontal  Scaling           Always-­‐on  Search  Services         Consistent  User  Experience       Easy  to  add  /  manage   premium  contents  (apps)   Business  Benefits  of  SHC  
  • 6. SHP      vs.      SHC   SHC  SHP   •  Available  since  v4.2   •  Sharing  configuraLons  through  NFS   •  Single  point  of  failure   •  Performance  issues   •  No  NFS   •  ReplicaLon  using  local  storage   •  Commodity  hardware   6   NFS  
  • 7.     1.  No  Single  Point  of   Failures   2.  “One  ConfiguraLon”   across  SH   3.  Horizontal  Scaling   7   1.  Dynamic  Captain   2.  AutomaLc  Config     replicaLon  across  SH   3.  Ability  to  add/remove   nodes  on  running  cluster   Design  Goals   ImplementaLon  
  • 8. SHC  –  How  Does  it  Work?   8   1.  Group  search  heads  into  a  cluster   2.  A  captain  gets  elected  dynamically   3.  User  created  reports/dashboards  automaLcally   replicated  to  other  search  heads   1   2   3  
  • 9. Anatomy  &  Cluster   Bring  up  
  • 10. Search  Head  Cluster  Bring  Up   10   captain   config-­‐log   {s1,s2,  ...,  sn}   •  Bootstrap  captain   •  Bring-­‐up  members   •  Captain  establishes  authority   •  Members  join/register   •  CLI  based  cluster  scale/shrink        ...   members  
  • 12. Use  Case   12   !   Scale  search  capacity   !   Enable  more  reports,  dashboards,  alerts   !   Load  balance  user  sessions  (onboarding)  
  • 13. •  Captain  is  job  scheduler   •  Eliminates  job-­‐server  need   •  Load-­‐based  heurisLc   Job  Scheduling  OrchestraLon   13   captain   scheduler        ...   search        1   search        2   LOAD   SUCC   FAIL   load   balancer   search      3    
  • 14. Details   14   !   Captain  updates  RA/DM  summaries  on  indexers.   !   Scheduler  limits  honored  across  the  cluster   !   Real  Lme  scheduled  searches  run  one  instance  across  cluster   !   Auto-­‐failover  –  New  captain  becomes  scheduler   !   captain_is_adhoc_searchhead  knob  to  reduce  captain  load  
  • 15. Alerts  &  Suppression   15   !   Alerts  fired  when  results  of  search  meet  alerLng  criteria   –  Historical  Searches  –  within  10  seconds  aEer  job  completes   –  RealTime  searches  –  ongoing  basis   !   Captain  merges  and  maintains  global  view  of  alerts   !   Suppression  informaLon  centralized  by  the  captain   !   Merged  Alerts/Suppression  sent  back  to  members  
  • 16. High  Availability  of   Search  Results  
  • 17. Search  Results  primer   17   Search  -­‐  HEAD   indexers   stream  results   reduce   map   Other  Names   1.  search  results   2.  search  arLfact   3.  dispatch  directory   4.  SID   $SPLUNK_HOME/var/ run/splunk/dispatch/ scheduler__admin__sear ch__mysearch_at_14107 08600_345   sourcetype  =  access_combined    |  stats  count  by  clienLp   Dispatch  dir  needs  to  be  replicated  to     mulCple  nodes  to  tolerate  node  failures  
  • 18. ArLfact  ReplicaLon   18        ...   succ   succ   •  Captain  orchestrates  replicaLon   •  Default  replicaLon_factor=3   •  Success  failure  ACK’d  to  captain   •  Asynch  Replicate  on  Proxy     •  ReplicaLon  policy  enforced  by  fixups   replica-­‐1     replica-­‐2     succ   captain   replicate   orig  
  • 19.      ArLfact  Proxy-­‐ing   19   !   ReplicaLon  Guarantees  HA&DR  but...   !   SID  not  available  on  all  nodes  *locally*   !   RealTime  searches  are  not  replicated   !   We  use  proxy-­‐ing  to  fill  these  gaps   !   Proxying  on  REST  request     captain   over  HB   locaLon     log   r1   proxy   orig   AuthenCcaCon  is   cluster  aware!!   HB  =  Heartbeat   r2   async   replicate  
  • 20. Adhoc  Search  Management   20   !   Adhoc  search  -­‐  interacLve  search  run  from  a  user  session   !   Adhoc  searches  not  replicated     !   Captain,  however  will  have  global  knowledge  of  all  searches   !   GET  services/search/jobs  will  return  the  global  list  of  searches   !   You  can  proxy  and  access  adhoc  searches  from  any  node  
  • 21. Reaping  of  Search  ArLfacts   21   !   Reaping  –  DeleLon  of  search  results  when  TTL  (Lme  to  live)  expires   !   Search  ArLfacts  reaped  from  the  origin  node   !   Captain  orchestrates  reaps  of  the  replicas  
  • 23. HA  &  Auto-­‐Failover   23   Design  Goals   1.  No  Single  Point  of  Failure   2.  ConLnuous  UpLme   3.  Consistent  User  Experience   ImplementaLon   1.  Dynamic  Captain  elecLon   2.  Auto  Failover   3.  Proxying  for  consistent  view  
  • 24. Dynamic  Captain   24   !   RaE  Consensus  Protocol  from  Stanford   –  Diego  Ongaro  &  John  Osterhout   –  Acknowledge  Diego  Ongaro  for  help!   !   SHC  uses  RAFT  for  LE  and  Auto  Failover   RV  =      Request  Vote       LE  =    Leader  ElecLon   SHC  =    Search  Head  Clustering     S4   S2   S5   S3   S1   captain   new     captain  
  • 25. Auto-­‐Failover   25   new  captain        ...   members   old  captain   arLfacts   running  jobs   alerts,  etc   search  load   scheduler   Fixups  
  • 27. ConfiguraLon  Files   !   Custom  user  content   –  Reports   –  Dashboards   !   Search-­‐Lme  knowledge   –  Field  extracLons   –  Event  types   –  Macros   !   System  configuraLons   –  Inputs,  forwarding,  authenLcaLon  
  • 28. Goal   28   !   Consistent  user  experience  across  all  search  heads   !   Changes  made  on  one  member  are  reflected  on  all  members  
  • 29. ConfiguraLon  Changes   29   !   Users  customize  search  and  UI  configuraLons  via  UI/CLI/REST   –  Save  report   –  Add  panel  to  dashboards   –  Create  field  extracLon   !   Administrators  modify  system  configuraLons   –  Configure  forwarding   –  Deploy  centralized  authenLcaLon  (e.g.  LDAP)   –  Install  enLrely  new  app  or  hand-­‐edited  configuraLon  
  • 30. Search  and  UI  ConfiguraLons   30   !   Changes  to  search  and  UI  configuraLons  are  replicated  across  the   search  head  cluster  automaLcally   !   Goal:  eventual  consistency  
  • 31. ConfiguraLon  ReplicaLon   31   my_dashboard.xml   C  
  • 33. Custom  App  Content   33   !   App  devs  may  "opt-­‐in"  their  custom  configuraLons  for  replicaLon   under  search  head  clustering   !   Example  server.conf  from  an  app  would  look  like:    [shclustering]    conf_replicaLon_include.my_custom_file  =  true  
  • 34. System  ConfiguraLons   34   !   Recall:  only  changes  to  search  and  UI  configuraLons  are  replicated   across  the  search  head  cluster  automaLcally   !   hanges  to  system  configuraLons  are  not  replicated  automaLcally   because  of  their  high  potenLal  impact   !   How  are  system  configuraLons  kept  consistent  then?  
  • 35. !   Deployer:  a  single,  well-­‐controlled  instance  outside  of  the  cluster   !   ConfiguraLons  should  be  tested  on  dev/QA  instances  prior  to  deploy   D   ConfiguraLon  Deployment   35  
  • 38. Best  PracLces     !   Deployer  Instance   –  Can  piggyback  Cluster  Master  or  Deployment  Server   –  RecommendaLon  is  to  run  Deployer  on  separate  instance   !   Run  CLI  to  get  status  about  SHC   –  ./splunk  show  shcluster-­‐status       38  
  • 40. Key  Benefits  of  SHC   40     Horizontal  Scaling           Always-­‐on  Search  Services         Consistent  User  Experience       Easy  to  add  /  manage   premium  contents  (apps)  
  • 41. Q  &  A