SlideShare a Scribd company logo

Don't Re-write Code to Get Better Analytics

Splunk
Splunk

Almost all developers face the challenge of reactively debugging failed business transaction processes. Not only does this require extensive navigation of enormous volumes of log data, but determining root cause becomes a laborious and time-consuming task. Additionally, business managers often request developers and operations to provide analytics on applications, resulting in the tedious task of charting the information, most usually from intangible data. Learn how to capture, extract and analyze your event data by having analytics embedded in the application. Download the white-paper that details how to gain Application Intelligence through effective logging. Check out the webinar here: http://www.splunk.com/goto/analytics_webcast

Technology
1 of 39
Download to read offline
Don’t  Rewrite   Code  to  Get   BeCer  AnalyEcs   Archana  Ganapathi   Research  Engineer   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
AnalyEcs  Can  Be  Challenging!   •  Modern  systems  are  distributed  and  heterogeneous   •  Consolidate  informaEon   •  Analyzing  across  a  distributed  architecture     •  AnalyEcs  is  limited  to  informaEon  that  is  made  “available”   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Typical  Architecture   ApplicaEons   Data   Direct  Insert   Warehouse   BI,  AnalyEcs,   ReporEng  Tool   ETL   Database   Connector   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Development  Cycle   Early  Structure  Binding   Decide  the  quesEons  you  want  to  ask   Design  the  Schema   Normalize  the  data  and   Write  DB  inserEon  code   SELECT  customers.*  FROM  customers  WHERE   Create  SQL  &  feed  into  AnalyEcs  Tool   customers.customer_id  NOT  IN(SELECT  customer_id  FROM   orders  WHERE  year(orders.order_date)  =  2004)   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
A  Paradigm  Change:   Use  Your  Log  Files   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Using  Log  Files   !Log.debug(“orderstatus=error,errorcode=454,! !user=%s,transactionid=%d”, userId, transId)! ü   You  already  log  key  informaEon   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Using  Log  Files   They  contain  a  gold  mine  of  informaEon   •  DefiniEve  record  of  acEvity  and  behavior   •  Ensure  system  security   •  Meet  compliance  mandates   User  IP   AcEon   Login   Result   10.2.1.44 - [25/Sep/2009:09:52:30 -0700] type=USER_LOGIN msg=audit(1253898008.056:199891): auid=4294967295 msg='acct="TAYLOR": exe="/usr/sbi addr=10.2.1.48, terminal=sshd res=failed)' Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Using  Log  Files   They  contain  a  gold  mine  of  informaEon   •  Important  insight  for  IT  and  the  business   •  Customer  behavior  and  experience   •  Product  and  service  usage   User  IP   Product   Category   •  End-­‐to-­‐end  transacEon  visibility   10.2.1.80 - - [25/Jan/2010:09:52:30 -0700] "GET /petstore/product.screen ?product_id=AV-CB-01 HTTP/1.1" 200 9967 "http://10 category.screen?category_id=BIRDS" "Mozilla/5.0 (co Linux)”"JSESSIONID=xZDTK81Gjq9gJLGWnt2NXrJ2tpGZb1Hy Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
They  Help  You  Find  Problems   Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Time="04/29/06 07:12 PM PDT",Host="roach_motel.enet.interop.net",Category="fabric_network_activity",Generato r="Response:Slow Scan",Type="NOTICE",Priority="High",Body="Appliance=roach_motel.enet.interop.net,Rep orting Segment=ENET network,Action=Response disabled,Response=Slow Scan,Duration=90 seconds,Source Segment=Unprotected,Source IP=88.73.39.200,Source MAC=00:01:30:BC: 93:90,Current Target Count=0"! 45.2.98.7 Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Time="04/29/06 07:12 PM SentriantGe PDT",Host="roach_motel.enet.interop.net",Category="fabric_network_activity",Generato r="Response:Slow nericAlert: Time="04   Scan",Type="NOTICE",Priority="High",Body="Appliance=roach_motel.enet.interop.net,Rep orting Segment=ENET network,Action=Response disabled,Response=Slow Scan,Duration=69 seconds,Source Segment=Unprotected,Source IP=68.163.20.95,Source MAC=00:01:30:BC: 93:90,Current Target Count=0"! Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Time="04/29/06 07:12 PM PDT",Host="roach_motel.enet.interop.net",Category="fabric_network_activity",Generato r="Response:Slow! Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Machine-­‐generated  Events  are  Everywhere   AddiEonal  Sources   Core  IT   Customer-­‐facing  IT   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Splunk:  The  Plaiorm  for  Machine  Data   Customer     Outside  the   Facing  Data   Datacenter   "  Click-­‐stream  data   "  Manufacturing,   "  Shopping  cart  data   logisEcs…   "  Online  transacEon   "  CDRs  &  IPDRs   data   "  Power  consumpEon   Logfiles   Configs   Messages   Traps     Metrics   Scripts   Changes   Tickets   "  RFID  data    Alerts   "  GPS  data   Windows   Linux/Unix   Virtualiza7on     Applica7ons   Databases   Networking   "  Registry   "  ConfiguraEons   &  Cloud   "  Web  logs   "  ConfiguraEons   "  ConfiguraEons   "  Event  logs   "  syslog   "  Hypervisor   "  Log4J,  JMS,  JMX   "  Audit/query  logs   "  syslog   "  File  system   "  File  system   "  Guest  OS,  Apps   "  .NET  events   "  Tables   "  SNMP   "  sysinternals   "  ps,  iostat,  top   "  Cloud   "  Code  and  scripts   "  Schemas   "  neilow   Burlingame,  March  8,  2012   Copyright  ©  2011,  Splunk  Inc.   Listen  to  your  data.   Copyright  ©  2012,  Splunk  Inc.  
Splunk  Collects  and  Indexes  Any  Machine  Data   Customer     Outside  the   Facing  Data   Datacenter   "  Click-­‐stream  data   "  Manufacturing,   "  Shopping  cart  data   logisEcs…   • Any  amount,  any  locaEon,  any  source.   "  Online  transacEon   "  CDRs  &  IPDRs   data   "  Power  consumpEon   Logfiles   Configs   Messages   Traps     Metrics   Scripts   Changes   Tickets   "  RFID  data   GPS  data   No  upfront  schema    Alerts   "  No  custom  connectors   Windows   Linux/Unix   Virtualiza7on     Applica7ons   Databases   Networking   "  Registry   "  ConfiguraEons   &  Cloud   DBMS   Web  logs   No  R "  ConfiguraEons   "  "  ConfiguraEons   "  Event  logs   "  syslog   " Hypervisor   Log4J,  JMS,  JMX   "  Audit/query  logs   "  "  syslog   "  "  File  system   sysinternals   "  "  File  system   ps,  iostat,  top   No  nS,  Apps   to  filter/forward   Tables   "  "  Guest  O eed   Cloud   .NET  events   "  Code  and  scripts   "  "  Schemas   "  "  "  SNMP   neilow   Burlingame,  March  8,  2012   Copyright  ©  2011,  Splunk  Inc.   Listen  to  your  data.   Copyright  ©  2012,  Splunk  Inc.  
A  Single  Plaiorm  for  OperaEonal  Intelligence   Single  Data  Store   Single  UI   Across  Use  Cases   Three  Primary  CapabiliEes   Search  /  Naviga7on   Real-­‐7me  Visibility   Historical  Analy7cs   •  Data  drilldown   •  Live  dashboards   •  Baseline  and  thresholds   •  “Needle  in  a  haystack”   •  Event  correlaEon   •  Trending   •  Root  cause  analysis  /     •  Monitoring  and  alerEng   •  OperaEonal  insights   troubleshooEng   •  Performance  issues   •  Historical  paCerns   •  Incident  invesEgaEons   •  TransacEon  levels   •  Compliance  reports   •  SLA  tracking   Burlingame,  March  8,  2012   Copyright  ©  2011,  Splunk  Inc.   Listen  to  your  data.   Copyright  ©  2012,  Splunk  Inc.  
Real  Business  Value  with  OperaEonal  Metrics   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Intelligence  on  your  ApplicaEons  with  Splunk   Log  Files   ApplicaEon   OperaEonal   Database   Intelligence   Java  EE  Server   +   AnalyEcs   Unix  based  OS   Unix  based  OS   +     ReporEng   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
An  AlternaEve  Development  Cycle   Apr 29 19:13:01 45.2.98.7 entriantGenericAlert: Late  Structure  Binding   Time="04/29/06 07:12 PM PDT”, Host="roach_motel.enet.interop.net",Category="fabric_ network_activity",Generator="Response:Slow Write  events  to  your  log  files   Scan",Type="NOTICE",Priority="High",Body="Appliance=r oach_motel.enet.interop.net,Reporting Segment=ENET network,Action=Response disabled,Response=Slow Collect  log  files   Scan,Duration=90 seconds,Source Segment=Unprotected,Source IP=88.73.39.200,Source MAC=00:01:30:BC:93:90,Current Target Count=0"! Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Create  searches,  graphs  and  reports   Time="04/29/06 07:12 PM PDT",Host="roach_motel.enet.interop.net",Category="fa bric_network_activity",Generator="Response:Slow Scan",Type="NOTICE",Priority="High",Body="Appliance=r oach_motel.enet.interop.net,Reporting! Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
“SemanEc  Logging”   Events  which  are  wriCen  explicitly  for  the   gathering  of  analyEcs   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
A  Simple  Example   void submitPurchase(transctionID) ! { ! log.info("action=submitPurchaseStart, transactionId=%d", transactionID, “ productId=%s”, productId, “ listPrice=%dn”, listPrice)! ! //these calls throw an exception on error! submitToCreditCard(...)! generateInvoice(...)! generateFullfillmentOrder(...)! ! log.info("action=submitPurchaseStop, transactionID=%dn", transactionID)! } ! ! ! Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
AnalyEcs  QuesEons  Enabled   ü  Purchase  volume  by  hour,  by  day,  by  month   ü  How  long  are  purchases  taking?   ü  Are  my  purchases  taking  longer  than  they  did  last  month?   ü  Are  my  systems  geong  slower?   ü  How  many  purchases  are  failing?     ü  Which  specific  purchases  are  failing?   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
AnalyEcs  Dashboard   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Streaming  Radio  Example   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Group  TransacEons   sourcetype=radiolog | transaction IPAddress startswith="play" endswith="stop"   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Calculate  Concurrency   " sourcetype=radiolog | transaction IPAddress startswith="play" endswith="stop" | concurrency duration=duration   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Add  Lookups  and  StaEsEcs   > sourcetype=radiolog | transaction IPAddress startswith="play" endswith="stop" | concurrency duration=duration | eval key=1 | lookup songs key | stats first(song) as song max(concurrency) as concurrency by id | stats sum(concurrency) by song Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
Developer  Concerns   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  Developer  Concern:  Performance     92  sec   15  sec   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Developer  Concern:  Infrastructure  Cost   ü Splunk  Requires  standard  hardware   ü Start  with  an  easy  download   ü Free  Apps  for  domain  specific  analyEcs   ü Proven  in  Big  Data   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Developer  Concern:  Refactoring  Code   ü Start  gradually  and  grow  organically   ü Develop  future  applicaEons  with  analyEcs  and  Splunk  in  mind   ü Build  closer  relaEonships  with  Ops,  Support  and  QA   ü ROI  can  be  priceless   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Developer  Concern:  How  Much  to  Log   Two  approaches  to  event  logs:   ü Log  what  is  evidently  required   ü Open  the  flood-­‐gates     QuanEty  and  granularity  can  vary  based  on  task:   -­‐  Diagnosis   -­‐  ReporEng   -­‐  AnalyEcs   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Logging  Best  PracEces   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Create  Human  Readable  Events   ü  Log  in  Text   ü  Make  it  easy  for  humans   ü  Categorize   ü  Avoid  XML  or  JSON   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Clearly  Time  Stamp  Every  Event   ü  Do  not  use  Fme  offsets   ü  Use  human  readable  Fmestamps   ü  Favor  the  beginning  of  the  line   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Use  Clear  Key/Value  Pairs   Example  (Bad):   !Log.debug(“error 454 - %s %d”, userId, transId)! Example  (Good):   !Log.debug(“orderstatus=error,errorcode=454,! !user=%s,transactionid=%d”, userId, transId)! Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Break  MulE-­‐Value  InformaEon  Into  Separate  Events   Example  (Bad):   <TS>  phonenumber=415-­‐555-­‐1212,app=angrybirds,facebook   Example  (Good):   <TS>  phonenumber=415-­‐555-­‐1212,  app=angrybirds,  installdate=xx/xx/xx   <TS>  phonenumber=415-­‐555-­‐1212,  app=facebook,  installdate=yy/yy/yy   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Log  Unique  IdenEfiers   ü  Allows  to  track  transacEons  in  detail   ü  Use  TransiEve  Closure  if  you  need  to:     transid=abcdef,     Transac7on   transid=abcdef,    otherid=  qrstuv,  .  .  .  .  .   otherid=qrstuv   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Using  Header  Lines  for  Keys   <TS>   USER              PID    %CPU  %MEM            VSZ        RSS      TT    STAT  STARTED            TIME  COMMAND   root                41    21.9    1.7    3233968  143624      ??    Rs        7Jul11    48:09.67  /System/Library/foo   rdas              790      4.5    0.4    4924432    32324      ??    S          8Jul11      9:00.57  /System/Library/baz     .  .  .  .  .  .  .  .   •  Splunk  will  interpret  the  column  headers  as  keys  and  each  line  as  values   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
Top  Takeaways   Log  anything  that  can  add   value  when  aggregated   and/or  visualized   Copyright  ©  2012,  Splunk  Inc.   37   Listen  to  your  data.  
Top  Takeaways   Simplify  your  life…   Splunk  logs  for  AnalyEcs   Copyright  ©  2012,  Splunk  Inc.   38   Listen  to  your  data.  
Thanks!   QuesEons?   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  

Recommended

Big Data for Everyman
Big Data for EverymanBig Data for Everyman
Big Data for EverymanMichael Wilde
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineSwiss Big Data User Group
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
Splunk 5 Overview Analyst v1.0
Splunk 5 Overview Analyst v1.0Splunk 5 Overview Analyst v1.0
Splunk 5 Overview Analyst v1.0Splunk
 
Sl boston 05_12_15_ener_noc_final_public
Sl boston 05_12_15_ener_noc_final_publicSl boston 05_12_15_ener_noc_final_public
Sl boston 05_12_15_ener_noc_final_publicSplunk
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOpsSplunk
 
Supporting Enterprise System Rollouts with Splunk
Supporting Enterprise System Rollouts with SplunkSupporting Enterprise System Rollouts with Splunk
Supporting Enterprise System Rollouts with SplunkErin Sweeney
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 

Recommended

Big Data for Everyman
Big Data for EverymanBig Data for Everyman
Big Data for EverymanMichael Wilde
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineSwiss Big Data User Group
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
Splunk 5 Overview Analyst v1.0
Splunk 5 Overview Analyst v1.0Splunk 5 Overview Analyst v1.0
Splunk 5 Overview Analyst v1.0Splunk
 
Sl boston 05_12_15_ener_noc_final_public
Sl boston 05_12_15_ener_noc_final_publicSl boston 05_12_15_ener_noc_final_public
Sl boston 05_12_15_ener_noc_final_publicSplunk
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOpsSplunk
 
Supporting Enterprise System Rollouts with Splunk
Supporting Enterprise System Rollouts with SplunkSupporting Enterprise System Rollouts with Splunk
Supporting Enterprise System Rollouts with SplunkErin Sweeney
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceCleverDATA
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunk
 
Splunk IT Service Intelligence for Nationwide
Splunk IT Service Intelligence for NationwideSplunk IT Service Intelligence for Nationwide
Splunk IT Service Intelligence for NationwideSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Splunk introduction
Splunk introductionSplunk introduction
Splunk introductionTruong Cuong
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017MLconf
 
SplunkLive! Tampa: Splunk for Security - Hands-On Session
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunkLive! Tampa: Splunk for Security - Hands-On Session
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightSplunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionGeorg Knon
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 

More Related Content

What's hot

SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceCleverDATA
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunk
 
Splunk IT Service Intelligence for Nationwide
Splunk IT Service Intelligence for NationwideSplunk IT Service Intelligence for Nationwide
Splunk IT Service Intelligence for NationwideSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Splunk introduction
Splunk introductionSplunk introduction
Splunk introductionTruong Cuong
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkSplunk
 
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017MLconf
 
SplunkLive! Tampa: Splunk for Security - Hands-On Session
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunkLive! Tampa: Splunk for Security - Hands-On Session
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightSplunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionGeorg Knon
 

What's hot (20)

SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - Architecture
 
Splunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service IntelligenceSplunk for IT Operations and IT Service Intelligence
Splunk for IT Operations and IT Service Intelligence
 
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
 
Splunk IT Service Intelligence for Nationwide
Splunk IT Service Intelligence for NationwideSplunk IT Service Intelligence for Nationwide
Splunk IT Service Intelligence for Nationwide
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Splunk introduction
Splunk introductionSplunk introduction
Splunk introduction
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
 
SplunkLive! Tampa: Splunk for Security - Hands-On Session
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunkLive! Tampa: Splunk for Security - Hands-On Session
SplunkLive! Tampa: Splunk for Security - Hands-On Session
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
 

Viewers also liked

Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
SplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with SplunkSplunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentationjpelletier123
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-onSplunk
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-onSplunk
 
SplunkLive Canberra Getting starting with IT Service Intelligence
SplunkLive Canberra Getting starting with IT Service IntelligenceSplunkLive Canberra Getting starting with IT Service Intelligence
SplunkLive Canberra Getting starting with IT Service IntelligenceSplunk
 
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS DataBig Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS DataPrecisely
 
Making Pretty Charts in Splunk
Making Pretty Charts in SplunkMaking Pretty Charts in Splunk
Making Pretty Charts in SplunkSplunk
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-onSplunk
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-onSplunk
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceSplunk
 
Slideshare簡介
Slideshare簡介Slideshare簡介
Slideshare簡介Sports Kuo
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankSplunk
 

Viewers also liked (18)

Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
SplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – AvailitySplunkLive! Customer Presentation – Availity
SplunkLive! Customer Presentation – Availity
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
SplunkLive Canberra Getting starting with IT Service Intelligence
SplunkLive Canberra Getting starting with IT Service IntelligenceSplunkLive Canberra Getting starting with IT Service Intelligence
SplunkLive Canberra Getting starting with IT Service Intelligence
 
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS DataBig Data Analytics for Real-time Operational Intelligence with Your z/OS Data
Big Data Analytics for Real-time Operational Intelligence with Your z/OS Data
 
Making Pretty Charts in Splunk
Making Pretty Charts in SplunkMaking Pretty Charts in Splunk
Making Pretty Charts in Splunk
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
 
Kindly
KindlyKindly
Kindly
 
Slideshare簡介
Slideshare簡介Slideshare簡介
Slideshare簡介
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING Bank
 

Similar to Don't Re-write Code to Get Better Analytics

SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value
SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value
SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value Splunk
 
Big Data launch keynote Singapore Patrick Buddenbaum
Big Data launch keynote Singapore Patrick BuddenbaumBig Data launch keynote Singapore Patrick Buddenbaum
Big Data launch keynote Singapore Patrick BuddenbaumIntelAPAC
 
2012 10 bigdata_overview
2012 10 bigdata_overview2012 10 bigdata_overview
2012 10 bigdata_overviewjdijcks
 
From the Big Data keynote at InCSIghts 2012
From the Big Data keynote at InCSIghts 2012From the Big Data keynote at InCSIghts 2012
From the Big Data keynote at InCSIghts 2012Anand Deshpande
 
Engineered Systems: Environment-as-a-Service Demonstration
Engineered Systems: Environment-as-a-Service DemonstrationEngineered Systems: Environment-as-a-Service Demonstration
Engineered Systems: Environment-as-a-Service DemonstrationEnkitec
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...IBM Danmark
 
Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012
Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012
Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012Tom Zeppenfeldt IEC MSc
 
Process Project Mgt Seminar 8 Apr 2009(2)
Process Project Mgt Seminar 8 Apr 2009(2)Process Project Mgt Seminar 8 Apr 2009(2)
Process Project Mgt Seminar 8 Apr 2009(2)avitale1998
 
Estimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics PlatformEstimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics PlatformDATAVERSITY
 
Splunk Business Analytics
Splunk Business AnalyticsSplunk Business Analytics
Splunk Business AnalyticsCleverDATA
 
Left Brain, Right Brain: How to Unify Enterprise Analytics
Left Brain, Right Brain: How to Unify Enterprise AnalyticsLeft Brain, Right Brain: How to Unify Enterprise Analytics
Left Brain, Right Brain: How to Unify Enterprise AnalyticsInside Analysis
 
Splunk @ Amazon Startup - Austin, TX - 9/11/2008
Splunk @ Amazon Startup - Austin, TX - 9/11/2008Splunk @ Amazon Startup - Austin, TX - 9/11/2008
Splunk @ Amazon Startup - Austin, TX - 9/11/2008Michael Wilde
 
Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016
Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016
Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016StampedeCon
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT InfrastructureScalar Decisions
 
How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?IdeaEng
 
Big Data Needs Big Analytics
Big Data Needs Big AnalyticsBig Data Needs Big Analytics
Big Data Needs Big AnalyticsDeepak Ramanathan
 
Intel And Big Data: An Open Platform for Next-Gen Analytics
Intel And Big Data: An Open Platform for Next-Gen AnalyticsIntel And Big Data: An Open Platform for Next-Gen Analytics
Intel And Big Data: An Open Platform for Next-Gen AnalyticsIntel IT Center
 
Pangolin Datasheet
Pangolin DatasheetPangolin Datasheet
Pangolin Datasheetmattotamhe
 

Similar to Don't Re-write Code to Get Better Analytics (20)

SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value
SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value
SplunkLive: New Visibility=New Opportunity: How IT Can Drive Business Value
 
Big Data launch keynote Singapore Patrick Buddenbaum
Big Data launch keynote Singapore Patrick BuddenbaumBig Data launch keynote Singapore Patrick Buddenbaum
Big Data launch keynote Singapore Patrick Buddenbaum
 
2012 10 bigdata_overview
2012 10 bigdata_overview2012 10 bigdata_overview
2012 10 bigdata_overview
 
From the Big Data keynote at InCSIghts 2012
From the Big Data keynote at InCSIghts 2012From the Big Data keynote at InCSIghts 2012
From the Big Data keynote at InCSIghts 2012
 
Engineered Systems: Environment-as-a-Service Demonstration
Engineered Systems: Environment-as-a-Service DemonstrationEngineered Systems: Environment-as-a-Service Demonstration
Engineered Systems: Environment-as-a-Service Demonstration
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
 
Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012
Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012
Ordex Presentation at Nationaal Congres Open Data Eindhoven 20 april 2012
 
Process Project Mgt Seminar 8 Apr 2009(2)
Process Project Mgt Seminar 8 Apr 2009(2)Process Project Mgt Seminar 8 Apr 2009(2)
Process Project Mgt Seminar 8 Apr 2009(2)
 
AI at Scale in Enterprises
AI at Scale in Enterprises AI at Scale in Enterprises
AI at Scale in Enterprises
 
Estimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics PlatformEstimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics Platform
 
Splunk Business Analytics
Splunk Business AnalyticsSplunk Business Analytics
Splunk Business Analytics
 
Left Brain, Right Brain: How to Unify Enterprise Analytics
Left Brain, Right Brain: How to Unify Enterprise AnalyticsLeft Brain, Right Brain: How to Unify Enterprise Analytics
Left Brain, Right Brain: How to Unify Enterprise Analytics
 
Splunk @ Amazon Startup - Austin, TX - 9/11/2008
Splunk @ Amazon Startup - Austin, TX - 9/11/2008Splunk @ Amazon Startup - Austin, TX - 9/11/2008
Splunk @ Amazon Startup - Austin, TX - 9/11/2008
 
Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016
Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016
Best Practices For Building and Operating A Managed Data Lake - StampedeCon 2016
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT Infrastructure
 
The Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoTThe Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoT
 
How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?How Will Going Virtual Impact Your Search Performance?
How Will Going Virtual Impact Your Search Performance?
 
Big Data Needs Big Analytics
Big Data Needs Big AnalyticsBig Data Needs Big Analytics
Big Data Needs Big Analytics
 
Intel And Big Data: An Open Platform for Next-Gen Analytics
Intel And Big Data: An Open Platform for Next-Gen AnalyticsIntel And Big Data: An Open Platform for Next-Gen Analytics
Intel And Big Data: An Open Platform for Next-Gen Analytics
 
Pangolin Datasheet
Pangolin DatasheetPangolin Datasheet
Pangolin Datasheet
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Don't Re-write Code to Get Better Analytics

  • 1. Don’t  Rewrite   Code  to  Get   BeCer  AnalyEcs   Archana  Ganapathi   Research  Engineer   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 2. AnalyEcs  Can  Be  Challenging!   •  Modern  systems  are  distributed  and  heterogeneous   •  Consolidate  informaEon   •  Analyzing  across  a  distributed  architecture     •  AnalyEcs  is  limited  to  informaEon  that  is  made  “available”   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 3. Typical  Architecture   ApplicaEons   Data   Direct  Insert   Warehouse   BI,  AnalyEcs,   ReporEng  Tool   ETL   Database   Connector   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 4. Development  Cycle   Early  Structure  Binding   Decide  the  quesEons  you  want  to  ask   Design  the  Schema   Normalize  the  data  and   Write  DB  inserEon  code   SELECT  customers.*  FROM  customers  WHERE   Create  SQL  &  feed  into  AnalyEcs  Tool   customers.customer_id  NOT  IN(SELECT  customer_id  FROM   orders  WHERE  year(orders.order_date)  =  2004)   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 5. A  Paradigm  Change:   Use  Your  Log  Files   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 6. Using  Log  Files   !Log.debug(“orderstatus=error,errorcode=454,! !user=%s,transactionid=%d”, userId, transId)! ü   You  already  log  key  informaEon   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 7. Using  Log  Files   They  contain  a  gold  mine  of  informaEon   •  DefiniEve  record  of  acEvity  and  behavior   •  Ensure  system  security   •  Meet  compliance  mandates   User  IP   AcEon   Login   Result   10.2.1.44 - [25/Sep/2009:09:52:30 -0700] type=USER_LOGIN msg=audit(1253898008.056:199891): auid=4294967295 msg='acct="TAYLOR": exe="/usr/sbi addr=10.2.1.48, terminal=sshd res=failed)' Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 8. Using  Log  Files   They  contain  a  gold  mine  of  informaEon   •  Important  insight  for  IT  and  the  business   •  Customer  behavior  and  experience   •  Product  and  service  usage   User  IP   Product   Category   •  End-­‐to-­‐end  transacEon  visibility   10.2.1.80 - - [25/Jan/2010:09:52:30 -0700] "GET /petstore/product.screen ?product_id=AV-CB-01 HTTP/1.1" 200 9967 "http://10 category.screen?category_id=BIRDS" "Mozilla/5.0 (co Linux)”"JSESSIONID=xZDTK81Gjq9gJLGWnt2NXrJ2tpGZb1Hy Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 9. They  Help  You  Find  Problems   Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Time="04/29/06 07:12 PM PDT",Host="roach_motel.enet.interop.net",Category="fabric_network_activity",Generato r="Response:Slow Scan",Type="NOTICE",Priority="High",Body="Appliance=roach_motel.enet.interop.net,Rep orting Segment=ENET network,Action=Response disabled,Response=Slow Scan,Duration=90 seconds,Source Segment=Unprotected,Source IP=88.73.39.200,Source MAC=00:01:30:BC: 93:90,Current Target Count=0"! 45.2.98.7 Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Time="04/29/06 07:12 PM SentriantGe PDT",Host="roach_motel.enet.interop.net",Category="fabric_network_activity",Generato r="Response:Slow nericAlert: Time="04   Scan",Type="NOTICE",Priority="High",Body="Appliance=roach_motel.enet.interop.net,Rep orting Segment=ENET network,Action=Response disabled,Response=Slow Scan,Duration=69 seconds,Source Segment=Unprotected,Source IP=68.163.20.95,Source MAC=00:01:30:BC: 93:90,Current Target Count=0"! Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Time="04/29/06 07:12 PM PDT",Host="roach_motel.enet.interop.net",Category="fabric_network_activity",Generato r="Response:Slow! Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 10. Machine-­‐generated  Events  are  Everywhere   AddiEonal  Sources   Core  IT   Customer-­‐facing  IT   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 11. Splunk:  The  Plaiorm  for  Machine  Data   Customer     Outside  the   Facing  Data   Datacenter   "  Click-­‐stream  data   "  Manufacturing,   "  Shopping  cart  data   logisEcs…   "  Online  transacEon   "  CDRs  &  IPDRs   data   "  Power  consumpEon   Logfiles   Configs   Messages   Traps     Metrics   Scripts   Changes   Tickets   "  RFID  data    Alerts   "  GPS  data   Windows   Linux/Unix   Virtualiza7on     Applica7ons   Databases   Networking   "  Registry   "  ConfiguraEons   &  Cloud   "  Web  logs   "  ConfiguraEons   "  ConfiguraEons   "  Event  logs   "  syslog   "  Hypervisor   "  Log4J,  JMS,  JMX   "  Audit/query  logs   "  syslog   "  File  system   "  File  system   "  Guest  OS,  Apps   "  .NET  events   "  Tables   "  SNMP   "  sysinternals   "  ps,  iostat,  top   "  Cloud   "  Code  and  scripts   "  Schemas   "  neilow   Burlingame,  March  8,  2012   Copyright  ©  2011,  Splunk  Inc.   Listen  to  your  data.   Copyright  ©  2012,  Splunk  Inc.  
  • 12. Splunk  Collects  and  Indexes  Any  Machine  Data   Customer     Outside  the   Facing  Data   Datacenter   "  Click-­‐stream  data   "  Manufacturing,   "  Shopping  cart  data   logisEcs…   • Any  amount,  any  locaEon,  any  source.   "  Online  transacEon   "  CDRs  &  IPDRs   data   "  Power  consumpEon   Logfiles   Configs   Messages   Traps     Metrics   Scripts   Changes   Tickets   "  RFID  data   GPS  data   No  upfront  schema    Alerts   "  No  custom  connectors   Windows   Linux/Unix   Virtualiza7on     Applica7ons   Databases   Networking   "  Registry   "  ConfiguraEons   &  Cloud   DBMS   Web  logs   No  R "  ConfiguraEons   "  "  ConfiguraEons   "  Event  logs   "  syslog   " Hypervisor   Log4J,  JMS,  JMX   "  Audit/query  logs   "  "  syslog   "  "  File  system   sysinternals   "  "  File  system   ps,  iostat,  top   No  nS,  Apps   to  filter/forward   Tables   "  "  Guest  O eed   Cloud   .NET  events   "  Code  and  scripts   "  "  Schemas   "  "  "  SNMP   neilow   Burlingame,  March  8,  2012   Copyright  ©  2011,  Splunk  Inc.   Listen  to  your  data.   Copyright  ©  2012,  Splunk  Inc.  
  • 13. A  Single  Plaiorm  for  OperaEonal  Intelligence   Single  Data  Store   Single  UI   Across  Use  Cases   Three  Primary  CapabiliEes   Search  /  Naviga7on   Real-­‐7me  Visibility   Historical  Analy7cs   •  Data  drilldown   •  Live  dashboards   •  Baseline  and  thresholds   •  “Needle  in  a  haystack”   •  Event  correlaEon   •  Trending   •  Root  cause  analysis  /     •  Monitoring  and  alerEng   •  OperaEonal  insights   troubleshooEng   •  Performance  issues   •  Historical  paCerns   •  Incident  invesEgaEons   •  TransacEon  levels   •  Compliance  reports   •  SLA  tracking   Burlingame,  March  8,  2012   Copyright  ©  2011,  Splunk  Inc.   Listen  to  your  data.   Copyright  ©  2012,  Splunk  Inc.  
  • 14. Real  Business  Value  with  OperaEonal  Metrics   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 15. Intelligence  on  your  ApplicaEons  with  Splunk   Log  Files   ApplicaEon   OperaEonal   Database   Intelligence   Java  EE  Server   +   AnalyEcs   Unix  based  OS   Unix  based  OS   +     ReporEng   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 16. An  AlternaEve  Development  Cycle   Apr 29 19:13:01 45.2.98.7 entriantGenericAlert: Late  Structure  Binding   Time="04/29/06 07:12 PM PDT”, Host="roach_motel.enet.interop.net",Category="fabric_ network_activity",Generator="Response:Slow Write  events  to  your  log  files   Scan",Type="NOTICE",Priority="High",Body="Appliance=r oach_motel.enet.interop.net,Reporting Segment=ENET network,Action=Response disabled,Response=Slow Collect  log  files   Scan,Duration=90 seconds,Source Segment=Unprotected,Source IP=88.73.39.200,Source MAC=00:01:30:BC:93:90,Current Target Count=0"! Apr 29 19:13:01 45.2.98.7 SentriantGenericAlert: Create  searches,  graphs  and  reports   Time="04/29/06 07:12 PM PDT",Host="roach_motel.enet.interop.net",Category="fa bric_network_activity",Generator="Response:Slow Scan",Type="NOTICE",Priority="High",Body="Appliance=r oach_motel.enet.interop.net,Reporting! Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 17. “SemanEc  Logging”   Events  which  are  wriCen  explicitly  for  the   gathering  of  analyEcs   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 18. A  Simple  Example   void submitPurchase(transctionID) ! { ! log.info("action=submitPurchaseStart, transactionId=%d", transactionID, “ productId=%s”, productId, “ listPrice=%dn”, listPrice)! ! //these calls throw an exception on error! submitToCreditCard(...)! generateInvoice(...)! generateFullfillmentOrder(...)! ! log.info("action=submitPurchaseStop, transactionID=%dn", transactionID)! } ! ! ! Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 19. AnalyEcs  QuesEons  Enabled   ü  Purchase  volume  by  hour,  by  day,  by  month   ü  How  long  are  purchases  taking?   ü  Are  my  purchases  taking  longer  than  they  did  last  month?   ü  Are  my  systems  geong  slower?   ü  How  many  purchases  are  failing?     ü  Which  specific  purchases  are  failing?   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 20. AnalyEcs  Dashboard   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 21. Streaming  Radio  Example   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 22. Group  TransacEons   sourcetype=radiolog | transaction IPAddress startswith="play" endswith="stop"   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 23. Calculate  Concurrency   " sourcetype=radiolog | transaction IPAddress startswith="play" endswith="stop" | concurrency duration=duration   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 24. Add  Lookups  and  StaEsEcs   > sourcetype=radiolog | transaction IPAddress startswith="play" endswith="stop" | concurrency duration=duration | eval key=1 | lookup songs key | stats first(song) as song max(concurrency) as concurrency by id | stats sum(concurrency) by song Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.  
  • 25. Developer  Concerns   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 26.   Developer  Concern:  Performance     92  sec   15  sec   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 27. Developer  Concern:  Infrastructure  Cost   ü Splunk  Requires  standard  hardware   ü Start  with  an  easy  download   ü Free  Apps  for  domain  specific  analyEcs   ü Proven  in  Big  Data   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 28. Developer  Concern:  Refactoring  Code   ü Start  gradually  and  grow  organically   ü Develop  future  applicaEons  with  analyEcs  and  Splunk  in  mind   ü Build  closer  relaEonships  with  Ops,  Support  and  QA   ü ROI  can  be  priceless   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 29. Developer  Concern:  How  Much  to  Log   Two  approaches  to  event  logs:   ü Log  what  is  evidently  required   ü Open  the  flood-­‐gates     QuanEty  and  granularity  can  vary  based  on  task:   -­‐  Diagnosis   -­‐  ReporEng   -­‐  AnalyEcs   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 30. Logging  Best  PracEces   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 31. Create  Human  Readable  Events   ü  Log  in  Text   ü  Make  it  easy  for  humans   ü  Categorize   ü  Avoid  XML  or  JSON   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 32. Clearly  Time  Stamp  Every  Event   ü  Do  not  use  Fme  offsets   ü  Use  human  readable  Fmestamps   ü  Favor  the  beginning  of  the  line   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 33. Use  Clear  Key/Value  Pairs   Example  (Bad):   !Log.debug(“error 454 - %s %d”, userId, transId)! Example  (Good):   !Log.debug(“orderstatus=error,errorcode=454,! !user=%s,transactionid=%d”, userId, transId)! Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 34. Break  MulE-­‐Value  InformaEon  Into  Separate  Events   Example  (Bad):   <TS>  phonenumber=415-­‐555-­‐1212,app=angrybirds,facebook   Example  (Good):   <TS>  phonenumber=415-­‐555-­‐1212,  app=angrybirds,  installdate=xx/xx/xx   <TS>  phonenumber=415-­‐555-­‐1212,  app=facebook,  installdate=yy/yy/yy   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 35. Log  Unique  IdenEfiers   ü  Allows  to  track  transacEons  in  detail   ü  Use  TransiEve  Closure  if  you  need  to:     transid=abcdef,     Transac7on   transid=abcdef,    otherid=  qrstuv,  .  .  .  .  .   otherid=qrstuv   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 36. Using  Header  Lines  for  Keys   <TS>   USER              PID    %CPU  %MEM            VSZ        RSS      TT    STAT  STARTED            TIME  COMMAND   root                41    21.9    1.7    3233968  143624      ??    Rs        7Jul11    48:09.67  /System/Library/foo   rdas              790      4.5    0.4    4924432    32324      ??    S          8Jul11      9:00.57  /System/Library/baz     .  .  .  .  .  .  .  .   •  Splunk  will  interpret  the  column  headers  as  keys  and  each  line  as  values   Copyright  ©  2012,  Splunk  Inc.   March  8,  2012   Burlingame,   Listen  to  y©  2012,  Splunk  Inc.   Copyright  our  data.  
  • 37. Top  Takeaways   Log  anything  that  can  add   value  when  aggregated   and/or  visualized   Copyright  ©  2012,  Splunk  Inc.   37   Listen  to  your  data.  
  • 38. Top  Takeaways   Simplify  your  life…   Splunk  logs  for  AnalyEcs   Copyright  ©  2012,  Splunk  Inc.   38   Listen  to  your  data.  
  • 39. Thanks!   QuesEons?   Copyright  ©  2012,  Splunk  Inc.   Listen  to  your  data.