SlideShare a Scribd company logo

SplunkLive! Milan 2015 - Fastweb

Splunk
Splunk

Splunk for IT Operations at Fastweb.

Technology
1 of 20
Download to read offline
Copyright © 2014 Splunk Inc. Alessandro Bono Vincenzo Vignera Splunk at Fastweb
2 Splunk at Fastweb Alessandro Bono Network Operations Control Coordinator Vincenzo Vignera Network Operations Control Professional
3 Fastweb Overview Today FASTWEB is the Italian leader in Ultra Broadband ~300K ~200K ~310K FTTH Customers ~400K FTTC Customers With 500k customers connected at speed up to 100 Mbps, FASTWEB has a 70% share of the UBB market of which FASTWEB of which FASTWEB ~710K UBB ~500K (~70%) of which FASTWEB
4 Background and RolesBusinessProcess Improvement Operational Planning Technology Division - Network Operations DataCenters Operation NOC Service Platforms Backbone Alessandro Bono In Fastweb since 2006 Backbone - Network Access Operations Vincenzo Vignera In Fastweb since 2001 Support Platforms - Monitoring Platforms
5 Backbone Backbone Access Network 15k FTTC Devices 6k ADSL Devices 1k FTTH Devices 2k Core Network Device 24k Access Equipment
6 Service Platforms Monitoring Platforms OSS Platforms VAS & Mobile Data Platforms ~3,1 Mln Mailbox 815K – MVNO USIM ~200k q/sec DNS 1,1 Mln ACS Devices 2 Mln UsersPayPerUse 4k Server Monitored with Agents 200k Network Devices 4,5 Mln KPI Collected
7 Splunk at Fastweb Indexers HeavyForwarders SearchHead Release 1 - 2014 Milano Roma Genova Torino Padova IndexersHeavyForwardersSearchHead Universal Forwarders Release 2 - April 2015 200 GB/day ?
8 Reporting Delivered Services Standard Reporting of Delivered Services – Situation: Service Platforms Platforms Team and Backbone team consume a lot of time in Reporting Delivered Services – Struggling with: Dozens of Platforms for Reporting different KPI – Wanted: A centralized view for Reporting periodically Delivered Services
9 Reporting Delivered Services # Monitoring Software # CLI Command # Database Queries # Code # … : Before : After Enter Splunk: Splunk Enterprise enables Reporting for different services with the same Output
10 Analyze Bypass SPAMMER Filters – Situation: Realtime logs Analyzing of Transactions that was sent by 1 IP Address and satisfy two of the following conditions: • 2 or More Recipissssent • At least 20 Mail ("QUEUE From" with different ID in 5 minutes) • At least 2 Different From • At least 1 E-mail known as spam (SPAM-BLOCKED). - Next starting from «Auth» used Mailbox with drill-down report mail sent, % of «Subject» as SPAM - Top Spammer by Source IP (latest 15m) - Internet forwarding Check vs Fastwebnet Domain (Reporting Mailbox with more than 1 forward vs Faswtebnet, External Database Lookup to retrieve Customer Account) SPAM Finder: Analyzing Problems
11 index="msr" sourcetype="c*_smtp" (transaction_type=QUEUE OR transaction_type=SPAM-BLOCKED) |stats first(_time) AS time, values(transaction_type) AS type, values(Recipient) AS Recipients, dc(Recipient) AS nb_recipients, values(Relay) AS Relay, values(Auth) AS Auth, values(From) AS From by transaction_id |search Auth=* |eval more_than_2_recipients=IF(nb_recipients>=2,1,0) |eval spam_blocked=IF(type="SPAM-BLOCKED",1,0) |stats first(time) AS first_time, dc(transaction_id) AS nb_mails, values(From) as Froms, dc(From) AS nb_froms, sum(more_than_2_recipients) AS nb_more_than_2_recipients, sum(spam_blocked) AS nb_spam_blocked BY Relay, Auth |eval more_than_2_recipients=IF(nb_more_than_2_recipients>0,1,0) |eval spam_blocked=IF(nb_spam_blocked>0,1,0) |eval more_than_20_mails=IF(nb_mails>=20,1,0) |eval more_than_2_froms=IF(nb_froms>=2,1,0) |eval possible_spam=more_than_2_recipients+more_than_20_mails+more_than_2_froms+spam_blocked |where possible_spam>=2 |eval first_sent_at=strftime(first_time, "%H:%M:%S") | eval possible_spam="yes" |table first_sent_at Relay Auth Froms more_than_2_recipients more_than_20_mails more_than_2_froms spam_blocked possible_spam |sort - first_sent_at SPAM Finder: Analyzing Problems
12 Storming Detections Detect Storming Network Devices – Situation: Network Devices can logs thousand of syslog messages every seconds caused by interface problems – Wanted: Network Devices Dashboard to analyzing trends
13 Storming Detections - Enter Splunk: - Analyzing Trends supporterd by Dashboard - Automatic Actions - Monitoring Deviations
14 Service Dashboard Monitoring # Monitoring Software # CLI Command # Database Queries # Code # …
15 Logs and Scripts Monitoring Backbone LinkCustomer Connectivity
16 Proactive Monitoring SNMP SNMP AppSingle Device Check
17 Network Troubleshooting Troubleshooting Bug on Network Devices – Situation: Problem on 15k Network Devices, every ADSL Board provide services at 48 Customers ~ 700K Customers affected – Unable to Surf until Board Reset – Struggling with: Thousand of Customer Center call to report problem – Wanted: Decrease Recovery Time from 3h to 1h
18 Network Troubleshooting – First Step Enter Splunk: – Customer Care use automatic tools to check customer connectivity – Intercept the actions of automated tools – We decrease of 50% reporting
19 Splunk – Resolution Enter Splunk: – Find the Bug’s – Implement an automated system to find the bug – Splunk launches an automated script to reset the board Customer Care Calling Decrease of 100%
Thank You

Recommended

[Season - 3 Free OpManager Training] Monitoring Server Performance
[Season - 3 Free OpManager Training] Monitoring Server Performance[Season - 3 Free OpManager Training] Monitoring Server Performance
[Season - 3 Free OpManager Training] Monitoring Server PerformanceManageEngine, Zoho Corporation
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationManageEngine, Zoho Corporation
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...ManageEngine, Zoho Corporation
 
Season 3 [free OpManager training]_Part1- Discovery and classification
Season 3 [free OpManager training]_Part1- Discovery and classificationSeason 3 [free OpManager training]_Part1- Discovery and classification
Season 3 [free OpManager training]_Part1- Discovery and classificationManageEngine, Zoho Corporation
 
Network scanner
Network scannerNetwork scanner
Network scannerShrikrishna Parab
 
10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network Monitoring10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network MonitoringHelpSystems
 
Start using NetHoud with NetHound BOX
Start using NetHoud with NetHound BOXStart using NetHoud with NetHound BOX
Start using NetHoud with NetHound BOXpavelminarik
 
VPN vs. PROXY
VPN vs. PROXYVPN vs. PROXY
VPN vs. PROXYali25rad
 

Recommended

[Season - 3 Free OpManager Training] Monitoring Server Performance
[Season - 3 Free OpManager Training] Monitoring Server Performance[Season - 3 Free OpManager Training] Monitoring Server Performance
[Season - 3 Free OpManager Training] Monitoring Server PerformanceManageEngine, Zoho Corporation
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationManageEngine, Zoho Corporation
 
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...Understanding firewall-policies-their-effectiveness-in-defending-against-netw...
Understanding firewall-policies-their-effectiveness-in-defending-against-netw...ManageEngine, Zoho Corporation
 
Season 3 [free OpManager training]_Part1- Discovery and classification
Season 3 [free OpManager training]_Part1- Discovery and classificationSeason 3 [free OpManager training]_Part1- Discovery and classification
Season 3 [free OpManager training]_Part1- Discovery and classificationManageEngine, Zoho Corporation
 
Network scanner
Network scannerNetwork scanner
Network scannerShrikrishna Parab
 
10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network Monitoring10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network MonitoringHelpSystems
 
Start using NetHoud with NetHound BOX
Start using NetHoud with NetHound BOXStart using NetHoud with NetHound BOX
Start using NetHoud with NetHound BOXpavelminarik
 
VPN vs. PROXY
VPN vs. PROXYVPN vs. PROXY
VPN vs. PROXYali25rad
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Piyush Upadhyay
 
Namp
Namp Namp
Namp penetration Tester
 
Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Jubayer Al Mahmud
 
Ping
PingPing
PingNetProtocol Xpert
 
Dynamic Access List
Dynamic Access ListDynamic Access List
Dynamic Access ListNetProtocol Xpert
 
Wifi api android
Wifi api androidWifi api android
Wifi api androidTim ArtLaw
 
Android Wi-Fi Manager and Bluetooth Connection
Android Wi-Fi Manager and Bluetooth ConnectionAndroid Wi-Fi Manager and Bluetooth Connection
Android Wi-Fi Manager and Bluetooth ConnectionJussi Pohjolainen
 
DDoS (Synflood) Mitigation with SynBlock
DDoS (Synflood) Mitigation with SynBlockDDoS (Synflood) Mitigation with SynBlock
DDoS (Synflood) Mitigation with SynBlockFlorian Reith
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
CNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM ConsolesCNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM ConsolesSam Bowne
 
PRTG Network Monitor Presentation
PRTG Network Monitor PresentationPRTG Network Monitor Presentation
PRTG Network Monitor PresentationNafaâ TAYACHI
 
NetBeez - What is active network monitoring?
NetBeez - What is active network monitoring?NetBeez - What is active network monitoring?
NetBeez - What is active network monitoring?NetBeez, Inc.
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring BasicsRob Dunn
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkSecurity Session
 
Iuwne10 S04 L02
Iuwne10 S04 L02Iuwne10 S04 L02
Iuwne10 S04 L02Ravi Ranjan
 
6421 b Module-09
6421 b Module-096421 b Module-09
6421 b Module-09Bibekananada Jena
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 

More Related Content

What's hot

Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Piyush Upadhyay
 
Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Jubayer Al Mahmud
 
Wifi api android
Wifi api androidWifi api android
Wifi api androidTim ArtLaw
 
Android Wi-Fi Manager and Bluetooth Connection
Android Wi-Fi Manager and Bluetooth ConnectionAndroid Wi-Fi Manager and Bluetooth Connection
Android Wi-Fi Manager and Bluetooth ConnectionJussi Pohjolainen
 
DDoS (Synflood) Mitigation with SynBlock
DDoS (Synflood) Mitigation with SynBlockDDoS (Synflood) Mitigation with SynBlock
DDoS (Synflood) Mitigation with SynBlockFlorian Reith
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
CNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM ConsolesCNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM ConsolesSam Bowne
 
PRTG Network Monitor Presentation
PRTG Network Monitor PresentationPRTG Network Monitor Presentation
PRTG Network Monitor PresentationNafaâ TAYACHI
 
NetBeez - What is active network monitoring?
NetBeez - What is active network monitoring?NetBeez - What is active network monitoring?
NetBeez - What is active network monitoring?NetBeez, Inc.
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring BasicsRob Dunn
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkSecurity Session
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 

What's hot (20)

Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)Scanning networks (by piyush upadhyay)
Scanning networks (by piyush upadhyay)
 
Namp
Namp Namp
Namp
 
Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking) Operation of Ping - (Computer Networking)
Operation of Ping - (Computer Networking)
 
Ping
PingPing
Ping
 
Dynamic Access List
Dynamic Access ListDynamic Access List
Dynamic Access List
 
Wifi api android
Wifi api androidWifi api android
Wifi api android
 
Android Wi-Fi Manager and Bluetooth Connection
Android Wi-Fi Manager and Bluetooth ConnectionAndroid Wi-Fi Manager and Bluetooth Connection
Android Wi-Fi Manager and Bluetooth Connection
 
DDoS (Synflood) Mitigation with SynBlock
DDoS (Synflood) Mitigation with SynBlockDDoS (Synflood) Mitigation with SynBlock
DDoS (Synflood) Mitigation with SynBlock
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guide
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
CNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM ConsolesCNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM Consoles
 
PRTG Network Monitor Presentation
PRTG Network Monitor PresentationPRTG Network Monitor Presentation
PRTG Network Monitor Presentation
 
NetBeez - What is active network monitoring?
NetBeez - What is active network monitoring?NetBeez - What is active network monitoring?
NetBeez - What is active network monitoring?
 
Network Monitoring Basics
Network Monitoring BasicsNetwork Monitoring Basics
Network Monitoring Basics
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel Minařík
 
Iuwne10 S04 L02
Iuwne10 S04 L02Iuwne10 S04 L02
Iuwne10 S04 L02
 
6421 b Module-09
6421 b Module-096421 b Module-09
6421 b Module-09
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Security
 

Similar to SplunkLive! Milan 2015 - Fastweb

Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewbrouer
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInformation Technology
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 
Seqüestro de dados na Internet
Seqüestro de dados na InternetSeqüestro de dados na Internet
Seqüestro de dados na InternetJoão S Magalhães
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)rinnocente
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerManageEngine
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applicationsUltraUploader
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunk
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightManageEngine, Zoho Corporation
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightManageEngine, Zoho Corporation
 
LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]
LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]
LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]FrancescoCassini
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaHai Nguyen
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014Raleigh ISSA
 

Similar to SplunkLive! Milan 2015 - Fastweb (20)

Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache),
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache),
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of view
 
Internet Traffic Monitoring and Analysis
Internet Traffic Monitoring and AnalysisInternet Traffic Monitoring and Analysis
Internet Traffic Monitoring and Analysis
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
Seqüestro de dados na Internet
Seqüestro de dados na InternetSeqüestro de dados na Internet
Seqüestro de dados na Internet
 
Under DDoS Attack?
Under DDoS Attack? Under DDoS Attack?
Under DDoS Attack?
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManager
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
 
From Data Push to WebSockets
From Data Push to WebSocketsFrom Data Push to WebSockets
From Data Push to WebSockets
 
Imsi filtering exa24160
Imsi filtering exa24160Imsi filtering exa24160
Imsi filtering exa24160
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings right
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings right
 
LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]
LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]
LoRa Flue smoke gas monitoring network [2019 - cassini.ginesi.leaschiera]
 
Chapter - 1 Introduction to networking (3).ppt
Chapter - 1 Introduction to networking (3).pptChapter - 1 Introduction to networking (3).ppt
Chapter - 1 Introduction to networking (3).ppt
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
 
A10 issa d do s 5-2014
A10 issa d do s 5-2014A10 issa d do s 5-2014
A10 issa d do s 5-2014
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

SplunkLive! Milan 2015 - Fastweb

  • 1. Copyright © 2014 Splunk Inc. Alessandro Bono Vincenzo Vignera Splunk at Fastweb
  • 2. 2 Splunk at Fastweb Alessandro Bono Network Operations Control Coordinator Vincenzo Vignera Network Operations Control Professional
  • 3. 3 Fastweb Overview Today FASTWEB is the Italian leader in Ultra Broadband ~300K ~200K ~310K FTTH Customers ~400K FTTC Customers With 500k customers connected at speed up to 100 Mbps, FASTWEB has a 70% share of the UBB market of which FASTWEB of which FASTWEB ~710K UBB ~500K (~70%) of which FASTWEB
  • 4. 4 Background and RolesBusinessProcess Improvement Operational Planning Technology Division - Network Operations DataCenters Operation NOC Service Platforms Backbone Alessandro Bono In Fastweb since 2006 Backbone - Network Access Operations Vincenzo Vignera In Fastweb since 2001 Support Platforms - Monitoring Platforms
  • 5. 5 Backbone Backbone Access Network 15k FTTC Devices 6k ADSL Devices 1k FTTH Devices 2k Core Network Device 24k Access Equipment
  • 6. 6 Service Platforms Monitoring Platforms OSS Platforms VAS & Mobile Data Platforms ~3,1 Mln Mailbox 815K – MVNO USIM ~200k q/sec DNS 1,1 Mln ACS Devices 2 Mln UsersPayPerUse 4k Server Monitored with Agents 200k Network Devices 4,5 Mln KPI Collected
  • 7. 7 Splunk at Fastweb Indexers HeavyForwarders SearchHead Release 1 - 2014 Milano Roma Genova Torino Padova IndexersHeavyForwardersSearchHead Universal Forwarders Release 2 - April 2015 200 GB/day ?
  • 8. 8 Reporting Delivered Services Standard Reporting of Delivered Services – Situation: Service Platforms Platforms Team and Backbone team consume a lot of time in Reporting Delivered Services – Struggling with: Dozens of Platforms for Reporting different KPI – Wanted: A centralized view for Reporting periodically Delivered Services
  • 9. 9 Reporting Delivered Services # Monitoring Software # CLI Command # Database Queries # Code # … : Before : After Enter Splunk: Splunk Enterprise enables Reporting for different services with the same Output
  • 10. 10 Analyze Bypass SPAMMER Filters – Situation: Realtime logs Analyzing of Transactions that was sent by 1 IP Address and satisfy two of the following conditions: • 2 or More Recipissssent • At least 20 Mail ("QUEUE From" with different ID in 5 minutes) • At least 2 Different From • At least 1 E-mail known as spam (SPAM-BLOCKED). - Next starting from «Auth» used Mailbox with drill-down report mail sent, % of «Subject» as SPAM - Top Spammer by Source IP (latest 15m) - Internet forwarding Check vs Fastwebnet Domain (Reporting Mailbox with more than 1 forward vs Faswtebnet, External Database Lookup to retrieve Customer Account) SPAM Finder: Analyzing Problems
  • 11. 11 index="msr" sourcetype="c*_smtp" (transaction_type=QUEUE OR transaction_type=SPAM-BLOCKED) |stats first(_time) AS time, values(transaction_type) AS type, values(Recipient) AS Recipients, dc(Recipient) AS nb_recipients, values(Relay) AS Relay, values(Auth) AS Auth, values(From) AS From by transaction_id |search Auth=* |eval more_than_2_recipients=IF(nb_recipients>=2,1,0) |eval spam_blocked=IF(type="SPAM-BLOCKED",1,0) |stats first(time) AS first_time, dc(transaction_id) AS nb_mails, values(From) as Froms, dc(From) AS nb_froms, sum(more_than_2_recipients) AS nb_more_than_2_recipients, sum(spam_blocked) AS nb_spam_blocked BY Relay, Auth |eval more_than_2_recipients=IF(nb_more_than_2_recipients>0,1,0) |eval spam_blocked=IF(nb_spam_blocked>0,1,0) |eval more_than_20_mails=IF(nb_mails>=20,1,0) |eval more_than_2_froms=IF(nb_froms>=2,1,0) |eval possible_spam=more_than_2_recipients+more_than_20_mails+more_than_2_froms+spam_blocked |where possible_spam>=2 |eval first_sent_at=strftime(first_time, "%H:%M:%S") | eval possible_spam="yes" |table first_sent_at Relay Auth Froms more_than_2_recipients more_than_20_mails more_than_2_froms spam_blocked possible_spam |sort - first_sent_at SPAM Finder: Analyzing Problems
  • 12. 12 Storming Detections Detect Storming Network Devices – Situation: Network Devices can logs thousand of syslog messages every seconds caused by interface problems – Wanted: Network Devices Dashboard to analyzing trends
  • 13. 13 Storming Detections - Enter Splunk: - Analyzing Trends supporterd by Dashboard - Automatic Actions - Monitoring Deviations
  • 14. 14 Service Dashboard Monitoring # Monitoring Software # CLI Command # Database Queries # Code # …
  • 15. 15 Logs and Scripts Monitoring Backbone LinkCustomer Connectivity
  • 17. 17 Network Troubleshooting Troubleshooting Bug on Network Devices – Situation: Problem on 15k Network Devices, every ADSL Board provide services at 48 Customers ~ 700K Customers affected – Unable to Surf until Board Reset – Struggling with: Thousand of Customer Center call to report problem – Wanted: Decrease Recovery Time from 3h to 1h
  • 18. 18 Network Troubleshooting – First Step Enter Splunk: – Customer Care use automatic tools to check customer connectivity – Intercept the actions of automated tools – We decrease of 50% reporting
  • 19. 19 Splunk – Resolution Enter Splunk: – Find the Bug’s – Implement an automated system to find the bug – Splunk launches an automated script to reset the board Customer Care Calling Decrease of 100%