• Save
SplunkLive! Analytics with Splunk Enterprise - Part 1
 

Like this? Share it with your network

Share

SplunkLive! Analytics with Splunk Enterprise - Part 1

on

  • 802 views

 

Statistics

Views

Total Views
802
Views on SlideShare
802
Embed Views
0

Actions

Likes
3
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • What is Data Model, and why do I care?Building a Data ModelManagement, Acceleration, and BeyondThe Future!Q&A
  • Splunk 6 takes large-scalemachine data analytics to the next level by introducing three breakthrough innovations:Pivot – opens up the power of Splunk search to non-technical users with an easy-to-use drag and drop interface to explore, manipulate and visualize data Data Model – defines meaningful relationships in underlying machine data and making the data more useful to broader base of non-technical usersAnalytics Store – patent pending technology that accelerates data models by delivering extremely high performance data retrieval for analytical operations, up to 1000x faster than Splunk 5Let’s dig into each of these new features in more detail.
  • How does theAnalytics Store, Data Model and Pivot benefit users across the enterprise?Lets start with the IT Professional – this includes the Splunk Administrator or an advanced Splunk user that is familiar with SPL.Using Splunk 6 they can:Create data modelsShare data models with other users – delivering a consistent view of the dataAccelerate data models using the Analytics StoreCreate reports using Pivot (although being power users, they may prefer using SPL directly!)Next we have the enterprise developer.Using Splunk 6 they can:Leverage data models built by IT, making searches more portable (using common Data Models ensures predictability of results)Leverage the Pivot interface in custom enterprise appsFinally, there are additional users that can now benefit – for example, the business or data analyst. Using Splunk 6 they can:Create reports, dashboards, charts and other visualizations using the Pivot interface and based on data models that provide an abstracted view of the raw data. Splunk 6 is not meant to replace existing BI and Business Analytics tools, but it does provide new visibility, insights and intelligence from operational data that can be used by business analysts to augment these tools. Data from Splunk software can also be leveraged directly using the Splunk API and SDKs and integrated into existing business analytics tools. For example, the recently announced Pentaho Business Analytics for Splunk® Enterprise (http://apps.splunk.com/app/1554), enables business users to utilize Pentaho to rapidly visualize and gain additional insights from Splunk’s machine data platform using existing in-house skills.
  • What are the important “things” in your data?E.g. WebIntelligence might haveHTTPAccessHTTPSuccessUser SessionHow are they related?There’s more than one “right” way to define your objects
  • Constraints filter down to a set of a dataAttributes are the fields and knowledge associated with the objectBoth are inherited!
  • A child object is a type of its parent object: e.g. An HTTP_Success object is a type of HTTP_AccessAdding a child object is essentially a way of adding a filter on the parentsA parent-child relationship makes it easy to do queries like “What percentage of my HTTP_Access events are HTTP_Success events?”

SplunkLive! Analytics with Splunk Enterprise - Part 1 Presentation Transcript

  • 1. Copyright © 2013 Splunk Inc. Analytics with Splunk Enterprise – Part 1
  • 2. Legal Notices During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. ©2013 Splunk Inc. All rights reserved.
  • 3. Agenda • Context • Overview • Examples • Q&A
  • 4. Context
  • 5. Search is hard.
  • 6. Sorkin?
  • 7. Analytics Big Picture Pivot Build complex reports without the search language Data Model Provides more meaningful representation of underlying raw machine data Analytics Store Acceleration technology delivers up to 1000x faster analytics over Splunk 5 8
  • 8. Operational Intelligence Across the Enterprise [10/11/12 18:57:04 000000b0 UTC] Raw Data IT professional Create and share data models Accelerate data models and custom searches with the analytics store Create reports with pivot Analytics Store Developer Leverage data models to abstract data Leverage pivot in custom apps Data Model Pivot Analyst Create reports using pivot based on data models created by IT
  • 9. Pivot is a query builder.
  • 10. Data Models 101
  • 11. What is a Data Model? A data model is a search-time mapping of data onto a hierarchical structure • Encapsulate the knowledge needed to build a search • Pivot reports are build on top of data models • Data-independent Screenshot here
  • 12. search and filter | munge | report | clean-up sourcetype=access_combined source = "/home/ssorkin/banner_access.log.2013.6.gz" | eval unique=(uid + useragent) | stats dc(unique) by os_name | rename dc(unique) as "Unique Visitors" os_name as "Operating System"
  • 13. A Data Model Is a Collection of Objects Screenshot here
  • 14. Objects Have Constraints and Attributes Screenshot here
  • 15. Child Objects Inherit Constraints and Attributes Screenshot here
  • 16. Child Objects Inherit Constraints and Attributes
  • 17. Source Data set Source Source
  • 18. Success Sourcetype Failure Warning
  • 19. Source Business division Source Data set Source Business division Source
  • 20. Technology 1 Common model Technology 2 Technology 3
  • 21. Thank You