DOWJONES
Michael Allem
Manager - DevOps Tools/Monitoring

splunk>live!
About Us
A world-class publisher of news and business information.
•
•

We are newspapers, newswires, websites, apps, news...
Challenges
We used an agent-based proprietary log monitoring
solution that was . . .
•
•
•
•
•
•
•

Unreliable
Difficult t...
Requirements
•
•
•
•
•
•
•
•

Identify problems quickly
Monitor logs in real-time
Handle non-standard file behaviors and f...
Initial Success Measurements
Reduced Mean Time To Resolve (MTTR)
Primary Metrics for all of Operations and the reason we i...
Why We Chose Splunk
It addressed all our requirements and pain points, and provided a way
for internal and external groups...
Our Deployment
Total Prod Indexers: 30
Total Forwarders: @10,000
Daily Log Volume: 150GB/day

Indexer Deployment &
Search ...
Internal Splunk Customers
Infrastructure and Operations
•
•

Custom dashboards for number of alerts by server, source, pro...
9
Adoption Progression
Additional uses for Splunk are actively pursued.

Business leadership sees opportunity & expresses in...
Roadmap Items
•
•
•
•
•
•
•
•

Promote wider adoption of Splunk
Continuous education via internal workshops & training
Pro...
Thank You
Upcoming SlideShare
Loading in...5
×

SplunkLive! Customer Presentation - Dow Jones

883

Published on

Published in: Technology

SplunkLive! Customer Presentation - Dow Jones

  1. 1. DOWJONES Michael Allem Manager - DevOps Tools/Monitoring splunk>live!
  2. 2. About Us A world-class publisher of news and business information. • • We are newspapers, newswires, websites, apps, newsletters, magazines, proprietary databases, conferences and more. Our premier brands include The Wall Street Journal, Dow Jones Newswires, Factiva, Barron's, MarketWatch, and All Things D. 2
  3. 3. Challenges We used an agent-based proprietary log monitoring solution that was . . . • • • • • • • Unreliable Difficult to update & upgrade Inflexible (very limited filtering options) Expensive Vendor lock-in Provided limited visibility into data Unable to handle ever-increasing load from applications 3
  4. 4. Requirements • • • • • • • • Identify problems quickly Monitor logs in real-time Handle non-standard file behaviors and formats Accommodate multiple inputs (e.g. SNMP trap, syslog) Integrate alarms into centralized alert console Provide longer retention Keep pace with new business initiatives Reduce cost 4
  5. 5. Initial Success Measurements Reduced Mean Time To Resolve (MTTR) Primary Metrics for all of Operations and the reason we invest in Instrumentation – reduce the length of service impacting events by knowing about them as early as possible Increased % of Incident Detection We want to know about service impacting events before the user does 5
  6. 6. Why We Chose Splunk It addressed all our requirements and pain points, and provided a way for internal and external groups to view their data. • • • • • • • Easy to spin up Reliable & easily scalable Easy to upgrade Handles massive data volume Flexible filtering options Offers deep visibility Problems are easily identified 6
  7. 7. Our Deployment Total Prod Indexers: 30 Total Forwarders: @10,000 Daily Log Volume: 150GB/day Indexer Deployment & Search Head Forwarders @2000 Forwarders @5000 Agent Deployment Head 7 Forwarders @3000
  8. 8. Internal Splunk Customers Infrastructure and Operations • • Custom dashboards for number of alerts by server, source, product, business, etc. Multiple Splunk apps used (e.g. Exchange, AWS, VMWare, etc.) Development • Create their own custom dashboard tracking application anomalies and patterns Security • Threat identification – FireEye app Network • Network performance and utilization – Multiple Cisco apps Business • Customer insight – in-house WSJ.com Realtime app and globe 8
  9. 9. 9
  10. 10. Adoption Progression Additional uses for Splunk are actively pursued. Business leadership sees opportunity & expresses interest. Outside groups recognize value beyond original purpose Adoption quickly spreads through initial user community > > > Initial implementation < < < 10
  11. 11. Roadmap Items • • • • • • • • Promote wider adoption of Splunk Continuous education via internal workshops & training Promote application logging standards Enhance lifecycle & administration Expand into AWS and use configuration automation where possible Further centralize application logs Show value of apps and plug-ins Leverage newly available features/capabilities of Splunk6, Splunk Storm, and Splunk Cloud 11
  12. 12. Thank You

×