SlideShare a Scribd company logo

Deploying Splunk on OpenShift – Part2 : Getting Data In

E
Eric Gardner

Description: In our last session we deployed Splunk on OpenShift. Now we will be deploying the Splunk Connect for Kubernetes and exploring ways to monitor the health of Kubernetes and how to get other data into Splunk Enterprise running on OpenShift.

Technology
1 of 16
Download to read offline
© 2 0 2 1 S P L U N K I N C . Deploying Splunk on OpenShift – Part2 : Getting Data In Eric Gardner (Splunk) – Sr. Solutions Engineer Matthew Bach (RedHat) – Sr. Specialist Solutions Architect Public Sector - DoD
During the course of this presentation, we may make forward-looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2021 SPLUNK Inc. All rights reserved. Forward- Looking Statements © 2 0 2 1 S P L U N K I N C .
© 2 0 2 1 S P L U N K I N C . #whoami Eric Gardner ericg@splunk.com • 20+ years in IT (ITOPS focus) • Worked with DoD/INTEL since leaving the Army in 1999. • Spend my time traveling and usually planning travel when not actually doing it. Lately spending lots of time fighting bamboo. • Based out of Bridgton, ME (that’s about 1 hour north-west of Portland and Stephen King’s stomping grounds)
© 2 0 2 1 S P L U N K I N C . Matthew Bach: mbach@redhat.com uid=1000(mbach) gid=1000(mbach) groups=1000(mbach),10(wheel) #whoami ● Information Systems Technician in the US Navy from 2004 - 2017 ● Have been a Red Hatter ever since ~4.5 years ● RH OpenShift & Ansible Specialist ● Cover DoD customers (SOF, Missile Defense, 4th Estate) ● Based in VA Beach, VA ● Spend my time raising kids, tinkering with tech, video games, and mountain biking
© 2 0 2 1 S P L U N K I N C . Previously … •Deployed Splunk Enterprise (Core) in OpenShift using the Splunk Operator for Kubernetes
© 2 0 2 1 S P L U N K I N C . Splunk Connect for Kubernetes Splunk Connect for Kubernetes provides a way to import and search your Kubernetes logging, object, and metrics data in your Splunk platform deployment. Splunk Connect for Kubernetes supports importing and searching your container logs on the following technologies: § Amazon Web Services (AWS) Elastic Container Service (ECS) and AWS Fargate, using Firelens. § Amazon Elastic Kubernetes Service (Amazon EKS) § Azure Kubernetes Service (AKS) § Google Kubernetes Engine (GKE) § RedHat OpenShift Splunk Inc. is a proud contributor to the Cloud Native Computing Foundation (CNCF). Splunk Connect for Kubernetes utilizes and supports multiple CNCF components in the development of these tools to get data into Splunk. https://github.com/splunk/splunk-connect-for-kubernetes
© 2 0 2 1 S P L U N K I N C . Prerequisites • Splunk Enterprise 7.0 or later • A HEC token. See the following topics for more information: • http://docs.splunk.com/Documentation/Splunk/8.2.2/Data/UsetheHTTPEventCollector • http://docs.splunk.com/Documentation/Splunk/8.2.2/Data/ScaleHTTPEventCollector • You should be familiar with your Kubernetes configuration and know where your log information is collected in your Kubernetes deployment. • Administrator access to your Kubernetes cluster. • To install using Helm (best practice), verify you are running Helm in your Kubernetes configuration. See https://github.com/kubernetes/helm for more information. • A minimum of two Splunk platform indexes ready to collect the log data. One for both logs and Kubernetes objects, and one for metrics. You can also create separate indexes for logs and objects, but you will need three Splunk platform indexes.
© 2 0 2 1 S P L U N K I N C . Before we begin ü HEC Token has already been installed ü Three indexes created (minimum of two): ü em_metrics (metrics) ü em_meta (objects) ü em_events (logs) ü Helm is installed ü Helm repo added ü helm repo add splunk https://splunk.github.io/splunk-connect-for-kubernetes/ ü Installed Splunk App for Infrastructure ü Installed IT Essentials Work (SAI will be going away in 2022)
© 2 0 2 1 S P L U N K I N C . Let’s talk about SAI There’s more than one way to skin a cat … • SAI is going away, and its functionality will be rolled into IT Essentials Work • The OpenShift Configuration script installs an old version of Splunk Connect for Kubernetes (SCK) – version 1.3.0 • Today we are going to walk through that script to understand what it does and how you can hack it for the latest version (Just be aware today doing this works but the next version may require more effort) • Key Take-Aways: v You can break-down exactly what this script does and do it for yourself manually v You should know your environment well enough to override default settings with values that are appropriate for your environment v Some of the things you’re being shown today are probably not best practice when it comes to OpenShift, but for lab/demo purposes it’s OK. Just be sure to “DO THE RIGHT THING IN PRODUCTION”.
© 2 0 2 1 S P L U N K I N C . Configure & Manually deploy the manifests https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift SAI – Add Data > Configure Integrations > OpenShift 1. Prepare for deployment a. Select Download Config Only – since we are manually deploying the manifests 2. Specify Configuration Options a. Customize Objects – for the demo we are selecting all b. Monitoring Machine = indexer service (e.g. splunk-cl01-indexer-service.splunk.svc.cluster.local) c. HEC Token (will be the token you already deployed) d. HEC Port (recommended 8088) e. Cluster Name (unique name that makes sense (e.g. cluster-5752) f. Openshift Project Name (e.g. splunk-connect, sc4k, etc)
© 2 0 2 1 S P L U N K I N C . Configure & Manually deploy the manifests https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift 3. Configure OpenShift Options a. Enable Insecure SSL b. Journald Path = /var/log/journal 4. Index Options a. Metrics index = em_metrics b. Log index = em_events c. Metadata index = em_meta 5. Copy the script & Modify the command line script a. Copy the script to a text editor and replace “1.3.0” with “1.4.9” b. Run the script then follow the steps for Manually deploying the manifests for OpenShift
© 2 0 2 1 S P L U N K I N C . Configure & Manually deploy the manifests https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift What just happened? That command sets up environment variables to be used in ”values.yaml” file that is applied to the helm charts downloaded from the SCK repository. The “deploy_sck_openshift.sh” script contains the command that modifies the charts. The modified charts can be found under a directory named “rendered-charts” in the same directory from where the command was run. The script has a bug where it doesn’t correctly change a block of “yaml” code in this file: ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk-kubernetes- logging/templates/daemonset.yaml Edit the “securityContext” section to look like this: securityContext: runAsUser: 0 privileged: true
© 2 0 2 1 S P L U N K I N C . OpenShift Specific Things … 1. Create new project called “splunk-connect” 1. oc new-project splunk-connect 2. Create service accounts for logging,objects, & metrics and configure initial permissions: 1. oc create sa splunk-kubernetes-logging 2. oc adm policy add-scc-to-user privileged ”system:serviceaccount:splunk-connect:splunk- kubernetes-logging” 3. oc create sa splunk-kubernetes-objects 4. oc adm policy add-scc-to-user privileged ”system:serviceaccount:splunk-connect:splunk- kubernetes-objects” 5. oc create sa splunk-kubernetes-metrics 6. oc adm policy add-scc-to-user privileged ”system:serviceaccount:splunk-connect:splunk-kubernetes- metrics” https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift
© 2 0 2 1 S P L U N K I N C . Finally Deploy the Helm Charts 1. oc apply -f ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk- kubernetes-metrics/templates/ 2. oc apply -f ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk- kubernetes-logging/templates/ 3. oc apply -f ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk- kubernetes-objects/templates/oc new-project splunk-connect https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift
© 2 0 2 1 S P L U N K I N C . Let’s talk … It will take a few minutes for entities to show up in SAI or IT Essentials Work What are your thoughts on Splunk on OpenShift? What are your thoughts on OpenShift as a Kubernetes platform? The waiting is the hardest part – Tom Petty
© 2 0 2 1 S P L U N K I N C . Questions?

Recommended

Deploying Splunk on OpenShift
Deploying Splunk on OpenShiftDeploying Splunk on OpenShift
Deploying Splunk on OpenShiftEric Gardner
 
Ug soar 22sep21
Ug soar 22sep21Ug soar 22sep21
Ug soar 22sep21Eric Gardner
 
Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly -Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly -Giulio Vian
 
Nike tech-talk-intro-to-apache-ignite
Nike tech-talk-intro-to-apache-igniteNike tech-talk-intro-to-apache-ignite
Nike tech-talk-intro-to-apache-igniteDani Traphagen
 
Apache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS SecurityApache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS SecurityDatabricks
 
Best Practices for Using Alluxio with Apache Spark with Gene Pang
Best Practices for Using Alluxio with Apache Spark with Gene PangBest Practices for Using Alluxio with Apache Spark with Gene Pang
Best Practices for Using Alluxio with Apache Spark with Gene PangSpark Summit
 
20180417 hivemall meetup#4
20180417 hivemall meetup#420180417 hivemall meetup#4
20180417 hivemall meetup#4Takeshi Yamamuro
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache AccumuloSqrrl
 

Recommended

Deploying Splunk on OpenShift
Deploying Splunk on OpenShiftDeploying Splunk on OpenShift
Deploying Splunk on OpenShiftEric Gardner
 
Ug soar 22sep21
Ug soar 22sep21Ug soar 22sep21
Ug soar 22sep21Eric Gardner
 
Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly -Terraform for azure: the good, the bad and the ugly -
Terraform for azure: the good, the bad and the ugly -Giulio Vian
 
Nike tech-talk-intro-to-apache-ignite
Nike tech-talk-intro-to-apache-igniteNike tech-talk-intro-to-apache-ignite
Nike tech-talk-intro-to-apache-igniteDani Traphagen
 
Apache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS SecurityApache Spark on K8s and HDFS Security
Apache Spark on K8s and HDFS SecurityDatabricks
 
Best Practices for Using Alluxio with Apache Spark with Gene Pang
Best Practices for Using Alluxio with Apache Spark with Gene PangBest Practices for Using Alluxio with Apache Spark with Gene Pang
Best Practices for Using Alluxio with Apache Spark with Gene PangSpark Summit
 
20180417 hivemall meetup#4
20180417 hivemall meetup#420180417 hivemall meetup#4
20180417 hivemall meetup#4Takeshi Yamamuro
 
Performance Models for Apache Accumulo
Performance Models for Apache AccumuloPerformance Models for Apache Accumulo
Performance Models for Apache AccumuloSqrrl
 
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...Databricks
 
How to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemHow to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemInfluxData
 
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...Spark Summit
 
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...Databricks
 
Apache Spark Operations
Apache Spark OperationsApache Spark Operations
Apache Spark OperationsCloudera, Inc.
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practicesJilali HARITI
 
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021StreamNative
 
OpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
OpenStack at NTT Resonant: Lessons Learned in Web InfrastructureOpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
OpenStack at NTT Resonant: Lessons Learned in Web InfrastructureTomoya Hashimoto
 
Continuous Machine and Deep Learning with Apache Ignite
Continuous Machine and Deep Learning with Apache IgniteContinuous Machine and Deep Learning with Apache Ignite
Continuous Machine and Deep Learning with Apache IgniteDenis Magda
 
5 Apache Spark Tips in 5 Minutes
5 Apache Spark Tips in 5 Minutes5 Apache Spark Tips in 5 Minutes
5 Apache Spark Tips in 5 MinutesCloudera, Inc.
 
Spring Data and In-Memory Data Management in Action
Spring Data and In-Memory Data Management in ActionSpring Data and In-Memory Data Management in Action
Spring Data and In-Memory Data Management in ActionJohn Blum
 
Apache ignite v1.3
Apache ignite v1.3Apache ignite v1.3
Apache ignite v1.3Klearchos Klearchou
 
Using Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
Using Apache Spark in the Cloud—A Devops Perspective with Telmo OliveiraUsing Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
Using Apache Spark in the Cloud—A Devops Perspective with Telmo OliveiraSpark Summit
 
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimHDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimDatabricks
 
Spark Summit EU talk by William Benton
Spark Summit EU talk by William BentonSpark Summit EU talk by William Benton
Spark Summit EU talk by William BentonSpark Summit
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
 
Simplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
Simplify and Boost Spark 3 Deployments with Hypervisor-Native KubernetesSimplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
Simplify and Boost Spark 3 Deployments with Hypervisor-Native KubernetesDatabricks
 
Loading data into Apache Ignite
Loading data into Apache IgniteLoading data into Apache Ignite
Loading data into Apache IgniteStephen Darlington
 
Spark Pipelines in the Cloud with Alluxio with Gene Pang
Spark Pipelines in the Cloud with Alluxio with Gene PangSpark Pipelines in the Cloud with Alluxio with Gene Pang
Spark Pipelines in the Cloud with Alluxio with Gene PangSpark Summit
 
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...DataWorks Summit
 
Getting Started with Apache Spark on Kubernetes
Getting Started with Apache Spark on KubernetesGetting Started with Apache Spark on Kubernetes
Getting Started with Apache Spark on KubernetesDatabricks
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunk
 

More Related Content

What's hot

Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...Databricks
 
How to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemHow to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemInfluxData
 
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...Spark Summit
 
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...Databricks
 
Apache Spark Operations
Apache Spark OperationsApache Spark Operations
Apache Spark OperationsCloudera, Inc.
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practicesJilali HARITI
 
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021StreamNative
 
OpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
OpenStack at NTT Resonant: Lessons Learned in Web InfrastructureOpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
OpenStack at NTT Resonant: Lessons Learned in Web InfrastructureTomoya Hashimoto
 
Continuous Machine and Deep Learning with Apache Ignite
Continuous Machine and Deep Learning with Apache IgniteContinuous Machine and Deep Learning with Apache Ignite
Continuous Machine and Deep Learning with Apache IgniteDenis Magda
 
5 Apache Spark Tips in 5 Minutes
5 Apache Spark Tips in 5 Minutes5 Apache Spark Tips in 5 Minutes
5 Apache Spark Tips in 5 MinutesCloudera, Inc.
 
Spring Data and In-Memory Data Management in Action
Spring Data and In-Memory Data Management in ActionSpring Data and In-Memory Data Management in Action
Spring Data and In-Memory Data Management in ActionJohn Blum
 
Using Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
Using Apache Spark in the Cloud—A Devops Perspective with Telmo OliveiraUsing Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
Using Apache Spark in the Cloud—A Devops Perspective with Telmo OliveiraSpark Summit
 
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimHDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimDatabricks
 
Spark Summit EU talk by William Benton
Spark Summit EU talk by William BentonSpark Summit EU talk by William Benton
Spark Summit EU talk by William BentonSpark Summit
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
 
Simplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
Simplify and Boost Spark 3 Deployments with Hypervisor-Native KubernetesSimplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
Simplify and Boost Spark 3 Deployments with Hypervisor-Native KubernetesDatabricks
 
Loading data into Apache Ignite
Loading data into Apache IgniteLoading data into Apache Ignite
Loading data into Apache IgniteStephen Darlington
 
Spark Pipelines in the Cloud with Alluxio with Gene Pang
Spark Pipelines in the Cloud with Alluxio with Gene PangSpark Pipelines in the Cloud with Alluxio with Gene Pang
Spark Pipelines in the Cloud with Alluxio with Gene PangSpark Summit
 
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...DataWorks Summit
 

What's hot (20)

Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
Deep Learning to Big Data Analytics on Apache Spark Using BigDL with Xianyan ...
 
How to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemHow to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin Ecosystem
 
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
How to Share State Across Multiple Apache Spark Jobs using Apache Ignite with...
 
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
Accelerating Inference in the Data Center with Malini Bhandaru and Karol Zale...
 
Apache Spark Operations
Apache Spark OperationsApache Spark Operations
Apache Spark Operations
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practices
 
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
Real-Time Machine Learning with Pulsar Functions - Pulsar Summit NA 2021
 
OpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
OpenStack at NTT Resonant: Lessons Learned in Web InfrastructureOpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
OpenStack at NTT Resonant: Lessons Learned in Web Infrastructure
 
Continuous Machine and Deep Learning with Apache Ignite
Continuous Machine and Deep Learning with Apache IgniteContinuous Machine and Deep Learning with Apache Ignite
Continuous Machine and Deep Learning with Apache Ignite
 
5 Apache Spark Tips in 5 Minutes
5 Apache Spark Tips in 5 Minutes5 Apache Spark Tips in 5 Minutes
5 Apache Spark Tips in 5 Minutes
 
Spring Data and In-Memory Data Management in Action
Spring Data and In-Memory Data Management in ActionSpring Data and In-Memory Data Management in Action
Spring Data and In-Memory Data Management in Action
 
Apache ignite v1.3
Apache ignite v1.3Apache ignite v1.3
Apache ignite v1.3
 
Using Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
Using Apache Spark in the Cloud—A Devops Perspective with Telmo OliveiraUsing Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
Using Apache Spark in the Cloud—A Devops Perspective with Telmo Oliveira
 
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon KimHDFS on Kubernetes—Lessons Learned with Kimoon Kim
HDFS on Kubernetes—Lessons Learned with Kimoon Kim
 
Spark Summit EU talk by William Benton
Spark Summit EU talk by William BentonSpark Summit EU talk by William Benton
Spark Summit EU talk by William Benton
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search Optimization
 
Simplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
Simplify and Boost Spark 3 Deployments with Hypervisor-Native KubernetesSimplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
Simplify and Boost Spark 3 Deployments with Hypervisor-Native Kubernetes
 
Loading data into Apache Ignite
Loading data into Apache IgniteLoading data into Apache Ignite
Loading data into Apache Ignite
 
Spark Pipelines in the Cloud with Alluxio with Gene Pang
Spark Pipelines in the Cloud with Alluxio with Gene PangSpark Pipelines in the Cloud with Alluxio with Gene Pang
Spark Pipelines in the Cloud with Alluxio with Gene Pang
 
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
Future Architecture of Streaming Analytics: Capitalizing on the Analytics of ...
 

Similar to Deploying Splunk on OpenShift – Part2 : Getting Data In

Getting Started with Apache Spark on Kubernetes
Getting Started with Apache Spark on KubernetesGetting Started with Apache Spark on Kubernetes
Getting Started with Apache Spark on KubernetesDatabricks
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunk
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneySplunk
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfUlf Thornander
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Mohamad Hassan
 
A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3Glenn Block
 
Using Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkUsing Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkDocker, Inc.
 
Iteratively introducing Puppet technologies in the brownfield; Jeffrey Miller
Iteratively introducing Puppet technologies in the brownfield; Jeffrey MillerIteratively introducing Puppet technologies in the brownfield; Jeffrey Miller
Iteratively introducing Puppet technologies in the brownfield; Jeffrey MillerPuppet
 
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and PitfallsRunning Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and PitfallsDatabricks
 
Reliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesReliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesDatabricks
 
HTTP Event Collector, Simplified Developer Logging
HTTP Event Collector, Simplified Developer LoggingHTTP Event Collector, Simplified Developer Logging
HTTP Event Collector, Simplified Developer LoggingGlenn Block
 
SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer SessionSplunk
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Splunk
 
Liberate your Application Logging
Liberate your Application LoggingLiberate your Application Logging
Liberate your Application LoggingGlenn Block
 
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...Lightbend
 
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...Pierre GRANDIN
 
Azure Data Factory v2
Azure Data Factory v2Azure Data Factory v2
Azure Data Factory v2inovex GmbH
 
Montreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUpMontreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUpStacy Véronneau
 

Similar to Deploying Splunk on OpenShift – Part2 : Getting Data In (20)

Getting Started with Apache Spark on Kubernetes
Getting Started with Apache Spark on KubernetesGetting Started with Apache Spark on Kubernetes
Getting Started with Apache Spark on Kubernetes
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydney
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017
 
A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3
 
HPC on OpenStack
HPC on OpenStackHPC on OpenStack
HPC on OpenStack
 
Using Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkUsing Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at Splunk
 
Iteratively introducing Puppet technologies in the brownfield; Jeffrey Miller
Iteratively introducing Puppet technologies in the brownfield; Jeffrey MillerIteratively introducing Puppet technologies in the brownfield; Jeffrey Miller
Iteratively introducing Puppet technologies in the brownfield; Jeffrey Miller
 
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and PitfallsRunning Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
 
Reliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on KubernetesReliable Performance at Scale with Apache Spark on Kubernetes
Reliable Performance at Scale with Apache Spark on Kubernetes
 
HTTP Event Collector, Simplified Developer Logging
HTTP Event Collector, Simplified Developer LoggingHTTP Event Collector, Simplified Developer Logging
HTTP Event Collector, Simplified Developer Logging
 
SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer Session
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
 
Liberate your Application Logging
Liberate your Application LoggingLiberate your Application Logging
Liberate your Application Logging
 
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
 
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
 
Azure Data Factory v2
Azure Data Factory v2Azure Data Factory v2
Azure Data Factory v2
 
Montreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUpMontreal OpenStack Q3-2017 MeetUp
Montreal OpenStack Q3-2017 MeetUp
 
NaliniProfile
NaliniProfileNaliniProfile
NaliniProfile
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Deploying Splunk on OpenShift – Part2 : Getting Data In

  • 1. © 2 0 2 1 S P L U N K I N C . Deploying Splunk on OpenShift – Part2 : Getting Data In Eric Gardner (Splunk) – Sr. Solutions Engineer Matthew Bach (RedHat) – Sr. Specialist Solutions Architect Public Sector - DoD
  • 2. During the course of this presentation, we may make forward-looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2021 SPLUNK Inc. All rights reserved. Forward- Looking Statements © 2 0 2 1 S P L U N K I N C .
  • 3. © 2 0 2 1 S P L U N K I N C . #whoami Eric Gardner ericg@splunk.com • 20+ years in IT (ITOPS focus) • Worked with DoD/INTEL since leaving the Army in 1999. • Spend my time traveling and usually planning travel when not actually doing it. Lately spending lots of time fighting bamboo. • Based out of Bridgton, ME (that’s about 1 hour north-west of Portland and Stephen King’s stomping grounds)
  • 4. © 2 0 2 1 S P L U N K I N C . Matthew Bach: mbach@redhat.com uid=1000(mbach) gid=1000(mbach) groups=1000(mbach),10(wheel) #whoami ● Information Systems Technician in the US Navy from 2004 - 2017 ● Have been a Red Hatter ever since ~4.5 years ● RH OpenShift & Ansible Specialist ● Cover DoD customers (SOF, Missile Defense, 4th Estate) ● Based in VA Beach, VA ● Spend my time raising kids, tinkering with tech, video games, and mountain biking
  • 5. © 2 0 2 1 S P L U N K I N C . Previously … •Deployed Splunk Enterprise (Core) in OpenShift using the Splunk Operator for Kubernetes
  • 6. © 2 0 2 1 S P L U N K I N C . Splunk Connect for Kubernetes Splunk Connect for Kubernetes provides a way to import and search your Kubernetes logging, object, and metrics data in your Splunk platform deployment. Splunk Connect for Kubernetes supports importing and searching your container logs on the following technologies: § Amazon Web Services (AWS) Elastic Container Service (ECS) and AWS Fargate, using Firelens. § Amazon Elastic Kubernetes Service (Amazon EKS) § Azure Kubernetes Service (AKS) § Google Kubernetes Engine (GKE) § RedHat OpenShift Splunk Inc. is a proud contributor to the Cloud Native Computing Foundation (CNCF). Splunk Connect for Kubernetes utilizes and supports multiple CNCF components in the development of these tools to get data into Splunk. https://github.com/splunk/splunk-connect-for-kubernetes
  • 7. © 2 0 2 1 S P L U N K I N C . Prerequisites • Splunk Enterprise 7.0 or later • A HEC token. See the following topics for more information: • http://docs.splunk.com/Documentation/Splunk/8.2.2/Data/UsetheHTTPEventCollector • http://docs.splunk.com/Documentation/Splunk/8.2.2/Data/ScaleHTTPEventCollector • You should be familiar with your Kubernetes configuration and know where your log information is collected in your Kubernetes deployment. • Administrator access to your Kubernetes cluster. • To install using Helm (best practice), verify you are running Helm in your Kubernetes configuration. See https://github.com/kubernetes/helm for more information. • A minimum of two Splunk platform indexes ready to collect the log data. One for both logs and Kubernetes objects, and one for metrics. You can also create separate indexes for logs and objects, but you will need three Splunk platform indexes.
  • 8. © 2 0 2 1 S P L U N K I N C . Before we begin ü HEC Token has already been installed ü Three indexes created (minimum of two): ü em_metrics (metrics) ü em_meta (objects) ü em_events (logs) ü Helm is installed ü Helm repo added ü helm repo add splunk https://splunk.github.io/splunk-connect-for-kubernetes/ ü Installed Splunk App for Infrastructure ü Installed IT Essentials Work (SAI will be going away in 2022)
  • 9. © 2 0 2 1 S P L U N K I N C . Let’s talk about SAI There’s more than one way to skin a cat … • SAI is going away, and its functionality will be rolled into IT Essentials Work • The OpenShift Configuration script installs an old version of Splunk Connect for Kubernetes (SCK) – version 1.3.0 • Today we are going to walk through that script to understand what it does and how you can hack it for the latest version (Just be aware today doing this works but the next version may require more effort) • Key Take-Aways: v You can break-down exactly what this script does and do it for yourself manually v You should know your environment well enough to override default settings with values that are appropriate for your environment v Some of the things you’re being shown today are probably not best practice when it comes to OpenShift, but for lab/demo purposes it’s OK. Just be sure to “DO THE RIGHT THING IN PRODUCTION”.
  • 10. © 2 0 2 1 S P L U N K I N C . Configure & Manually deploy the manifests https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift SAI – Add Data > Configure Integrations > OpenShift 1. Prepare for deployment a. Select Download Config Only – since we are manually deploying the manifests 2. Specify Configuration Options a. Customize Objects – for the demo we are selecting all b. Monitoring Machine = indexer service (e.g. splunk-cl01-indexer-service.splunk.svc.cluster.local) c. HEC Token (will be the token you already deployed) d. HEC Port (recommended 8088) e. Cluster Name (unique name that makes sense (e.g. cluster-5752) f. Openshift Project Name (e.g. splunk-connect, sc4k, etc)
  • 11. © 2 0 2 1 S P L U N K I N C . Configure & Manually deploy the manifests https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift 3. Configure OpenShift Options a. Enable Insecure SSL b. Journald Path = /var/log/journal 4. Index Options a. Metrics index = em_metrics b. Log index = em_events c. Metadata index = em_meta 5. Copy the script & Modify the command line script a. Copy the script to a text editor and replace “1.3.0” with “1.4.9” b. Run the script then follow the steps for Manually deploying the manifests for OpenShift
  • 12. © 2 0 2 1 S P L U N K I N C . Configure & Manually deploy the manifests https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift What just happened? That command sets up environment variables to be used in ”values.yaml” file that is applied to the helm charts downloaded from the SCK repository. The “deploy_sck_openshift.sh” script contains the command that modifies the charts. The modified charts can be found under a directory named “rendered-charts” in the same directory from where the command was run. The script has a bug where it doesn’t correctly change a block of “yaml” code in this file: ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk-kubernetes- logging/templates/daemonset.yaml Edit the “securityContext” section to look like this: securityContext: runAsUser: 0 privileged: true
  • 13. © 2 0 2 1 S P L U N K I N C . OpenShift Specific Things … 1. Create new project called “splunk-connect” 1. oc new-project splunk-connect 2. Create service accounts for logging,objects, & metrics and configure initial permissions: 1. oc create sa splunk-kubernetes-logging 2. oc adm policy add-scc-to-user privileged ”system:serviceaccount:splunk-connect:splunk- kubernetes-logging” 3. oc create sa splunk-kubernetes-objects 4. oc adm policy add-scc-to-user privileged ”system:serviceaccount:splunk-connect:splunk- kubernetes-objects” 5. oc create sa splunk-kubernetes-metrics 6. oc adm policy add-scc-to-user privileged ”system:serviceaccount:splunk-connect:splunk-kubernetes- metrics” https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift
  • 14. © 2 0 2 1 S P L U N K I N C . Finally Deploy the Helm Charts 1. oc apply -f ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk- kubernetes-metrics/templates/ 2. oc apply -f ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk- kubernetes-logging/templates/ 3. oc apply -f ./rendered-charts/splunk-connect-for-kubernetes/charts/splunk- kubernetes-objects/templates/oc new-project splunk-connect https://docs.splunk.com/Documentation/InfraApp/2.2.3/Admin/AddDataOpenShift
  • 15. © 2 0 2 1 S P L U N K I N C . Let’s talk … It will take a few minutes for entities to show up in SAI or IT Essentials Work What are your thoughts on Splunk on OpenShift? What are your thoughts on OpenShift as a Kubernetes platform? The waiting is the hardest part – Tom Petty
  • 16. © 2 0 2 1 S P L U N K I N C . Questions?