Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Copyright	
  ©	
  2014	
  Splunk	
  Inc.	
  
Ma:hias	
  Maier	
  
Sales	
  Engineer,	
  Splunk	
  
Dashboard	
  Fun	
  	
 ...
Disclaimer	
  
2	
  
During	
  the	
  course	
  of	
  this	
  presentaCon,	
  we	
  may	
  make	
  forward-­‐looking	
  st...
Who	
  I	
  am	
  
3	
  
!   Sales	
  Engineer	
  in	
  Germany	
  
! Splunker	
  nearly	
  2	
  years	
  
!   Like	
  to	...
Self	
  AnalyCcs	
  /	
  TransacCon	
  Profiler	
  Dashboard	
  
•  Goals:	
  
–  Self	
  exploraCon	
  of	
  data	
  	
  
...
Adding	
  Value	
  
5	
  
I	
  loaded	
  1.000.000	
  Records.	
  	
  
Start	
  to	
  add	
  value	
  for	
  other	
  depa...
You	
  might	
  want	
  to	
  provide	
  an	
  impressive	
  starCng	
  point	
  for	
  	
  
other	
  people	
  to	
  expl...
DemonstraCon	
  
7	
  
Demo	
  (That	
  is	
  what	
  you	
  learn	
  	
  
how	
  to	
  create/get	
  this	
  aPer	
  my	
...
TransacCon	
  Profiler	
  With	
  IP	
  Traffic	
  
8	
  
Start	
  With	
  One	
  Single	
  “TransacCon”	
  
1.  Search	
  and	
  InvesCgate	
  a	
  TransacCon	
  Field	
  	
  
‒  ...
Interview	
  
2.  Go	
  to	
  a	
  object	
  ma:er	
  expert	
  and	
  let	
  them	
  explain	
  what	
  happened	
  
in	
...
DemonstraCon	
  
11	
  
Demo	
  
(raw	
  search,	
  explain	
  data-­‐set)	
  
	
  
TransacCon	
  Profiler	
  With	
  IP	
  Traffic	
  
12	
  
Create	
  Dashboards	
  
3.  Create	
  consistent	
  dashboards	
  by	
  using	
  some	
  of	
  the	
  following	
  
metho...
DemonstraCon	
  
14	
  
Demo	
  
(dashboard	
  with	
  some	
  single	
  values	
  +	
  stats	
  +	
  	
  
Cme	
  charts	
...
My	
  IP	
  Profiler	
  
15	
  
Create	
  Drop	
  Down	
  Lists	
  
4.  Create	
  drop	
  down	
  lists	
  and	
  input	
  fields	
  to	
  make	
  the	
  d...
DemonstraCon	
  
17	
  
Demo	
  
(add	
  free	
  text	
  field,	
  pickers	
  (dynamic),	
  token	
  
fields	
  +	
  replace...
My	
  IP	
  Profiler	
  
18	
  
Example	
  
19	
  
We	
  are	
  not	
  done	
  
6.  Make	
  sure	
  you	
  add	
  default	
  values	
  for	
  each	
  of	
  the	
  drop	
  do...
DemonstraCon	
  
21	
  
Demo	
  
(add	
  default	
  values	
  and	
  show	
  first	
  user	
  
experience	
  accessing	
  t...
22	
  
23	
  
24	
  
TransacCon	
  Profiler	
  Use	
  Cases	
  for…	
  
!   Helpdesk	
  
!   Support	
  Desk	
  
!   Second	
  +	
  Third...
Special	
  Offer:	
  Try	
  Splunk	
  MINT	
  Express	
  for	
  Free!	
  
Splunk	
  MINT	
  offers	
  a	
  fast	
  path	
  t...
THANK	
  YOU	
  
Contact:	
  
ma:hias@splunk.com	
  
Upcoming SlideShare
Loading in …5
×

Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler

2,488 views

Published on

Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.

Published in: Technology
  • Be the first to comment

Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler

  1. 1. Copyright  ©  2014  Splunk  Inc.   Ma:hias  Maier   Sales  Engineer,  Splunk   Dashboard  Fun       CreaCng  an  interacCve   TransacCon  Profiler  
  2. 2. Disclaimer   2   During  the  course  of  this  presentaCon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauCon  you  that  such  statements  reflect  our  current  expectaCons  and   esCmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaCon  are  being  made  as   of  the  Cme  and  date  of  its  live  presentaCon.  If  reviewed  aPer  its  live  presentaCon,  this  presentaCon  may  not  contain   current  or  accurate  informaCon.  We  do  not  assume  any  obligaCon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiCon,  any  informaCon  about  our  roadmap  outlines  our  general  product  direcCon  and  is  subject  to  change   at  any  Cme  without  noCce.  It  is  for  informaConal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaCon  either  to  develop  the  features  or  funcConality  described  or  to   include  any  such  feature  or  funcConality  in  a  future  release.  
  3. 3. Who  I  am   3   !   Sales  Engineer  in  Germany   ! Splunker  nearly  2  years   !   Like  to  get  hands  on  real  world  scenarios   !   CISSP   !   Worked  in  the  past  for  McAfee  (Security)     and  Tibco  (AnalyCcs)  
  4. 4. Self  AnalyCcs  /  TransacCon  Profiler  Dashboard   •  Goals:   –  Self  exploraCon  of  data     –  Gaining  Ideas  from  other  departmental  users  for  new  use  cases  and   business  insight   ê  “Do  we  have  this  informaCon  available?”   ê  “Can  we  add  this?”   ê  “Can  we  correlate  with  this?”   –  How  to  get  to  this  stage?   4  
  5. 5. Adding  Value   5   I  loaded  1.000.000  Records.     Start  to  add  value  for  other  departments  
  6. 6. You  might  want  to  provide  an  impressive  starCng  point  for     other  people  to  explore  the  Data     (Next  to  the  RAW  Searches  and  DATA  Models)   Challenge  for  Machine  Data  in  Business  Context   !   Not  every  user  who  can  benefit  might  have  SPLK  Language  skills   !   Not  every  user  is  creaCve  with  data  in  the  first  step   !   YOU  as  a  Splunk  Data  Analyst  might  not  be  able  to  interpret  business   data  for  Business  Insights   6  
  7. 7. DemonstraCon   7   Demo  (That  is  what  you  learn     how  to  create/get  this  aPer  my  session):   Profiling  Dashboard  
  8. 8. TransacCon  Profiler  With  IP  Traffic   8  
  9. 9. Start  With  One  Single  “TransacCon”   1.  Search  and  InvesCgate  a  TransacCon  Field     ‒  Filter  down  to  one  session     9   Sample  “transac7on”  fields   Username  +  Session  InformaCon   TransacCon  ID   Order-­‐ID   E-­‐Mail  Address   Service  Name   IP-­‐Address/Hostname/System  name  
  10. 10. Interview   2.  Go  to  a  object  ma:er  expert  and  let  them  explain  what  happened   in  this  session   10  
  11. 11. DemonstraCon   11   Demo   (raw  search,  explain  data-­‐set)    
  12. 12. TransacCon  Profiler  With  IP  Traffic   12  
  13. 13. Create  Dashboards   3.  Create  consistent  dashboards  by  using  some  of  the  following   methods   13   Search   Descrip7on   …  |  Cmechart  count   Easiest  one  ever   …  |  stats  dc(<fieldname>)  by  <fieldname>   DisCnct  count  gives  a  lot  of  interesCng  insights:   •  Why  is  this  user  logging  on  from  so  many  different  systems   •  Why  has  this  transacCon  id  so  many  different  status  codes   •  Why  is  this  IP  communicaCng  to  so  many  desCnaCon  ports   …  |  transacCon  <fieldname>  |  table   duraCon   As  single  value   How  long  did  it  take?     …  |  head  1  |  table  _Cme   …  |  tail  1  |  table  _Cme   •  When  was  the  first  “session”,   •  When  was  the  last  “interacCon  with  the  system”  
  14. 14. DemonstraCon   14   Demo   (dashboard  with  some  single  values  +  stats  +     Cme  charts  based  on  ONE  TransacCon)    
  15. 15. My  IP  Profiler   15  
  16. 16. Create  Drop  Down  Lists   4.  Create  drop  down  lists  and  input  fields  to  make  the  dashboard   interacCve   ‒  Thanks  to  Version  6.1  it  can  be  done  via  the  Gui  without  coding   ‒  Review  the  dashboard  example  app  for  addiConal  visualizaCon  tricks   5.  Tokenize  the  searches  to  make  them  flexible   16  
  17. 17. DemonstraCon   17   Demo   (add  free  text  field,  pickers  (dynamic),  token   fields  +  replace  single  transacCon  id  with  token)    
  18. 18. My  IP  Profiler   18  
  19. 19. Example   19  
  20. 20. We  are  not  done   6.  Make  sure  you  add  default  values  for  each  of  the  drop  down   fields.  So  in  case  someone  wants  to  see  something,  you  guide  him   to  the  right  choice  to  get  a  dashboard  populated.   20  
  21. 21. DemonstraCon   21   Demo   (add  default  values  and  show  first  user   experience  accessing  the  dashboard)    
  22. 22. 22  
  23. 23. 23  
  24. 24. 24   TransacCon  Profiler  Use  Cases  for…   !   Helpdesk   !   Support  Desk   !   Second  +  Third  Level  Support   !   Developers  of  In  House   ApplicaCons   !   Service  Level  Manager   !   MarkeCng  Departments   !   IT-­‐Security  /  SIEM  Use  Cases   !   Business  Fraud  DetecCon     Search  and  InvesCgate  a  Single   TransacCon   Review  transacCon  with  a   subject  ma:er  expert  from  the   business   Create  a  Dashboard  for  a   single  transacCon   Create  drop  downs  for   exploraCon  Tokenize  the  searches   Set  default  values   Gain  new  ideas  and  business   insight  from  Machine  Data   • Give  this  in  the  hand’s  of  Business   People  for     • gather  Feedback  and  tune  
  25. 25. Special  Offer:  Try  Splunk  MINT  Express  for  Free!   Splunk  MINT  offers  a  fast  path  to  mobile  intelligence.  How  fast?     Find  out  with  a  6-­‐month  trial*   •  Register  for  your  free  trial:   h:p://mint.splunk.com/conf2014offer   •  Download  the  Splunk  MINT  SDKs   •  Add  the  Splunk  MINT  line  of  SDK  code   and  publish**     •  Start  gexng  digital  intelligence  at  your   fingerCps!     *Offer  valid  for  .conf2014  a5endees  and  coworkers  of  a5endees  only.   **Trial  allows  monitoring  of  up  to  750,000  monthly  acDve  users  (MAUs).     25  
  26. 26. THANK  YOU   Contact:   ma:hias@splunk.com  

×