Getting Started with Splunk Hands-on


Published on

Getting Started with Splunk Hands-on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Getting Started with Splunk Hands-on

  1. 1. Copyright © 2016 Splunk Inc. Getting Started with Splunk Enterprise Kelly Kitagawa Splunk Sales Engineer Bruce Penn Splunk Sr. Sales Engineer
  2. 2. 2 Agenda 1. Splunk Overview 2. Using Splunk (Live Demonstration/Walkthrough) 3. Splunk Deployment Architecture 4. Splunk Communities 5. Q&A
  3. 3. 3 What is machine data? Challenges: Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops 3 Splunk’s Mission: Making machine data accessible, usable and valuable to everyone.
  4. 4. 4 What Does Machine Data Look Like? Sources Order Processing Twitter Care IVR Middleware Error
  5. 5. 5 Machine Data Contains Critical Insights Customer ID Order ID Customer’s Tweet Time Waiting On Hold Twitter ID Product ID Company’s Twitter ID Customer ID Order ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
  6. 6. 6 Splunk Unlocks Critical Insights Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
  7. 7. 7 THE Industry Leading Platform For Machine Data Machine Data: Any Location, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Answer Any Question Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search No backend database Schema-on-the-fly No need to filter data Fast time to value Agile reporting and analytics Real-time architecture
  8. 8. 8 The Splunk Portfolio Platform for Operational Intelligence Rich Ecosystem of Apps & Add-Ons Splunk Premium Solutions Mainframe Data Relational Databases MobileForwarders Syslog/TCP IoT Devices Network Wire Data Hadoop Packet Analysis (Wire Data) - App Response Time - Detect unauthorized access Mobile Application Performance Management (APM) - App Crashes - User Experience Place Splunk search & analytics on top of Hadoop/noSQL cluster Import & Correlate external DB data - 3rd party tools - Enrich data already in Splunk
  9. 9. Installing & Using Splunk (Live Demonstration & Walkthrough)
  10. 10. 10 What We Are Going to Cover Installing & Onboard Data Searching top rare timechart stats iplocation Dashboards Alerting 1. 2. 3. 4.
  11. 11. 11 1. Download Splunk Enterprise – Or Google “Splunk download” -> Download Splunk Enterprise 2. Download Splunk Tutorial Data – – Or Google “Splunk tutorial data” -> Load the tutorial data Downloading Splunk Enterprise + Tutorial Data
  12. 12. 12 Start Splunk from bin directory Log into Splunk – – username=admin password=changeme Add the into to Splunk – Click Settings – Click Add Data – Click Upload files from my computer. – Drag and drop your sample data zip file. – Review and Finish. Getting Data into Splunk We will import sample web ecommerce store events
  13. 13. Let’s get our hands dirty!
  14. 14. 14 Searches Used • index=buttercupgames status=4* • index=buttercupgames status!=200 | top limit=20 status • index=buttercupgames status !=200 | timechart count • index=buttercupgames status!=200 | stats count by status | where count > 700 • index=buttercupgames status!=200 | stats count sparkline by uri_path
  15. 15. 15 Searches Used Cont’d • index=buttercupgames status=200 | iplocation clientip | geostats count by City • index=buttercupgames action=purchase | stats count • index=buttercupgames action=purchase | timechart count | predict count as predictedCount Tip: Use the “| history” command to see previous searches used
  16. 16. Deployments & Architecture
  17. 17. 17 Single Instance or Distributed? Single environment Distributed Environment Recommended Specs: 6X2 Core CPUs/12GB RAM/800+ IOPs A Splunk install can be one or all roles… Forwarders Indexer Search Head
  18. 18. 18 Scales to Hundreds of TBs/Day Enterprise-class Scale, Resilience and Interoperability Collect machine data from thousands sources via Splunk forwarders Compress and store data on Splunk Indexers Initiate searches and visualize results via Search Heads Forwarders Indexer Search Head
  19. 19. 19 Scalability & High Availability Forwarders load balance across Indexers Indexed data can be replicated across peers and different physical sites Search Heads can be clustered to eliminate single point of failure and handle large search loads
  20. 20. 20 Over 1,200 Apps @ 2
  21. 21. 21 Time to start SPLUNKING!!! • Documentation – • Technical Support – • Videos – • Education – • Community – • Splunk Book – Where do I go for help?
  22. 22. 2 Thank You!
  23. 23. Copyright © 2015 Splunk Inc. • 5,000+ IT and Business Professionals • 175+ Sessions • 80+ Customer Speakers PLUS Splunk University • Three days: Sept 23-25, 2017 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM The 8th Annual Splunk Worldwide Users’ Conference