Splunk 5 Overview Analyst v1.0


Published on

Published in: Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. Machine data is one of the fastest growing, most complex and most valuable areas of big data. It consists of the data generated by technology infrastructure – for example applications, websites, servers and network devices in the datacenter. The log files, the clickstreams, the alerts, etc.It’s difficult to collect and make use of – it inhibits the qualities of volume, velocity, variety and variability.Machine data is valuable because it contains a trace of all activity and behavior – of customers, users, transactions, applications, security threats, and more.This overarching mission is what drives our product priorities.
  • Splunk makes it easy to collect any machine data from virtually any source.The Splunk product is optimized for real-time, low latency and interactive operation.Machine data is collected and indexed and made available for search/query, monitoring for statistical patterns and thresholds, rapidly building charts and graphs to analyze data, packaging together custom dashboards and enabling developers to make use of Splunk in building apps.The new levels of visibility, insight and intelligence users get by searching, monitoring, reporting, analyzing and visualizing their data is called operational intelligence.
  • Splunk 1, 2 and 3 introduced applying the ‘search’ paradigm to troubleshoot IT operations and application management issues muchfaster than before. To find the proverbial needle in the haystack. Splunk was a tremendous ‘IT Search’ tool. When asking customers, they often referred to it like “google for the datacenter”.Splunk 4 introduced enterprise-class features – dashboards and apps, real-time search and alerts, universal collection and indexing, enterprise controls and map-reduce for horizontal scalability on commodity servers. And you could use Splunk on iOS devices (iPhones, iPads) and non-Flash browsers. Splunk evolved from an IT Search tool to an “engine for machine-generated data”.Splunk 5 represents the evolution of Splunk as an “enterprise platform for operational intelligence”.
  • The Splunk 5 release represents Splunk evolving to a platform, encompassing breakthrough innovations and platform features. Key focus areas for Splunk 5 include addressing: How do deliver much faster reporting?How to build-in resilience even as you scale Splunk on commodity hardware and storageCreating a better platform for big data apps.
  • To address these key focus areas and requirements, Splunk 5 delivers:A new reporting architecture and technology that delivers dramatically faster reportsA new high availability architecture that delivers enterprise-class scale and resilience, even as you scale on commodity servers and storageA robust API and SDKs for popular programming languages, plus big data ecosystem integrations
  • We wanted to deliver blazingly fast reports and make it simple. Without an intermediate DBA-managed layer, building data marts.Accelerating search for reporting over large datasets is now as easy as clicking a checkbox and setting a time range. Summaries are stored on the indexers rather than the search head to allow map reduce parallelism for any search that uses reporting and/or streaming commands. You can enable report acceleration for an eligible search when you save it or add it to a dashboard in the Splunk Web UI. You can also enable report acceleration for an eligible search in Manager > Searches and Reports.Advanced Splunk users may have taken advantage of summary indexing. This was difficult to set up often needing training and summaries were managed at the search head minimizing reuse. We listened to you and created a more scalable, powerful technology with an easy button!Other benefits:Summaries are stored on the indexers, not on search headsMap-reducible summary generation provides unmatched parallelismSummaries can be reused across searches without manual interventionEasy to manage summaries through a single UI
  • It's really powerful when you can click on any chart or table and get directly to the raw events. Going from the what? To the why?Dynamic drilldowns let you go one step further.Create custom drilldown behavior for any simple XML table or chart. Specify custom drilldown behavior on a per-field basis. Click through to another dashboard, form, view, or external website – carrying forward any relevant context.Build in intelligent workflows into your dashboards to deliver a more intuitive experience for users.
  • You can now create PDF files from your simple XML dashboards, views, searches, or reports on any OS running on an Intel-compatible platform. All PDF features in Splunk Web work without the need to install the PDF Report Server app. Non-UI PDF reporting functionality also uses Integrated PDF generation.Unlimited table sizesSmart pagination and layoutSupported on x86 32-bit and 64-bit platformsSimple XML dashboards and reports, no Advanced XML
  • The insights from your data are mission-critical. With Splunk 5 we wanted to deliver a highly available system, with enterprise-grade data resiliency, even as you scale on commodity storage. And we wanted to maintain Splunk’s robust, real-time and ease of use features.Splunk indexers can now be grouped together to replicate each other’s data, maintaining multiple copies of all data – preventing data loss and delivering highly available data for Splunk search. Using index replication, if one or more indexers fail, incoming data continues to get indexed and indexed data continues to be searchable.By spreading data across multiple indexers, searches can read from many indexers in parallel, improving parallelism of operations and performance. All as you scale on commodity servers and storage. And without a SAN.
  • Splunk supports 3 main types of data input: files, streaming over UDP and TCP and scripted inputs.Scripted inputs can be complex and require administrators and developers to know the inner workings of Splunk. Platforms need a certain level of configurability or ease of configurability for administrators. Doing this properly requires leveraging Splunk’s ability to install, configure, manage new data inputs as Apps. We see this as a minimum requirement for a platform like this to operate.Modular Inputs allow you to .Examples include inputs for Amazon S2, Twitter, FTP based inputs, custom scripts for your own databases and own types of data stores, modular inputs for noSQL data stores, etc.Enable any data inputs installed by a Splunk App, making them easier to manage and deploy. Inputs appear automatically on the Splunk Manager > Data Inputs page and are accessible from REST API endpoints for advanced management. Improved modularity means we can ship new data input types outside of the Splunk enterprise release schedule.
  • Platforms need to provide better interoperability. And for Hadoop users, we are providing just that. To help address common challenges deploying and running Hadoop. Splunk Hadoop Connect enables Hadoop users to leverage Splunk to reliably collect massive volumes of machine data. Analyze data in real-time, create visualizations, custom dashboards and protect data with secure role-based access. Then reliably deliver data to Hadoop for ongoing batch analytics. You can also index data stored in Hadoop because once in Splunk, your data’s available for rapid visualization, reporting, analysis and sharing.The Splunk App for HadoopOpsextends what Splunk already does well - troubleshoot and monitor your Hadoop infrastructure. And because it's Splunk it doesn't stop with the Hadoop components, it includes everything. End-to-end. So you get a more complete view of your environment
  • We have experienced a tremendous community building around the Splunk developer platform.Over 1,000+ unique visitors to our developer portal.Open source application packs and code on Github.
  • There are a whole host of ways they can leverage Splunk to maximize enterprise technology investments.Specifically, developers use Splunk in 3 ways:Accelerate Dev & Test: this is using Splunk out of the box. Splunk increases the speed and efficiency of application development, testing and provides proactive monitoring and analytics for applications in production.Integrate with IT Infrastructure: We know that you have a many applications and systems and we want to make it easy for you to integrate Splunk across the enterprise. We are delivering SDKs on top of our REST API to help you integrate Splunk data with other applications. Build real-time data applications: We are providing a familiar and intuitive experience for developers to build applications that take the value of Splunk beyond IT. IT early-warning systems, security and fraud protection, clickstream analysis & other revenue enhancing analytics. A great example is Hurricane Labs, a managed service provider that’s using the Python SDK to deliver security intelligence to their end customer in a custom-built application.
  • JavaScript, Java and Python SDKs being integrated into core Splunk, starting with JavaScript.The REST API is fully versioned, so you can integrate with Splunk in either XML or JSON formats. And have the assurance of a particular endpoint behavior.With Splunk 5 you can add all new kinds of visualizations and customizability to your Splunk Apps or other in-house Apps.
  • We’ve made key investments in Splunk 5 that deliver: Powerful and intuitive user interfaceEnterprise-class performance and scaleImproved modularity, interoperability and extensibilityGetting value from machine data is now faster, more resilient and accessible to the developer community.Splunk 5 is available now. For more information, check out the ‘what’s new’ section of the documentation. OR download it today from our website.
  • What can we specifically do lead this discussion? Where should we invest in order to provide our customers with an advantage?
  • Splunk 5 Overview Analyst v1.0

    1. 1. Copyright © 2012 Splunk Inc.Overview Presentation
    2. 2. Mission Make machine data accessible,usable and valuable to everyone. 2
    3. 3. Innovative, Easy to Use and Powerful Ad hoc Monitor Report and Custom Developer search and alert analyze dashboards Platform Data collection and indexing Splunk storage Other stores 3
    4. 4. Broad Use Across IT and the Business IT Operations Management Web Intelligence Application Management Business Analytics Security and ComplianceCustomer LOB Owners/ Support Executives Operations Website/ Teams Business Analysts System IT Administrator Development Executives Auditors Teams Security Analysts 4
    5. 5. Splunk Supporting a World Beyond IT Commercial Transport Health and Safety Power and EnergySupporting the next gen airliner Personal Activity Tracking Building Power Consumption Cars as telemetry sensors Flood monitoring warning Home Energy Management
    6. 6. A Growing, Global Community of Users 1,000+ unique 300+ Apps and Local User Groups Annual visitors per week 20,000+ questions – and Users’ Conferenceto dev.splunk.com and answers SplunkLive events 1,000+ users
    7. 7. Continuous Development for Over 8 Years 5 4 4.1 4.2 4.3 1 2 3 Engine Platform Tool “Platform for operational “Engine for machine- intelligence” “Google for the generated data” datacenter” 7
    8. 8. Key Focus Areas for Splunk 5How can we How can we How can wedeliver much build-in resilience create a betterfaster reporting, on commodity platform forat scale? hardware? big data apps? 8
    9. 9. Splunk 5 Overview Faster, Easier Enterprise-class Modularity Reports and Scale and Interoperability Dashboards Resilience ExtensibilityNew reporting New high availability Developer platformtechnology delivers architecture delivers API, SDKs, resourcesdramatically faster built-in resilience on Big data ecosystemreports commodity hardware integrations 9
    10. 10. Blazing Fast Reports, Made Simple Faster, Easier Reports and DashboardsCreate dashboard Report Acceleration Based on new transparent Click acceleration summarization technology Speeds up reports by up to 1,000x Easy to set-up, works across all types of data Data is up-to-date, scalable, used automatically by eligible searches Works with preexisting 4.x Splunk reports as well Reports run faster 10
    11. 11. Faster, Easier Reports and Dashboards“We clicked the checkbox and dashboards just ran faster. And faster dashboards means happier end users” Kevin Kalmbach, Technical Architecture, Staples 11
    12. 12. More Intelligent Dashboards Faster, Easier Reports and Dashboards Dynamic Drilldowns Create custom drill down behavior Click through to another dashboard, form, view, or external website User creates a Carry forward relevant context drilldownon a chart or table Click sends context (fields, values) to any URL 12
    13. 13. Faster, Easier Reports and Dashboards“Dynamic Drilldowns means the same team can create more sophisticated dashboards for our users” IT Architect, A Top U.S. Home Improvement Retailer 13
    14. 14. Share Dashboards with Anyone Faster, Easier Reports and Dashboards Integrated PDF Improved, simpler experience sharing dashboards as PDF Send PDF dashboards and reports to anyone Integrated with alerting framework for scheduling Works across Windows, Linux, Unix, or Mac platforms 14
    15. 15. Faster, Easier Reports and Dashboards“Integrated PDF means that our executives get the critical information they need in the format they want it. And it’s all automated” IT Architect, A Top U.S. Home Improvement Retailer 15
    16. 16. High Availability, On Commodity Enterprise-class Scale and Servers and Storage Resilience Index Replication As Splunk collects data, it keeps multiple identical copiesSplunk Universal Forwarder Pool If indexer fails, incoming data continues to get indexed Indexed data continues to be searchable Constant Uptime Easy setup and administration Data integrity and resilience without a SAN 16
    17. 17. “We learned about Index “Splunk gives me critical Replication at Users insights into all the Conference. It just worked transactions running in as advertised. And it was our companys data super easy to set up - we centers. And with Index probably wont find Replication, I now get to anything easier” guarantee the data” Kevin Kalmbach, IT Architect, Technical Architecture, A Top U.S. Home Staples Improvement Retailer 17
    18. 18. “Splunk 5 represents Splunk as a true enterprise-level platform. Index Replication delivers a mission-critical feature from Splunk to help us at CERN reliably backup more than 50TB of daily traffic” Alex Iribarren, Lead Manager Backup Service, CERN 18
    19. 19. Get New Data Sources Into Splunk Modularity Interoperability Extensibility Modular Inputs 1 1 App is installed from Extend Splunk framework to Splunkbase containing input define new inputs 5 2 2 Configure the input via a Simplifies the installation and customer page, or Manager configuration of new inputs Copy configured input(s) to 3 Deployment Server Shipped outside product 3 release cycle Deploy to Forwarders 4 according to server class Available on Splunkbase and Develop and share your own appear automatically in 4 5 data input programs Splunk Manager UI 19
    20. 20. Enabling Big Data Ecosystem Modularity Interoperability Extensibility Real-time Dashboards, Collection and Reports, Analysis Access Controls Splunk Hadoop Connect • Reliable Data Export • Index Hadoop Data > > Splunk App for HadoopOps > > • Troubleshoot, monitor and > > analyze end-to-end Hadoop environment 20
    21. 21. An Engaged Community of Developers1,000+ unique visitors /week to Software freely available ondev.splunk.com GitHub @splunkdev 21
    22. 22. How Do Developers Use Splunk? Modularity Interoperability Extensibility 1 2 3 Accelerate Integrate with IT Build Real-time Data Dev & Test Infrastructure Applications
    23. 23. What’s Possible with the Splunk Platform?Power mobile Log directly to Extract Splunk Customer Integrate Run Splunkapps with KPIs Splunk from data for long specific Splunk with searches fromand alerts remote term dashboards your BI tools within yourfrom Splunk devices warehousing with user data application SDKs UI API 23
    24. 24. Enterprise-class SDKs and Modularity Interoperability ExtensibilityDeveloper Enablement Available SDKs Shipping with Splunk 5 Python Beta JavaScript SDK Java Beta Versioned API JavaScript Beta JSON Everywhere PHP Public Preview 24
    25. 25. Splunk 5 Beta Program UpdateFacts• 5+ months of rigorous Benefits beta cycle• 35+ white-glove installs  Faster feedback• 100+ beta customers  Quicker product validation• 15+ countries at customer sites 25
    26. 26. Key Benefits of Splunk 5 Faster, Easier Enterprise-class Modularity Reports and Scale and Interoperability Dashboards Resilience ExtensibilityUp to 1000x faster Resilience that is built Developer SDKs,reports that are in, even as you scale resources and tools toeasier to navigate on low-cost servers maximize enterpriseand share and storage technology investments 26
    27. 27. Thank You
    28. 28. Investing for the Future Cloud Content DeveloperEnterprise 28