No matter what business you’re in, your web applications are front-and-center for your customers. Downtime, or even bad performance not only creates a spike in costs, they often translate into loss of customers and revenue. You need immediate insight into the availability, performance and usage of your applications and the infrastructure your applications run on. In this session, you will learn why you need to take a platform approach to full stack application management, whether your applications reside on-premises or in the cloud. Second, we will show you how you can use Splunk to monitor the usage and performance of your applications, and quickly troubleshoot faults by stepping through some of the most common issues our customers experience. Third, we’ll contrast what Splunk does relative to other APM tools you may already have deployed, and even show you how you can bring APM data into Splunk to gain more insight into application performance.
Today’s application environments are extremely complex – applications or business services typically span multiple components, usually provided by different vendors. Web 2.0, the devops movement, service oriented architectures are trends that bring with them an increasing pace of change as well as added complexity. With virtualization and cloud, they now span on premise datacenters, off premise cloud environments – traditional tools are simply not sufficient to manage such distributed, constantly changing environments
Today’s application environments are extremely complex – applications or business services typically span multiple components, usually provided by different vendors. Web 2.0, the devops movement, service oriented architectures are trends that bring with them an increasing pace of change as well as added complexity. With virtualization and cloud, they now span on premise datacenters, off premise cloud environments – traditional tools are simply not sufficient to manage such distributed, constantly changing environments
---need to understand holistic; need to coordinate and work well with all elements; coordinate all parts of the body as the example
--customer wants security operations to be smart, intelligence, nimble and to detect and remediate fast
We are the nerve center for your SOC/command center
A nerve center approach saves time and makes the overall solution more effective; this is why channel partners and SI s want to sell the nerve center
Most commonly seen technologies security technologies are integrated so range of human and system task can be automated – this provides operational intelligence and maturity; we are the GLUE
Our partnerships and levels of integration are constantly growing-–which means the data coming in is increasing
This is an example of some of the partners in our ecosystem across key elements of the security stack
Splunk’s Security Ecosystem continues to flourish with partners contacting us daily to inquire about the benefits of membership
We currently represent eight domains of security and with plans to expand into Fraud and UBA
Not only are we expanding across security, but we also focused on diving deeper with key integrations (PAN, Symantec, Proofpoint, Forescout – as we know these are most valuable to our customers
Our most successful initiative this year was Adaptive Response – where we were blown away by 20+ partners in just the first few months
Over the last couple of years Splunk has evolved from an engine for machine data to a platform for machine data – nothing is a testimony of this more than our Apps store apps which range from plugins and templates to full fledged apps that help you collect, analyze and harness data from every layer of your technology stack. These apps are built by our customers, technology partners such as Cisco, NetApp, or others and Splunk employees. We are a platform as it is very easy to get data into Splunk and out of Splunk. We are complementing other solutions in the data center
Two important things to remember:
If a logo you have doesn't show up here, Splunk still doesn't’t limit you – you can always index data from that technology – Splunk extensions simply help you accelerate the process.
We provide a full featured REST API and a variety of SDKs that help you build your own custom apps for technologies and insights custom to your business. This is to help you create a specific interface to your data in special format and development languages your team is used to.
Lastly, each of the Splunk extensions is not comparable to point solutions in every silo, simply because your data from each silo is more valuable when in context of other data from other technology tiers. Splunk apps simply help you get to the point faster where you can see correlations and comparisons of machine data ACROSS silos.
We also recently introduced the 2 new offerings – one to collect wire data, with the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense. The Splunk App for Stream enables the capture of real-time streaming wire data, which is the data transmitted between applications over the network. It enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business.
And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps
Splunk MINT helps you combine and correlate mobile app data with other data in Splunk so you can pinpoint problems faster and analyze user experience/behavior across mobile, desktop and web channels.
The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos.
In addition to prebuilt apps, customers can also build their own.
What have developers been building using Splunk Enterprise? Examples include the following:
Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case)
Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)
Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)
Log directly to Splunk from remote devices (Bosch use cases)
Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)
Programmatically extract data from Splunk for long-term data warehousing
We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
Over the last couple of years Splunk has evolved from an engine for machine data to a platform for machine data – nothing is a testimony of this more than our Apps store apps which range from plugins and templates to full fledged apps that help you collect, analyze and harness data from every layer of your technology stack. These apps are built by our customers, technology partners such as Cisco, NetApp, or others and Splunk employees. We are a platform as it is very easy to get data into Splunk and out of Splunk. We are complementing other solutions in the data center
Two important things to remember:
If a logo you have doesn't show up here, Splunk still doesn't’t limit you – you can always index data from that technology – Splunk extensions simply help you accelerate the process.
We provide a full featured REST API and a variety of SDKs that help you build your own custom apps for technologies and insights custom to your business. This is to help you create a specific interface to your data in special format and development languages your team is used to.
Lastly, each of the Splunk extensions is not comparable to point solutions in every silo, simply because your data from each silo is more valuable when in context of other data from other technology tiers. Splunk apps simply help you get to the point faster where you can see correlations and comparisons of machine data ACROSS silos.
We also recently introduced the 2 new offerings – one to collect wire data, with the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense. The Splunk App for Stream enables the capture of real-time streaming wire data, which is the data transmitted between applications over the network. It enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business.
And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps
Splunk MINT helps you combine and correlate mobile app data with other data in Splunk so you can pinpoint problems faster and analyze user experience/behavior across mobile, desktop and web channels.
The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos.
In addition to prebuilt apps, customers can also build their own.
What have developers been building using Splunk Enterprise? Examples include the following:
Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case)
Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)
Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)
Log directly to Splunk from remote devices (Bosch use cases)
Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)
Programmatically extract data from Splunk for long-term data warehousing
We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
Starting with IT Troubleshooting and Application Management,
the foundation of what users have been using Splunk for over a decade. Customer deploy
Splunk enterprise and connect data sources such as logs from network devices,
Mobile, or applications. More importantly, customers also index information from
Their existing tools – the primary reason for this… it’s the history of silo information
In order to do effective troubleshooting, you must have a place to gain
We introduced IT Service Intelligence last year to provide holistic service-level monitoring and intelligence
And we’re providing measurement and sharing to give visibility across your DevOps teams and activities
T: so, what is the market opportunity for all of these use cases?
Red Hat provides open source software products to the enterprise community. It started off as an operational tool, but quickly expanded to beyond operations. Currently, over 300 people use Splunk at the company. It’s used by folks across various teams including Platform Operations, InfoSec, Enterprise Architecture, Systems Engineering, IT Engineering, Identity & Access Management, GSS Developers, IT Management.
Before Splunk:
Insight gathering was very manual and took a long time
To get information, sysadmins had to ssh into boxes to grep logs
Time to resolution of issues measured in days or weeks
No single place to access and visualize machine data
Correlation across disparate data sources was complex
After Splunk:
They have been able to address operational issues proactively, reduce the total number of incidents, improve code quality and gain tremendous visibility into Cloud deployments. To elaborate a little more:
Reduce Alert noise: Reduce the number of spurious pages from monitoring systems, combat alert fatigue among sysadmins, and well-rested (happy?) sysadmins have fewer “oops” moments
Improve Code Quality: With Splunk, the engg team was able to accelerate error reduction by 2 orders of magnitude in weeks, significantly exceeding their goals for the year. Now, they are able to quickly validate and troubleshoot code pushes to production, ensure that new code doesn’t negatively impact performance or user experience. Developers now have access to real-time production data, responding to issues much before end users detect these issues. When a user calls about a problem, they are able to guide them to a patch that has already been developed to address these issues thereby improving customer satisfaction. After just a few days of work with Splunk, the development team has been able to reduce the daily error rate by 1/3.
Visibility into Cloud deployments: with Cloud becoming the default choice for most Redhat ‘s new applications, visibility into Cloud was critical. With Splunk, the Redhat team proactively monitor costs, enabling better budget planning, gain insights into performance and reliability of workloads moved to the cloud and enable detailed security audits.
What makes Splunk ITSI different is not only all the cool visualizations that you just saw in the premium solution, but more importantly, the platform that it was built on top of.
Just about every CIO or Ops Executive we talk to is frustrated with Manual Integration within and across tools and Correlation issues with their current Service Management and Monitoring Solutions. The number of tools they’ve had to buy, deploy, administer, and attempt to integrate just don’t live up to their original promises.
An impact of this lack of integration and correlation is the customer’s difficulty meeting or accurately measuring their SLAs.
One way that Splunk differs from existing approaches is that it is a Universal Machine Data Platform which allows you to reliably collect, index, prepare and store data from tens of thousands of sources, in real time -- any type, any format, any location with no pre-defined schema. We are data driven. We take in all the data. Splunk is also in network latent real time and can leverage historical data as well.
To avoid the problems associated with adding or changing Alerts, Splunk delivers Schema on the Fly to provide for rapid creation of alerts from either KPIs or raw data to adapt to business needs quickly. Splunk applies structure at search time, making it easy to search, visualize and analyze your data without any knowledge of the underlying structure. No DBA is required! We also use machine learning to baseline normal operations, detect anomalous behavior to drive meaningful actions, and enable highly correlated searches to create meaningful “alerts” off your KPIs, not ours. And, you get the information from the data that you need when you need it. With Splunk, you can ask any question of the data any time!
Splunk’s powerful platform helps you to realize faster time to value as it leverages all of the data, allows you to answer any questions of the data and empowers the greatest data fidelity
With existing Event Driven solutions, our customers tell us that getting true Service Intelligence is a challenge. Today, Service Owners tell us that they determine Service Health through summarized events that have limited retention time.
The business impact here surrounds the time and expense in identifying root cause and fixing the problem
To address this, Splunk ITSI delivers a 360 degree view of service health from one place. We call this Full Fidelity Service Health. We allow for adaptable and flexible definitions of service health. Customers can now move seamlessly from Business Service Reports to Remediation, all while providing complete historical context. Our solution remains adaptable and yet still maintains complete historical context. Want to visualize and measure what was happening 10 minutes ago?… an hour ago?… Not a problem. This unique differentiation enables Splunk ITSI to deliver a seamless, connected experience from reporting through to remediation.
The ability to leverage Deep Dive Incident Reviews, delivers event, metrics and KPIs – including ad hoc, on the fly searches – you can see and correlate complex interactions easily. And like we just discussed, with full access to historical data, you can compare any two time ranges for all data sets side by side to quickly understand what’s ‘normal’ for that Service by minute, hour, day or week regardless of size or scale.
Every day we hear from customers that change is a constant and the Legacy Service Management solutions struggle with keeping up. With Legacy Solutions, Service Definitions come from Legacy CMDBs that come with questionable data quality. We also hear that it is hard to create new KPIs to keep everything relevant to the Business.
The impact that we hear from Service Owners is that the business perceives IT as being inefficient.
So what else does Splunk ITSI do here that is different? Search Based KPIs deliver a flexible way to impose schema only at retrieval, without a pre-defined schema or hard coded collectors. Often the business may need to see new KPIs or change existing ones. You can easily write, manage and change both services and KPIs so that you can best align business and technology priorities. An example of this in action comes from one of our Beta customers, Fiserve. With Splunk ITSI, Fiserve was able to generate 1000s of KPIs in a manner of weeks. They were able to easily write, manage and change both services and KPIs.
Splunk runs on-prem, in the Cloud or in hybrid environments while collecting data from all the newest technologies.
Our visualizations and analytics are one-of-a-kind. They can be personalized, meaningful, and contextual. Better visualizations and analytics provide and enable IT with actionable insights. Every one can look at the data in the manner that is most relevant to them.
Challenges:
In the past, Cox Automotive encountered uptime and application stability challenges during its auto auctions, but had little visibility into the root cause. When a problem occurred, their operations teams lacked visibility into whether the disruption was broad across the network or isolated to a single lane that needed investigation. It also lacked the ability to prioritize incident investigations and needed real-time insights into the performance and availability of each auction lane.
Solution:
Cox Automotive decided to standardize its data aggregation strategy on Splunk IT Service Intelligence to gain much-needed Operational Intelligence. With Manheim, AutoTrader.com and Kelley Blue Book, Cox Automotive is changing the car buying and selling business and enabling people to buy and sell cars from their homes, offices and mobile devices.
Since Cox Automotive implemented Splunk ITSI, the platform has delivered tremendous value and helped drive down key metrics such as mean-time-to-investigate (MTTI) and mean-time-to-resolution. As Cox deploys Splunk ITSI across all of its brands, the solution is already providing nearly instantaneous returns and is improving end-user-experience and service reliability
Now, if an incident with a camera, microphone or other device occurs, staff members get an alert within seconds, can troubleshoot quickly, and rapidly identify the issue and exact location for an auction technician to minimize disruption. Moreover, using advanced analytics and machine learning, staff can predict outages and can even monitor equipment degradation for proactive replacement.
Splunk Cloud:
Given the enormous amount of data at Cox Automotive, they are pleased with the company’s cloud strategy and notes that the ability to have all data flow to one place instead of distributing it among different data centers has been a godsend. With the Splunk platform, the company no longer has to depend on on-premises storage and it has the flexibility to scale on demand. With Splunk ITSI being adopted as the enterprise monitoring and analytics solution, Splunk Cloud has made it possible to scale their implementation and adoption across various brands within Cox Automotive.
Beyond the data associated with Manheim car auctions, Cox is ingesting approximately 2TB of data per day from across its infrastructure into the Splunk Cloud platform. This is enabling teams to not only understand the health and well-being of production systems but also giving release engineering and application development teams insights into new software releases.
Real-time visibility improves security effectiveness
SSTL was unable to search through security data due to limitations in its disparate security solutions. By using Splunk Enterprise to centrally store, index and provide insight to a range of data sources including firewall, Active Directory, email hosting and website traffic, the organization now is able to rapidly search through data and establish alerts in a way that wasn’t possible previously. This has significantly improved the organization’s ability to understand and respond to potential insider and advanced persistent threats , with alerts established to recognize anomalies such as employees logging in at work when they haven’t swiped into the office.
Insight into IT health and performance
Since deploying Splunk ITSI, SSTL has gained overarching insights into the performance of the organization’s key services through a Service Health. Powerful visualizations provide easily digestible data and analytics in the form of a dashboards that the business services team uses to better understand real-time performance and business impact. This end-to-end view into IT highlights how potential problems such as a high load being exerted on the SQL server estate affects other key IT services. The team can then drill down into the data to accelerate root cause analysis and problem resolution. With Splunk ITSI, SSTL has been able to improve performance issues and ensure IT services are accessible, reliable and secure for all employees. “Using Splunk Enterprise and Splunk ITSI has helped us to understand our IT network in a way we weren’t able to previously,” says Surrey Satellite Technology Chief Technology Officer, Daniel Nye. “This has directly led to improvements in areas such as troubleshooting and security awareness , which is allowing us to focus more on how we can support our engineers and researchers.”
Today’s application environments are extremely complex – applications or business services typically span multiple components, usually provided by different vendors. Web 2.0, the devops movement, service oriented architectures are trends that bring with them an increasing pace of change as well as added complexity. With virtualization and cloud, they now span on premise datacenters, off premise cloud environments – traditional tools are simply not sufficient to manage such distributed, constantly changing environments
Splunk software and cloud services are simple to deploy, scale from a single server deployment to global large-scale operations and delivers fast payback. Whether you’re using Hadoop, deploying in the cloud, or searching for an on-premises solution, getting started with Splunk software was designed from the ground up to be as frictionless possible.
We have multiple options for getting started, designed to suit your needs:
Try out Hunk, Splunk Cloud and Splunk Enterprise with our free online sandboxes.
Want try it out on premises? Free downloads of Hunk and Splunk Enterprise are available. The product you download is the same product that scales to ingest petabytes of data per day.
3. Already running with Amazon Cloud deployments? AMIs for Splunk Enterprise and Hunk make it easy to get up and running.
Get hands on with Splunk by signing up for an upcoming hands on workshop to be held in Tysons Corner, VA. These half day workshops provide a hands-on educational experience with Splunk experts to go deeper into topics your learned about today.
Sign up today at the community exhibit in the SplunkZone. Workshops are free but seating is limited.
And of course, your biggest education opportunity this year is .conf2017 which will be held right back here in Washington, DC on September 25 – 28. I know you have heard a lot about .conf2017 today but don’t forget that by attending SplunkLive! today we are extending you a discount of over $450. You will be able to register with a unique link that will be sent in the post SplunkLive! emails to go out next week.
Don’t forget to complete today’s survey at ponypoll.com/sldc for your chance to win a .conf2017 pass.
A winner will be identified tomorrow through a random drawing from completed surveys and will be notified via email.