SplunkLive! Washington DC May 2013 - Splunk Enterprise 5


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. Machine data is one of the fastest growing, most complex and most valuable areas of big data. It consists of the data generated by technology infrastructure – for example applications, websites, servers and network devices in the datacenter. The log files, the clickstreams, the alerts, etc.It’s difficult to collect and make use of – it inhibits the qualities of volume, velocity, variety and variability.Machine data is valuable because it contains a trace of all activity and behavior – of customers, users, transactions, applications, security threats, and more.This overarching mission is what drives our product priorities.
  • Splunk’s flagship product is Splunk Enterprise. Splunk Enterprise is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data.Splunk collects machine data securely and reliably from wherever it’s generated. It stores and indexes the data in real time in a centralized location and protects it with role-based access controls. You can even leverage other data stores. Splunk lets you search, monitor, report and analyze your real-time and historical data. Now you have the ability to quickly visualize and share your data, no matter how unstructured, large or diverse it may be. Troubleshoot problems and investigate security incidents in minutes (not hours or days). Monitor your end-to-end infrastructure to avoid service degradation or outages. Gain real-time visibility and critical insights into customer experience, transactions and behavior. Use Splunk and make your data accessible, usable and valuable across the enterprise.
  • Splunk delivers operational intelligence across IT and the business.There definitely a wider number of use cases within IT. Helping better run, secure and audit IT. Providing end-to-end visibility to IT executives of service levels, overall performance and other operational metrics. Increasingly, data from Splunk is finding value in the business. Correlating machine data with traditional data to spot new trends, usage patterns, product performance and costs.Dashboards make it easy to package up searches, charts, reports and visualizations for specific roles or users.
  • Splunk is finding a wide range of use cases beyond the traditional world of IT.‘FitBit’Devices like this Fitbit measure a persons activity on a given day. It has an open API so you can track offline movements and analyze them online. Correlate daily activity with other measurements, calorie intake, blood pressure and maybe even number of unread emails in my inbox on a given day and start to correlate health related activities to work productivity. Splunk is being used to quantify these factors. 'Building Power Consumption’Splunk indexes data from 'power-taps' in buildings and correlates it with power tap-location information to provide real-time insight and analysis of power consumption per floor/area/room. You can drill-down to identify the reason for any excessive power consumption and trigger automatic remote shut-off to save energy (weekends, based on power levels, etc.).Several organizations are Splunking power consumption to look for cost savings and environmental benefits. 'Flood Monitoring Warning' ExampleDeveloped by a partner in Thailand in conjunction with the Thai govt. Splunk collects, indexes and monitors water level sensor data in real-time and alerts subscribers in advance of any future impending flood situations.
  • With thousands of enterprise customers and an order of magnitude more actual users, we have a thriving community.We launched a dev portal a few months back and already have over 1,000 unique visitors per week.We have over 300 apps contributed by ourselves, our partners and our community.Our knowledge exchange Answers site has over 20,000+ questions answered.And in August 2012 we ran our 3rd users’ conference with over 1,000 users in attendance, over 100 sessions of content, customers presenting.Best of all, this community demands more from Splunk and gives us incredible feedback.
  • Splunk 1, 2 and 3 introduced applying the ‘search’ paradigm to troubleshoot IT operations and application management issues muchfaster than before. To find the proverbial needle in the haystack. Splunk was a tremendous ‘IT Search’ tool. When asking customers, they often referred to it like “google for the datacenter”.Splunk 4 introduced enterprise-class features – dashboards and apps, real-time search and alerts, universal collection and indexing, enterprise controls and map-reduce for horizontal scalability on commodity servers. And you could use Splunk on iOS devices (iPhones, iPads) and non-Flash browsers. Splunk evolved from an IT Search tool to an “engine for machine-generated data”.Splunk Enterprise 5 represents the evolution of Splunk as an “enterprise platform for operational intelligence”.
  • The Splunk Enterprise 5 release represents Splunk evolving to a platform, encompassing breakthrough innovations and platform features. Key focus areas for Splunk Enterprise 5 include addressing: How do deliver much faster reporting?How to build-in resilience even as you scale Splunk on commodity hardware and storageCreating a better platform for big data apps.
  • To address these key focus areas and requirements, Splunk Enterprise 5 delivers:A new reporting architecture and technology that delivers dramatically faster reportsA new high availability architecture that delivers enterprise-class scale and resilience, even as you scale on commodity servers and storageA robust API and SDKs for popular programming languages, plus big data ecosystem integrations
  • We wanted to deliver blazingly fast reports and make it simple. Without an intermediate DBA-managed layer, building data marts.Accelerating search for reporting over large datasets is now as easy as clicking a checkbox and setting a time range. Summaries are stored on the indexers rather than the search head to allow map reduce parallelism for any search that uses reporting and/or streaming commands. You can enable report acceleration for an eligible search when you save it or add it to a dashboard in the Splunk Web UI. You can also enable report acceleration for an eligible search in Manager > Searches and Reports.Advanced Splunk users may have taken advantage of summary indexing. This was difficult to set up often needing training and summaries were managed at the search head minimizing reuse. We listened to you and created a more scalable, powerful technology with an easy button!Other benefits:Summaries are stored on the indexers, not on search headsMap-reducible summary generation provides unmatched parallelismSummaries can be reused across searches without manual interventionEasy to manage summaries through a single UI
  • It's really powerful when you can click on any chart or table and get directly to the raw events. Going from the what? To the why?Dynamic drilldowns let you go one step further.Create custom drilldown behavior for any simple XML table or chart. Specify custom drilldown behavior on a per-field basis. Click through to another dashboard, form, view, or external website – carrying forward any relevant context.Build in intelligent workflows into your dashboards to deliver a more intuitive experience for users.
  • You can now create PDF files from your simple XML dashboards, views, searches, or reports on any OS running on an Intel-compatible platform. All PDF features in Splunk Web work without the need to install the PDF Report Server app. Non-UI PDF reporting functionality also uses Integrated PDF generation.Unlimited table sizesSmart pagination and layoutSupported on x86 32-bit and 64-bit platformsSimple XML dashboards and reports, no Advanced XML
  • The insights from your data are mission-critical. With Splunk Enterprise 5 we wanted to deliver a highly available system, with enterprise-grade data resiliency, even as you scale on commodity storage. And we wanted to maintain Splunk’s robust, real-time and ease of use features.Splunk indexers can now be grouped together to replicate each other’s data, maintaining multiple copies of all data – preventing data loss and delivering highly available data for Splunk search. Using index replication, if one or more indexers fail, incoming data continues to get indexed and indexed data continues to be searchable.By spreading data across multiple indexers, searches can read from many indexers in parallel, improving parallelism of operations and performance. All as you scale on commodity servers and storage. And without a SAN.
  • Splunk supports 3 main types of data input: files, streaming over UDP and TCP and scripted inputs.Scripted inputs can be complex and require administrators and developers to know the inner workings of Splunk. Platforms need a certain level of configurability or ease of configurability for administrators. Doing this properly requires leveraging Splunk’s ability to install, configure, manage new data inputs as Apps. We see this as a minimum requirement for a platform like this to operate.Modular Inputs allow you to extend the Splunk framework to define new inputs.Examples include inputs for Amazon S2, Twitter, FTP based inputs, custom scripts for your own databases and own types of data stores, modular inputs for noSQL data stores, etc.Enable any data inputs installed by a Splunk App, making them easier to manage and deploy. Inputs appear automatically on the Splunk Manager > Data Inputs page and are accessible from REST API endpoints for advanced management. Improved modularity means we can ship new data input types outside of the Splunk enterprise release schedule.
  • Platforms need to provide better interoperability. And for Hadoop users, we are providing just that. To help address common challenges deploying and running Hadoop. Splunk Hadoop Connect enables Hadoop users to leverage Splunk to reliably collect massive volumes of machine data. Analyze data in real-time, create visualizations, custom dashboards and protect data with secure role-based access. Then reliably deliver data to Hadoop for ongoing batch analytics. You can also index data stored in Hadoop because once in Splunk, your data’s available for rapid visualization, reporting, analysis and sharing.The Splunk App for HadoopOpsextends what Splunk already does well - troubleshoot and monitor your Hadoop infrastructure. And because it's Splunk it doesn't stop with the Hadoop components, it includes everything. End-to-end. So you get a more complete view of your environment
  • We have experienced a tremendous community building around the Splunk developer platform.Over 1,000+ unique visitors to our developer portal.Open source application packs and code on Github.
  • There are a whole host of ways developers can leverage Splunk to maximize enterprise technology investments.Specifically, developers use Splunk in 3 ways:Accelerate Dev & Test: this is using Splunk out of the box. Splunk increases the speed and efficiency of application development, testing and provides proactive monitoring and analytics for applications in production.Integrate with IT Infrastructure: We know that you have a many applications and systems and we want to make it easy for you to integrate Splunk across the enterprise. We are delivering SDKs on top of our REST API to help you integrate Splunk data with other applications. Build real-time data applications: We are providing a familiar and intuitive experience for developers to build applications that take the value of Splunk beyond IT. IT early-warning systems, security and fraud protection, clickstream analysis & other revenue enhancing analytics. A great example is Hurricane Labs, a managed service provider that’s using the Python SDK to deliver security intelligence to their end customer in a custom-built application.
  • What have developers been building using Splunk Enterprise? Examples include the following:Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)Log directly to Splunk from remote devices (Bosch use cases)Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)Programmatically extract data from Splunk for long-term data warehousingWe hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
  • JavaScript, Java and Python SDKs being integrated into core Splunk, starting with JavaScript.The REST API is fully versioned, so you can integrate with Splunk in either XML or JSON formats. And have the assurance of a particular endpoint behavior.With Splunk Enterprise 5 you can add all new kinds of visualizations and customizability to your Splunk Apps or other in-house Apps.
  • We’ve made key investments in Splunk Enterprise 5 that deliver: Powerful and intuitive user interfaceEnterprise-class performance and scaleImproved modularity, interoperability and extensibilityGetting value from machine data is now faster, more resilient and accessible to the developer community.Splunk 5 is available now. For more information, check out the ‘what’s new’ section of the documentation. OR download it today from our website.
  • SplunkLive! Washington DC May 2013 - Splunk Enterprise 5

    1. 1. Copyright © 2013 Splunk Inc.Splunk Enterprise 5Clint Sharp, Sr. Product Manager,Big Data Solutions
    2. 2. Make machine data accessible,usable and valuable to everyone.2Mission
    3. 3. Innovative, Powerful and Easy to Use Software3Splunk storage Other Big Data storesReport andanalyzeCustomdashboardsMonitorand alertAd hocsearchDeveloperPlatformData collectionand indexing
    4. 4. LOB Owners/ExecutivesSystemAdministratorOperationsTeamsSecurityAnalystsITExecutivesApplicationDevelopersAuditorsWebsite/BusinessAnalystsCustomerSupport4IT Operations Management Web IntelligenceBusiness AnalyticsApplication ManagementSecurity and ComplianceBroad Use Across IT and the Business
    5. 5. Splunk Supporting a World Beyond ITPersonal Activity TrackingFlood monitoring warningCars as telemetry sensorsSupporting the next gen airlinerHealth and SafetyCommercial TransportHome Energy ManagementBuilding Power ConsumptionPower and Energy
    6. 6. 300+ Apps and20,000+ questions –and answers1,000+ uniquevisitors per weekto dev.splunk.comLocal User GroupsandSplunkLive eventsAnnualUsers’ Conference1,000+ usersA Growing, Global Community of Users
    7. 7. Continuous Development for Over 8 Years7Engine Platform1 2 3Tool4 4.1 4.2 4.35“Google for thedatacenter”“Engine for machine-generated data”“Platform for operationalintelligence”
    8. 8. Key Focus Areas for Splunk Enterprise 58How can wedeliver muchfaster reporting,at scale?How can webuild-in resilienceon commodityhardware?How can wecreate a betterplatform forenterprise apps?
    9. 9. Splunk Enterprise 5 Overview9Enterprise-classScale andResilienceFaster, EasierReports andDashboardsModularityInteroperabilityExtensibilityNew reportingtechnology deliversdramatically fasterreportsNew high availabilityarchitecture deliversbuilt-in resilience oncommodity hardwareDeveloper platformAPI, SDKs, resourcesBig data ecosystemintegrations
    10. 10. Faster, EasierReports andDashboardsBlazing Fast Reports, Made SimpleReport AccelerationBased on new transparentsummarization technologySpeeds up reports by up to 1,000xEasy to set-up, works across all typesof dataData is up-to-date, scalable, usedautomatically by eligible searchesWorks with preexisting 4.x Splunkreports as wellCreate dashboardClick accelerationReports run faster10
    11. 11. Dynamic DrilldownsCreate custom drill downbehaviorClick through to anotherdashboard, form, view, orexternal websiteCarry forward relevant contextMore Intelligent Dashboards11User creates adrilldownon a chart or tableClick sends context(fields, values) to any URLFaster, EasierReports andDashboards
    12. 12. Share Dashboards with Anyone12Improved, simpler experiencesharing dashboards as PDFSend PDF dashboards andreports to anyoneIntegrated with alertingframework for schedulingWorks acrossWindows, Linux, Unix, or MacplatformsIntegrated PDFFaster, EasierReports andDashboards
    13. 13. Enterprise-classScale andResilienceHigh Availability, On CommodityServers and Storage13As Splunk collects data, it keepsmultiple identical copiesIf indexer fails, incoming datacontinues to get indexedIndexed data continues to besearchableEasy setup and administrationData integrity and resiliencewithout a SANIndex ReplicationSplunk UniversalForwarder PoolConstantUptime
    14. 14. Get New Data Sources Into Splunk14App is installed fromSplunkbase containing input1Configure the input via acustomer page, or Manager2Copy configured input(s) toDeployment Server3Deploy to Forwardersaccording to server class4Develop and share your owndata input programs512345Modular InputsExtend Splunk framework todefine new inputsSimplifies the installation andconfiguration of new inputsShipped outside productrelease cycleAvailable on Splunkbase andappear automatically inSplunk Manager UIModularityInteroperabilityExtensibility
    15. 15. Enabling Big Data Ecosystem15ModularityInteroperabilityExtensibility>>>>Real-timeCollection andAnalysisDashboards,Reports,Access Controls>>• Reliable Data Export• Index Hadoop DataSplunk App for HadoopOps• Troubleshoot, monitor andanalyze end-to-end Hadoopenvironment
    16. 16. 1,000+ unique visitors /week todev.splunk.comSoftware freely available onGitHub@splunkdevAn Engaged Community of Developers16
    17. 17. How Do Developers Use Splunk?Integrate with ITInfrastructureBuild Real-time DataApplicationsAccelerateDev & Test1 2 3ModularityInteroperabilityExtensibility
    18. 18. What’s Possible with the Splunk Platform?18Power mobileapps with KPIsand alertsfrom SplunkLog directly toSplunk fromremotedevicesExtract Splunkdata for longtermwarehousingCustomerspecificdashboardswith user dataIntegrateSplunk withyour BI toolsRun Splunksearches fromwithin yourapplicationAPISDKs UI
    19. 19. Enterprise-class SDKs andDeveloper EnablementAvailable SDKsPython BetaJava BetaJavaScript BetaPHP Public PreviewShipping withSplunk Enterprise 5JavaScript SDKVersioned APIJSON Everywhere19ModularityInteroperabilityExtensibility
    20. 20. Upgrade / Migration20Report Acceleration– 4.3 reports can be accelerated by clicking the check boxIndex Replication– 4.3 indexed data are immediately searchable under replicationPDF Printing– Any reports with simple XML can be printed in PDF form
    21. 21. Key Benefits of Splunk Enterprise 521Resilience that is builtin, even as you scaleon low-cost serversand storageUp to 1000x fasterreports that areeasier to navigateand shareEnterprise-classScale andResilienceFaster, EasierReports andDashboardsModularityInteroperabilityExtensibilityDeveloper SDKs,resources and tools tomaximize enterprisetechnology investments
    22. 22. Thank You