splunk> Overview  Your Guide    David Lutz
splunk> Lunch’n Learn Agenda  splunk> Overview                        splunk> Public Assets · What is splunk>?            ...
AgendaWhat is Splunk? splunk> explained    Searching, Alerting & Reportingexplained        Universal Indexing explained   ...
What is it?Copyright © 2011, Splunk Inc.        4        Listen to your data.
Collects, indexes and harnesses your machine         data to identify problems, patterns, risks and          opportunities...
Wait. What?Copyright © 2011, Splunk Inc.        6        Listen to your data.
splunk> is software                splunk> creates a key : value index                splunk> retains pristine copies of a...
splunk> is the engine for machine data   No predefined schema, no custom connectors, no RDBMS, no need to filter/forward. ...
splunk> eliminates finger pointingCopyright © 2011, Splunk Inc.   13          Listen to your data.
What It’s Like In The Trenches                          Application        Application             Systems            Appl...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
splunk> Supports Diverse Apps/Solutions                                                               CDR    Security     ...
Universal Indexing
Universal Indexing Indexes Unstructured Data                                 It’s that simple.                            ...
Universal Indexing Indexes Unstructured Data                                 Every word                                 Ev...
New Approach to Heterogeneous Data  Universal Indexing            Search-time Knowledge           Flexibility and         ...
Deployment Options
A splunk> Installation Has 4 Functions                                Searching and Reporting (Search Head)               ...
Single splunk> Indexer                             Get started with a single splunk> Indexer.                  You can ind...
splunk> Indexer with Forwarderssplunk> Forwarders can be used to send data to your splunk> Indexer reliably and securely C...
splunk> Scales Across the Datacenter                             Offload search with dedicated splunk> Search Head(s)Auto ...
splunk> Runs Across DatacentersDistributed search unifies theview across locationsRole-based access controls howfar a give...
splunk> Scales to TBs/day and 1,000s of Users      Distributed Search with MapReduce      linearly scales search and repor...
Demonstration
Executive andDomain-levelDashboards
Remember ‘Harnessing Your Machine Data’?                                                                                  ...
Harnessing Your Machine Data                                                                                              ...
Harnessing Your Machine Data                                                                                              ...
Root Cause Analysis
Is There A    Problem?Copyright © 2011, Splunk Inc.   49   Listen to your data.
Where Is The Problem?Copyright © 2011, Splunk Inc.             50            Listen to your data.
What Is The  Problem?Copyright © 2011, Splunk Inc.   51   Listen to your data.
Remember ‘Harnessing Your Machine Data’?                                                                                  ...
The IT Search Company                                  email: dlux@splunk.com                                 twitter: @dl...
Upcoming SlideShare
Loading in …5
×

dlux - Splunk Technical Overview

6,365 views

Published on

Splunk Technical Overview, Lunch'n'Learn v3

Published in: Technology
  • Be the first to comment

dlux - Splunk Technical Overview

  1. 1. splunk> Overview Your Guide David Lutz
  2. 2. splunk> Lunch’n Learn Agenda splunk> Overview splunk> Public Assets · What is splunk>? · Splunkbase (splunk> repository of · Use cases over 200 free applications) · Architecture · Answers – community-driven Q&A Using splunk> · Online Documentation · Installation and setup (v4.3) · Enterprise and Global Support · Adding data splunk> App demo · Search with keywords, boolean · A demonstration of the splunk> for operators and statistical commands Application Management App and more · Alerts, reports, and dashboardsCopyright © 2011, Splunk Inc. 2 Listen to your data.
  3. 3. AgendaWhat is Splunk? splunk> explained Searching, Alerting & Reportingexplained Universal Indexing explained Deployment Options explained DemonstrationCopyright © 2011, Splunk Inc. 3 Listen to your data.
  4. 4. What is it?Copyright © 2011, Splunk Inc. 4 Listen to your data.
  5. 5. Collects, indexes and harnesses your machine data to identify problems, patterns, risks and opportunities and drive better decisions for IT and the business.Copyright © 2011, Splunk Inc. 5 Listen to your data.
  6. 6. Wait. What?Copyright © 2011, Splunk Inc. 6 Listen to your data.
  7. 7. splunk> is software splunk> creates a key : value index splunk> retains pristine copies of all data splunk> searches that index for dataCopyright © 2011, Splunk Inc. 7 Listen to your data.
  8. 8. splunk> is the engine for machine data No predefined schema, no custom connectors, no RDBMS, no need to filter/forward. Customer Outside the Facing Data DatacenterClick-stream data Manufacturing, logisticShopping cart data s…Online transaction CDRs & IPDRsdata Power consumption Logfiles Configs Messages Traps Metrics Scripts Changes Tickets RFID data Alerts GPS data Virtualization Windows Linux/Unix Applications Databases Networking & Cloud Registry Configurations Hypervisor Web logs Configurations Configurations Event logs syslog Guest OS, Apps Log4J, JMS, JMX Audit/query logs syslog File system File system Cloud .NET events Tables SNMP sysinternals ps, iostat, top Code and scripts Schemas netflowCopyright © 2011, Splunk Inc. 11 Listen to your data.
  9. 9. splunk> eliminates finger pointingCopyright © 2011, Splunk Inc. 13 Listen to your data.
  10. 10. What It’s Like In The Trenches Application Application Systems Application DatabaseService Desk Support Developer Administrator Developer Administrator Log call. The Java monitoring Stop working on Stop what they’re Manual DBA analyzes console says tools don’t show new code to doing to identify investigation audit logs which everything is anything either. troubleshoot. and gather establishes not points to bad green. Call the Need production production logs application query. developer. logs! for developer. problem. Escalate. Escalate. Escalate. Respond. Escalate. Now what?Copyright © 2011, Splunk Inc. 14 Listen to your data.
  11. 11. Harnessing Your Machine Data Proactive Search and Investigate, find and fix problems dramatically Investigate faster across your organizationIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 15 Listen to your data.
  12. 12. Harnessing Your Machine Data Proactive Search and Investigate, find and fix problems dramatically Investigate faster across your organizationIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 16 Listen to your data.
  13. 13. Harnessing Your Machine Data Proactive Automatically monitor to identify issues, Proactive Monitoring problems and attacks before they impact your customers and services Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 18 Listen to your data.
  14. 14. Harnessing Your Machine Data Proactive Automatically monitor to identify issues, Proactive Monitoring problems and attacks before they impact your customers and services Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 19 Listen to your data.
  15. 15. Harnessing Your Machine Data Proactive Gain end-to-end visibility to track and deliver on Operational IT KPIs and make better-informed IT decisions Visibility Proactive Monitoring Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 21 Listen to your data.
  16. 16. Harnessing Your Machine Data Proactive Gain end-to-end visibility to track and deliver on Operational IT KPIs and make better-informed IT decisions Visibility Proactive Monitoring Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 22 Listen to your data.
  17. 17. Harnessing Your Machine Data Proactive Gain real-time insight from operational data to Real-time make better-informed business decisions Business Insights Operational Visibility Proactive Monitoring Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 23 Listen to your data.
  18. 18. Harnessing Your Machine Data Proactive Gain real-time insight from operational data to Real-time make better-informed business decisions Business Insights Operational Visibility Proactive Monitoring Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 24 Listen to your data.
  19. 19. splunk> Supports Diverse Apps/Solutions CDR Security IronPort WSACopyright © 2011, Splunk Inc. Listen to your data.
  20. 20. Universal Indexing
  21. 21. Universal Indexing Indexes Unstructured Data It’s that simple. key : value Copyright © 2011, Splunk Inc. 27 Listen to your data.
  22. 22. Universal Indexing Indexes Unstructured Data Every word Every value Every character … even punctuation … even white spaces Copyright © 2011, Splunk Inc. 28 Listen to your data.
  23. 23. New Approach to Heterogeneous Data Universal Indexing Search-time Knowledge Flexibility and Fast Time to Value• No data normalization • Knowledge applied at • Normalization as it’s• Automatically handles search-time needed timestamps • No brittle schema to • Faster implementation• Parsers not required work around • Easy search language• Index every term & • Multiple views into the • Multiple views into the pattern “blindly” same data same data• No attempt to • Splunk helps find “understand” up front transactions, patterns and trendsCopyright © 2011, Splunk Inc. 29 Listen to your data.
  24. 24. Deployment Options
  25. 25. A splunk> Installation Has 4 Functions Searching and Reporting (Search Head) Indexing and Search Services (Indexer) Data Collection and Forwarding (Forwarder) Local and Distributed Management (Deployment Server) A splunk> installation can be one or all of these …Copyright © 2011, Splunk Inc. 35 Listen to your data.
  26. 26. Single splunk> Indexer Get started with a single splunk> Indexer. You can index, search, alert, report, correlate within 15 minutes. Send in syslog data Pull in local data via File or Dir monitoring, WMI, and/or Scripted InputsServers &Desktops Logs Scripts Firewalls, Routers, Switches Messages Copyright © 2011, Splunk Inc. 36 Listen to your data.
  27. 27. splunk> Indexer with Forwarderssplunk> Forwarders can be used to send data to your splunk> Indexer reliably and securely Copyright © 2011, Splunk Inc. 37 Listen to your data.
  28. 28. splunk> Scales Across the Datacenter Offload search with dedicated splunk> Search Head(s)Auto load-balanced forwarding to as many splunk> Indexers as you need to index, up to TBs/day Send data from 1,000s of servers using combination of splunk> Forwarders, syslog, WMI, message queues, or other remote protocols Copyright © 2011, Splunk Inc. 38 Listen to your data.
  29. 29. splunk> Runs Across DatacentersDistributed search unifies theview across locationsRole-based access controls howfar a given users search will span Copyright © 2011, Splunk Inc. 39 Listen to your data.
  30. 30. splunk> Scales to TBs/day and 1,000s of Users Distributed Search with MapReduce linearly scales search and reporting Automatic load balancing linearly scales indexing Copyright © 2011, Splunk Inc. 40 Listen to your data.
  31. 31. Demonstration
  32. 32. Executive andDomain-levelDashboards
  33. 33. Remember ‘Harnessing Your Machine Data’? Proactive Gain real-time insight from operational data to Real-time make better-informed business decisions Business Insights Gain end-to-end visibility to track and deliver on Operational IT KPIs and make better-informed IT decisions Visibility ReactiveCopyright © 2011, Splunk Inc. 45 Listen to your data.
  34. 34. Harnessing Your Machine Data Proactive Gain real-time insight from operational data to Real-time make better-informed business decisions Business Insights Operational Visibility Proactive Monitoring Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 46 Listen to your data.
  35. 35. Harnessing Your Machine Data Proactive Gain end-to-end visibility to track and deliver on Operational IT KPIs and make better-informed IT decisions Visibility Proactive Monitoring Search and InvestigateIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 47 Listen to your data.
  36. 36. Root Cause Analysis
  37. 37. Is There A Problem?Copyright © 2011, Splunk Inc. 49 Listen to your data.
  38. 38. Where Is The Problem?Copyright © 2011, Splunk Inc. 50 Listen to your data.
  39. 39. What Is The Problem?Copyright © 2011, Splunk Inc. 51 Listen to your data.
  40. 40. Remember ‘Harnessing Your Machine Data’? Proactive Search and Investigate, find and fix problems dramatically Investigate faster across your organizationIT silo chaos ReactiveCopyright © 2011, Splunk Inc. 52 Listen to your data.
  41. 41. The IT Search Company email: dlux@splunk.com twitter: @dlux_at_splunk skype: dluxatsplunkdotcom Your Guide David LutzCopyright © 2011, Splunk Inc. Listen to your data.

×