6.4 whats new
•
0 likes•776 views
Splunk Enterprise 6.4 delivers a new library of interactive visualizations, faster analytics, and can reduce your historical data storage costs by up to 80%. See how you can: • Use new interactive visualizations to view results, and easily create and share your own • Speed investigation and discovery of large-scale data with event sampling • Reduce storage costs by up to 80% for aged data • Get wider visibility into system performance and health with new management views With the new features and lower storage costs offered by Splunk Enterprise 6.4, doing big data analysis is now easier than ever. See it in action by attending this webinar.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to 6.4 whats new
Similar to 6.4 whats new (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
6.4 whats new
- 1. Copyright © 2015 Splunk Inc. What's New in Splunk Enterprise 6.4
- 2. Participate in the live demo! Get prepared now! ● We want YOU! To generate live data in this webinar! ● Go with your mobile phone to: http://splunk.com/shake – Shake your mobile phone once we say it during the webinar! – On iOS 9 allow the access to the sensor: ‣ Settings > General > Accessibility ‣ Half-way down -> “Shake to undo” -> Set to off
- 3. Today’s Speakers 3 Matthias Maier • Product Marketing Manager • Splunk Richard Morgan • Splunk Enterprise Practice Leader • Splunk
- 4. Notes • After the webinar you’ll get an E-Mail containing: • Recording of the Webinar • Link to Slideshare with this Presentation • Link to the Splunk 6.4 What’s new App on Splunkbase • Ask your questions during the Webinar and we will go through them in a Q&A Session at the End
- 5. Safe Harbor Statement During the course of this presentation,we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described orto includeany suchfeatureor functionalityina futurerelease. 5
- 6. Agenda ● Short introduction into Splunk ● What’s new in Splunk Enterprise 6.4 ● Live Demo of new functionalities ● Q&A Session 6
- 7. Splunk Company Overview 7 Company • Global HQs: San Francisco London Hong Kong • 1,800+ employees globally • Annual Revenue: $450.9M (YoY +49%) • NASDAQ: SPLK Products • Free trial to massive scale • Splunk products: Splunk Enterprise Splunk Cloud Hunk Splunk Light Splunk MINT Premium Solutions Customers • 10,000+ customers • Across 100 countries • Small to large organizations • More than 80 of the Fortune 100 • Largest license: 400+ Terabytes/day
- 8. 8 Make machine data accessible, usable and valuable to everyone. 8
- 9. 9 Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things
- 10. 10 Splunk Enterprise & Cloud 6.4 Storage TCO Reduction - TSIDX Reduction reduces historical data storage TCO by 40%+ Platform Security & Management New Interactive Visualizations - Improved DMC - New SSO Options - Improved Event Collector - New Pre-built Visualizations - Open Community Library - Event Sampling and Predict
- 11. TSIDX Reduction Provides up to 40-80% storage reduction ● Retention Policy on TSIDX Files ● Creates “mini” TSIDX ● Performance trade-off between storage costs and performance – Rare vs Dense Searches ● *Limited functionality loss ● Can restore original TSIDX files if needed 11
- 12. 12 Splunk Enterprise & Cloud 6.4 Storage TCO Reduction - TSIDX Reduction reduces historical data storage TCO by 40%+ Platform Security & Management New Interactive Visualizations - Improved DMC - New SSO Options - Improved Event Collector - New Pre-built Visualizations - Open Community Library - Event Sampling and Predict
- 13. Management & Platform Enhancements ● Management – Distributed Management Console ‣ New monitoring views for scheduler, Event Collector, system I/O performance – Delegated Admin roles ● HTTP Event Collector – Unrestricted data for payloads – Data Indexing acknowledgement ● SAML Identity Provider Support – OKTA, Azure AD, ADFS 13 SAML Support OKTA Azure AD ADFS Ping FederateAWS IoT Event Collector
- 14. 14 Splunk Enterprise & Cloud 6.4 Storage TCO Reduction - TSIDX Reduction reduces historical data storage TCO by 40%+ Platform Security & Management New Interactive Visualizations - Improved DMC - New SSO Options - Improved Event Collector - New Pre-built Visualizations - Open Community Library - Event Sampling and Predict
- 15. Custom Visualizations Unlimited new ways to visualize your data ● 15 new interactive visualizations useful for IT, security, IoT, business analysis ● Open framework to create or customize any visual ● Visuals shared via Splunkbase library ● Available for any use: search, dashboards, reports… 15
- 16. New Custom Visualizations 16 Treemap Sankey Diagram Punchcard Calendar Heat Map Parallel Coordinates Bullet GraphLocation Tracker Horseshoe Meter Machine Learning Charts Timeline Horizon Chart Multiple use cases across IT, security, IoT, and business analytics
- 17. Event Sampling • Powerful search option provides unbiased sample results • Useful to quickly determine dataset characteristics • Speeds large-scale data investigation and discovery 17 Optimizes query performance for big data analysis
- 18. Predict Command Enhancements • Time-series forecasting • New algorithms: • Support bivariate time series with covariance • Predict multiple series independently • Predict missing values within series • 80-100X performance improvement 18 Forecast Trends and Predict Missing Values
- 19. Demo
- 20. Download the Overview App (6.4) & 6.x Dashboard Examples
- 21. Participate in the live demo! Get prepared now! ● We want YOU! To generate live data sent to the new HTTP Event Collector in this webinar! ● Go with your mobile phone to: http://splunk.com/shake – Shake your mobile phone once we say it during the webinar! – On iOS 9 allow the access to the sensor: ‣ Settings > General > Accessibility ‣ Half-way down -> “Shake to undo” -> Set to off
- 22. Live Demo 22
- 23. Copyright © 2015 Splunk Inc. .conf2016: The 7th Annual Splunk Worldwide Users’ Conference • September 26-29, 2016 • The Disney Swan and Dolphin, Orlando • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 3 days of Splunk University • Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education! • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! Visit conf.splunk.com for more information
- 24. Q&A
Editor's Notes
- Splunk safe harbor statement.
- Splunk has more than 1,800 employees worldwide, with our global headquarters in San Francisco. Our 10,000+ customers in 100 countries are using Splunk software and cloud services to improve service levels, reduce operations costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings. Our products are designed to fit your needs and are built to be as frictionless to deploy as possible. Simple download Splunk software, or sign up for the online sandbox, point it at your data, and you’ll up and running in minutes. Please always refer to latest company data found here: http://www.splunk.com/company.
- At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
- Splunk products are being used for data volumes ranging from gigabytes to hundreds of terabytes per day. Splunk software and cloud services reliably collects and indexes machine data, from a single source to tens of thousands of sources. All in real time. Once data is in Splunk Enterprise, you can search, analyze, report on and share insights form your data. The Splunk Enterprise platform is optimized for real-time, low-latency and interactivity, making it easy to explore, analyze and visualize your data. This is described as Operational Intelligence. The insights gained from machine data support a number of use cases and can drive value across your organization. [In North America] Splunk Cloud is available in North America and offers Splunk Enterprise as a cloud-based service – essentially empowering you with Operational Intelligence without any operational effort.
- Let’s start with TCO & Performance Improvements.
- *Limited functionality loss refers to not being able to use TSATS on TSIDX reduced data. This is because you no longer have the full tsidx files. Extra Material: Q: How does it affect performance? Can I still search the data? A: You can access the data in all of the normal ways, and for many search and reporting activities there is little impact. But for “needle in the haystack” ad-hoc searches, the performance will no longer be optimal. For “dense” searches (searches whose results return most of the data for the time range searched), the performance impact will be minimal. For “sparse” or “needle in the haystack” searches (searches that return very few results), searches that typically return in seconds will now return in minutes. Note: This feature can be selectively applied to any index to provide the greatest amount of flexibility to our customers. The goal is to apply this feature to data that is less frequently accessed – data for which you are willing to sacrifice some performance in order to gain a very significant cost savings. Splunk specialists can help you set the right policies for the right data. Q: Do apps and Premium Solutions still work? A: Yes. Apps and Premium Solutions will work. Q: How does it affect performance? Can I still search the data? A: You can access the data in all of the normal ways, and for many search and reporting activities there is little impact. But for “needle in the haystack” ad-hoc searches, the performance will no longer be optimal. For “dense” searches (searches whose results return most of the data for the time range searched), the performance impact will be minimal. For “sparse” or “needle in the haystack” searches (searches that return very few results), searches that typically return in seconds will now return in minutes. Note: This feature can be selectively applied to any index to provide the greatest amount of flexibility to our customers. The goal is to apply this feature to data that is less frequently accessed – data for which you are willing to sacrifice some performance in order to gain a very significant cost savings. Splunk specialists can help you set the right policies for the right data. Q: How do I control what data is minimized? Can I bring data back to the standard state? A: You set policy by data age and by the type of data (index). Different data can have different time criteria for minimization. You can return data to the original state if needed. Splunk specialists can help you set the right policies for the right data. Q: Why does your optimization data take up so much space? A: Even including the optimization data, Splunk compression techniques have already reduced the customer’s storage requirements by over 50% during indexing. The optimization metadata (TSIDX – time-series index) is what enables the customer to ask any question of their data and handle any type of investigation or use case in real time. By keeping data in its original unstructured state, Splunk offers the flexibility to ask any question of the data, handling any type of investigation or use case. Splunk structures the answer to each query on the fly, rather than forcing the customer to create a fixed data structure that limits the questions that can be asked. The TSIDX data enables us to deliver this unique flexibility with real-time speed. Q: Why is the savings range so large (40-80%)? A: The storage used by TSIDX varies depending on the nature and cardinality (uniqueness) of the data indexed. So the savings will vary as well across data types. Repetitive data fields will have a lower savings while unique (high cardinality) data will see a higher savings. Typical syslog data, for example will fall in the middle – about 60-70%. High cardinality data returns a higher savings because it requires more index entries to describe it. When the TSIDX is reduced, the savings are larger. We expect most customers will see an overall benefit of 60% or more. We expect the average savings to be 60% or more.
- Platform Security & Management
- DMC In 6.3 we re-worked the Distributed Management Console. In 6.4 we enhanced it even more adding new views and monitoring capabilities for things such as: - HTTP Event Collector Views - Performance tracking for the HTTP Event Collector feature including breakdowns by authorization token. - TCP Inputs - A partner to the Forwarder performance views in DMC tracking TCP queue health and other TCP input statistics. Deployment Wide Search Statistics - Identify top Search Users across a multi-Search Head deployment including frequent and long running searches. - Distributed Search View - A dashboard dedicated to tracking metrics for search in distributed deployments. Includes views for bundle replication performance and dispatch directory statistics. - Resource Usage, I/O - In addition to useful data on CPU and Memory consumption, now also see I/O bandwidth utilization for any Splunk host or across hosts. - Index Performance, Multi-pipeline - Updated views in the Deployment-wide and Instance-scoped Indexing Performance pages to accommodate multi-pipeline indexing. - Threshold Control - Fine-grain controls for visual thresholds for DMC displays containing CPU, Memory, Indexing Rate, Search Concurrency, and Up/Down Status. HTTP Event Collector In 6.3 we added the HTTP Event Collector. Now we’ve improved it by enabling unrestricted data for payloads (besides JSON) and data indexing acknowledgements so customers can verify data was received. SAML And finally we’ve added additional Single Sign On Options for added flexibility
- Platform Security & Management
- Release 6.4 delivers an array of new pre-built visualizations, a visualization developer framework, and an open library to make it simple for customers to access, develop and share interactive visualizations 15 new pre-built visualizations help customers analyze and interact with data sets commonly found in IT, security, and machine learning analysis A new developer framework allows customers and partners to easily create or customize any visualization to suit their needs Splunkbase now contains a growing library of visualizations provided by Splunk, our partners and our community Doubles the visualizations in Splunk today and creates an open environment for the unlimited creation and sharing of new visualizations Once a visual is imported from SplunkBase it is treated the same as any native Splunk feature, and is available for general use in the Visualizations dropdown.
- 15 new pre-built visualizations help customers analyze and interact with data sets commonly found in IT, security, and machine learning analysis. We survey out customer and field to choose an initial set that would meet many common needs.
- The new Event Sampling feature makes it faster to characterize very large datasets and focus your investigations. It is an integrated option of Search, offering a dropdown menu to control sampling 1 per 10, per 100, 1000, 10,000 etc. Of course the performance is equally as fast – a 1 per 1000 search runs 1000x faster.
- Main algo used – Kalgan filter Algorithmic improvements Support bi-variate time series by taking covariance between the individual time series into account. Predict for multiple time series at the same time - this treats individual time series independently, i.e. without computing covariance Predicting missing values in time series and accounting for that during prediction via missing value imputation methods (i.e., “No value was recorded, but it was most likely 5”)
- Use Splunk Ninja App and Demo Instructions
- For more information, or to try out the features yourself. Check out the overview app which explains each of the features and includes code samples and examples where applicable.
- We’re headed to the East Coast! 2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics! 165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE! 30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you! Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers. Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja! REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!