This document provides an overview and examples of data onboarding in Splunk. It discusses best practices for indexing data, such as setting the event boundary, date, timestamp, sourcetype and source fields. Examples are given for onboarding complex JSON, simple JSON and complex CSV data. Lessons learned from each example highlight issues like properly configuring settings for nested or multiple timestamp fields. The presentation also introduces Splunk capabilities for collecting machine data beyond logs, such as the HTTP Event Collector, Splunk MINT and the Splunk App for Stream.
SplunkLive! Presentation - Data Onboarding with SplunkSplunk
- The data onboarding process involves systematically bringing new data sources into Splunk to make the data instantly usable and valuable for users
- The process includes pre-boarding activities like identifying the data, mapping fields, and building index-time and search-time configurations
- It also involves deploying any necessary infrastructure, deploying the configurations, testing and validating the data, and getting user approval before the process is complete
This document provides an overview of Splunk, including:
- Splunk's main functionality is real-time log collection, indexing, and analytics of time series data through search queries and data exploration/visualization capabilities.
- Reasons to use Splunk include its proven success in the field, flexible and user-friendly interface, and ability to handle large volumes of data from various sources through infinite scaling.
- Splunk uses a MapReduce-based architecture to index and search large volumes of data across multiple servers.
Splunk is a powerful platform that can harness your machine data and turn it into valuable information thereby enabling your business to make informed decisions, taking your organization from reactive to proactive. Just like any other platform, Splunk is only as powerful as the data it has access to, therefore in this session we will be conducting a walk thru of how to successfully on-board data, with samples of data ranging from simple to complex. We will also be taking a look at how to use common TA’s to bring valuable data into Splunk. This session is designed to give you a better understanding of how to onboard data into Splunk enabling you to unlock the power of your data.
Grafana is an open source analytics and monitoring tool that uses InfluxDB to store time series data and provide visualization dashboards. It collects metrics like application and server performance from Telegraf every 10 seconds, stores the data in InfluxDB using the line protocol format, and allows users to build dashboards in Grafana to monitor and get alerts on metrics. An example scenario is using it to collect and display load time metrics from a QA whitelist VM.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Installation of Grafana on linux ; connectivity with Prometheus database , installation of Prometheus ; Installation of node_exporter ,Tomcat-exporter ; installation and configuration of alert manager .. Detailed step by step installation and working
This document provides an overview and getting started guide for Splunk. It discusses what Splunk is for exploring machine data, how to install and start Splunk, add sample data, perform basic searches, create saved searches, alerts and dashboards. It also covers deployment and integration topics like scaling Splunk, distributing searches across data centers, forwarding data to Splunk, and enriching data with lookups. The document recommends resources like the Splunk community for support.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
SplunkLive! Presentation - Data Onboarding with SplunkSplunk
- The data onboarding process involves systematically bringing new data sources into Splunk to make the data instantly usable and valuable for users
- The process includes pre-boarding activities like identifying the data, mapping fields, and building index-time and search-time configurations
- It also involves deploying any necessary infrastructure, deploying the configurations, testing and validating the data, and getting user approval before the process is complete
This document provides an overview of Splunk, including:
- Splunk's main functionality is real-time log collection, indexing, and analytics of time series data through search queries and data exploration/visualization capabilities.
- Reasons to use Splunk include its proven success in the field, flexible and user-friendly interface, and ability to handle large volumes of data from various sources through infinite scaling.
- Splunk uses a MapReduce-based architecture to index and search large volumes of data across multiple servers.
Splunk is a powerful platform that can harness your machine data and turn it into valuable information thereby enabling your business to make informed decisions, taking your organization from reactive to proactive. Just like any other platform, Splunk is only as powerful as the data it has access to, therefore in this session we will be conducting a walk thru of how to successfully on-board data, with samples of data ranging from simple to complex. We will also be taking a look at how to use common TA’s to bring valuable data into Splunk. This session is designed to give you a better understanding of how to onboard data into Splunk enabling you to unlock the power of your data.
Grafana is an open source analytics and monitoring tool that uses InfluxDB to store time series data and provide visualization dashboards. It collects metrics like application and server performance from Telegraf every 10 seconds, stores the data in InfluxDB using the line protocol format, and allows users to build dashboards in Grafana to monitor and get alerts on metrics. An example scenario is using it to collect and display load time metrics from a QA whitelist VM.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Installation of Grafana on linux ; connectivity with Prometheus database , installation of Prometheus ; Installation of node_exporter ,Tomcat-exporter ; installation and configuration of alert manager .. Detailed step by step installation and working
This document provides an overview and getting started guide for Splunk. It discusses what Splunk is for exploring machine data, how to install and start Splunk, add sample data, perform basic searches, create saved searches, alerts and dashboards. It also covers deployment and integration topics like scaling Splunk, distributing searches across data centers, forwarding data to Splunk, and enriching data with lookups. The document recommends resources like the Splunk community for support.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
Two presentations at the January Splunk User Group in Edinburgh. Presenters were Harry McLaren and Tomasz Dziwok.
Topics covered are collecting AWS based logs at scale with Splunk and what the new object-based storage feature is within Splunk Enterprise (SmartStore).
Worst Splunk practices...and how to fix themSplunk
This document provides a summary of best practices and common pitfalls when using Splunk for data collection, management, and resiliency. It discusses best practices for collecting syslog data over UDP, direct TCP/UDP collection, using forwarders, and data onboarding processes like sourcetype recognition, timestamps, and event parsing. Common mistakes like over-engineering syslog collection, sending data directly to indexers, creating "data funnels" through intermediate forwarders, and letting Splunk automatically determine sourcetypes and timestamps are also summarized.
This document discusses Splunk Enterprise Security and its frameworks for analyzing security data. It provides an overview of Splunk's security portfolio and how it addresses challenges with legacy SIEM solutions. Key frameworks covered include Notable Events for streamlining incident management, Asset and Identity for enriching incidents with contextual data, Risk Analysis for prioritizing incidents based on quantitative risk scores, and Threat Intelligence for detecting indicators of compromise in machine data. Interactive dashboards and incident review interfaces are highlighted as ways to investigate threats and monitor the security posture.
Splunk is a scalable software that indexes and searches logs and IT data in real time. It can analyze data from any application, server, or device. Splunk uses a server component and forwarders to collect and index streaming data, and provides a web interface for searching, reporting, monitoring and alerting on the data.
Splunk is a tool that indexes and searches data to generate graphs, alerts, and dashboards. It can analyze data from sources like logs, metrics, and other sources on both local and remote machines. Key concepts in Splunk include indexes which are databases that store events, which are individual data entries that are broken down and tagged with metadata during indexing. Searches in Splunk return results in tabs for events, statistics, and visualizations.
Prometheus: Monitoring by "Pravin Magdum" from "Crevise". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Spark
DevNexus 2022 Atlanta
https://devnexus.com/presentations/7150/
This talk is a quick overview of the How, What and WHY of Apache Pulsar, Apache Flink and Apache NiFi. I will show you how to design event-driven applications that scale the cloud native way.
This talk was done live in person at DevNexus across from the booth in room 311
Tim Spann
Tim Spann is a Developer Advocate for StreamNative. He works with StreamNative Cloud, Apache Pulsar, Apache Flink, Flink SQL, Apache NiFi, MiniFi, Apache MXNet, TensorFlow, Apache Spark, big data, the IoT, machine learning, and deep learning. Tim has over a decade of experience with the IoT, big data, distributed computing, streaming technologies, and Java programming. Previously, he was a Principal DataFlow Field Engineer at Cloudera, a Senior Solutions Architect at AirisData, a Senior Field Engineer at Pivotal and a Team Leader at HPE. He blogs for DZone, where he is the Big Data Zone leader, and runs a popular meetup in Princeton on big data, the IoT, deep learning, streaming, NiFi, the blockchain, and Spark. Tim is a frequent speaker at conferences such as IoT Fusion, Strata, ApacheCon, Data Works Summit Berlin, DataWorks Summit Sydney, and Oracle Code NYC. He holds a BS and MS in computer science.
Extending Flink SQL for stream processing use casesFlink Forward
1. For streaming data, Flink SQL uses STREAMs for append-only queries and CHANGELOGs for upsert queries instead of tables.
2. Stateless queries on streaming data, such as projections and filters, result in new STREAMs or CHANGELOGs.
3. Stateful queries, such as aggregations, produce STREAMs or CHANGELOGs depending on whether they are windowed or not. Join queries between streaming sources also result in STREAM outputs.
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
Splunk's Naman Joshi and Jon Harris presented the Splunk Data Onboarding overview at SplunkLive! Sydney. This presentation covers:
1. Splunk Data Collection Architecture 2. Apps and Technology Add-ons
3. Demos / Examples
4. Best Practices
5. Resources and Q&A
Today much of our online world is powered by cloud computing & Amazon Web Services(AWS) offers an amazing depth and breadth of available services. In this event, we will collect our AWS logs by Integrating them with Splunk Observability.
Flink Forward San Francisco 2022.
Resource Elasticity is a frequently requested feature in Apache Flink: Users want to be able to easily adjust their clusters to changing workloads for resource efficiency and cost saving reasons. In Flink 1.13, the initial implementation of Reactive Mode was introduced, later releases added more improvements to make the feature production ready. In this talk, we’ll explain scenarios to deploy Reactive Mode to various environments to achieve autoscaling and resource elasticity. We’ll discuss the constraints to consider when planning to use this feature, and also potential improvements from the Flink roadmap. For those interested in the internals of Flink, we’ll also briefly explain how the feature is implemented, and if time permits, conclude with a short demo.
by
Robert Metzger
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
This document provides an agenda and summaries for a Splunk user group meeting in Edinburgh. The meeting will include presentations and discussions on creating dashboards, using universal vs. heavy forwarders, and latest Splunk challenges and solutions. It introduces the speakers, including employees from the hosting company ECS and user group leader Harry McLaren. Updates from the recent Splunk .conf event are also summarized, such as new premium app releases and the Splunk ML Toolkit.
Splunk provides software that allows users to search, monitor, and analyze machine-generated data. It collects data from websites, applications, servers, networks and other devices and stores large amounts of data. The software provides dashboards, reports and alerts to help users gain operational intelligence and insights. It is used by over 4,400 customers across many industries to solve IT and business challenges.
Splunk is a software that captures, indexes, and analyzes machine-generated data in real-time to generate operational intelligence across an organization. It transforms raw data into searchable events that can then be searched, visualized, and used to create reports, alerts, and dashboards. Splunk offers features like searching and investigating data, data modeling and pivoting, visualization and reporting, and monitoring and alerts. It is easy to deploy, load data into, and search and visualize data to gain insights. However, Splunk can be expensive for some organizations.
Worst Splunk practices...and how to fix them Splunk
This document provides a summary of best practices and common pitfalls when using Splunk for data collection, management, and resiliency. It discusses best practices for collecting syslog data over UDP, direct TCP/UDP collection, load balancing with forwarders, and data onboarding practices like specifying sourcetypes and timestamps. Common mistakes involve over-engineering syslog collection, sending TCP/UDP streams directly to indexers without load balancing, relying too heavily on intermediate forwarders, and not explicitly configuring sourcetype and timestamp settings. The presentation aims to help Splunk administrators and knowledge managers address common problems and apply optimization strategies.
Infrastructure & System Monitoring using PrometheusMarco Pas
The document introduces infrastructure and system monitoring using Prometheus. It discusses the importance of monitoring, common things to monitor like services, applications, and OS metrics. It provides an overview of Prometheus including its main components and data format. The document demonstrates setting up Prometheus, adding host metrics using Node Exporter, configuring Grafana, monitoring Docker containers using cAdvisor, configuring alerting in Prometheus and Alertmanager, instrumenting application code, and integrating Consul for service discovery. Live code demos are provided for key concepts.
Splunk - универсальная платформа для работы с любыми даннымиCleverDATA
Презентация Константина Ткачева, архитектора решений CleverDATA по платформе Splunk (функционал, источники данных, возможности масштабируемости, примеры панелей управления, возможности интеграции, аналитика данных и предиктивные возможности).
This session will explore best practices for monitoring and observing Splunk deployments. There will be a focus on how to instrument your deployment and understand how your users workloads may affect performance. Guidance will be provided on how to observe these behaviours, investigate them and then perform the right corrective action.
Observability: Beyond the Three Pillars with SpringVMware Tanzu
In this presentation, we’ll explore the basics of the three pillars and what Spring has to offer to implement them for logging (SLF4J), metrics (Micrometer), and distributed tracing (Spring Cloud Sleuth, Zipkin/Brave, OpenTelemetry).
I’ll also talk about how to take your system to the next level, and what else you can find in Spring and related technologies to look under the hood of your running system (Spring Boot Actuator, Logbook, Eureka, Spring Boot Admin, Swagger, Spring HATEOAS) and what our future plans are.
Wire data provides deep insights across IT, security and business use cases by capturing the communications transmitted over the wire between machines and applications in real-time. The Splunk App for Stream enables new operational intelligence by indexing this wire data without needing instrumentation. It provides enhanced visibility, efficient cloud-ready collection, and fast time to value through interface-driven deployment. Key features include protocol decoding, attribute filtering, aggregations, and custom content extraction for analysis in Splunk.
Splunk is a software platform that allows users to search, monitor, and analyze machine-generated data in real-time. It is used by over 10,000 customers across many industries to gain operational intelligence. Splunk indexes data from various sources like servers, networks, applications, and devices and allows users to interact with the data through searching, reporting, visualization, and alerting. It provides universal access to data regardless of format or source, and scales from small environments to very large ones processing hundreds of terabytes per day.
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
Two presentations at the January Splunk User Group in Edinburgh. Presenters were Harry McLaren and Tomasz Dziwok.
Topics covered are collecting AWS based logs at scale with Splunk and what the new object-based storage feature is within Splunk Enterprise (SmartStore).
Worst Splunk practices...and how to fix themSplunk
This document provides a summary of best practices and common pitfalls when using Splunk for data collection, management, and resiliency. It discusses best practices for collecting syslog data over UDP, direct TCP/UDP collection, using forwarders, and data onboarding processes like sourcetype recognition, timestamps, and event parsing. Common mistakes like over-engineering syslog collection, sending data directly to indexers, creating "data funnels" through intermediate forwarders, and letting Splunk automatically determine sourcetypes and timestamps are also summarized.
This document discusses Splunk Enterprise Security and its frameworks for analyzing security data. It provides an overview of Splunk's security portfolio and how it addresses challenges with legacy SIEM solutions. Key frameworks covered include Notable Events for streamlining incident management, Asset and Identity for enriching incidents with contextual data, Risk Analysis for prioritizing incidents based on quantitative risk scores, and Threat Intelligence for detecting indicators of compromise in machine data. Interactive dashboards and incident review interfaces are highlighted as ways to investigate threats and monitor the security posture.
Splunk is a scalable software that indexes and searches logs and IT data in real time. It can analyze data from any application, server, or device. Splunk uses a server component and forwarders to collect and index streaming data, and provides a web interface for searching, reporting, monitoring and alerting on the data.
Splunk is a tool that indexes and searches data to generate graphs, alerts, and dashboards. It can analyze data from sources like logs, metrics, and other sources on both local and remote machines. Key concepts in Splunk include indexes which are databases that store events, which are individual data entries that are broken down and tagged with metadata during indexing. Searches in Splunk return results in tabs for events, statistics, and visualizations.
Prometheus: Monitoring by "Pravin Magdum" from "Crevise". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Spark
DevNexus 2022 Atlanta
https://devnexus.com/presentations/7150/
This talk is a quick overview of the How, What and WHY of Apache Pulsar, Apache Flink and Apache NiFi. I will show you how to design event-driven applications that scale the cloud native way.
This talk was done live in person at DevNexus across from the booth in room 311
Tim Spann
Tim Spann is a Developer Advocate for StreamNative. He works with StreamNative Cloud, Apache Pulsar, Apache Flink, Flink SQL, Apache NiFi, MiniFi, Apache MXNet, TensorFlow, Apache Spark, big data, the IoT, machine learning, and deep learning. Tim has over a decade of experience with the IoT, big data, distributed computing, streaming technologies, and Java programming. Previously, he was a Principal DataFlow Field Engineer at Cloudera, a Senior Solutions Architect at AirisData, a Senior Field Engineer at Pivotal and a Team Leader at HPE. He blogs for DZone, where he is the Big Data Zone leader, and runs a popular meetup in Princeton on big data, the IoT, deep learning, streaming, NiFi, the blockchain, and Spark. Tim is a frequent speaker at conferences such as IoT Fusion, Strata, ApacheCon, Data Works Summit Berlin, DataWorks Summit Sydney, and Oracle Code NYC. He holds a BS and MS in computer science.
Extending Flink SQL for stream processing use casesFlink Forward
1. For streaming data, Flink SQL uses STREAMs for append-only queries and CHANGELOGs for upsert queries instead of tables.
2. Stateless queries on streaming data, such as projections and filters, result in new STREAMs or CHANGELOGs.
3. Stateful queries, such as aggregations, produce STREAMs or CHANGELOGs depending on whether they are windowed or not. Join queries between streaming sources also result in STREAM outputs.
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
Splunk's Naman Joshi and Jon Harris presented the Splunk Data Onboarding overview at SplunkLive! Sydney. This presentation covers:
1. Splunk Data Collection Architecture 2. Apps and Technology Add-ons
3. Demos / Examples
4. Best Practices
5. Resources and Q&A
Today much of our online world is powered by cloud computing & Amazon Web Services(AWS) offers an amazing depth and breadth of available services. In this event, we will collect our AWS logs by Integrating them with Splunk Observability.
Flink Forward San Francisco 2022.
Resource Elasticity is a frequently requested feature in Apache Flink: Users want to be able to easily adjust their clusters to changing workloads for resource efficiency and cost saving reasons. In Flink 1.13, the initial implementation of Reactive Mode was introduced, later releases added more improvements to make the feature production ready. In this talk, we’ll explain scenarios to deploy Reactive Mode to various environments to achieve autoscaling and resource elasticity. We’ll discuss the constraints to consider when planning to use this feature, and also potential improvements from the Flink roadmap. For those interested in the internals of Flink, we’ll also briefly explain how the feature is implemented, and if time permits, conclude with a short demo.
by
Robert Metzger
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
This document provides an agenda and summaries for a Splunk user group meeting in Edinburgh. The meeting will include presentations and discussions on creating dashboards, using universal vs. heavy forwarders, and latest Splunk challenges and solutions. It introduces the speakers, including employees from the hosting company ECS and user group leader Harry McLaren. Updates from the recent Splunk .conf event are also summarized, such as new premium app releases and the Splunk ML Toolkit.
Splunk provides software that allows users to search, monitor, and analyze machine-generated data. It collects data from websites, applications, servers, networks and other devices and stores large amounts of data. The software provides dashboards, reports and alerts to help users gain operational intelligence and insights. It is used by over 4,400 customers across many industries to solve IT and business challenges.
Splunk is a software that captures, indexes, and analyzes machine-generated data in real-time to generate operational intelligence across an organization. It transforms raw data into searchable events that can then be searched, visualized, and used to create reports, alerts, and dashboards. Splunk offers features like searching and investigating data, data modeling and pivoting, visualization and reporting, and monitoring and alerts. It is easy to deploy, load data into, and search and visualize data to gain insights. However, Splunk can be expensive for some organizations.
Worst Splunk practices...and how to fix them Splunk
This document provides a summary of best practices and common pitfalls when using Splunk for data collection, management, and resiliency. It discusses best practices for collecting syslog data over UDP, direct TCP/UDP collection, load balancing with forwarders, and data onboarding practices like specifying sourcetypes and timestamps. Common mistakes involve over-engineering syslog collection, sending TCP/UDP streams directly to indexers without load balancing, relying too heavily on intermediate forwarders, and not explicitly configuring sourcetype and timestamp settings. The presentation aims to help Splunk administrators and knowledge managers address common problems and apply optimization strategies.
Infrastructure & System Monitoring using PrometheusMarco Pas
The document introduces infrastructure and system monitoring using Prometheus. It discusses the importance of monitoring, common things to monitor like services, applications, and OS metrics. It provides an overview of Prometheus including its main components and data format. The document demonstrates setting up Prometheus, adding host metrics using Node Exporter, configuring Grafana, monitoring Docker containers using cAdvisor, configuring alerting in Prometheus and Alertmanager, instrumenting application code, and integrating Consul for service discovery. Live code demos are provided for key concepts.
Splunk - универсальная платформа для работы с любыми даннымиCleverDATA
Презентация Константина Ткачева, архитектора решений CleverDATA по платформе Splunk (функционал, источники данных, возможности масштабируемости, примеры панелей управления, возможности интеграции, аналитика данных и предиктивные возможности).
This session will explore best practices for monitoring and observing Splunk deployments. There will be a focus on how to instrument your deployment and understand how your users workloads may affect performance. Guidance will be provided on how to observe these behaviours, investigate them and then perform the right corrective action.
Observability: Beyond the Three Pillars with SpringVMware Tanzu
In this presentation, we’ll explore the basics of the three pillars and what Spring has to offer to implement them for logging (SLF4J), metrics (Micrometer), and distributed tracing (Spring Cloud Sleuth, Zipkin/Brave, OpenTelemetry).
I’ll also talk about how to take your system to the next level, and what else you can find in Spring and related technologies to look under the hood of your running system (Spring Boot Actuator, Logbook, Eureka, Spring Boot Admin, Swagger, Spring HATEOAS) and what our future plans are.
Wire data provides deep insights across IT, security and business use cases by capturing the communications transmitted over the wire between machines and applications in real-time. The Splunk App for Stream enables new operational intelligence by indexing this wire data without needing instrumentation. It provides enhanced visibility, efficient cloud-ready collection, and fast time to value through interface-driven deployment. Key features include protocol decoding, attribute filtering, aggregations, and custom content extraction for analysis in Splunk.
Splunk is a software platform that allows users to search, monitor, and analyze machine-generated data in real-time. It is used by over 10,000 customers across many industries to gain operational intelligence. Splunk indexes data from various sources like servers, networks, applications, and devices and allows users to interact with the data through searching, reporting, visualization, and alerting. It provides universal access to data regardless of format or source, and scales from small environments to very large ones processing hundreds of terabytes per day.
This document provides an overview and agenda for the Splunk App for Stream, including:
- The architecture of the Stream Forwarder for capturing wire data and routing it to Splunk.
- The architecture of the App for Stream for analyzing wire data in Splunk.
- Examples of deployment architectures for ingesting wire data.
- A customer use case where wire data from the network helped provide visibility that log data could not due to access restrictions.
Machine Data 101: Turning Data Into Insight is a presentation about using Splunk software to analyze machine data. It discusses topics such as:
- What machine data is and examples of common sources like log files, social media, call center systems
- How Splunk indexes machine data from various sources in real-time regardless of format
- Techniques for enriching data in Splunk like tags, field aliases, calculated fields, event types, and lookups from external data sources
- Examples of collecting non-traditional data sources into Splunk like network data, HTTP events, databases, and mobile app data
The presentation provides an overview of Splunk's machine data platform and techniques for analyzing, enrich
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
The Splunk App for Stream provides concise summaries of wire data in 3 sentences or less:
The Splunk App for Stream enables capturing and analyzing wire data from public, private, and hybrid cloud infrastructures for real-time operational insights. It delivers rapid deployment and scalability along with efficient wire data collection. The app captures critical events not found in logs to enhance operational intelligence through wire data analysis.
Splunk Stream - Einblicke in Netzwerk TrafficSplunk
Wussten Sie, dass Ihre Paket- bzw. Übertragungsdaten wertvolle und detailierte Einblicke für Ihre gesamte Operational Intelligence liefern? In dieser Session erfahren Sie mehr über die skalierbare Softwarelösung Splunk App for Stream (keine Hardware Taps notwendig), welche bestehende Andwendungsszenarien von Splunk in der IT und im Geschäftsbereich verstärkt und erweitert. In einer Live Demo zeigen wir Ihnen, wie Sie mit Übertragungsdaten zu mehr Operational Intelligence gelangen hinsichtlich:
Infrastructure Operations
Application Management
Security
The document summarizes Splunk Enterprise 6.3, highlighting key new features and capabilities. It discusses breakthrough performance and scale improvements including doubled search and indexing speed and 20-50% increased capacity. It also covers advanced analysis and visualization features like anomaly detection, geospatial mapping, and single-value display. New capabilities for high-volume event collection and an enterprise-scale platform with expanded management, custom alert actions, and data integrity control are also summarized.
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunk
This document discusses new features in Splunk Enterprise 6.3, including breakthrough performance and scale improvements that double search and indexing speed and increase capacity by 20-50%, lowering total cost of ownership by 20%+. It also describes new capabilities for advanced analysis and visualization, high-volume event collection, and an enterprise-scale platform with improved support for DevOps, IoT data analysis, and third-party integrations. A new HTTP Event Collector provides a token-based JSON API for ingesting events from various sources.
Getting Started with Splunk Breakout SessionSplunk
This document provides an overview and introduction to Splunk Enterprise. It begins with an agenda that outlines discussing Splunk Enterprise, a live demonstration of using Splunk, deployment architecture, the Splunk community, and a Q&A. It then discusses how Splunk can unlock insights from machine data generated from various sources. The live demo shows installing Splunk, forwarding sample data, and performing searches. It also discusses deploying Splunk at scale, distributed architectures, and support resources available through the Splunk community.
This document provides an overview of Splunk Enterprise, including what it is, how it deploys and integrates, and its capabilities around real-time search, alerting, and reporting. Splunk Enterprise is an industry-leading platform for machine data that allows users to search, monitor, and analyze machine data from any source, location, or volume in real-time or historically. It deploys easily in 4 steps and scales to handle hundreds of terabytes of data per day from diverse sources like servers, applications, sensors, and more.
This document provides an overview and demonstration of Splunk Enterprise. The agenda includes an overview of Splunk, a live demonstration of installing and using Splunk to search, analyze and visualize machine data, a discussion of Splunk deployment architectures, and information on Splunk communities and support resources. The demonstration walks through importing sample data, performing searches, creating a field extraction, building a dashboard, and exploring Splunk's alerting, analytics and pivot interface capabilities.
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
The document discusses the Splunk App for Stream, which enables real-time insights into private, public and hybrid cloud infrastructures by capturing and analyzing critical events from wire data not found in logs or with other collection methods. It provides an overview of the app, what's new, important features, architecture and deployment, customer success examples, and FAQs.
Getting Started with Splunk Enterprise Hands-OnSplunk
This document provides an overview and demonstration of Splunk software. The agenda includes downloading Splunk, an overview of its key features for searching machine data, field extraction, dashboards, alerting, and analytics. The presenter then demonstrates installing and onboarding sample data, performing searches, and using pivots. deployment architectures are discussed along with scaling to hundreds of terabytes per day. Questions areas like documentation, support, and the Splunk user conference are also mentioned.
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Splunk
This document discusses how to better understand the value of a Splunk deployment through assessing data sources. It presents a data source assessment tool to map data sources to use cases and organizational groups to identify opportunities. The tool shows which data sources are indexed and overlap between groups. It aims to maximize benefits from machine data by supporting business objectives and enabling broader impact.
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunk
Filip Wijnholds is a senior sales engineer at Splunk who joined the company in June 2015 after working at Intel Security for 4 years. He began his career in the networking industry working with packet capture software. The document provides an overview of Splunk's machine data platform and how it can ingest and analyze data from various sources. It also outlines the company's legal notices regarding forward-looking statements and product roadmaps.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
This document discusses standardizing security operations procedures (SOPs) to increase efficiency and automation. It recommends storing SOPs in a code repository for versioning and referencing them in workbooks which are lists of standard tasks to follow for investigations. The goal is to have investigation playbooks in the security orchestration, automation and response (SOAR) tool perform the predefined investigation steps from the workbooks to automate incident response. This helps analysts automate faster without wasting time by having standard, vendor-agnostic procedures.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
El documento describe la transición de Cellnex de un Centro de Operaciones de Seguridad (SOC) a un Equipo de Respuesta a Incidentes de Seguridad (CSIRT). La transición se debió al crecimiento de Cellnex y la necesidad de automatizar procesos y tareas para mejorar la eficiencia. Cellnex implementó Splunk SIEM y SOAR para automatizar la creación, remediación y cierre de incidentes. Esto permitió al personal concentrarse en tareas estratégicas y mejorar KPIs como tiempos de resolución y correos electrónicos anal
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
Este documento resume el recorrido de ABANCA en su camino hacia la ciberseguridad con Splunk, desde la incorporación de perfiles dedicados en 2016 hasta convertirse en un centro de monitorización y respuesta con más de 1TB de ingesta diaria y 350 casos de uso alineados con MITRE ATT&CK. También describe errores cometidos y soluciones implementadas, como la normalización de fuentes y formación de operadores, y los pilares actuales como la automatización, visibilidad y alineación con MITRE ATT&CK. Por último, señala retos
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
The document is a presentation on cyber security trends and Splunk security products from Matthias Maier, Product Marketing Director for Security at Splunk. The presentation covers trends in security operations like the evolution of SOCs, new security roles, and data-centric security approaches. It also provides updates on Splunk's security portfolio including recognition as a leader in SIEM by Gartner and growth in the SIEM market. Maier highlights some breakout sessions from the conference on topics like asset defense, machine learning, and building detections.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
This document summarizes a presentation about observability using Splunk. It includes an agenda introducing observability and why Splunk for observability. It discusses the need for modernization initiatives in companies and the thousands of changes required. It presents that Splunk provides end-to-end visibility across metrics, traces and logs to detect, troubleshoot and optimize systems. It shares a customer case study of Accenture using Splunk observability in their hybrid cloud environment. Finally, it concludes that observability with Splunk can drive results like reduced downtime and faster innovation.
This document contains slides from a Splunk presentation covering the following topics:
- Updated Splunk logo and information about meetings in Zurich and sales engineering leads
- Ideas for confused or concerned human figures in design concepts
- Three buckets of challenges around websites slowing, apps being down, and supply chain issues
- Accelerating mean time to detect, identify, respond and resolve through cyber resilience with Splunk
- Unifying security, IT and DevOps teams
- Splunk's technology vision focusing on customer experience, hybrid/edge, unleashing data lakes, and ubiquitous machine learning
- Gaining operational resilience through correlating infrastructure, security, application and user data with business outcomes
This document summarizes a presentation about Splunk's platform. It discusses Splunk's mission of helping customers create value faster with insights from their data. It provides statistics on Splunk's daily ingest and users. It highlights examples of how Splunk has helped customers in areas like internet messaging and convergent services. It also discusses upcoming challenges and new capabilities in Splunk like federated search, flexible indexing, ingest actions, improved data onboarding and management, and increased platform resilience and security.
The document appears to be a presentation from Splunk on security topics. It includes sections on cyber security resilience, the data-centric modern SOC, application monitoring at scale, threat modeling, security monitoring journeys, self-service Splunk infrastructure, the top 3 CISO priorities of risk based alerting, use case development, a security content repository, security PVP (posture, vision, and planning) and maturity assessment, and concludes with an overview of how Splunk can provide end-to-end visibility across an organization.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
4. Big Data Comes from Machines
Volume | Velocity | Variety | Variability
4
GPS
RFID
Hypervisor
Web Servers
Email
Messaging
Clickstreams
Mobile
Telephony
IVR
Databases
Sensor Servers
Telematics
Storage
Security Devices
Desktops
6. 7
Machine Data Contains Critical Insights
Order ID
Customer’s Tweet
Time Waiting On Hold
Product ID
Company’s Twitter ID
Order ID
Customer ID
Twitter ID
Customer ID
Customer ID
Sources
Order Processing
Twitter
Care IVR
Middleware
Error
7. 88
Turn Machine Data into Operational Intelligence
INDEX ANY MACHINE DATA: ANY SOURCE, TYPE, VOLUME GAIN REAL-TIME VISIBILITY
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
On-
Premises
Private
Cloud
Public
Cloud
Application
Delivery
Security and
Compliance
Infrastructure
Monitoring
Business Analytics
Internet of Things
8
15. 1717
Simple JSON – Lessons Learned
Complex JSON
Configured
Settings
Simple JSON
Default Settings
Complex CSV
Minimal Settings
• Structured
• TimeStamp found
in first event
• Smaller set of data
16. 1818
Complex CSV onboarding
Complex JSON
Configured
Settings
Complex CSV
Minimal Settings
Simple JSON
Default Settings
• Structured
• TimeStamp found
in first event
• Smaller set of data
18. 2020
Complex CSV - Lessons Learned
Complex JSON
Configured
Settings
Complex CSV
Minimal Settings
Simple JSON
Default Settings
• Structured
• TimeStamp found
in first event
• Smaller set of data
• TimeStamp not
found
• Data otherwise
standard
19. 2121
Complex JSON Onboarding
Complex JSON
Configured
Settings
Simple JSON
Default Settings
• Structured
• TimeStamp found
in first event
• Smaller set of data
Complex CSV
Minimal Settings
• TimeStamp not
found
• Data otherwise
standard
21. 2323
Complex JSON - Lessons Learned
Complex JSON
Configured
Settings
Simple JSON
Default Settings
• Structured
• TimeStamp found
in first event
• Smaller set of data
Complex CSV
Minimal Settings
• TimeStamp not
found
• Data otherwise
standard
•Nested
•Multiple
TimeStamp fields
•Larger single event
23. A Growing, Global Community of Users
Dev.splunk.com40,000+ questions
and answers
1000+ apps Local User Groups
and
SplunkLive! events
24. Web Framework
SDKs
REST API
Log directly
to Splunk
Extract Splunk
data for archiving
Integrate with third-party
reporting tools and portals
Integrate Splunk search
results into your application
. . . and
more
The Splunk Platform
User&DeveloperInterfaces
Ticketing/Help Desk
Custom Biz Applications
Inputs,Apps,OtherContent
Scripted inputs
(.sh, .py, .bat, .ps1, etc.)
Get data from APIs and other
remote data interfaces and message
queues.
Databases
(JDBC)
Splunk DB Connect lets you enrich
and combine your machine data
with database data.
Network events
(TCP, UDP, SNMP, NetFlow, HTTP(S))
Get data from any network port,
SNMP events, or send your
application data directly via HTTP
(or HTTPS) through HTTP Event
Collector.
Forwarders
(TCP)
Gather machine and historical
data (e.g. text-based files,
Windows event logs, Active
Directory).
Modular inputs
(Stream data as plain text or XML)
Extend the Splunk Enterprise
framework to define a custom
input capability (e.g. Twitter, S3,
Splunk MINT).
Enrich and extend the usefulness of
your event data through interactions
with external resources like asset
info, employee info, threat feeds,
honeypots, and more.
External lookups
(.py or .csv)
Customize the
Splunk Web UI
Real time data collection, indexing and search, as well as alerting, large scale distributed
processing, user authentication (through Splunk’s built-in system, LDAP or a scripted authentication
API for use with an external authentication system), and role-based access control.
CoreEngine
Business Intelligence
ODB
C
Capture wire data from endpoints
and key network locations with the
Splunk App for Stream.Wire data
Systems Management
Infrastructure Apps
XenApp
XenDesktop
Cloud Services
Examples
Mainframe
Other Monitoring
Splunk Premium Solutions
Server, Storage, Network
Examples
36. 3838
Stream Concept
Users Search Head(s)* Indexer(s)
Universal Forwarder
+
TA
Physical Data Center
Physical or
Virtual ServersEnd Users
Internet
Firewall
Public or
Private Cloud
LOCAL COLLECTION
+
TA
+
splunk_app_stream
40. 4343
Where to go to learn more
Data Pipeline
– http://goo.gl/FP3JTM
Distributed Deployment Manual
– http://goo.gl/MTJr0K
How Indexing works (the data pipeline)
– https://goo.gl/SGRC1y
Tutorial & tutorial data
– http://goo.gl/OYNCnc
Date and time format variables
– http://goo.gl/E9Onpq
43
41. 4444
Resources: HTTP Event Collector
• Introduction to Splunk HTTP Event Collector (Developer Portal)
• Set up and use HTTP Event Collector (Docs)
• Troubleshooting HTTP Event Collector (Confluence)
• HTTP Event Collector, your DIRECT event pipe to Splunk 6.3
(Blogs: Tips & Tricks)
• Liberate Your Application Logging (.conf2015)
44
EC
42. 4545
Resources: MINT
• Splunk MINT Manual (Docs)
• Start with Splunk MINT SDKs (Management Console)
• Getting Started with Splunk MINT (Blogs: Mobile)
• Splunk MINT: Security & Privacy (Blogs: Mobile)
• What's the difference between MINT Management Console and
the Splunk MINT App?
45
43. 4646
Resources: Stream
• Performance test results and recommendations (Docs)
• Supported protocols (Docs)
• Splunk App for Stream 6.4 (TEC)
• Everything you always wanted to know about SPAN ports,
Network Taps, Packet Mirrors, and the Splunk App for Stream
(but were afraid to ask) (Blogs: Security)
• How Can You Use Ephemeral Streams? (Blogs: Tips & Tricks)
46
44. 47
Northern Cal Tech Talks!
Monthly WebEx Sessions
• Ted Talk style presentation
• Q&A Chat forum
So what’s next on the agenda?
• March 23rd @ 10AM PST - Building &
Deploying Apps.
• April 20th @ 10AM PST - Top 5 most useful
search commands.
See more at:
http://live.splunk.com/NorCalTechTalks
45. 48
SEPT 26-29, 2016
WALT DISNEY WORLD, ORLANDO
SWAN AND DOLPHIN RESORTS
• 5000+ IT & Business Professionals
• 3 days of technical content
• 165+ sessions
• 80+ Customer Speakers
• 35+ Apps in Splunk Apps Showcase
• 75+ Technology Partners
• 1:1 networking: Ask The Experts and Security
Experts, Birds of a Feather and Chalk Talks
• NEW hands-on labs!
• Expanded show floor, Dashboards Control
Room & Clinic, and MORE!
The 7th Annual Splunk Worldwide Users’ Conference
PLUS Splunk University
• Three days: Sept 24-26, 2016
• Get Splunk Certified for FREE!
• Get CPE credits for CISSP, CAP, SSCP
• Save thousands on Splunk education!
49. Scalable Syslog Event Collection
Dedicated Syslog
Collector with Splunk
Forwarder
Splunk Forwarder
With Syslog Listener
Editor's Notes
At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
What is this machine data, and why is it a big deal?
Well, it’s one of the fastest growing, most complex and most valuable segments of data.
All the webservers, applications, network devices, mobile devices, sensors – all of the technology infrastructure running your enterprise – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner.
Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience.
Characteristics of machine data – the four V’s - the last two are the most interesting / challenging.
All the webservers, applications, network devices – all of the technology infrastructure running an enterprise or organization – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner.
Let’s take a closer look at machine data
To frame our discussion, let’s use this example of purchasing a product from your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data.
Each of the underlying systems hast the potential to generate millions of machine data events daily. Here we see small excerpts from just some of them.
When we look more closely at the data we see that it contains valuable information – right down to what was tweeted.
What’s important, is first of all, the ability to actually see across all these data sources, but then also to correlate related events and provide meaningful insight.
If you can correlate and visualize the data, you can build a picture of activity, behavior and experience. And what if you can do all of this in real-time? You can respond more quickly to events that matter.
This example ties into your scenario but you can also extrapolate this example to a wide range of use cases – security and fraud, transaction monitoring and analysis, web analytics, IT operations and so on.
Our customers typically start with Splunk to solve a specific problem, and then expand from there to address a broad range of use cases, across application troubleshooting, IT infrastructure monitoring, security, business analytics, Internet of things, and many others that are entirely innovated by our customers.
Here’s how it works. Splunk software and cloud services reliably collect and index machine data, from a single source to tens of thousands of sources. All in real time.
- Once data is in Splunk, you can search, analyze, report-on and derive business value from all your data
Since 2004 Splunk has become the platform of choice to extract business value from Machine data.
That means that Splunk collects, indexes, analyzes, reports and predicts on machine-generated data from a single product. It’s an open platform with over 500 Splunk Apps available and allows for custom development.
Setting a certain amount of meta data at ingestion that way its easier to extract value from it
Input on local before Prod
Confirm Sourcetype
Separate Index
When monitoring – be as specific as possible
Try it before you buy it
Save-as not override
_____
Systematic way to bring new data sources into Splunk
Enure that new data is instantly usable & has maximum value for users
Goes hand-in-hand with the User Onboarding process
Lookout for inadvertent, runaway monitor clauses
Don’t monitor thousands of files unnecessarily– that’s the NSA’s job
Introduce the idea thaw e are going to use the GUI For all
Minimal effort overall
DO WE DEFINE JSON?
Went through this morning session using the tutorial data – now lets do something that is more structured
Smaller events
Point out that we can ingest csv and json – out of the box
But what if ?? What if there is a csv with an out of norm
Complex CSV
%d%b%Y:%H:%M:%S.%2N
%d Day of the month as a decimal number, includes a leading zero. (01 to 31)
%b Abbreviated month name. (Jan, Feb, etc.)
%Y Year as a decimal number with century. (2015)
%H Hour (24-hour clock) as a decimal number. Hours represented by the values 00 to 23. Leading zeros are accepted but not required.
%M %MMinute as a decimal number. Minutes represented by the values 00 to 59.
%S %SSecond as a decimal number, for example 00 to 60.
%N %NSubseconds with width. (%3N = milliseconds, %6N = microseconds, %9N = nanoseconds)
http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Commontimeformatvariables
Why JSON?
Still no header – this isn’t CSV – both a blessing and a curse
Why JSON?
Still no header – this isn’t CSV – both a blessing and a curse
Why JSON?
Still no header – this isn’t CSV – both a blessing and a curse
With thousands of enterprise customers and an order of magnitude more actual users, we have a thriving community.
We launched a dev portal a few months back and already have over 3,000 unique visitors per week.
We have over 500 apps contributed by ourselves, our partners and our community.
Our knowledge exchange Answers site has over 40,000+ questions answered.
We host our annual users’ conference and local Splunk Live! Events where you can meet other users.
Best of all, Splunk’s passionate and vibrant community demands more from Splunk and gives us incredible feedback, which drives us to constantly innovate and respond to their needs.
Focus on the fact that there is a lot of sources of data and our goal any data anytime anywhere(any source)!
Splunk apps and add-ons: what & why?
Splunk apps allow developers to extend data ingestion and processing capabilities of Splunk Enterprise for your specific needs. Apps facilitate more efficient completion of domain-specific tasks by the end user.
High-level perspective
A Splunk app is a prebuilt collection of additional capabilities packaged for a specific technology, or use cases, which allows a more effective usage of Splunk Enterprise. You can use Splunk apps to gain the specific insights you need from your machine data.
Depending on the type and complexity of those use cases, and also whether the developer wants certain app parts to be configured or distributed separately (potentially by a third party), an app may rely on various add-ons.
An add-on is a technical component that can be re-used across a number of different use cases and packaged with one or more Splunk apps. Add-ons may contain one or more knowledge objects, which encapsulate a specific functionality focused on a single concern and its configuration. Using an add-on should help to reduce the technical risk and cost of building an app.
Splunk apps and add-ons: what & why?
Splunk apps allow developers to extend data ingestion and processing capabilities of Splunk Enterprise for your specific needs. Apps facilitate more efficient completion of domain-specific tasks by the end user.
High-level perspective
A Splunk app is a prebuilt collection of additional capabilities packaged for a specific technology, or use cases, which allows a more effective usage of Splunk Enterprise. You can use Splunk apps to gain the specific insights you need from your machine data.
Depending on the type and complexity of those use cases, and also whether the developer wants certain app parts to be configured or distributed separately (potentially by a third party), an app may rely on various add-ons.
An add-on is a technical component that can be re-used across a number of different use cases and packaged with one or more Splunk apps. Add-ons may contain one or more knowledge objects, which encapsulate a specific functionality focused on a single concern and its configuration. Using an add-on should help to reduce the technical risk and cost of building an app.
I would like to start by taking a survey from this lovely audience on which inputs do we NOT support today?
However, our focus today will be on the HTTP Event Collector, the MINT Data Collector and Splunk App for Stream.
You start by sending events directly from sources like a server, docker, mobile device, IoT, or browser as raw JSON, loose text or XML <CLICK>
across an HTTP or HTTPS POST request to our services/collector or services/collector/raw REST API endpoint. <CLICK>
So, you’re at another lunch because we all need to eat. This time you came prepared with your own pen. You grab a napkin and start doodling how it works. It might look something like this: <CLICK>
The Splunk MINT SDKs integrate into the iOS and/or Android mobile apps to collect data from those apps, and then <CLICK> send that data to the MINT Data Collector, which is a cloud service that we provide. The MINT Data Collector then <CLICK> forwards the data to Splunk MINT Management Console and the Splunk MINT App.
That’s it!
So, how does it work? Let’s say you are having lunch with Mr. Customer and you start chatting about the Splunk App for Stream. You ask the closest wait staff for a pen and grab a clean napkin. You then say to Mr. Customer, “let me doodle how it works”. There are three types of network collection architectures: (1) local, (2) SPAN or port mirror, and (3) TAP. Don’t fret if you cannot spell SPAN or TAP, I have included resources at the end of this presentation for you to check out on your own time. So, the doodle for local collection might look like this: <CLICK>
First, the basic data flow from an end user into the customer’s environment. <CLICK> Then, in their Splunkland, they may have forwarders on their hosts sending data to their indexers. <CLICK> Finally, for local collection of their wire data, it requires the installation of Splunk_TA_stream on the forwarders of each host on the network or network segment that they want to monitor. The TA also needs to be installed on the indexers, and the app on the search heads. Please note that SHC is not supported at this time with Stream.
Setting a certain amount of meta data at ingestion that way its easier to extract value from it
In addition to live, .conf, docs, answers, meetups etc etc
We’re headed to the East Coast!
2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics!
165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE!
30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you!
Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers.
Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja!
REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!
To prevent you walking out of this presentation feeling like this we thought it best to have a fake real-world scenario wherein we discussed a common question that comes up when talking about
Normalizes data from different sources – Host and hostname discussion