SlideShare a Scribd company logo

Data Onboarding Breakout Session

Splunk
Splunk

This document provides an overview and examples of data onboarding in Splunk. It discusses best practices for indexing data, such as setting the event boundary, date, timestamp, sourcetype and source fields. Examples are given for onboarding complex JSON, simple JSON and complex CSV data. Lessons learned from each example highlight issues like properly configuring settings for nested or multiple timestamp fields. The presentation also introduces Splunk capabilities for collecting machine data beyond logs, such as the HTTP Event Collector, Splunk MINT and the Splunk App for Stream.

Technology
1 of 49
Copyright © 2015 Splunk Inc. Data Onboarding 101 KirkHanson SalesEngineering
Agenda 1 Splunk Platform – a refresher Data Onboarding – live looks TA’s & Apps what are they? Go Beyond The Logs Q&A 2 3 4 5
3 Make machine data accessible, usable and valuable to everyone. 3
Big Data Comes from Machines Volume | Velocity | Variety | Variability 4 GPS RFID Hypervisor Web Servers Email Messaging Clickstreams Mobile Telephony IVR Databases Sensor Servers Telematics Storage Security Devices Desktops
6 Machine Data Sources Order Processing Twitter Care IVR Middleware Error
7 Machine Data Contains Critical Insights Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
88 Turn Machine Data into Operational Intelligence INDEX ANY MACHINE DATA: ANY SOURCE, TYPE, VOLUME GAIN REAL-TIME VISIBILITY Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Application Delivery Security and Compliance Infrastructure Monitoring Business Analytics Internet of Things 8
Best Practices Data Onboarding
Six things to get right at Index time Event Boundary / LineBreaking Date Timestamp Sourcetype Source Host Index
Best Practices Local before Prod Confirm Sourcetype Separate Index Specific as possible Try before you buy Save not override
Data Onboarding
1414 Data Onboarding Examples Complex JSON Configured Settings Simple JSON Default Settings Complex CSV Minimal Settings
1515 Data Onboarding Examples Complex JSON Configured Settings Simple JSON Default Settings Complex CSV Minimal Settings
Data Onboarding Live Look (simple JSON)
1717 Simple JSON – Lessons Learned Complex JSON Configured Settings Simple JSON Default Settings Complex CSV Minimal Settings • Structured • TimeStamp found in first event • Smaller set of data
1818 Complex CSV onboarding Complex JSON Configured Settings Complex CSV Minimal Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data
Data Onboarding Live Look (CSV)
2020 Complex CSV - Lessons Learned Complex JSON Configured Settings Complex CSV Minimal Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data • TimeStamp not found • Data otherwise standard
2121 Complex JSON Onboarding Complex JSON Configured Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data Complex CSV Minimal Settings • TimeStamp not found • Data otherwise standard
Data Onboarding Live Look (complex JSON)
2323 Complex JSON - Lessons Learned Complex JSON Configured Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data Complex CSV Minimal Settings • TimeStamp not found • Data otherwise standard •Nested •Multiple TimeStamp fields •Larger single event
Why reinvent the wheel Splunkbase (apps & TA’s)
A Growing, Global Community of Users Dev.splunk.com40,000+ questions and answers 1000+ apps Local User Groups and SplunkLive! events
Web Framework SDKs REST API Log directly to Splunk Extract Splunk data for archiving Integrate with third-party reporting tools and portals Integrate Splunk search results into your application . . . and more The Splunk Platform User&DeveloperInterfaces Ticketing/Help Desk Custom Biz Applications Inputs,Apps,OtherContent Scripted inputs (.sh, .py, .bat, .ps1, etc.) Get data from APIs and other remote data interfaces and message queues. Databases (JDBC) Splunk DB Connect lets you enrich and combine your machine data with database data. Network events (TCP, UDP, SNMP, NetFlow, HTTP(S)) Get data from any network port, SNMP events, or send your application data directly via HTTP (or HTTPS) through HTTP Event Collector. Forwarders (TCP) Gather machine and historical data (e.g. text-based files, Windows event logs, Active Directory). Modular inputs (Stream data as plain text or XML) Extend the Splunk Enterprise framework to define a custom input capability (e.g. Twitter, S3, Splunk MINT). Enrich and extend the usefulness of your event data through interactions with external resources like asset info, employee info, threat feeds, honeypots, and more. External lookups (.py or .csv) Customize the Splunk Web UI Real time data collection, indexing and search, as well as alerting, large scale distributed processing, user authentication (through Splunk’s built-in system, LDAP or a scripted authentication API for use with an external authentication system), and role-based access control. CoreEngine Business Intelligence ODB C Capture wire data from endpoints and key network locations with the Splunk App for Stream.Wire data Systems Management Infrastructure Apps XenApp XenDesktop Cloud Services Examples Mainframe Other Monitoring Splunk Premium Solutions Server, Storage, Network Examples
App? ?? Add-on??
Splunkbase by the #’s IOT (49) Application Management (158) IT Ops (381) Security & Compliance (384) Business Analytics (70) Utilities 292 Cool Stuff 210
Go Beyond the Logs
3030 Which input(s) do we NOT support today? 1) Text-based files 2) Windows sources 3) TCP / UDP ports 4) SMNP events 5) NetFlow 6) HTTP(S) 7) FIFO queues 8) Scripted inputs 9) Message queues 10)Modular inputs 11)Databases 12)External lookups 13)Wire data 14)SDK
3131 We support ALL of these inputs! 31
3232 Our focus today 1) Text-based files 2) Windows sources 3) TCP / UDP ports 4) SMNP events 5) NetFlow 6) HTTP(S) 7) FIFO queues 8) Scripted inputs 9) Message queues 10) Modular inputs (specifically MINT) 11) Databases 12) External lookups 13) Wire data 14) SDK
Splunk Http Event Collector
3434 Http Event Collect 34 EC HTTP or HTTPS POST <protocol>://<host>:<mPort>/services/collector(/raw) Indexer Search Head Event Source(s)
Splunk Mint Data Collector
3636 Splunk> Mobile Intelligence 36 MINT SDKs MINT Data Collector MINT App MINT Management Console
Splunk App for Stream
3838 Stream Concept Users Search Head(s)* Indexer(s) Universal Forwarder + TA Physical Data Center Physical or Virtual ServersEnd Users Internet Firewall Public or Private Cloud LOCAL COLLECTION + TA + splunk_app_stream
Beyond the Logs Go
Six things to get right at Index time Event Boundary / LineBreaking Date Timestamp Sourcetype Source Host Index
Learn More from Today
4343 Where to go to learn more Data Pipeline – http://goo.gl/FP3JTM Distributed Deployment Manual – http://goo.gl/MTJr0K How Indexing works (the data pipeline) – https://goo.gl/SGRC1y Tutorial & tutorial data – http://goo.gl/OYNCnc Date and time format variables – http://goo.gl/E9Onpq 43
4444 Resources: HTTP Event Collector • Introduction to Splunk HTTP Event Collector (Developer Portal) • Set up and use HTTP Event Collector (Docs) • Troubleshooting HTTP Event Collector (Confluence) • HTTP Event Collector, your DIRECT event pipe to Splunk 6.3 (Blogs: Tips & Tricks) • Liberate Your Application Logging (.conf2015) 44 EC
4545 Resources: MINT • Splunk MINT Manual (Docs) • Start with Splunk MINT SDKs (Management Console) • Getting Started with Splunk MINT (Blogs: Mobile) • Splunk MINT: Security & Privacy (Blogs: Mobile) • What's the difference between MINT Management Console and the Splunk MINT App? 45
4646 Resources: Stream • Performance test results and recommendations (Docs) • Supported protocols (Docs) • Splunk App for Stream 6.4 (TEC) • Everything you always wanted to know about SPAN ports, Network Taps, Packet Mirrors, and the Splunk App for Stream (but were afraid to ask) (Blogs: Security) • How Can You Use Ephemeral Streams? (Blogs: Tips & Tricks) 46
47 Northern Cal Tech Talks! Monthly WebEx Sessions • Ted Talk style presentation • Q&A Chat forum So what’s next on the agenda? • March 23rd @ 10AM PST - Building & Deploying Apps. • April 20th @ 10AM PST - Top 5 most useful search commands. See more at: http://live.splunk.com/NorCalTechTalks
48 SEPT 26-29, 2016 WALT DISNEY WORLD, ORLANDO SWAN AND DOLPHIN RESORTS • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! The 7th Annual Splunk Worldwide Users’ Conference PLUS Splunk University • Three days: Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education!
Q&A
Thank You!!
5353 Complex JSON Configured settings •Nested •Multiple TimeStamp fields •Larger single event Simple JSON Default settings •Structured •TimeStamp found in first event •Smaller set of data Complex JSON – Lessons Learned
Scalable Syslog Event Collection Dedicated Syslog Collector with Splunk Forwarder Splunk Forwarder With Syslog Listener

Recommended

SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
Rico Chen
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
Splunk
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana
Dhrubaji Mandal ♛
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 

Recommended

SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
Rico Chen
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
Splunk
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana
Dhrubaji Mandal ♛
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Harry McLaren
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themWorst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
Adopting OpenTelemetry
Adopting OpenTelemetryAdopting OpenTelemetry
Adopting OpenTelemetry
Vincent Behar
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With Prometheus
Agile Testing Alliance
 
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Timothy Spann
 
Extending Flink SQL for stream processing use cases
Extending Flink SQL for stream processing use casesExtending Flink SQL for stream processing use cases
Extending Flink SQL for stream processing use cases
Flink Forward
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk
 
Splunk observability
Splunk observabilitySplunk observability
Splunk observability
Vikram Kumar Yadav
 
Autoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive ModeAutoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive Mode
Flink Forward
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk
SplunkSplunk
Splunk
Douglas Bernardini
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Infrastructure & System Monitoring using Prometheus
Infrastructure & System Monitoring using PrometheusInfrastructure & System Monitoring using Prometheus
Infrastructure & System Monitoring using Prometheus
Marco Pas
 
Splunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми даннымиSplunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми данными
CleverDATA
 
Best Practices for Splunk Deployments
Best Practices for Splunk DeploymentsBest Practices for Splunk Deployments
Best Practices for Splunk Deployments
Splunk
 
Observability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringObservability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with Spring
VMware Tanzu
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 

More Related Content

What's hot

Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Harry McLaren
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themWorst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
Adopting OpenTelemetry
Adopting OpenTelemetryAdopting OpenTelemetry
Adopting OpenTelemetry
Vincent Behar
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With Prometheus
Agile Testing Alliance
 
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Timothy Spann
 
Extending Flink SQL for stream processing use cases
Extending Flink SQL for stream processing use casesExtending Flink SQL for stream processing use cases
Extending Flink SQL for stream processing use cases
Flink Forward
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk
 
Splunk observability
Splunk observabilitySplunk observability
Splunk observability
Vikram Kumar Yadav
 
Autoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive ModeAutoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive Mode
Flink Forward
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk
SplunkSplunk
Splunk
Douglas Bernardini
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Infrastructure & System Monitoring using Prometheus
Infrastructure & System Monitoring using PrometheusInfrastructure & System Monitoring using Prometheus
Infrastructure & System Monitoring using Prometheus
Marco Pas
 
Splunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми даннымиSplunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми данными
CleverDATA
 
Best Practices for Splunk Deployments
Best Practices for Splunk DeploymentsBest Practices for Splunk Deployments
Best Practices for Splunk Deployments
Splunk
 
Observability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringObservability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with Spring
VMware Tanzu
 

What's hot (20)

Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix themWorst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
 
Adopting OpenTelemetry
Adopting OpenTelemetryAdopting OpenTelemetry
Adopting OpenTelemetry
 
Monitoring With Prometheus
Monitoring With PrometheusMonitoring With Prometheus
Monitoring With Prometheus
 
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
Designing Event-Driven Applications with Apache NiFi, Apache Flink, Apache Sp...
 
Extending Flink SQL for stream processing use cases
Extending Flink SQL for stream processing use casesExtending Flink SQL for stream processing use cases
Extending Flink SQL for stream processing use cases
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Splunk observability
Splunk observabilitySplunk observability
Splunk observability
 
Autoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive ModeAutoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive Mode
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk
SplunkSplunk
Splunk
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
 
Infrastructure & System Monitoring using Prometheus
Infrastructure & System Monitoring using PrometheusInfrastructure & System Monitoring using Prometheus
Infrastructure & System Monitoring using Prometheus
 
Splunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми даннымиSplunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми данными
 
Best Practices for Splunk Deployments
Best Practices for Splunk DeploymentsBest Practices for Splunk Deployments
Best Practices for Splunk Deployments
 
Observability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringObservability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with Spring
 

Similar to Data Onboarding Breakout Session

Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream
csching
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
Splunk
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk
 
Splunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk TrafficSplunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk Traffic
Splunk
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
Splunk
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
Splunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Georg Knon
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
Robb Boyd
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Splunk
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
ExtraHop Networks
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 

Similar to Data Onboarding Breakout Session (20)

Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk app for stream
Splunk app for stream Splunk app for stream
Splunk app for stream
 
Machine Data 101 Hands-on
Machine Data 101 Hands-onMachine Data 101 Hands-on
Machine Data 101 Hands-on
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
 
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
 
Splunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk TrafficSplunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk Traffic
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
 
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data OnboardingSplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
SplunkLive! München 2016 - Splunk Enterprise 6.3 - Data Onboarding
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
 
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
Elevate your Splunk Deployment by Better Understanding your Value Breakfast S...
 
ExtraHop Product Overview Datasheet
ExtraHop Product Overview DatasheetExtraHop Product Overview Datasheet
ExtraHop Product Overview Datasheet
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 

Recently uploaded (20)

Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 

Data Onboarding Breakout Session

  • 1. Copyright © 2015 Splunk Inc. Data Onboarding 101 KirkHanson SalesEngineering
  • 2. Agenda 1 Splunk Platform – a refresher Data Onboarding – live looks TA’s & Apps what are they? Go Beyond The Logs Q&A 2 3 4 5
  • 3. 3 Make machine data accessible, usable and valuable to everyone. 3
  • 4. Big Data Comes from Machines Volume | Velocity | Variety | Variability 4 GPS RFID Hypervisor Web Servers Email Messaging Clickstreams Mobile Telephony IVR Databases Sensor Servers Telematics Storage Security Devices Desktops
  • 6. 7 Machine Data Contains Critical Insights Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
  • 7. 88 Turn Machine Data into Operational Intelligence INDEX ANY MACHINE DATA: ANY SOURCE, TYPE, VOLUME GAIN REAL-TIME VISIBILITY Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Application Delivery Security and Compliance Infrastructure Monitoring Business Analytics Internet of Things 8
  • 9. Six things to get right at Index time Event Boundary / LineBreaking Date Timestamp Sourcetype Source Host Index
  • 10. Best Practices Local before Prod Confirm Sourcetype Separate Index Specific as possible Try before you buy Save not override
  • 12. 1414 Data Onboarding Examples Complex JSON Configured Settings Simple JSON Default Settings Complex CSV Minimal Settings
  • 13. 1515 Data Onboarding Examples Complex JSON Configured Settings Simple JSON Default Settings Complex CSV Minimal Settings
  • 14. Data Onboarding Live Look (simple JSON)
  • 15. 1717 Simple JSON – Lessons Learned Complex JSON Configured Settings Simple JSON Default Settings Complex CSV Minimal Settings • Structured • TimeStamp found in first event • Smaller set of data
  • 16. 1818 Complex CSV onboarding Complex JSON Configured Settings Complex CSV Minimal Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data
  • 17. Data Onboarding Live Look (CSV)
  • 18. 2020 Complex CSV - Lessons Learned Complex JSON Configured Settings Complex CSV Minimal Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data • TimeStamp not found • Data otherwise standard
  • 19. 2121 Complex JSON Onboarding Complex JSON Configured Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data Complex CSV Minimal Settings • TimeStamp not found • Data otherwise standard
  • 20. Data Onboarding Live Look (complex JSON)
  • 21. 2323 Complex JSON - Lessons Learned Complex JSON Configured Settings Simple JSON Default Settings • Structured • TimeStamp found in first event • Smaller set of data Complex CSV Minimal Settings • TimeStamp not found • Data otherwise standard •Nested •Multiple TimeStamp fields •Larger single event
  • 22. Why reinvent the wheel Splunkbase (apps & TA’s)
  • 23. A Growing, Global Community of Users Dev.splunk.com40,000+ questions and answers 1000+ apps Local User Groups and SplunkLive! events
  • 24. Web Framework SDKs REST API Log directly to Splunk Extract Splunk data for archiving Integrate with third-party reporting tools and portals Integrate Splunk search results into your application . . . and more The Splunk Platform User&DeveloperInterfaces Ticketing/Help Desk Custom Biz Applications Inputs,Apps,OtherContent Scripted inputs (.sh, .py, .bat, .ps1, etc.) Get data from APIs and other remote data interfaces and message queues. Databases (JDBC) Splunk DB Connect lets you enrich and combine your machine data with database data. Network events (TCP, UDP, SNMP, NetFlow, HTTP(S)) Get data from any network port, SNMP events, or send your application data directly via HTTP (or HTTPS) through HTTP Event Collector. Forwarders (TCP) Gather machine and historical data (e.g. text-based files, Windows event logs, Active Directory). Modular inputs (Stream data as plain text or XML) Extend the Splunk Enterprise framework to define a custom input capability (e.g. Twitter, S3, Splunk MINT). Enrich and extend the usefulness of your event data through interactions with external resources like asset info, employee info, threat feeds, honeypots, and more. External lookups (.py or .csv) Customize the Splunk Web UI Real time data collection, indexing and search, as well as alerting, large scale distributed processing, user authentication (through Splunk’s built-in system, LDAP or a scripted authentication API for use with an external authentication system), and role-based access control. CoreEngine Business Intelligence ODB C Capture wire data from endpoints and key network locations with the Splunk App for Stream.Wire data Systems Management Infrastructure Apps XenApp XenDesktop Cloud Services Examples Mainframe Other Monitoring Splunk Premium Solutions Server, Storage, Network Examples
  • 26. Splunkbase by the #’s IOT (49) Application Management (158) IT Ops (381) Security & Compliance (384) Business Analytics (70) Utilities 292 Cool Stuff 210
  • 28. 3030 Which input(s) do we NOT support today? 1) Text-based files 2) Windows sources 3) TCP / UDP ports 4) SMNP events 5) NetFlow 6) HTTP(S) 7) FIFO queues 8) Scripted inputs 9) Message queues 10)Modular inputs 11)Databases 12)External lookups 13)Wire data 14)SDK
  • 29. 3131 We support ALL of these inputs! 31
  • 30. 3232 Our focus today 1) Text-based files 2) Windows sources 3) TCP / UDP ports 4) SMNP events 5) NetFlow 6) HTTP(S) 7) FIFO queues 8) Scripted inputs 9) Message queues 10) Modular inputs (specifically MINT) 11) Databases 12) External lookups 13) Wire data 14) SDK
  • 32. 3434 Http Event Collect 34 EC HTTP or HTTPS POST <protocol>://<host>:<mPort>/services/collector(/raw) Indexer Search Head Event Source(s)
  • 33. Splunk Mint Data Collector
  • 34. 3636 Splunk> Mobile Intelligence 36 MINT SDKs MINT Data Collector MINT App MINT Management Console
  • 35. Splunk App for Stream
  • 36. 3838 Stream Concept Users Search Head(s)* Indexer(s) Universal Forwarder + TA Physical Data Center Physical or Virtual ServersEnd Users Internet Firewall Public or Private Cloud LOCAL COLLECTION + TA + splunk_app_stream
  • 38. Six things to get right at Index time Event Boundary / LineBreaking Date Timestamp Sourcetype Source Host Index
  • 40. 4343 Where to go to learn more Data Pipeline – http://goo.gl/FP3JTM Distributed Deployment Manual – http://goo.gl/MTJr0K How Indexing works (the data pipeline) – https://goo.gl/SGRC1y Tutorial & tutorial data – http://goo.gl/OYNCnc Date and time format variables – http://goo.gl/E9Onpq 43
  • 41. 4444 Resources: HTTP Event Collector • Introduction to Splunk HTTP Event Collector (Developer Portal) • Set up and use HTTP Event Collector (Docs) • Troubleshooting HTTP Event Collector (Confluence) • HTTP Event Collector, your DIRECT event pipe to Splunk 6.3 (Blogs: Tips & Tricks) • Liberate Your Application Logging (.conf2015) 44 EC
  • 42. 4545 Resources: MINT • Splunk MINT Manual (Docs) • Start with Splunk MINT SDKs (Management Console) • Getting Started with Splunk MINT (Blogs: Mobile) • Splunk MINT: Security & Privacy (Blogs: Mobile) • What's the difference between MINT Management Console and the Splunk MINT App? 45
  • 43. 4646 Resources: Stream • Performance test results and recommendations (Docs) • Supported protocols (Docs) • Splunk App for Stream 6.4 (TEC) • Everything you always wanted to know about SPAN ports, Network Taps, Packet Mirrors, and the Splunk App for Stream (but were afraid to ask) (Blogs: Security) • How Can You Use Ephemeral Streams? (Blogs: Tips & Tricks) 46
  • 44. 47 Northern Cal Tech Talks! Monthly WebEx Sessions • Ted Talk style presentation • Q&A Chat forum So what’s next on the agenda? • March 23rd @ 10AM PST - Building & Deploying Apps. • April 20th @ 10AM PST - Top 5 most useful search commands. See more at: http://live.splunk.com/NorCalTechTalks
  • 45. 48 SEPT 26-29, 2016 WALT DISNEY WORLD, ORLANDO SWAN AND DOLPHIN RESORTS • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! The 7th Annual Splunk Worldwide Users’ Conference PLUS Splunk University • Three days: Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education!
  • 46. Q&A
  • 48. 5353 Complex JSON Configured settings •Nested •Multiple TimeStamp fields •Larger single event Simple JSON Default settings •Structured •TimeStamp found in first event •Smaller set of data Complex JSON – Lessons Learned
  • 49. Scalable Syslog Event Collection Dedicated Syslog Collector with Splunk Forwarder Splunk Forwarder With Syslog Listener

Editor's Notes

  1. At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
  2. What is this machine data, and why is it a big deal? Well, it’s one of the fastest growing, most complex and most valuable segments of data. All the webservers, applications, network devices, mobile devices, sensors – all of the technology infrastructure running your enterprise – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner. Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience. Characteristics of machine data – the four V’s - the last two are the most interesting / challenging.
  3. All the webservers, applications, network devices – all of the technology infrastructure running an enterprise or organization – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner.
  4. Let’s take a closer look at machine data
  5. To frame our discussion, let’s use this example of purchasing a product from your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data.   Each of the underlying systems hast the potential to generate millions of machine data events daily. Here we see small excerpts from just some of them. When we look more closely at the data we see that it contains valuable information – right down to what was tweeted.   What’s important, is first of all, the ability to actually see across all these data sources, but then also to correlate related events and provide meaningful insight. If you can correlate and visualize the data, you can build a picture of activity, behavior and experience. And what if you can do all of this in real-time? You can respond more quickly to events that matter. This example ties into your scenario but you can also extrapolate this example to a wide range of use cases – security and fraud, transaction monitoring and analysis, web analytics, IT operations and so on.
  6. Our customers typically start with Splunk to solve a specific problem, and then expand from there to address a broad range of use cases, across application troubleshooting, IT infrastructure monitoring, security, business analytics, Internet of things, and many others that are entirely innovated by our customers. Here’s how it works. Splunk software and cloud services reliably collect and index machine data, from a single source to tens of thousands of sources. All in real time. - Once data is in Splunk, you can search, analyze, report-on and derive business value from all your data
  7. Since 2004 Splunk has become the platform of choice to extract business value from Machine data. That means that Splunk collects, indexes, analyzes, reports and predicts on machine-generated data from a single product. It’s an open platform with over 500 Splunk Apps available and allows for custom development.
  8. Setting a certain amount of meta data at ingestion that way its easier to extract value from it
  9. Input on local before Prod Confirm Sourcetype Separate Index When monitoring – be as specific as possible Try it before you buy it Save-as not override _____ Systematic way to bring new data sources into Splunk Enure that new data is instantly usable & has maximum value for users Goes hand-in-hand with the User Onboarding process Lookout for inadvertent, runaway monitor clauses Don’t monitor thousands of files unnecessarily– that’s the NSA’s job
  10. Introduce the idea thaw e are going to use the GUI For all Minimal effort overall
  11. DO WE DEFINE JSON?
  12. Went through this morning session using the tutorial data – now lets do something that is more structured
  13. Smaller events Point out that we can ingest csv and json – out of the box But what if ?? What if there is a csv with an out of norm
  14. Complex CSV %d%b%Y:%H:%M:%S.%2N %d  Day of the month as a decimal number, includes a leading zero. (01 to 31) %b  Abbreviated month name. (Jan, Feb, etc.) %Y  Year as a decimal number with century. (2015) %H  Hour (24-hour clock) as a decimal number. Hours represented by the values 00 to 23. Leading zeros are accepted but not required. %M  %MMinute as a decimal number. Minutes represented by the values 00 to 59. %S  %SSecond as a decimal number, for example 00 to 60. %N  %NSubseconds with width. (%3N = milliseconds, %6N = microseconds, %9N = nanoseconds) http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Commontimeformatvariables
  15. Why JSON? Still no header – this isn’t CSV – both a blessing and a curse
  16. Why JSON? Still no header – this isn’t CSV – both a blessing and a curse
  17. Why JSON? Still no header – this isn’t CSV – both a blessing and a curse
  18. With thousands of enterprise customers and an order of magnitude more actual users, we have a thriving community. We launched a dev portal a few months back and already have over 3,000 unique visitors per week. We have over 500 apps contributed by ourselves, our partners and our community. Our knowledge exchange Answers site has over 40,000+ questions answered. We host our annual users’ conference and local Splunk Live! Events where you can meet other users. Best of all, Splunk’s passionate and vibrant community demands more from Splunk and gives us incredible feedback, which drives us to constantly innovate and respond to their needs.
  19. Focus on the fact that there is a lot of sources of data and our goal  any data anytime anywhere(any source)!
  20. Splunk apps and add-ons: what & why? Splunk apps allow developers to extend data ingestion and processing capabilities of Splunk Enterprise for your specific needs. Apps facilitate more efficient completion of domain-specific tasks by the end user. High-level perspective A Splunk app is a prebuilt collection of additional capabilities packaged for a specific technology, or use cases, which allows a more effective usage of Splunk Enterprise. You can use Splunk apps to gain the specific insights you need from your machine data. Depending on the type and complexity of those use cases, and also whether the developer wants certain app parts to be configured or distributed separately (potentially by a third party), an app may rely on various add-ons. An add-on is a technical component that can be re-used across a number of different use cases and packaged with one or more Splunk apps. Add-ons may contain one or more knowledge objects, which encapsulate a specific functionality focused on a single concern and its configuration. Using an add-on should help to reduce the technical risk and cost of building an app. 
  21. Splunk apps and add-ons: what & why? Splunk apps allow developers to extend data ingestion and processing capabilities of Splunk Enterprise for your specific needs. Apps facilitate more efficient completion of domain-specific tasks by the end user. High-level perspective A Splunk app is a prebuilt collection of additional capabilities packaged for a specific technology, or use cases, which allows a more effective usage of Splunk Enterprise. You can use Splunk apps to gain the specific insights you need from your machine data. Depending on the type and complexity of those use cases, and also whether the developer wants certain app parts to be configured or distributed separately (potentially by a third party), an app may rely on various add-ons. An add-on is a technical component that can be re-used across a number of different use cases and packaged with one or more Splunk apps. Add-ons may contain one or more knowledge objects, which encapsulate a specific functionality focused on a single concern and its configuration. Using an add-on should help to reduce the technical risk and cost of building an app. 
  22. I would like to start by taking a survey from this lovely audience on which inputs do we NOT support today?
  23. However, our focus today will be on the HTTP Event Collector, the MINT Data Collector and Splunk App for Stream.
  24. You start by sending events directly from sources like a server, docker, mobile device, IoT, or browser as raw JSON, loose text or XML <CLICK> across an HTTP or HTTPS POST request to our services/collector or services/collector/raw REST API endpoint. <CLICK>
  25. So, you’re at another lunch because we all need to eat. This time you came prepared with your own pen. You grab a napkin and start doodling how it works. It might look something like this: <CLICK>   The Splunk MINT SDKs integrate into the iOS and/or Android mobile apps to collect data from those apps, and then <CLICK> send that data to the MINT Data Collector, which is a cloud service that we provide. The MINT Data Collector then <CLICK> forwards the data to Splunk MINT Management Console and the Splunk MINT App. That’s it!
  26. So, how does it work? Let’s say you are having lunch with Mr. Customer and you start chatting about the Splunk App for Stream. You ask the closest wait staff for a pen and grab a clean napkin. You then say to Mr. Customer, “let me doodle how it works”. There are three types of network collection architectures: (1) local, (2) SPAN or port mirror, and (3) TAP. Don’t fret if you cannot spell SPAN or TAP, I have included resources at the end of this presentation for you to check out on your own time. So, the doodle for local collection might look like this: <CLICK>   First, the basic data flow from an end user into the customer’s environment. <CLICK> Then, in their Splunkland, they may have forwarders on their hosts sending data to their indexers. <CLICK> Finally, for local collection of their wire data, it requires the installation of Splunk_TA_stream on the forwarders of each host on the network or network segment that they want to monitor. The TA also needs to be installed on the indexers, and the app on the search heads. Please note that SHC is not supported at this time with Stream.
  27. Setting a certain amount of meta data at ingestion that way its easier to extract value from it
  28. In addition to live, .conf, docs, answers, meetups etc etc
  29. We’re headed to the East Coast! 2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics! 165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE! 30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you! Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers. Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja! REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!
  30. To prevent you walking out of this presentation feeling like this we thought it best to have a fake real-world scenario wherein we discussed a common question that comes up when talking about
  31. Normalizes data from different sources – Host and hostname discussion