SlideShare a Scribd company logo

Exploring Splunk

Dmitry Anoshin
Dmitry Anoshin

Platform for Machine Data and Operational Intelligence

Software
1 of 21
cleverdata.ru | info@cleverdata.ru EXPLORING SPLUNK>
Splunk to the Rescue in the Datacenter It’s 2 AM, the web site is down. Why did it fail? Was it the web servers, the applications, the database servers, a full disk, or load balancers on the fritz? cleverdata.ru | info@cleverdata.ru Relax. You deployed Splunk yesterday. Search the log files from all your web servers, databases, firewalls, routers, and load balancers, as well as search configuration files and data from all your other devices, operating systems, or applications of interest. A graph of web server show me when was a problem - at 5:03 PM, errors on the web servers spiked dramatically -> check top 10 pages with errors: The home page is okay. The search page is okay. The shopping cart is the problem. Starting at 5:03, every request to that page produced an error. Shopping cart connected to a database -> logs shows the database is up -> ecommerce server logs. At 5:03 PM, the ecommerce server cannot connect to the database server. -> changes to the configuration files and see that someone changed a network setting. It was done incorrectly. You contact the person who made the change, who rolls it back, and the system starts working again.
Splunk to the Rescue in the Marketing Department cleverdata.ru | info@cleverdata.ru The promotions department of a large retailer. Looking at the graph for the last few hours, you see a spike 20 minutes ago. Searches for your company name and your latest product are way up. You check a report on top referring URLs in the past hour and Splunk shows that a celebrity tweeted about the product and linked to your home page. You look at another graph that shows performance of the most frequently visited pages. The search page is overloaded and slowing down. A huge crowd of people is coming to your site but can’t find the product they are looking for, so they are all using search. You log on to your site’s content management system and put a promotional ad for the new product at the center of the home page. Search traffic starts to drop, and traffic to the new product page starts to rise, and so does traffic to the shopping cart page. You look at the top 10 products added to the cart and the top 10 products purchased; the new product tops the list. You send a note to the PR department to follow up. Incoming traffic is now converting to sales instead of frustration, exactly what you want to happen. Your ability to make the most of an unforeseen opportunity was made possible by Splunk. Your next step is to make sure that you have enough of that product in stock, a great problem to have.
Approaching Splunk cleverdata.ru | info@cleverdata.ru As you use Splunk to answer questions, you’ll find that you can break the task into three phases: • First, identify the data that can answer your question. • Second, transform the data into the results that can answer your question. • Third, display the answer in a report, interactive chart, or graph to make it intelligible to a wide range of audiences. Begin with the questions you want to answer: • Why did that system fail? • Why is it so slow lately? • Where are people having trouble with our web- site? • How many purchases? • What is conversion? • What are TOP/FLOP products? • And many others questions
Splunk: The Company and the Concept In 2002, Erik Swan and Rob Das started talking to companies about their problems. They asked prospective customers, “How do you solve problems in your infrastructure?” These practitioners told Splunk’s founders that solving infrastructure problems was like slowly crawling around in caves (their datacenters) with pickaxes, poor lighting, and limited navigational power (old scripts and log management technologies). In short, it was like spelunking—and so, the name “Splunk” was born. “Why couldn’t searching IT data be as easy and intuitive as a GoogleTM search?” cleverdata.ru | info@cleverdata.ru
How Splunk Mastered Machine Data in the Datacenter • Creating a central repository is vital: One of the major victories of Splunk is the way that diverse types of data from many different sources are centralized for searching. • Splunk converts data into answers: Splunk helps you find the in- sights that are buried cleverdata.ru | info@cleverdata.ru in the data. • Splunk helps you understand the structure and meaning of data: The more you understand your data, the more you’ll see in it. Splunk also helps you capture what you learn to make future investigations easier and to share what you’ve learned with others. • Visualization closes the loop: All that indexing and searching pays off when you see a chart or a report that makes an answer crystal clear. Being able to visualize data in different ways accelerates understanding and helps you share that understanding with others.
Operational Intelligence Splunk has been at the forefront of raising awareness about operational intelligence, a new category of methods and technology for using machine data to gain visibility into the business and discover insights for IT and the entire enterprise. Operational intelligence enables organizations to: • Use machine data to gain a deeper understanding of their customers: For example, if you just track transactions on a website, you see what people bought. But by looking closely at the web server logs you can see all the pages they looked at before they purchased, and, perhaps even more important for the bottom line, you can see the pages that the people who didn’t buy looked at. (Remember our new product search example from the intro?) • Reveal important patterns and analytics derived from correlating events from many sources: When you can track indicators of consumer behavior from websites, call detail records, social media, and in-store retail transactions, a far more complete picture of the customer emerges. As more and more customer interactions show up in machine data, more can be learned. • Reduce the time between an important event and its detection: Machine data can be monitored and cleverdata.ru | info@cleverdata.ru correlated in real time. • Leverage live feeds and historical data to make sense of what is happening now, to find trends and anomalies, and to make more informed decisions based on that information: For example, the traffic created by a web promotion can be measured in real time and compared with previous promotions. • Deploy a solution quickly and deliver the flexibility needed by organizations today and in the future—that is, the ability to provide ad hoc reports, answer questions, and add new data sources: Splunk data can be presented in traditional dashboards that allow users to explore the events and keep asking new questions.
Operational Intelligence at Work Using machine data in Splunk helps solve vexing business problems. Here are a few examples: • An operations team implemented a cloud-delivered customer-facing application and used Splunk for diagnostics. They soon realized they could track user statistics and better plan capacity—a metric with profound business implications. • Web server traffic logs can be used to track shopping carts being filled and abandoned in real time. The marketing department can use this information to determine where consumers are getting stuck and what types of purchases are being abandoned so that any problems can be fixed right away and promotions can target items that are abandoned. • Organizations using Splunk to monitor applications for troubleshooting have realized that they can easily provide views to their first-line support team to handle customer calls directly, versus escalating those calls to expensive engineering resources. • A major utility company was able to eliminate costly software maintenance fees by replacing six other monitoring and diagnostic tools with Splunk, while enhancing their NERC and SOX compliance efforts. • A major public media organization reduced the time it took to capture critical web analytics from months to hours. They were also able to track their digital assets with a granularity and accuracy that they couldn’t have otherwise, resulting in better royalty accounting and content marketing. • A taco fast-food restaurant connected its points of sale (POS) to Splunk, and within an hour, business analysts were able to begin answering questions like, “How many people are buying tacos in the midnight-to-2 AM period, in this geography, during this time of the year?” Operational intelligence enables organizations to ask the right questions, leading to answers that deliver business insights, using combinations of real-time and historical data, displayed in easily digestible dashboards and graphical tools. cleverdata.ru | info@cleverdata.ru
Machine Data Basics Splunk> mission is to make machine data useful for people. Systems (such as web servers or load balancers or video games or social media platforms) write to log files when they are running. This information (the machine data in the log files can use to understand what those systems are doing as they run (or fail to run). The universe covered by machine data is much more than log files—it includes data from configuration, clickstreams, change events, diagnostics, APIs, message queues, and custom applications. cleverdata.ru | info@cleverdata.ru Some types of machine data: • Applications Logs • Web Access Logs • Web Proxy Logs • Call Detail Record (CDR) • Clickstream data • Message Queue • Packet Data • Configuration Files • Firewall and IDS logs • Database Audit Logs and Tables • File System Audit Logs • Management and Logging APIs • OS Metrics, Status, and Diagnostic Commands • Logs from DNS, DHCP, and other network services record • Syslogs from your routers, switches, and network • OS logs • Tweets
Machine Data Contains Critical Insights cleverdata.ru | info@cleverdata.ru
Splunk Data Sources During indexing, Splunk can read machine data from any number of sources. The most common input sources are: cleverdata.ru | info@cleverdata.ru • files: Splunk can monitor specific files or directories. If data is added to a file or a new file is added to a monitored directory, Splunk reads that data. • the network: Splunk can listen on TCP or UDP ports, reading any data sent. • scripted inputs: Splunk can read the machine data output by pro- grams or scripts, such as a Unix® command or a custom script that monitors sensors. • apps
Platform for Machine Data cleverdata.ru | info@cleverdata.ru
Splunk indexes raw data by creating a time-based map of the words in the data without modifying the data itself by dividing a stream of machine data into individual events. cleverdata.ru | info@cleverdata.ru Each event has at leas 4 default fields: Understanding How Splunk Indexes Data
Searching with Splunk cleverdata.ru | info@cleverdata.ru
SPLTM: Search Processing Language index="mygizmostoreindex" | chart count AS views, count(eval(method="purchase")) AS purchases by categoryId | rename views as "Views", purchases AS "Purchases", categoryId AS "Category” index="csv_zakupki" | stats sum("Общая цена контракта тыс_ руб") as Summa, sum("Количество допущеных заявок") as Qty by "Победитель"| eval "Средняя цена контракта"=(Summa/Qty) |sort -"Средняя цена контракта" | head 10 | fields - Summa, Qty cleverdata.ru | info@cleverdata.ru
Geospatial data based on IP cleverdata.ru | info@cleverdata.ru
Web Store Dashboard cleverdata.ru | info@cleverdata.ru
Web Site Monitoring Tool cleverdata.ru | info@cleverdata.ru
Why Splunk fast? The typical components of a Splunk deployment are made up of the following (all of which can exist on a single machine): • Search Head: The web service you login to through your browser and submit searches, cleverdata.ru | info@cleverdata.ru view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer When a search is submitted by a user, the search head submits that search to each indexer individually and they run in parallel (distributed). A “map” function grabbing data in parallel execution fashion. sourcetype=syslog src_ip=192.168.1.1 | chart count by host The map function = “sourcetype=syslog src_ip=192.168.1.1” The reduce function = “chart count by host” Splunk is unique because it built a framework around MapReduce and setup a very handy search language that easily and directly gets translated into a MapReduce job.
Splunk Architecture • Scales to TBs/day and Thousands of Users • Automatic load balancing linearly scales indexing • Distributed search and MapReduce linearly scales search and reporting cleverdata.ru | info@cleverdata.ru
Scaling and High Availability cleverdata.ru | info@cleverdata.ru The functionality of Splunk can be roughly broken down into three basic areas: • Search Head: The web service you login to through your browser and submit searches, view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer Splunk can scale them individually. Clustering Splunk indexers is the way to achieve high availability. The coordination of the replication, failure, and other clustering specific items is done by a cluster master.

Recommended

Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
Splunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
Georg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojo
Splunk
 

Recommended

Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
Splunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
Georg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojo
Splunk
 
Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
Sunil Kumar
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
Robb Boyd
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
Splunk
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
Splunk
 
Splunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojoSplunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojo
Splunk
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
Dimitri McKay - CISSP
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
Splunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 

More Related Content

What's hot

Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
Sunil Kumar
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
Robb Boyd
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
Splunk
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
Splunk
 
Splunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojoSplunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojo
Splunk
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
Dimitri McKay - CISSP
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 

What's hot (20)

Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
 
Splunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojoSplunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojo
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

Viewers also liked

SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
Splunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Taking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – ArchitectureTaking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – Architecture
Splunk
 
Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimization
Splunk
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better Code
Philipp Drieger
 
Splunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into Splunk
Splunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Deploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do SplunkDeploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do Splunk
Splunk
 

Viewers also liked (9)

SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
Taking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – ArchitectureTaking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – Architecture
 
Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimization
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better Code
 
Splunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into Splunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Deploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do SplunkDeploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do Splunk
 

Similar to Exploring Splunk

Splunk for big_data
Splunk for big_dataSplunk for big_data
Splunk for big_data
Greg Hanchin
 
Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Operational Analytics: Best Software For Sourcing Actionable Insights 2013Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Newton Day Uploads
 
How Startups can leverage big data?
How Startups can leverage big data?How Startups can leverage big data?
How Startups can leverage big data?
Rackspace
 
Big Data
Big DataBig Data
Big Data
Gerard McNamee
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
Splunk
 
Splunk
SplunkSplunk
Splunk
Deep Mehta
 
Unlocking big data
Unlocking big dataUnlocking big data
Unlocking big data
Orchestrate Mortgage and Title Solutions, LLC
 
Web Scraping Services.pptx
Web Scraping Services.pptxWeb Scraping Services.pptx
Web Scraping Services.pptx
WebScreenScraping Services
 
Harness the power of data
Harness the power of dataHarness the power of data
Harness the power of data
Harsha MV
 
Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0Isaac Mosquera
 
Splunk/Socialize at Hadoop Summit
Splunk/Socialize at Hadoop SummitSplunk/Socialize at Hadoop Summit
Splunk/Socialize at Hadoop Summit
Isaac Mosquera
 
Big Data at the Speed of Business: Lessons Learned from Leading at the Edge
Big Data at the Speed of Business: Lessons Learned from Leading at the EdgeBig Data at the Speed of Business: Lessons Learned from Leading at the Edge
Big Data at the Speed of Business: Lessons Learned from Leading at the Edge
DataWorks Summit
 
Going Responsive with Google Analytics - EdUi
Going Responsive with Google Analytics - EdUiGoing Responsive with Google Analytics - EdUi
Going Responsive with Google Analytics - EdUi
NewCity
 
Top Big data Analytics tools: Emerging trends and Best practices
Top Big data Analytics tools: Emerging trends and Best practicesTop Big data Analytics tools: Emerging trends and Best practices
Top Big data Analytics tools: Emerging trends and Best practices
SpringPeople
 
Gain a Holistic View of your Customer's Journey
Gain a Holistic View of your Customer's JourneyGain a Holistic View of your Customer's Journey
Gain a Holistic View of your Customer's Journey
Platfora
 
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...Lucidworks (Archived)
 
BigData Analytics_1.7
BigData Analytics_1.7BigData Analytics_1.7
BigData Analytics_1.7Rohit Mittal
 
Mighty Guides- Data Disruption
Mighty Guides- Data DisruptionMighty Guides- Data Disruption
Mighty Guides- Data Disruption
Mighty Guides, Inc.
 
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryAge of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Inside Analysis
 
Hh
HhHh
Hh
Sophia Asde
 

Similar to Exploring Splunk (20)

Splunk for big_data
Splunk for big_dataSplunk for big_data
Splunk for big_data
 
Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Operational Analytics: Best Software For Sourcing Actionable Insights 2013Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Operational Analytics: Best Software For Sourcing Actionable Insights 2013
 
How Startups can leverage big data?
How Startups can leverage big data?How Startups can leverage big data?
How Startups can leverage big data?
 
Big Data
Big DataBig Data
Big Data
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
 
Splunk
SplunkSplunk
Splunk
 
Unlocking big data
Unlocking big dataUnlocking big data
Unlocking big data
 
Web Scraping Services.pptx
Web Scraping Services.pptxWeb Scraping Services.pptx
Web Scraping Services.pptx
 
Harness the power of data
Harness the power of dataHarness the power of data
Harness the power of data
 
Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0
 
Splunk/Socialize at Hadoop Summit
Splunk/Socialize at Hadoop SummitSplunk/Socialize at Hadoop Summit
Splunk/Socialize at Hadoop Summit
 
Big Data at the Speed of Business: Lessons Learned from Leading at the Edge
Big Data at the Speed of Business: Lessons Learned from Leading at the EdgeBig Data at the Speed of Business: Lessons Learned from Leading at the Edge
Big Data at the Speed of Business: Lessons Learned from Leading at the Edge
 
Going Responsive with Google Analytics - EdUi
Going Responsive with Google Analytics - EdUiGoing Responsive with Google Analytics - EdUi
Going Responsive with Google Analytics - EdUi
 
Top Big data Analytics tools: Emerging trends and Best practices
Top Big data Analytics tools: Emerging trends and Best practicesTop Big data Analytics tools: Emerging trends and Best practices
Top Big data Analytics tools: Emerging trends and Best practices
 
Gain a Holistic View of your Customer's Journey
Gain a Holistic View of your Customer's JourneyGain a Holistic View of your Customer's Journey
Gain a Holistic View of your Customer's Journey
 
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
 
BigData Analytics_1.7
BigData Analytics_1.7BigData Analytics_1.7
BigData Analytics_1.7
 
Mighty Guides- Data Disruption
Mighty Guides- Data DisruptionMighty Guides- Data Disruption
Mighty Guides- Data Disruption
 
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryAge of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide Discovery
 
Hh
HhHh
Hh
 

More from Dmitry Anoshin

Building Modern Data Platform with Microsoft Azure
Building Modern Data Platform with Microsoft AzureBuilding Modern Data Platform with Microsoft Azure
Building Modern Data Platform with Microsoft Azure
Dmitry Anoshin
 
Building Modern Data Platform with AWS
Building Modern Data Platform with AWSBuilding Modern Data Platform with AWS
Building Modern Data Platform with AWS
Dmitry Anoshin
 
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Dmitry Anoshin
 
Victoria Tableau User Group - Getting started with Tableau
Victoria Tableau User Group - Getting started with TableauVictoria Tableau User Group - Getting started with Tableau
Victoria Tableau User Group - Getting started with Tableau
Dmitry Anoshin
 
Hey, what is about data?
Hey, what is about data?Hey, what is about data?
Hey, what is about data?
Dmitry Anoshin
 
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical SolutionEnterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Dmitry Anoshin
 
AWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWSAWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWS
Dmitry Anoshin
 
Tableau API
Tableau APITableau API
Tableau API
Dmitry Anoshin
 
My experience of writing technical books
My experience of writing technical booksMy experience of writing technical books
My experience of writing technical books
Dmitry Anoshin
 
Business objects activities web intelligence
Business objects activities web intelligenceBusiness objects activities web intelligence
Business objects activities web intelligence
Dmitry Anoshin
 
Splunk 6.2 new features
Splunk 6.2 new featuresSplunk 6.2 new features
Splunk 6.2 new features
Dmitry Anoshin
 
Business Analytics Paradigm Change
Business Analytics Paradigm ChangeBusiness Analytics Paradigm Change
Business Analytics Paradigm Change
Dmitry Anoshin
 
SAP BO and Teradata best practices
SAP BO and Teradata best practicesSAP BO and Teradata best practices
SAP BO and Teradata best practices
Dmitry Anoshin
 
Splunk Digital Intelligence
Splunk Digital IntelligenceSplunk Digital Intelligence
Splunk Digital Intelligence
Dmitry Anoshin
 
Role of Tableau on the Data Discovery Market
Role of Tableau on the Data Discovery MarketRole of Tableau on the Data Discovery Market
Role of Tableau on the Data Discovery Market
Dmitry Anoshin
 
SAP Lumira - Building visualizations
SAP Lumira - Building visualizationsSAP Lumira - Building visualizations
SAP Lumira - Building visualizations
Dmitry Anoshin
 
SAP Lumira - Acquiring data
SAP Lumira - Acquiring dataSAP Lumira - Acquiring data
SAP Lumira - Acquiring data
Dmitry Anoshin
 
SAP Lumira - Enriching data
SAP Lumira - Enriching dataSAP Lumira - Enriching data
SAP Lumira - Enriching data
Dmitry Anoshin
 
Microstrategy for Retailer Company
Microstrategy for Retailer CompanyMicrostrategy for Retailer Company
Microstrategy for Retailer CompanyDmitry Anoshin
 
SAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report DevelopmentSAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report DevelopmentDmitry Anoshin
 

More from Dmitry Anoshin (20)

Building Modern Data Platform with Microsoft Azure
Building Modern Data Platform with Microsoft AzureBuilding Modern Data Platform with Microsoft Azure
Building Modern Data Platform with Microsoft Azure
 
Building Modern Data Platform with AWS
Building Modern Data Platform with AWSBuilding Modern Data Platform with AWS
Building Modern Data Platform with AWS
 
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
 
Victoria Tableau User Group - Getting started with Tableau
Victoria Tableau User Group - Getting started with TableauVictoria Tableau User Group - Getting started with Tableau
Victoria Tableau User Group - Getting started with Tableau
 
Hey, what is about data?
Hey, what is about data?Hey, what is about data?
Hey, what is about data?
 
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical SolutionEnterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
 
AWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWSAWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWS
 
Tableau API
Tableau APITableau API
Tableau API
 
My experience of writing technical books
My experience of writing technical booksMy experience of writing technical books
My experience of writing technical books
 
Business objects activities web intelligence
Business objects activities web intelligenceBusiness objects activities web intelligence
Business objects activities web intelligence
 
Splunk 6.2 new features
Splunk 6.2 new featuresSplunk 6.2 new features
Splunk 6.2 new features
 
Business Analytics Paradigm Change
Business Analytics Paradigm ChangeBusiness Analytics Paradigm Change
Business Analytics Paradigm Change
 
SAP BO and Teradata best practices
SAP BO and Teradata best practicesSAP BO and Teradata best practices
SAP BO and Teradata best practices
 
Splunk Digital Intelligence
Splunk Digital IntelligenceSplunk Digital Intelligence
Splunk Digital Intelligence
 
Role of Tableau on the Data Discovery Market
Role of Tableau on the Data Discovery MarketRole of Tableau on the Data Discovery Market
Role of Tableau on the Data Discovery Market
 
SAP Lumira - Building visualizations
SAP Lumira - Building visualizationsSAP Lumira - Building visualizations
SAP Lumira - Building visualizations
 
SAP Lumira - Acquiring data
SAP Lumira - Acquiring dataSAP Lumira - Acquiring data
SAP Lumira - Acquiring data
 
SAP Lumira - Enriching data
SAP Lumira - Enriching dataSAP Lumira - Enriching data
SAP Lumira - Enriching data
 
Microstrategy for Retailer Company
Microstrategy for Retailer CompanyMicrostrategy for Retailer Company
Microstrategy for Retailer Company
 
SAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report DevelopmentSAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report Development
 

Recently uploaded

Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
IES VE
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 

Recently uploaded (20)

Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 

Exploring Splunk

  • 2. Splunk to the Rescue in the Datacenter It’s 2 AM, the web site is down. Why did it fail? Was it the web servers, the applications, the database servers, a full disk, or load balancers on the fritz? cleverdata.ru | info@cleverdata.ru Relax. You deployed Splunk yesterday. Search the log files from all your web servers, databases, firewalls, routers, and load balancers, as well as search configuration files and data from all your other devices, operating systems, or applications of interest. A graph of web server show me when was a problem - at 5:03 PM, errors on the web servers spiked dramatically -> check top 10 pages with errors: The home page is okay. The search page is okay. The shopping cart is the problem. Starting at 5:03, every request to that page produced an error. Shopping cart connected to a database -> logs shows the database is up -> ecommerce server logs. At 5:03 PM, the ecommerce server cannot connect to the database server. -> changes to the configuration files and see that someone changed a network setting. It was done incorrectly. You contact the person who made the change, who rolls it back, and the system starts working again.
  • 3. Splunk to the Rescue in the Marketing Department cleverdata.ru | info@cleverdata.ru The promotions department of a large retailer. Looking at the graph for the last few hours, you see a spike 20 minutes ago. Searches for your company name and your latest product are way up. You check a report on top referring URLs in the past hour and Splunk shows that a celebrity tweeted about the product and linked to your home page. You look at another graph that shows performance of the most frequently visited pages. The search page is overloaded and slowing down. A huge crowd of people is coming to your site but can’t find the product they are looking for, so they are all using search. You log on to your site’s content management system and put a promotional ad for the new product at the center of the home page. Search traffic starts to drop, and traffic to the new product page starts to rise, and so does traffic to the shopping cart page. You look at the top 10 products added to the cart and the top 10 products purchased; the new product tops the list. You send a note to the PR department to follow up. Incoming traffic is now converting to sales instead of frustration, exactly what you want to happen. Your ability to make the most of an unforeseen opportunity was made possible by Splunk. Your next step is to make sure that you have enough of that product in stock, a great problem to have.
  • 4. Approaching Splunk cleverdata.ru | info@cleverdata.ru As you use Splunk to answer questions, you’ll find that you can break the task into three phases: • First, identify the data that can answer your question. • Second, transform the data into the results that can answer your question. • Third, display the answer in a report, interactive chart, or graph to make it intelligible to a wide range of audiences. Begin with the questions you want to answer: • Why did that system fail? • Why is it so slow lately? • Where are people having trouble with our web- site? • How many purchases? • What is conversion? • What are TOP/FLOP products? • And many others questions
  • 5. Splunk: The Company and the Concept In 2002, Erik Swan and Rob Das started talking to companies about their problems. They asked prospective customers, “How do you solve problems in your infrastructure?” These practitioners told Splunk’s founders that solving infrastructure problems was like slowly crawling around in caves (their datacenters) with pickaxes, poor lighting, and limited navigational power (old scripts and log management technologies). In short, it was like spelunking—and so, the name “Splunk” was born. “Why couldn’t searching IT data be as easy and intuitive as a GoogleTM search?” cleverdata.ru | info@cleverdata.ru
  • 6. How Splunk Mastered Machine Data in the Datacenter • Creating a central repository is vital: One of the major victories of Splunk is the way that diverse types of data from many different sources are centralized for searching. • Splunk converts data into answers: Splunk helps you find the in- sights that are buried cleverdata.ru | info@cleverdata.ru in the data. • Splunk helps you understand the structure and meaning of data: The more you understand your data, the more you’ll see in it. Splunk also helps you capture what you learn to make future investigations easier and to share what you’ve learned with others. • Visualization closes the loop: All that indexing and searching pays off when you see a chart or a report that makes an answer crystal clear. Being able to visualize data in different ways accelerates understanding and helps you share that understanding with others.
  • 7. Operational Intelligence Splunk has been at the forefront of raising awareness about operational intelligence, a new category of methods and technology for using machine data to gain visibility into the business and discover insights for IT and the entire enterprise. Operational intelligence enables organizations to: • Use machine data to gain a deeper understanding of their customers: For example, if you just track transactions on a website, you see what people bought. But by looking closely at the web server logs you can see all the pages they looked at before they purchased, and, perhaps even more important for the bottom line, you can see the pages that the people who didn’t buy looked at. (Remember our new product search example from the intro?) • Reveal important patterns and analytics derived from correlating events from many sources: When you can track indicators of consumer behavior from websites, call detail records, social media, and in-store retail transactions, a far more complete picture of the customer emerges. As more and more customer interactions show up in machine data, more can be learned. • Reduce the time between an important event and its detection: Machine data can be monitored and cleverdata.ru | info@cleverdata.ru correlated in real time. • Leverage live feeds and historical data to make sense of what is happening now, to find trends and anomalies, and to make more informed decisions based on that information: For example, the traffic created by a web promotion can be measured in real time and compared with previous promotions. • Deploy a solution quickly and deliver the flexibility needed by organizations today and in the future—that is, the ability to provide ad hoc reports, answer questions, and add new data sources: Splunk data can be presented in traditional dashboards that allow users to explore the events and keep asking new questions.
  • 8. Operational Intelligence at Work Using machine data in Splunk helps solve vexing business problems. Here are a few examples: • An operations team implemented a cloud-delivered customer-facing application and used Splunk for diagnostics. They soon realized they could track user statistics and better plan capacity—a metric with profound business implications. • Web server traffic logs can be used to track shopping carts being filled and abandoned in real time. The marketing department can use this information to determine where consumers are getting stuck and what types of purchases are being abandoned so that any problems can be fixed right away and promotions can target items that are abandoned. • Organizations using Splunk to monitor applications for troubleshooting have realized that they can easily provide views to their first-line support team to handle customer calls directly, versus escalating those calls to expensive engineering resources. • A major utility company was able to eliminate costly software maintenance fees by replacing six other monitoring and diagnostic tools with Splunk, while enhancing their NERC and SOX compliance efforts. • A major public media organization reduced the time it took to capture critical web analytics from months to hours. They were also able to track their digital assets with a granularity and accuracy that they couldn’t have otherwise, resulting in better royalty accounting and content marketing. • A taco fast-food restaurant connected its points of sale (POS) to Splunk, and within an hour, business analysts were able to begin answering questions like, “How many people are buying tacos in the midnight-to-2 AM period, in this geography, during this time of the year?” Operational intelligence enables organizations to ask the right questions, leading to answers that deliver business insights, using combinations of real-time and historical data, displayed in easily digestible dashboards and graphical tools. cleverdata.ru | info@cleverdata.ru
  • 9. Machine Data Basics Splunk> mission is to make machine data useful for people. Systems (such as web servers or load balancers or video games or social media platforms) write to log files when they are running. This information (the machine data in the log files can use to understand what those systems are doing as they run (or fail to run). The universe covered by machine data is much more than log files—it includes data from configuration, clickstreams, change events, diagnostics, APIs, message queues, and custom applications. cleverdata.ru | info@cleverdata.ru Some types of machine data: • Applications Logs • Web Access Logs • Web Proxy Logs • Call Detail Record (CDR) • Clickstream data • Message Queue • Packet Data • Configuration Files • Firewall and IDS logs • Database Audit Logs and Tables • File System Audit Logs • Management and Logging APIs • OS Metrics, Status, and Diagnostic Commands • Logs from DNS, DHCP, and other network services record • Syslogs from your routers, switches, and network • OS logs • Tweets
  • 10. Machine Data Contains Critical Insights cleverdata.ru | info@cleverdata.ru
  • 11. Splunk Data Sources During indexing, Splunk can read machine data from any number of sources. The most common input sources are: cleverdata.ru | info@cleverdata.ru • files: Splunk can monitor specific files or directories. If data is added to a file or a new file is added to a monitored directory, Splunk reads that data. • the network: Splunk can listen on TCP or UDP ports, reading any data sent. • scripted inputs: Splunk can read the machine data output by pro- grams or scripts, such as a Unix® command or a custom script that monitors sensors. • apps
  • 12. Platform for Machine Data cleverdata.ru | info@cleverdata.ru
  • 13. Splunk indexes raw data by creating a time-based map of the words in the data without modifying the data itself by dividing a stream of machine data into individual events. cleverdata.ru | info@cleverdata.ru Each event has at leas 4 default fields: Understanding How Splunk Indexes Data
  • 14. Searching with Splunk cleverdata.ru | info@cleverdata.ru
  • 15. SPLTM: Search Processing Language index="mygizmostoreindex" | chart count AS views, count(eval(method="purchase")) AS purchases by categoryId | rename views as "Views", purchases AS "Purchases", categoryId AS "Category” index="csv_zakupki" | stats sum("Общая цена контракта тыс_ руб") as Summa, sum("Количество допущеных заявок") as Qty by "Победитель"| eval "Средняя цена контракта"=(Summa/Qty) |sort -"Средняя цена контракта" | head 10 | fields - Summa, Qty cleverdata.ru | info@cleverdata.ru
  • 16. Geospatial data based on IP cleverdata.ru | info@cleverdata.ru
  • 17. Web Store Dashboard cleverdata.ru | info@cleverdata.ru
  • 18. Web Site Monitoring Tool cleverdata.ru | info@cleverdata.ru
  • 19. Why Splunk fast? The typical components of a Splunk deployment are made up of the following (all of which can exist on a single machine): • Search Head: The web service you login to through your browser and submit searches, cleverdata.ru | info@cleverdata.ru view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer When a search is submitted by a user, the search head submits that search to each indexer individually and they run in parallel (distributed). A “map” function grabbing data in parallel execution fashion. sourcetype=syslog src_ip=192.168.1.1 | chart count by host The map function = “sourcetype=syslog src_ip=192.168.1.1” The reduce function = “chart count by host” Splunk is unique because it built a framework around MapReduce and setup a very handy search language that easily and directly gets translated into a MapReduce job.
  • 20. Splunk Architecture • Scales to TBs/day and Thousands of Users • Automatic load balancing linearly scales indexing • Distributed search and MapReduce linearly scales search and reporting cleverdata.ru | info@cleverdata.ru
  • 21. Scaling and High Availability cleverdata.ru | info@cleverdata.ru The functionality of Splunk can be roughly broken down into three basic areas: • Search Head: The web service you login to through your browser and submit searches, view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer Splunk can scale them individually. Clustering Splunk indexers is the way to achieve high availability. The coordination of the replication, failure, and other clustering specific items is done by a cluster master.

Editor's Notes

  1. Machine-generated data has long been used in the data center by IT professionals but has only recently been recognized as a new source for helping other departments. Sometimes called IT data or operational data, machine data is all of the data generated by applications, servers, network devices, security devices, and other systems in your business. The universe covered by machine data is much more than log files—it includes data from configuration, clickstreams, change events, diagnos- tics, APIs, message queues, and custom applications. This data is rigidly structured, time-series based, and high-volume. It’s generated by almost every component in IT, and its formats and sources vary widely. Thou- sands of distinct log formats, many from custom applications, are critical to diagnosing service problems, detecting sophisticated security threats, and demonstrating compliance. And with the explosion of connected de- vices, the sheer amount of information being created by machines of all kinds—GPS devices, RFID tags, mobile phones, utility equipment, and so on—is expanding more quickly than our ability to process and use it. The value of machine data is not news to IT professionals; they have used it for years. Increasingly, users of Splunk find that it can also help shed light on business issues. Machine data is most often stored in large files, and before Splunk, it would lie around dormant until problems arose and these files had to be manually inspected. With Splunk these files are indexed and useable. Business users are used to dealing with data generated by people par- ticipating in business processes. Most often this transactional data, as it’s called, is stored in one of two forms.