The document introduces the Lucidworks app for Splunk Enterprise, detailing its deployment architecture, use cases, and capabilities. Lucidworks enhances data-driven applications through advanced search techniques, leveraging the open-source Lucene/Solr platform. The app facilitates multidimensional data analytics and document search, integrating Splunk data with unstructured sources for comprehensive insights.

1. Introducing the LucidWorks
App for Splunk Enterprise
Will Hayes
Chief of Products, LucidWorks
December 18, 2013
Search | Discover | Analyze
© 2013 LucidWorks, All Rights Reserved

2. Today’s Presenter
Chief of Products at LucidWorks
• Prior to LW, spent 8 years at Splunk, employee #9ish
(held various roles Engineering, Business Development, Solutions)
• 15 years developing data driven apps and solutions
• Proud Search Snob!
@iamwillhayes
2

3. Agenda
LucidWorks App for Splunk Enterprise
• About LucidWorks
• LucidWorks for Splunk Enterprise Deployment Architecture
• LucidWorks for Splunk Enterprise Overview
• Example Use Cases
• Demo
3

4. Our Mission
Enable Smarter Data Driven Applications Through the Power of Search
4

5. Data Driven Applications
Data Driven Applications deliver contextually relevant information when it’s needed
Techniques such as relevancy, recommendations, result ranking and
personalization greatly enhance enterprise and consumer applications:
–
–
–
–
–
Consumer Websites
Knowledge Management
Cyber Security
Fraud Detection
Governance and Compliance
5

6. Who is LucidWorks?
Commercializing and Extending Industry Leading Open Source Search
•
•
•
•
Founded in 2007 to be the go-to-company for Lucene/Solr expertise
300+ customers (many Fortune 500)
30% of the Apache Lucene/Solr committers contributing over 50% of dev
Creators of industry’s first enterprise grade search product built on Lucene/Solr
100’s of Billions
of documents
searched
4,000+
Enterprise
applications
200%
Growth in
recurring revenue
6

7. What is LucidWorks Search?
Most comprehensive enterprise search built on an Open Core
Entity Extraction
User Interface for customization
Connectors & Crawlers
Cluster installer
Business Rules
Relevancy Workbench
Time to Value
+
+
Lucene
Advanced Full-Text Search Capabilities
Optimized for High Volume Web Traffic
Standards Based Open Interfaces - XML, JSON
and HTTP
Comprehensive HTML Administration Interfaces
Server statistics exposed over JMX for
monitoring
Linearly scalable
High-Performance Indexing | Powerful, Accurate
& Efficient Search Algorithms
Ranked & Field searching
Flexible faceting, highlighting, joins and result
grouping
Pluggable ranking models
All built on Java
7

8. What is Lucene/Solr
60k - 100k downloads per month
Over 300,000 production deployments
is a library that delivers robust full-text indexing for unstructured
data
provides a search server exposing a variety of features and APIs:
• Distributed shared architecture with real time replication
• Most advanced querying capability for both structured and unstructured data
8

9. Fully Indexed and Searchable NoSQL Store
The Search First NoSQL store
The Solr Data Store provides:
– Distributed shared architecture with real time replication
– Schemaless support and incremental field updates
– Schema updates without re-indexing
– Most advanced querying capability for both structured and unstructured data
9

10. Reference Architecture
Uniform REST API
Content
Acquisition
Search – Discovery – Analytics Engine
›
Analytics
›
Classification/Machine Learning
›
Natural Language Processing
›
System
Management
Key Workflows (bulk loading, log analysis, common metrics)
Installation
Administration
Enterprise
Repository
Monitoring
Configuration Mgt.
Social Media
MongoDB
Big Data File System
Service
Management
Databases
HDFS
Data Management
Cloud
Push
MapR
Search
Indexes
Search
Logs
ZooKeeper
10

11. What is Splunk?
The Platform for Operational Intelligence
11

12. Reference Architecture
The best of both worlds
Reports generated leveraging data from Splunk + LucidWorks/Solr
LucidWorks App for
Splunk Enterprise
Search logs collected from lws server
Perf counters Collected using REST
12

13. The LucidWorks App for Splunk Enterprise
Multidimensional Data Analytics and Document Search for Splunk
Multi-Dimensional Data Analysis
NoSQL Data Joins and Document Search
Join Splunk data with multiple unstructured data
sources stored in Solr at search time for developing
powerful data driven applications.
Splunk’s lookup facility, enrich your Splunk reports with data
of any structure using Solr’s fully indexed and searchable
NoSQL-datastore.
Solr Monitor
Monitor the health, availability and resource
utilization Solr deployments with pre-defined
data inputs, dashboards and reports.
Search Analytics
Perform user behavior and search usage
analysis with pre-built search analytics
reports and field extractions.
13

14. Solr Monitor
14

15. Solr Monitor
15

16. Solr Monitor
16

17. Solr Monitor
17

18. User Behavior - Search Analytics
18

19. Corporate Compliance – Multidimensional Analysis
Web Access Logs in Splunk show
search
Correlation and Enrichment Powered by LucidWorks
19

20. Document Search - E-mail Messages and Attachments
20

21. Demo
Demo!
21

22. Take the Next Step
• Visit the Solr Marketplace:
– lucidworks.com/marketplace
• Request a detailed demo:
– Eric.mitchell@lucidworks.com
– 650-353-4057 x171
@LucidWorks
LucidWorks.com/facebook
22