SlideShare a Scribd company logo

Sp livenyc dow jones_10_21_2010_edit

Download as PPTX, PDF
B
Brian Guilfoyle
1 of 15
New York, NY October 26, 2010
Brian Guilfoyle Technical Architect Enterprise Systems Management
About Brian Guilfoyle 7 years with Dow Jones Previously AVP Enterprise Monitoring and Design at AllianceBernstein Specialties include: Enterprise cacti deployments providing high performance IT data logging and graphing solutions Tideway Foundation integration for configuration item (CI) discovery, reporting and CMDB reconcilement Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 3
Large Media Organization Leading provider of global business news and information services Consumer and Enterprise media groups service millions of customers 7000 employees Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 4
Our Environment 6000+ servers globally 13,500 + source types 1,700 network devices (primarily Cisco and Juniper) 4,000+ devices feeding into Splunk 16 Splunk indexers (for various business lines) Indexing ~100 GB/ day Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 5
Wanted: New Logging Solution Command centers need to know what’s happening before customers do Outlook outages could impact internal users’ productivity Editorial sites can’t go down—direct impact to customer service and revenue Existing log monitoring solution was not accessible, distributed, or fully featured Prohibitive cost per device Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 6
Splunk vs. Patrol Ability to update all agents + searches from deployment server With Splunk we can look at all servers from one place Splunk can handle complex, logic-based expressions Splunk is more cost-effective in licensing for throughput versus per agent or per user More secure, ability to browse directly to Splunk to see application log files Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 7
Splunk for Monitoring Splunk’s saved searches send infrastructure issues to Operations Splunk generates significantly fewer false positives Much easier to manage and deploy new servers due to centralization of saved searches Much easier to troubleshoot across all 6000 servers Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 8
Splunk/Smarts Architecture TCP 9000 (splunk) TCP 9000 ESM/GTS – Splunk Architecture SMARTS Infrastructure (splunk) Splunk Reporting Splunk Indexer V4.1.4 Operator Operator Operator Smarts SAM CMG Slot Smarts SAM EMG Slot Smarts SAM CORP Slot TCP 389 LDAP User Searches (Authenticate with Indexers via LDAP (AD) Smarts Trap Smarts Trap Smarts Trap Splunk QA Splunk – Distributed Search CMG EMG CORP Deployment TCP 8089 (Splunk Mgmt) SNMP UDP 162 Splunk Splunk Indexers Indexers V4.1.4 V4.1.4 Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Netscalar LB Netscalar LB TCP 9000 Fsplunkc.dowjones.net Fsplunk.fdotc (splunk) TCP 9000 172.25.208.249 172.27.19.205 UDP 514 Load TCP 9000 (splunk) (splunk) (syslog) UDP 514 TCP 9000 Balancers (splunk) TCP 9000 UDP 514 (syslog) (syslog) UDP 514 (splunk) (syslog) UDP 514 Splunk (syslog) Splunk Splunk Splunk Forwarders Forwarders Forwarders Forwarders (Factiva (Remote (Corp, CMG, (Factiva Corp) Product) Offices) EMG) v3.4.9 v3.4.9 v3.4.9 v3.4.9 Splunk Splunk Forwarders Forwarders Splunk (MW SB) (MW SEC) Forwarders v3.4.9 v3.4.9 (HKG) v3.4.9 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 9
Scheduler Dashboard 100 – 200 Saved Searches running on each indexer every 3 minutes Need to detect problems and send alerts ASAP Indexers specially tuned for this 10 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 10
Charging Business Units for Splunk Each business unit has dedicated Splunk indexer We separate out licenses and charge based on business unit usage Common saved searches across most LOBs Specialized searches based on interesting application data Secure, role-based access makes dashboards and data available to appropriate parties Managing deployment saved searches through indexers Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 11
Managing Licensing “Indexing Volume” dashboard used to view licensing Custom searches to spot “flooding” hosts 12 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 12
Getting Smarts Consolidating Smarts data into Splunk uber dashboard Easier to dig in through Splunk than through Smarts 13 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 13
What’s Next? Real time alerting! More on business intelligence More on user patterns/ interaction for improved customer experience Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 14
Questions? 15 15 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010

Recommended

Future Signaling Protocols What’s New in IETF
Future Signaling Protocols What’s New in IETFFuture Signaling Protocols What’s New in IETF
Future Signaling Protocols What’s New in IETFJohn Loughney
 
JESS3 x Facebook Top 5 Elections on Facebook 2014
JESS3 x Facebook Top 5 Elections on Facebook 2014JESS3 x Facebook Top 5 Elections on Facebook 2014
JESS3 x Facebook Top 5 Elections on Facebook 2014JESS3
 
Best of .conf21 Session Recommendations
Best of .conf21 Session RecommendationsBest of .conf21 Session Recommendations
Best of .conf21 Session RecommendationsSplunk
 
SplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...
Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...
Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...Flink Forward
 
Customer Presentation - Telus
Customer Presentation - TelusCustomer Presentation - Telus
Customer Presentation - TelusSplunk
 

Recommended

Future Signaling Protocols What’s New in IETF
Future Signaling Protocols What’s New in IETFFuture Signaling Protocols What’s New in IETF
Future Signaling Protocols What’s New in IETFJohn Loughney
 
JESS3 x Facebook Top 5 Elections on Facebook 2014
JESS3 x Facebook Top 5 Elections on Facebook 2014JESS3 x Facebook Top 5 Elections on Facebook 2014
JESS3 x Facebook Top 5 Elections on Facebook 2014JESS3
 
Best of .conf21 Session Recommendations
Best of .conf21 Session RecommendationsBest of .conf21 Session Recommendations
Best of .conf21 Session RecommendationsSplunk
 
SplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunkLive! Detroit April 2013 - Domino's Pizza
SplunkLive! Detroit April 2013 - Domino's PizzaSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...
Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...
Virtual Flink Forward 2020: Keynote: The Evolution of Data Infrastructure at ...Flink Forward
 
Customer Presentation - Telus
Customer Presentation - TelusCustomer Presentation - Telus
Customer Presentation - TelusSplunk
 
Splunk
SplunkSplunk
SplunkKnoldus Inc.
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk
 
CRYPTTECH PRODUCTS
CRYPTTECH PRODUCTSCRYPTTECH PRODUCTS
CRYPTTECH PRODUCTSMustafa Kuğu
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
Splunk metrics via telegraf
Splunk metrics via telegrafSplunk metrics via telegraf
Splunk metrics via telegrafAshvin Pandey
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best ofSplunk
 
FNC2751.pdf
FNC2751.pdfFNC2751.pdf
FNC2751.pdfCristhianEspinosa6
 
NATE-Central-Log
NATE-Central-LogNATE-Central-Log
NATE-Central-LogStefan Coetzee
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunk
 
BRKSPG-2698 - v0.3.8.pdf
BRKSPG-2698 - v0.3.8.pdfBRKSPG-2698 - v0.3.8.pdf
BRKSPG-2698 - v0.3.8.pdfSteve Iatrou
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 

More Related Content

Similar to Sp livenyc dow jones_10_21_2010_edit

Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunk
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunk
 
Splunk metrics via telegraf
Splunk metrics via telegrafSplunk metrics via telegraf
Splunk metrics via telegrafAshvin Pandey
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStormDmitri Zimine
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best ofSplunk
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunk
 
BRKSPG-2698 - v0.3.8.pdf
BRKSPG-2698 - v0.3.8.pdfBRKSPG-2698 - v0.3.8.pdf
BRKSPG-2698 - v0.3.8.pdfSteve Iatrou
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 

Similar to Sp livenyc dow jones_10_21_2010_edit (20)

Splunk
SplunkSplunk
Splunk
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
SplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - IntuitSplunkLive! San Francisco Dec 2012 - Intuit
SplunkLive! San Francisco Dec 2012 - Intuit
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAP
 
CRYPTTECH PRODUCTS
CRYPTTECH PRODUCTSCRYPTTECH PRODUCTS
CRYPTTECH PRODUCTS
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
 
Splunk metrics via telegraf
Splunk metrics via telegrafSplunk metrics via telegraf
Splunk metrics via telegraf
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNK
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Mistral and StackStorm
Mistral and StackStormMistral and StackStorm
Mistral and StackStorm
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best of
 
FNC2751.pdf
FNC2751.pdfFNC2751.pdf
FNC2751.pdf
 
NATE-Central-Log
NATE-Central-LogNATE-Central-Log
NATE-Central-Log
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
 
BRKSPG-2698 - v0.3.8.pdf
BRKSPG-2698 - v0.3.8.pdfBRKSPG-2698 - v0.3.8.pdf
BRKSPG-2698 - v0.3.8.pdf
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gx
 

Sp livenyc dow jones_10_21_2010_edit

  • 2. Brian Guilfoyle Technical Architect Enterprise Systems Management
  • 3. About Brian Guilfoyle 7 years with Dow Jones Previously AVP Enterprise Monitoring and Design at AllianceBernstein Specialties include: Enterprise cacti deployments providing high performance IT data logging and graphing solutions Tideway Foundation integration for configuration item (CI) discovery, reporting and CMDB reconcilement Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 3
  • 4. Large Media Organization Leading provider of global business news and information services Consumer and Enterprise media groups service millions of customers 7000 employees Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 4
  • 5. Our Environment 6000+ servers globally 13,500 + source types 1,700 network devices (primarily Cisco and Juniper) 4,000+ devices feeding into Splunk 16 Splunk indexers (for various business lines) Indexing ~100 GB/ day Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 5
  • 6. Wanted: New Logging Solution Command centers need to know what’s happening before customers do Outlook outages could impact internal users’ productivity Editorial sites can’t go down—direct impact to customer service and revenue Existing log monitoring solution was not accessible, distributed, or fully featured Prohibitive cost per device Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 6
  • 7. Splunk vs. Patrol Ability to update all agents + searches from deployment server With Splunk we can look at all servers from one place Splunk can handle complex, logic-based expressions Splunk is more cost-effective in licensing for throughput versus per agent or per user More secure, ability to browse directly to Splunk to see application log files Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 7
  • 8. Splunk for Monitoring Splunk’s saved searches send infrastructure issues to Operations Splunk generates significantly fewer false positives Much easier to manage and deploy new servers due to centralization of saved searches Much easier to troubleshoot across all 6000 servers Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 8
  • 9. Splunk/Smarts Architecture TCP 9000 (splunk) TCP 9000 ESM/GTS – Splunk Architecture SMARTS Infrastructure (splunk) Splunk Reporting Splunk Indexer V4.1.4 Operator Operator Operator Smarts SAM CMG Slot Smarts SAM EMG Slot Smarts SAM CORP Slot TCP 389 LDAP User Searches (Authenticate with Indexers via LDAP (AD) Smarts Trap Smarts Trap Smarts Trap Splunk QA Splunk – Distributed Search CMG EMG CORP Deployment TCP 8089 (Splunk Mgmt) SNMP UDP 162 Splunk Splunk Indexers Indexers V4.1.4 V4.1.4 Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Indexer Netscalar LB Netscalar LB TCP 9000 Fsplunkc.dowjones.net Fsplunk.fdotc (splunk) TCP 9000 172.25.208.249 172.27.19.205 UDP 514 Load TCP 9000 (splunk) (splunk) (syslog) UDP 514 TCP 9000 Balancers (splunk) TCP 9000 UDP 514 (syslog) (syslog) UDP 514 (splunk) (syslog) UDP 514 Splunk (syslog) Splunk Splunk Splunk Forwarders Forwarders Forwarders Forwarders (Factiva (Remote (Corp, CMG, (Factiva Corp) Product) Offices) EMG) v3.4.9 v3.4.9 v3.4.9 v3.4.9 Splunk Splunk Forwarders Forwarders Splunk (MW SB) (MW SEC) Forwarders v3.4.9 v3.4.9 (HKG) v3.4.9 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 9
  • 10. Scheduler Dashboard 100 – 200 Saved Searches running on each indexer every 3 minutes Need to detect problems and send alerts ASAP Indexers specially tuned for this 10 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 10
  • 11. Charging Business Units for Splunk Each business unit has dedicated Splunk indexer We separate out licenses and charge based on business unit usage Common saved searches across most LOBs Specialized searches based on interesting application data Secure, role-based access makes dashboards and data available to appropriate parties Managing deployment saved searches through indexers Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 11
  • 12. Managing Licensing “Indexing Volume” dashboard used to view licensing Custom searches to spot “flooding” hosts 12 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 12
  • 13. Getting Smarts Consolidating Smarts data into Splunk uber dashboard Easier to dig in through Splunk than through Smarts 13 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 13
  • 14. What’s Next? Real time alerting! More on business intelligence More on user patterns/ interaction for improved customer experience Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010 14
  • 15. Questions? 15 15 Washington, DC May 20, 2010 © Splunk Inc. Confidential 2010

Editor's Notes

  1. How much dataShow F5 productsStart more with the challenges of managing an F5 environment today from log management, troubleshooting, security and complianceHow does this translate to F5 Apps in their own environment?Look to ESS as an example
  2. What’s Next?Business intelligence reportingUser pattern reporting