Splunk is a time-series data platform that handles the three V's of data (volume, velocity, and variety) very well. It collects, indexes, and allows searching and analysis of data. Splunk can collect data from files, directories, network ports, programs/scripts, and databases. It breaks data down into searchable events and builds a high-performance index. This allows users to search, manipulate, and visualize data in reports, charts, and dashboards. Splunk can analyze structured, unstructured, and multistructured data from various sources like logs, networks, clicks, and more.

1. By
Deep Mehta

2. What is Splunk?
Splunk is Time Series Indexer that take care of
three V’s very well.
Data Collection
Data Indexing
Search and Analysis

4. Data Collection in Splunk
• Static data or by monitoring changes and
additions to files or complete directories on a
real time basis.
• Data can also be collected from network ports
or directly from programs or scripts.
• Splunk can connect with relational databases
to collect, insert or update data.

5. Data Indexing in Splunk
• Data is broken down into events, roughly
equivalent to database records. The data is
processed and a high performance index is
updated, which points to the stored data.

7. Search And Analysis
• The Splunk Processing Language, you are able to
search for data and manipulate it to obtain the
desired results, whether in the form of reports
or alerts. The results can be presented as
individual events, tables, timecharts, dashboard
or charts .

8. Data in Splunk
• Traditional structured data that is residing in
databases or data warehouses.
• Unstructured data or documents stored in
content repositories.
• Multistructured data available in different
types of logs.
• Clickstream data.
• Network data.

9. Why Splunk

10. • Operational Data Insights
• Machine Data
• Business Intelligence
• Machine learning
Why Splunk

11. • Operational intelligence (OI) is a category of
real-time dynamic, business analytics that
delivers visibility and insight into data,
streaming events and business operations
Operational Data Insights

12. • The newer categories of data such as logs,
network, clickstream and social media
becoming part of the mainstream data
analysis done by enterprises to make better
business decisions. These types of data are
sometimes also known as machine data.
Machine Data

14. • Business Intelligence (BI) refers to the tools,
technologies, applications and practices used
to collect, integrate, analyze, and present an
organization’s raw data in order to create
insightful and actionable business
information.
Business Intelligence

15. • Machine learning has the potential to radically
transform our daily lives. Whether you are
trying to predict how likely someone is to
purchase a product, or determine when a
cellular network will go down, machine
learning can deliver predictive analytics based
on the patterns seen in machine data
Machine Learning with Splunk

16. Splunk requires I.T. to focus on
• Aligning with the business
• Improving customer experience
• Accelerating time to value
• Develop new Digital Service

17. Splunk Architecture

19. Splunk Architecture

20. Scaling in Splunk

22. Splunk for Single Indexer

23. Splunk For Multi Indexer

24. Splunk For Security

25. Splunk SIEM Solutions
• Real Time Monitoring — Get a clear visual picture of the
organization’s security posture, easily customize views and drill
down to the raw event
• Prioritize and Act — Gain a security-specific view of your data to
increase detection capabilities and optimize incident response
• Rapid Investigations — Use ad hoc search and static, dynamic and
visual correlations to determine malicious activities
• Handle Multi-Step Investigations — Conduct breach and
investigative analyses to trace the dynamic activities associated
with advanced threats
• Splunk ES can be deployed as software, as a cloud service, in a
public or private cloud, or in a hybrid software-cloud deployment
• Gain insight from hybrid, Cloud and on-premises services
• Migrate or replace your legacy SIEM – select flexible options to
overcome legacy SIEM challenges

26. Application Management Using Splunk
Splunk helps companies deliver a better customer experience with
application management solutions that monitor and measure the key
areas that impact Customer Experience (CX): uptime, response times,
and MTTR. Unlike traditional vendors, Splunk provides visibility across
the entire stack, which enables customers to:
•Reduce mean-time-to-resolution (MTTR) from a few days to a few minutes.
•Proactively alert and notify for rapid problem detection and resolution
•Index any form of machine data and systemically analyze application and system
performance
•Gain insights on end-user transactions from multiple points of view
•Empower stakeholders to gain insights and make better business and technology
decisions

27. Visibility across Entire Stack
Splunk helps companies deliver a better customer experience with
application management solutions that monitor and measure the key
areas that impact Customer Experience (CX): uptime, response times,
and MTTR. Unlike traditional vendors, Splunk provides visibility across
the entire stack, which enables customers to:
•Reduce mean-time-to-resolution (MTTR) from a few days to a few minutes.
•Proactively alert and notify for rapid problem detection and resolution
•Index any form of machine data and systemically analyze application and system
performance
•Gain insights on end-user transactions from multiple points of view
•Empower stakeholders to gain insights and make better business and technology
decisions

28. Insights Across All Environments
Containers add speed and flexibility but they also introduce
added complexity related to logging, monitoring, visibility,
orchestration and security. Splunk helps companies unify
insights across container environments and the entire
technology stack with a single solution. This enables developers
to focus on what’s most important—the application itself.
•Monitor and analyze container data and enable IT operations analytics
•Find and fix container related problems faster
•Quickly address complex questions on container performance
•Determine whether the container, or the application that is running the
container is at fault for performance errors

29. Splunk for Internet Of Things
Splunk software provides a scalable and versatile
platform for machine data generated by all of the
devices, control systems, sensors, SCADA, networks,
applications and end users connected by today's
networks.
•Gain real-time insights and a unified view across critical industrial
systems and assets
•Improve operational efficiency through reduced downtime and increased
availability
•Quickly diagnose costly operational issues by correlating data from across
operational technology
•Move from reactive to proactive in your operations by detecting patterns,
trends and anomalies

30. Splunk For Production Unit
Manufacturers strive to optimize yield, performance and profit,
but it can be difficult to gain operational visibility when faced
with complex processes and multitudes of systems and sensors.
Splunk software collects and analyzes IT and industrial data on a
single platform to deliver real-time, operational insights across
the organization and throughout manufacturing processes.
Splunk helps you:
•Gain visibility into IT and manufacturing operations
•Monitor performance and uptime of systems and applications
•Rapidly troubleshoot issues in IT and industrial systems
•Improve security posture across the entire organization
•Gain insights into device, sensor and equipment performance

31. Splunk For Advance Application
Monitoring
Proactively measuring application availability,
usage and performance is critical for
delivering a positive customer experience.
Measure real-time availability, performance,
error and usage insights on applications
you’ve built and licensed, as well as the
underlying infrastructure

32. Splunk for Troubleshooting
Minimize MTTR by rapidly identifying the
causes of outages, performance bottlenecks
and errors, whether the problem resides in
the application or the infrastructure
supporting that application.

33. Splunk for Capacity Planning
Apply usage insights to optimize application
performance and cost—ensuring you can
deliver a positive customer experience, both
today and in the future.

34. Splunk for Service Level Management
Analyze and report overall service availability and
the key performance indicators (KPIs) that
support service level agreements (SLAs). You can
also quickly drill down to find out the root cause
of problems that are preventing SLA attainment.

35. Splunk for Business Insight
Collect, index and analyze data to assess the
business impact of transactions and enable
developers, operations and lines of business
to understand how applications drive
business activity.

36. Splunk for DevOps
Improve collaboration and gain visibility across
the product development lifecycle to reduce
the time required to deliver effective code,
monitor the DevOps tool chain, and gain
application insights that influence future
DevOps cycles.

37. Splunk for Container Monitoring
Gain insights on apps running in containers, as
well as the container environment. Connect
insights from containers with all layers of the
technology stack. Quickly address complex
questions on container performance, and
troubleshoot container-rich application
environments

38. Splunk For Mobile Intelligence
Improve mobile application performance
monitoring (APM) and end user monitoring
(EUM). Deliver better performing, more reliable
apps, and gain insight on end user experience.
Make mobile data open to developers,
operations and line of business users.

39. Thanking You