SlideShare a Scribd company logo

Splunk Architecture

Kishore Chaganti
Kishore Chaganti

Splunk is a scalable software that indexes and searches logs and IT data in real time. It can analyze data from any application, server, or device. Splunk uses a server component and forwarders to collect and index streaming data, and provides a web interface for searching, reporting, monitoring and alerting on the data.

1 of 19
LOGO Splunk
LOGO Splunk ? Splunk is a high performance, scalable software server written in C/C++ and Python It indexes and searches logs and other IT data in real time. Splunk works with data generated by any application, server or device It is big data solution and provides parallelism Updated information of the log Analyze the logs generated by the system Interact with system directory
LOGO Splunk ? The Splunk Developer API is accessible via REST, SOAP or the command line. Splunkd is a distributed C/C++ server that accesses, processes and indexes streaming IT data and also handles search requests. splunkweb is a Python-based application server providing the Splunk Web user interface
LOGO Splunk Features Features Reporting Monitoring Log Analysis Altering Dashboards
LOGO Different ways of using Splunk Splunk Splunk Enterprise Splunk Cloud Splunk Light Limitations Compare with Enterprise and Cloud 5 Users 250 GB HA & DR Clustering Distributed Search
LOGO Splunk Enterprise vs Cloud
LOGO Splunk Architecture
LOGO Splunk Server
LOGO Splunk Components Server 1 (UF) Server 2 (UF) Server 3 (UF) Server 3 (UF) Load Balance HF HF Load Balance Indexer 1 Indexer 2 Search 1 Search 2 Report Dashboard App Alert License Master Deployment
LOGO Universal Forward (UF) It is light weight component and push technology & push the data to the Heavy forwarder We have to install UF S/W at client side or application server We need to configure the path to forward the logs E.G. <c:/logs> to 10.0.0.23 We can’t generate any report or dashboard by UF Only forwards the log data Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
LOGO Heavy Forward (HF) Load balancer balance the load Splunk provides default load balancer or we can use your own load balancer Heavy forward is heavy component By using HF you can filter the data Example collect only error logs Splunk has very good expression based interface to filter the data We can install in place of universal forwarder -> Heavy forwarder but it impact the application performance hence, best practice is install UF at client side Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
LOGO Heavy Forward (HF) Indexer is the very critical component Splunk indexer works more effectively Indexer stores the and index the data Index helps the search performance By default splunk does the index i.e. host, source and date & time Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
LOGO Heavy Forward (HF) Search goes back to the indexer and pulls the data It providers reports, dashboard It providers alters It providers apps Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
LOGO Heavy Forward (HF) Deployment server helps to deploy the configuration e.g. update the UF configuration file License update App’s deployment Something you want to share between the component we can use the deployment server Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
LOGO Heavy Forward (HF) License is based on volume & usage E.G. 50 GB per day Splunk always check the licenses Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
LOGO Types of Data Splunk Can Read
LOGO Splunk Initial Screen
LOGO Splunk Settings
LOGO Splunk Search

Recommended

Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 

Recommended

Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
Splunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Edureka!
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
Splunk
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
John Hubbard
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Ahmet Ozturk
 
Data Pipeline for The Big Data/Data Science OKC
Data Pipeline for The Big Data/Data Science OKCData Pipeline for The Big Data/Data Science OKC
Data Pipeline for The Big Data/Data Science OKC
Mark Smith
 

More Related Content

What's hot

SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
Splunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Edureka!
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
Splunk
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
John Hubbard
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 

What's hot (20)

SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
 
SplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced SessionSplunkLive 2011 Advanced Session
SplunkLive 2011 Advanced Session
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 

Similar to Splunk Architecture

Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Ahmet Ozturk
 
Data Pipeline for The Big Data/Data Science OKC
Data Pipeline for The Big Data/Data Science OKCData Pipeline for The Big Data/Data Science OKC
Data Pipeline for The Big Data/Data Science OKC
Mark Smith
 
1 extreme performance - part i
1 extreme performance - part i1 extreme performance - part i
1 extreme performance - part isqlserver.co.il
 
Introduction to Lucidworks Fusion - Alexander Kanarsky, Lucidworks
Introduction to Lucidworks Fusion - Alexander Kanarsky, LucidworksIntroduction to Lucidworks Fusion - Alexander Kanarsky, Lucidworks
Introduction to Lucidworks Fusion - Alexander Kanarsky, Lucidworks
Lucidworks
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
Splunk
 
LOD2: State of Play WP6 - LOD2 Stack Architecture
LOD2: State of Play WP6 - LOD2 Stack ArchitectureLOD2: State of Play WP6 - LOD2 Stack Architecture
LOD2: State of Play WP6 - LOD2 Stack Architecture
LOD2 Creating Knowledge out of Interlinked Data
 
Webinar: Fusion 2.3 Preview - Enhanced Features with Solr & Spark
Webinar: Fusion 2.3 Preview - Enhanced Features with Solr & SparkWebinar: Fusion 2.3 Preview - Enhanced Features with Solr & Spark
Webinar: Fusion 2.3 Preview - Enhanced Features with Solr & Spark
Lucidworks
 
Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)
Thierry Gayet
 
Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...
Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...
Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...
Simplilearn
 
The other Apache Technologies your Big Data solution needs
The other Apache Technologies your Big Data solution needsThe other Apache Technologies your Big Data solution needs
The other Apache Technologies your Big Data solution needs
gagravarr
 
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza SeattleBuilding Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
Evan Chan
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
Greg Hanchin
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau Architecture
Kishore Chaganti
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK Stack
Rohit Sharma
 
DBCC 2021 - FLiP Stack for Cloud Data Lakes
DBCC 2021 - FLiP Stack for Cloud Data LakesDBCC 2021 - FLiP Stack for Cloud Data Lakes
DBCC 2021 - FLiP Stack for Cloud Data Lakes
Timothy Spann
 
Lyft talks #4 Orchestrating big data and ML pipelines at Lyft
Lyft talks #4 Orchestrating big data and ML pipelines at LyftLyft talks #4 Orchestrating big data and ML pipelines at Lyft
Lyft talks #4 Orchestrating big data and ML pipelines at Lyft
Constantine Slisenka
 
Sparkflows - Build E2E Data Analytics Use Cases in less than 30 mins
Sparkflows - Build E2E Data Analytics Use Cases in less than 30 minsSparkflows - Build E2E Data Analytics Use Cases in less than 30 mins
Sparkflows - Build E2E Data Analytics Use Cases in less than 30 mins
sparkflows
 
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration) SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
Surendar S
 
Use of Open Source Software Enhancing Curriculum | Developing Opportunities
Use of Open Source Software Enhancing Curriculum | Developing OpportunitiesUse of Open Source Software Enhancing Curriculum | Developing Opportunities
Use of Open Source Software Enhancing Curriculum | Developing Opportunities
Maurice Dawson
 

Similar to Splunk Architecture (20)

Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
Innovile Optima Parsers (RAN, CORE, TAN) (GSM, UMTS, LTE)
 
Data Pipeline for The Big Data/Data Science OKC
Data Pipeline for The Big Data/Data Science OKCData Pipeline for The Big Data/Data Science OKC
Data Pipeline for The Big Data/Data Science OKC
 
1 extreme performance - part i
1 extreme performance - part i1 extreme performance - part i
1 extreme performance - part i
 
Introduction to Lucidworks Fusion - Alexander Kanarsky, Lucidworks
Introduction to Lucidworks Fusion - Alexander Kanarsky, LucidworksIntroduction to Lucidworks Fusion - Alexander Kanarsky, Lucidworks
Introduction to Lucidworks Fusion - Alexander Kanarsky, Lucidworks
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
 
LOD2: State of Play WP6 - LOD2 Stack Architecture
LOD2: State of Play WP6 - LOD2 Stack ArchitectureLOD2: State of Play WP6 - LOD2 Stack Architecture
LOD2: State of Play WP6 - LOD2 Stack Architecture
 
Webinar: Fusion 2.3 Preview - Enhanced Features with Solr & Spark
Webinar: Fusion 2.3 Preview - Enhanced Features with Solr & SparkWebinar: Fusion 2.3 Preview - Enhanced Features with Solr & Spark
Webinar: Fusion 2.3 Preview - Enhanced Features with Solr & Spark
 
Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)Centralization of all log (application, docker, security, ...)
Centralization of all log (application, docker, security, ...)
 
Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...
Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...
Apache Spark Architecture | Apache Spark Architecture Explained | Apache Spar...
 
The other Apache Technologies your Big Data solution needs
The other Apache Technologies your Big Data solution needsThe other Apache Technologies your Big Data solution needs
The other Apache Technologies your Big Data solution needs
 
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza SeattleBuilding Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Tableau Architecture
Tableau ArchitectureTableau Architecture
Tableau Architecture
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK Stack
 
DBCC 2021 - FLiP Stack for Cloud Data Lakes
DBCC 2021 - FLiP Stack for Cloud Data LakesDBCC 2021 - FLiP Stack for Cloud Data Lakes
DBCC 2021 - FLiP Stack for Cloud Data Lakes
 
Lyft talks #4 Orchestrating big data and ML pipelines at Lyft
Lyft talks #4 Orchestrating big data and ML pipelines at LyftLyft talks #4 Orchestrating big data and ML pipelines at Lyft
Lyft talks #4 Orchestrating big data and ML pipelines at Lyft
 
Sparkflows - Build E2E Data Analytics Use Cases in less than 30 mins
Sparkflows - Build E2E Data Analytics Use Cases in less than 30 minsSparkflows - Build E2E Data Analytics Use Cases in less than 30 mins
Sparkflows - Build E2E Data Analytics Use Cases in less than 30 mins
 
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration) SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
 
Use of Open Source Software Enhancing Curriculum | Developing Opportunities
Use of Open Source Software Enhancing Curriculum | Developing OpportunitiesUse of Open Source Software Enhancing Curriculum | Developing Opportunities
Use of Open Source Software Enhancing Curriculum | Developing Opportunities
 

Recently uploaded

The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
jerlynmaetalle
 
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
axoqas
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Boston Institute of Analytics
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
haila53
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
enxupq
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
nscud
 
Tabula.io Cheatsheet: automate your data workflows
Tabula.io Cheatsheet: automate your data workflowsTabula.io Cheatsheet: automate your data workflows
Tabula.io Cheatsheet: automate your data workflows
alex933524
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
ewymefz
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
Tiktokethiodaily
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
ewymefz
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
MaleehaSheikh2
 
Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)
TravisMalana
 
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
axoqas
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
yhkoc
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
ewymefz
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
NABLAS株式会社
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
ArpitMalhotra16
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
James Polillo
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 

Recently uploaded (20)

The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...The affect of service quality and online reviews on customer loyalty in the E...
The affect of service quality and online reviews on customer loyalty in the E...
 
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
做(mqu毕业证书)麦考瑞大学毕业证硕士文凭证书学费发票原版一模一样
 
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project PresentationPredicting Product Ad Campaign Performance: A Data Analysis Project Presentation
Predicting Product Ad Campaign Performance: A Data Analysis Project Presentation
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdfCh03-Managing the Object-Oriented Information Systems Project a.pdf
Ch03-Managing the Object-Oriented Information Systems Project a.pdf
 
一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单一比一原版(YU毕业证)约克大学毕业证成绩单
一比一原版(YU毕业证)约克大学毕业证成绩单
 
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
一比一原版(CBU毕业证)不列颠海角大学毕业证成绩单
 
Tabula.io Cheatsheet: automate your data workflows
Tabula.io Cheatsheet: automate your data workflowsTabula.io Cheatsheet: automate your data workflows
Tabula.io Cheatsheet: automate your data workflows
 
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
一比一原版(UPenn毕业证)宾夕法尼亚大学毕业证成绩单
 
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
1.Seydhcuxhxyxhccuuxuxyxyxmisolids 2019.pptx
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证成绩单
 
FP Growth Algorithm and its Applications
FP Growth Algorithm and its ApplicationsFP Growth Algorithm and its Applications
FP Growth Algorithm and its Applications
 
Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)
 
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
哪里卖(usq毕业证书)南昆士兰大学毕业证研究生文凭证书托福证书原版一模一样
 
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
一比一原版(CU毕业证)卡尔顿大学毕业证成绩单
 
一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单一比一原版(NYU毕业证)纽约大学毕业证成绩单
一比一原版(NYU毕业证)纽约大学毕业证成绩单
 
社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .社内勉強会資料_LLM Agents                              .
社内勉強会資料_LLM Agents                              .
 
standardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghhstandardisation of garbhpala offhgfffghh
standardisation of garbhpala offhgfffghh
 
Jpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization SampleJpolillo Amazon PPC - Bid Optimization Sample
Jpolillo Amazon PPC - Bid Optimization Sample
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 

Splunk Architecture

  • 2. LOGO Splunk ? Splunk is a high performance, scalable software server written in C/C++ and Python It indexes and searches logs and other IT data in real time. Splunk works with data generated by any application, server or device It is big data solution and provides parallelism Updated information of the log Analyze the logs generated by the system Interact with system directory
  • 3. LOGO Splunk ? The Splunk Developer API is accessible via REST, SOAP or the command line. Splunkd is a distributed C/C++ server that accesses, processes and indexes streaming IT data and also handles search requests. splunkweb is a Python-based application server providing the Splunk Web user interface
  • 5. LOGO Different ways of using Splunk Splunk Splunk Enterprise Splunk Cloud Splunk Light Limitations Compare with Enterprise and Cloud 5 Users 250 GB HA & DR Clustering Distributed Search
  • 9. LOGO Splunk Components Server 1 (UF) Server 2 (UF) Server 3 (UF) Server 3 (UF) Load Balance HF HF Load Balance Indexer 1 Indexer 2 Search 1 Search 2 Report Dashboard App Alert License Master Deployment
  • 10. LOGO Universal Forward (UF) It is light weight component and push technology & push the data to the Heavy forwarder We have to install UF S/W at client side or application server We need to configure the path to forward the logs E.G. <c:/logs> to 10.0.0.23 We can’t generate any report or dashboard by UF Only forwards the log data Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
  • 11. LOGO Heavy Forward (HF) Load balancer balance the load Splunk provides default load balancer or we can use your own load balancer Heavy forward is heavy component By using HF you can filter the data Example collect only error logs Splunk has very good expression based interface to filter the data We can install in place of universal forwarder -> Heavy forwarder but it impact the application performance hence, best practice is install UF at client side Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
  • 12. LOGO Heavy Forward (HF) Indexer is the very critical component Splunk indexer works more effectively Indexer stores the and index the data Index helps the search performance By default splunk does the index i.e. host, source and date & time Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
  • 13. LOGO Heavy Forward (HF) Search goes back to the indexer and pulls the data It providers reports, dashboard It providers alters It providers apps Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
  • 14. LOGO Heavy Forward (HF) Deployment server helps to deploy the configuration e.g. update the UF configuration file License update App’s deployment Something you want to share between the component we can use the deployment server Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
  • 15. LOGO Heavy Forward (HF) License is based on volume & usage E.G. 50 GB per day Splunk always check the licenses Universal Forward (UF) Load Balancer (LB) Heavy Forward (HF) Load Balancer (LB) Indexer (LB) Search head (SH) License manager (LM) Deployment Server (DS)
  • 16. LOGO Types of Data Splunk Can Read