This document discusses Splunk Spark Integration. It provides an overview of Splunk including its products, customers, and deployment architecture. It then discusses the benefits of integrating Splunk with Spark, including leveraging Spark's powerful computing capabilities for machine learning while indexing unstructured data in Splunk. Finally, it presents three potential solutions for the integration and some challenges to address like avoiding moving large amounts of data and maintaining a good user experience while adapting to Splunk's query language.

1. Splunk Spark Integration
Gang Tao

2. About Me
• Software Engineer with 15+ Years experience
• Now architect working on Data acquisition and
Cloud App
• Used to be working on BI, ERP and other
Enterprise application development
• Like data science and open source

3. Splunk'Company'Overview'
3"
Company''
• Global"HQs:""
! San"Francisco"
! London""
! Hong"Kong"
• 1,800+"employees"globally"
• Annual"Revenue:"
$450.9M"(YoY"+49%)"
• NASDAQ:"SPLK"
Products'
• Free"trial"to"massive"scale"
• Splunk"products:""
! Splunk"Enterprise"
! Splunk"Cloud"
! Hunk"
! Splunk"Light"
! Splunk"MINT"
! Premium"SoluWons"
Customers''
• 10,000+"customers"
• Across"100"countries"
• Small"to"large"
organizaWons"
• More"than"80"of"the"
Fortune"100"
• Largest"license:""
! 400+"Terabytes/day"

4. Splunk'–'a'Data'Pla-orm'
Mainframe)
Data)
VMware)
Pla0orm)for)Machine)Data)
Exchange) PCI)Security)
Rela=onal)
Databases)
Mobile)Forwarders)
Syslog)/))
TCP)/)Other)
Sensors)&)
Control)Systems)
Wire))
Data)
Mobile)Intel)
Splunk'Premium'Apps' Rich'Ecosystem'of'Apps'
MINT'
)
Splunk － a Machine Data Platform

5. Demo

6. Splunk Technical Stack
Presenting
Processing
Store
Acquisition

7. Splunk Deployment Architecture
Indexer
store
data,
transform
row
data
into
events
and
searches
the
indexed
data
in
response
to
search
requests.
Search
Head
directs
search
requests
to
a
set
of
indexers,
merges
the
results
and
presents
them
to
the
user
Forwarder
get
data
into
indexers

8. Splunk VS Open Source

9. Splunk VS Open Source

10. SQL of Machine Data - SPL
SPL
–
Splunk
Processing
Language
SQL
*nix
Pipe
Google
Search

11. Extensibility - Splunk App
h0p://apps.splunk.com/
Enterprise
Security
ITSI
DB
Connect
Technology
Add-­‐ons

12. Why Integration?
• Splunk to Spark
• Data Ingestion
• Unstructure/Semi
Structure data Indexing
• Data processing with
Splunk search
• Data Presenting
• Spark to Splunk
• Powerful computing
capability
• Machine Learning
• Open Source community

13. Solution A

14. Solution B

15. Solution C
Indexer
Virtual Indexer (Spark)
SPL
Enhanced
Search Command
Spark
Driver
(SPL Parser)
Spark
Worker
Spark
Worker
Spark
Worker

16. Challenges
• Avoid big data movement
• keep good user experience
• Adapt to SPL concept