Splunk What's New - Nov 2014
•Download as PPTX, PDF•
0 likes•611 views
Learn what Splunk has been up to in the past couple of months, including a recap of the .conf14 User Conference, and what's new in Splunk 6.2.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Splunk What's New - Nov 2014
Similar to Splunk What's New - Nov 2014 (20)
More from Hal Rottenberg
More from Hal Rottenberg (6)
Recently uploaded
Recently uploaded (20)
Splunk What's New - Nov 2014
- 1. Copyright © 2014 Splunk Inc. .conf14 / What’s New Hal Rottenberg
- 2. Agenda Splunk News .conf14 Recap Splunk Enterprise 6.2 – What’s New? Demos 2
- 3. Splunk News
- 4. What Have We Been Up To? Splunk 6.2 Released MINT Express launched & MINT Enterprise announced Amazon AWS – New app for CloudTrail – Beta app for AWS Config service – Hunk-as-a-service integration with EMR Partnerships & Integrations – IoT – Kepware – Service Now – SFDC 4
- 7. .conf14 – Top 5 Sessions Security Ninjutsu – Using Splunk for Advanced Correlation, Anomaly Detection and Response Automation Deep Dive Into Search Head Clustering Curating User Experience: Dashboarding Tips and Tricks Latest Version of Splunk Enterprise: New Feature Overview Detecting Fraud and Suspicious Events Using Risk Scoring 7
- 8. .conf14 – Next 5 Splunk Monitoring Console - New Native Tools for Monitoring Your Splunk Deployment Using Selenium and Splunk for Transaction Monitoring Insight Dashboard Fun - Creating an Interactive Transaction Profiler Getting Deeper Insights Into Your Virtualization and Storage With Splunk Splunk Search Optimization 8
- 9. Copyright © 2014 Splunk Inc. What Did You Learn? 9
- 10. Splunk Enterprise 6.2 – What’s New?
- 11. Copyright © 2014 Splunk Inc. Introducing Splunk Enterprise 6.2 11 Getting Data In Advanced Field Extractor Instant Pivot Event Pattern Detection Prebuilt Panels Search Head Clustering Distributed Management Console Powerful Analytics for Broader Number of Users Faster Data Onboarding Breakthrough Scalability and Centralized Mgmt.
- 12. Copyright © 2014 Splunk Inc. Introducing Splunk Enterprise 6.2 12 Getting Data In Advanced Field Extractor Instant Pivot Event Pattern Detection Prebuilt Panels Search Head Clustering Distributed Management Console Powerful Analytics for Broader Number of Users Faster Data Onboarding Breakthrough Scalability and Centralized Mgmt.
- 13. Getting Data In New interface makes it easier and faster to onboard any data • Intuitive wizard-style interface • Configurable inputs on forwarders • Improved data preview • Context-specific FAQs 13
- 14. Advanced Field Extractor Simplified field extractor enables rapid data analysis • Highlight-to-extract multiple fields at once • Apply keyword search filters • Specify required text in extractions • View diverse and rare events • Validate extracted values with field stats 14
- 15. Copyright © 2014 Splunk Inc. Introducing Splunk Enterprise 6.2 15 Getting Data In Advanced Field Extractor Instant Pivot Event Pattern Detection Prebuilt Panels Search Head Clustering Distributed Management Console Powerful Analytics for Broader Number of Users Faster Data Onboarding Breakthrough Scalability and Centralized Mgmt.
- 16. Instant Pivot Pivot directly on any search to discover relationships, build reports • From any search, simply select the Statistics tab and click on the pivot icon • Explore and analyze data from the Pivot interface • Quickly discover relationships in the data and build powerful reports 16
- 17. Prebuilt Panels Build dashboards faster using reusable building blocks • Enhanced dashboard edit workflow – Browse or search across reports, panels, dashboards and more – Preview before adding to dashboard • Personalize your dashboards • Collaborate using a library of pre- built panels • Convert panels to inline to further customize 17
- 18. Event Pattern Detection Auto-discover meaningful patterns in your data with a single click • Search data without having to know specific terms to search on • No need to sift through similar events, just select “Patterns” tab • Intuitive interface 18 Screenshot or Image suggestion
- 19. Copyright © 2014 Splunk Inc. Introducing Splunk Enterprise 6.2 19 Getting Data In Advanced Field Extractor Instant Pivot Event Pattern Detection Prebuilt Panels Search Head Clustering Distributed Management Console Powerful Analytics for Broader Number of Users Faster Data Onboarding Breakthrough Scalability and Centralized Mgmt.
- 20. Search Head Clustering Breakthrough scalability improvements and storage cost savings • Increases the number of concurrent users and searches • Uniform user experience among pooled search heads • No single point of failure • Search job failure aware • Does not require external storage such as NFS 20
- 21. Distributed Management Console Easily monitor health and performance of distributed deployments • New Dashboards – Listing of Splunk instances and roles – Distributed indexing and search views – Resource usage views – Create logical groups • Ships with Splunk, Nothing to install • Platform Alerts - Splunk admins can receive emails on critical conditions 21
- 22. Copyright © 2014 Splunk Inc. Introducing Splunk Enterprise 6.2 22 Getting Data In Advanced Field Extractor Instant Pivot Event Pattern Detection Prebuilt Panels Search Head Clustering Distributed Management Console Powerful Analytics for Broader Number of Users Faster Data Onboarding Breakthrough Scalability and Centralized Mgmt.
Editor's Notes
- Splunk Enterprise is the industry-leading platform for Operational Intelligence. Version 6.2 enables organizations to onboard, enrich and analyze machine data faster than ever before, scale to higher numbers of concurrent users and searches, and spend less time managing their large, distributed deployments. Easier data onboarding and preparation Getting Data In radically simplifies onboarding of any data source Advanced Field Extractor enables better preparation of machine data for further analysis More powerful analytics for everyone Instant Pivot makes analytics easier by enabling anyone to Pivot directly on data, bypassing the Data Model step Event Pattern Detection speeds analysis by identifying meaningful patterns in machine data Prebuilt Panels enables faster dashboard creation by providing the ability to create and package re-usable dashboard building blocks Simplified management at scale Search Head Clustering enables horizontal scaling of the search head doubling the number of concurrent users and searches on the same hardware Distributed Management Console delivers new management interface to centrally monitor distributed Splunk Enterprise deployments
- Splunk Enterprise is the industry-leading platform for Operational Intelligence. Version 6.2 enables organizations to onboard, enrich and analyze machine data faster than ever before, scale to higher numbers of concurrent users and searches, and spend less time managing their large, distributed deployments. Easier data onboarding and preparation Getting Data In radically simplifies onboarding of any data source Advanced Field Extractor enables better preparation of machine data for further analysis More powerful analytics for everyone Instant Pivot makes analytics easier by enabling anyone to Pivot directly on data, bypassing the Data Model step Event Pattern Detection speeds analysis by identifying meaningful patterns in machine data Prebuilt Panels enables faster dashboard creation by providing the ability to create and package re-usable dashboard building blocks Simplified management at scale Search Head Clustering enables horizontal scaling of the search head doubling the number of concurrent users and searches on the same hardware Distributed Management Console delivers new management interface to centrally monitor distributed Splunk Enterprise deployments
- In Splunk 6.2, we’ve completely remodeled the pages and workflows for adding data, and added new features like Forwarder Inputs a new Data Preview. Consolidated Workflow: We’ve made it much easier to find your way to the appropriate input configuration. Instead of selecting from a confusing list of sources, start with a simple choice of “upload, monitor, or forward” and you’ll find yourself in a simple wizard-style workflow of defining the appropriate parameters for the data you want to add. Data Preview The new Data Preview will make it easier for you to create the right sourcetype for your data. In the advanced section, you’ll be able to choose a charset from a list, and see how changes you make to your sourcetype are reflected in props.conf. Forwarder Inputs With Forwarder Inputs, you are able to push input configurations to Splunk instances configured as deployment clients. Simply select one or more forwarders and provide a group name, and you’ll be able to create data inputs on them in the same way you create inputs through the UI on your indexers.
- With this enhancement, we’ve made it easier to extract fields from your data with the Advanced Field Extractor (AFX). A replacement of the existing field extraction utility, AFX enables you to easily capture multiple fields in a single extraction and specify required text to filter events for extraction (improving accuracy and efficiency). AFX also provides a number of methods for detecting false positives in order to help you validate your field extractions and improve the accuracy of your field
- Splunk Enterprise is the industry-leading platform for Operational Intelligence. Version 6.2 enables organizations to onboard, enrich and analyze machine data faster than ever before, scale to higher numbers of concurrent users and searches, and spend less time managing their large, distributed deployments. Easier data onboarding and preparation Getting Data In radically simplifies onboarding of any data source Advanced Field Extractor enables better preparation of machine data for further analysis More powerful analytics for everyone Instant Pivot makes analytics easier by enabling anyone to Pivot directly on data, bypassing the Data Model step Event Pattern Detection speeds analysis by identifying meaningful patterns in machine data Prebuilt Panels enables faster dashboard creation by providing the ability to create and package re-usable dashboard building blocks Simplified management at scale Search Head Clustering enables horizontal scaling of the search head doubling the number of concurrent users and searches on the same hardware Distributed Management Console delivers new management interface to centrally monitor distributed Splunk Enterprise deployments
- Instant Pivot enables you to open any query in the Pivot interface, without requiring the creation of a data model. This means that you have the flexibility to choose what interface to explore your data. This also creates another method to construct data models, starting with search. When a user clicks on the Pivot icon, an ephemeral data model is created that collects user specified fields within Pivot as a single, flat object. The user can save their Pivot (additionally prompts user to save data model). Users can choose to instantly Pivot on their data, modify fields, columns, etc in Pivot and then convert it back to a search if they need to use advanced search commands. Instant Pivot allows users to interact with their data faster.
- Panels allow users to build custom dashboards faster, leveraging pre-built dashboard panels packaged within apps. A user can select from pre-built reports and dashboards or create their own from the new Add Panel interface.
- Event Pattern Detection reduces massive sets of data to its essence rather than sifting through all events. This can be used to identify common and rare events quickly or search your data without having to know specific terms to search on. If you already understand the “cluster” command in Splunk then you know what this is capable of. A slide-bar allows you to set the threshold of similarity of the events so you can tune if you want the pattern to be more or less specific which will increase or reduce the number of patterns.
- Splunk Enterprise is the industry-leading platform for Operational Intelligence. Version 6.2 enables organizations to onboard, enrich and analyze machine data faster than ever before, scale to higher numbers of concurrent users and searches, and spend less time managing their large, distributed deployments. Easier data onboarding and preparation Getting Data In radically simplifies onboarding of any data source Advanced Field Extractor enables better preparation of machine data for further analysis More powerful analytics for everyone Instant Pivot makes analytics easier by enabling anyone to Pivot directly on data, bypassing the Data Model step Event Pattern Detection speeds analysis by identifying meaningful patterns in machine data Prebuilt Panels enables faster dashboard creation by providing the ability to create and package re-usable dashboard building blocks Simplified management at scale Search Head Clustering enables horizontal scaling of the search head doubling the number of concurrent users and searches on the same hardware Distributed Management Console delivers new management interface to centrally monitor distributed Splunk Enterprise deployments
- Search Head Clustering provides high availability by replicating the user configuration settings, dashboards, and reports across search heads. Users can use any member of the clusters and they will get the same user experience. It can be thought of as the next generation of search head pooling that enhances scalability and redundancy while being more cost effective since it does not use shared storage.
- The feature builds upon platform instrumentation and other features added in the 6.1 release to enhance the Splunk Admin's awareness of their distributed Splunk Topology and includes Splunk Dashboards/Views that report on three key areas: Search Usage and Performance at Deployment-wide and Individual levels Indexing Usage and Performance at Deployment-wide and Individual levels Platform Resource Utilization (CPU/Memory/Disk) at Deployment-wide and Individual levels "Platform Alerts" that allow the Splunk Admin to enable email alerts for pre-packaged conditions that may be detrimental to the operation of Splunk
- Splunk Enterprise is the industry-leading platform for Operational Intelligence. Version 6.2 enables organizations to onboard, enrich and analyze machine data faster than ever before, scale to higher numbers of concurrent users and searches, and spend less time managing their large, distributed deployments. Easier data onboarding and preparation Getting Data In radically simplifies onboarding of any data source Advanced Field Extractor enables better preparation of machine data for further analysis More powerful analytics for everyone Instant Pivot makes analytics easier by enabling anyone to Pivot directly on data, bypassing the Data Model step Event Pattern Detection speeds analysis by identifying meaningful patterns in machine data Prebuilt Panels enables faster dashboard creation by providing the ability to create and package re-usable dashboard building blocks Simplified management at scale Search Head Clustering enables horizontal scaling of the search head doubling the number of concurrent users and searches on the same hardware Distributed Management Console delivers new management interface to centrally monitor distributed Splunk Enterprise deployments