Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Splunk Enterprise Security (ES) ist eine SIEM-Lösung, die Einblicke in von Sicherheitstechnologien erzeugte Maschinendaten wie Angaben über Netzwerke, Endpunkte, Zugriffe, Schadsoftware, Schwachstellen sowie Identitätsdaten liefert. Sicherheitsteams können damit interne und externe Angriffe schnell erkennen und abwehren und somit das Threat Management vereinfachen, Risiken minimieren und Ihr Unternehmen schützen. Splunk Enterprise Security strafft sämtliche Aspekte von Sicherheitsprozessen und eignet sich für Unternehmen jeder Größe und Expertise.
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
This Splunk tutorial will help you understand what is Splunk, benefits of using Splunk, Splunk vs ELK vs Sumo Logic, Splunk architecture - Splunk Forwarder, Indexer and Search Head with the help of Dominos use-case, Splunk careers & jobs. Check the Splunk tutorial video here: https://www.youtube.com/watch?v=Ekai8Ln11Iw. You can also read the tutorial blog here: https://goo.gl/eoZFWV.
The slides consist of following topics:
Need for Data Management & Analytics
What is Splunk and Why Splunk?
Splunk vs ELK vs Sumo Logic
Splunk Use Case: Domino's
How Splunk Works? Splunk Architecture
Heavy Forwarders
Splunk Architecture Diagram
Splunk Jobs & Careers
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Splunk Enterprise Security (ES) ist eine SIEM-Lösung, die Einblicke in von Sicherheitstechnologien erzeugte Maschinendaten wie Angaben über Netzwerke, Endpunkte, Zugriffe, Schadsoftware, Schwachstellen sowie Identitätsdaten liefert. Sicherheitsteams können damit interne und externe Angriffe schnell erkennen und abwehren und somit das Threat Management vereinfachen, Risiken minimieren und Ihr Unternehmen schützen. Splunk Enterprise Security strafft sämtliche Aspekte von Sicherheitsprozessen und eignet sich für Unternehmen jeder Größe und Expertise.
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
This Splunk tutorial will help you understand what is Splunk, benefits of using Splunk, Splunk vs ELK vs Sumo Logic, Splunk architecture - Splunk Forwarder, Indexer and Search Head with the help of Dominos use-case, Splunk careers & jobs. Check the Splunk tutorial video here: https://www.youtube.com/watch?v=Ekai8Ln11Iw. You can also read the tutorial blog here: https://goo.gl/eoZFWV.
The slides consist of following topics:
Need for Data Management & Analytics
What is Splunk and Why Splunk?
Splunk vs ELK vs Sumo Logic
Splunk Use Case: Domino's
How Splunk Works? Splunk Architecture
Heavy Forwarders
Splunk Architecture Diagram
Splunk Jobs & Careers
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
SplunkLive is a global series of events showcasing Splunk customer success. These events also feature an afternoon technical workshop.
The advanced session assumes:
• You have developed advanced searches with Splunk to manipulate and present data
• You have mastered sourcetyping and extracting fields
• You have built reports beyond | timechart count
• You have created dashboards of some kind
• You have bookmarked http://www.splunk.com/base/Documentation
• You have seen all of the Splunk Ninja videos
For more, see www.splunk.com
ELK Stack workshop covers real-world use cases and works with the participants to - implement them. This includes Elastic overview, Logstash configuration, creation of dashboards in Kibana, guidelines and tips on processing custom log formats, designing a system to scale, choosing hardware, and managing the lifecycle of your logs.
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
Splunk's Naman Joshi and Jon Harris presented the Splunk Data Onboarding overview at SplunkLive! Sydney. This presentation covers:
1. Splunk Data Collection Architecture 2. Apps and Technology Add-ons
3. Demos / Examples
4. Best Practices
5. Resources and Q&A
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.
To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp
Getting Started with Splunk Enterprise - DemoSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Getting Started with Splunk Enterprise
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
SplunkLive is a global series of events showcasing Splunk customer success. These events also feature an afternoon technical workshop.
The advanced session assumes:
• You have developed advanced searches with Splunk to manipulate and present data
• You have mastered sourcetyping and extracting fields
• You have built reports beyond | timechart count
• You have created dashboards of some kind
• You have bookmarked http://www.splunk.com/base/Documentation
• You have seen all of the Splunk Ninja videos
For more, see www.splunk.com
ELK Stack workshop covers real-world use cases and works with the participants to - implement them. This includes Elastic overview, Logstash configuration, creation of dashboards in Kibana, guidelines and tips on processing custom log formats, designing a system to scale, choosing hardware, and managing the lifecycle of your logs.
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
Splunk's Naman Joshi and Jon Harris presented the Splunk Data Onboarding overview at SplunkLive! Sydney. This presentation covers:
1. Splunk Data Collection Architecture 2. Apps and Technology Add-ons
3. Demos / Examples
4. Best Practices
5. Resources and Q&A
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.
To download a free Nexpose demo, clock here: http://www.rapid7.com/products/nexpose/compare-downloads.jsp
Getting Started with Splunk Enterprise - DemoSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Getting Started with Splunk Enterprise
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk conf2014 - Getting Deeper Insights into your Virtualization and Storag...Splunk
Virtualization and storage technologies go hand-in-hand. If performing poorly, they can have a serious impact on your applications' performance and users' experience. This presentation shows how Splunk can help you get unified visibility into your VMware environment and NetApp storage systems. Learn how to utilize Splunk Enterprise to correlate storage machine data with virtualization, operating systems and data from technology tiers for quicker time to resolution, optimal performance planning and unified view of KPIs across your entire enterprise.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk, Software Tools, Big Data, Logging, PCI, Information security, Cisco Systems, VMware ESX, Regulatory compliance, FISMA, Enterprise architecture, Data center, security software, SCADA, Windows,Unix,Scanners, Citrix, Microsoft Active Directory
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of big data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
Learn what is new in Splunk App for Stream and how it can help you utilize wire/network data analytics to proactively resolve applications and IT operational issues and to efficiently analyze security threats in real-time, across your cloud and on-premises infrastructures. Additionally, you will learn about Splunk MINT, which allows you to gain operational intelligence on the availability, performance, and usage of your mobile apps. You’ll learn how to instrument your mobile apps for operational insight, and how you can build the dashboards, alerts, and searches you need to gain real-time insight on your mobile apps.
Splunk Sales Presentation Imagemaker 2014Urena Nicolas
Splunk provee Inteligencia operativa para todos
Splunk es la plataforma de inteligencia operativa en tiempo real líder del sector. Es una forma fácil, rápida y segura de buscar, analizar y visualizar los grandes flujos de datos de máquina generados por sus sistemas de TI e infraestructura tecnológica (físicos, virtuales y en la nube).
Splunk Enterprise 6 es la versión más reciente y proporciona:
- Análisis potente para todos los usuarios a velocidades sorprendentes
- Experiencia de usuario completamente rediseñada
- Entorno del desarrollador más enriquecido para una ampliación fácil de la plataforma
Splunk Enterprise 6 ya está disponible. Descárguelo ahora y pruébelo usted mismo.
Old Dogs, New Tricks: Big Data from and for Mainframe ITPrecisely
If you’re like most z/OS mainframe professionals, you’ve been using monitoring tools from industry leaders like BMC, Compuware, etc. for years now. These valuable, reliable point solution tools get the job done, but can they do more?
View this webinar on-demand to show how machine data from z/OS is changing everything for Mainframe IT and enabling new solutions around IT Operations Analytics, Security Information and Event Management, and IT Service Intelligence. We will review the state of the mainframe and look at some interesting use cases for new solutions including:
• Being able to quickly discover and act upon correlations between mainframe issues and their broader impact to application service delivery
• To know or even project forward your MLC costs such that you can really understand what is impacting the 4-hour rolling average window
• A performance monitor for your mainframe sort which will clearly show how the sort is performing and what can be done to help those that are not performing optimally
What’s New: Splunk App for Stream and Splunk MINTSplunk
Join us to learn what is new in Splunk App for Stream and how it can help you utilize wire/network data analytics to proactively resolve applications and IT operational issues and to efficiently analyze security threats in real-time, across your cloud and on-premises infrastructures. Additionally, you will learn about Splunk MINT, which allows you to gain operational intelligence on the availability, performance, and usage of your mobile apps. You’ll learn how to instrument your mobile apps for operational insight, and how you can build the dashboards, alerts, and searches you need to gain real-time insight on your mobile apps.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
4. What Does Machine Data Look Like?
Sources
Order Processing
Middleware
Error
Database
Error
Virtual Host
Failure
4
5. Machine Data Contains Critical Insights
Sources
Order Processing
Middleware
Error
Database
Error
Virtual Host
Failure
5
6. Machine Data Contains Critical Insights
Sources
Order Processing
Middleware
Error
Database
Error
Virtual Host
Failure
6
7. Splunk : Index and Analyze Any Data, Any Amount, Any Source
Powerful, end-to-end, real-time platform for Machine Data
Customer
Facing Data
Outside the
Datacenter
Click-stream data
Shopping cart data
Online transaction data
Logfiles
Windows
Registry
Event logs
File system
sysinternals
Linux/Unix
Configuration
s
syslog
File system
ps, iostat, top
Configs Messages
Traps
Alerts
Metrics
Virtualization
& Cloud
Scripts
Applications
Web logs
Log4J, JMS, JMX
.NET events
Code and scripts
Hypervisor
Guest OS, Apps
Cloud
7
Changes
Tickets
Databases
Configurations
Audit/query
logs
Tables
Schemas
Manufacturing,
logistics…
CDRs & IPDRs
Power consumption
RFID data
GPS data
Networking
Configurations
syslog
SNMP
netflow
8. Splunk : Index and Analyze Any Data, Any Amount, Any Source
Powerful, end-to-end, real-time platform for Machine Data
Customer
Facing Data
Outside the
Datacenter
Click-stream data
Shopping cart data
Online transaction data
Manufacturing,
logistics…
CDRs & IPDRs
Power consumption
RFID data
GPS data
Any amount, any location, any source.
Logfiles
Windows
Registry
Event logs
File system
sysinternals
Linux/Unix
Configuration
s
syslog
File system
ps, iostat, top
Configs Messages
Traps
Alerts
Metrics
Scripts
Changes
Tickets
No upfront schema
No custom connectors
Virtualization
Databases
No RDBMS Applications
& Cloud
Web logs
Configurations
Log4J, JMS, JMX
Hypervisor to
No needApps filter/forward Audit/query
.NET events
logs
Guest OS,
Code and scripts
Cloud
8
Tables
Schemas
Networking
Configurations
syslog
SNMP
netflow
9. Splunk Enables the Connected Datacenter
Business Insights
Gain real-time insight from your machine data to
make better-informed business decisions.
Cloud Services
Operational Visibility
Gain operational visibility to make betterinformed IT decisions.
Custom
Applications
Packaged
Applications
Proactive Monitoring
Monitor infrastructure to identify issues, problems
and attacks before they impact your customers
and services.
Infrastructure
Applications
Virtualization
Search and Investigation
Find and fix problems across the organization using
machine data.
Server, Storage,
Networking
9
10. Splunk : Platform For IT Operational Intelligence
Plug-Ins, Templates and Apps Accelerate Value From Machine Data
XenApp
XenDesktop
Web Intelligence
Server, Storage,
Network
Server
Virtualization
Operating
Systems
Infrastructure
Applications
SDKs
Business
Applications
Cloud
Services
Custom
Applications
UI
API
Other
Monitoring
Ticketing/Help
Desk
No rigid schemas– Add in data from any other source.
10
12. The Virtual Datacenter Challenge
Too much complexity and too little visibility
Not enough data about virtualization
• Most tools retain or report on summarized metrics that obfuscate real problems
• Most tools don’t proactively monitor logs
Virtualization data alone doesn't solve problems
• Solving end user or application level problems requires visibility at every
technology tier
Point solutions offer inadequate analyses
• Complete operational reporting for capacity planning, security reporting, end to
end performance and change impact analyses is missing
12
13. Key Considerations For Monitoring VMware
Environments
Provide access to underlying machine data to quickly identify problem spots
and troubleshoot issues in real-time
Persist data over time to determine performance and utilization trends for
planning, analytics and optimization
Gain holistic visibility across diverse infrastructures and heterogeneous
technologies
13
15. The Splunk App For VMware
Proactive
Monitoring
Proactive Identification of Problem Spots and Health Issues
Comprehensive Performance, Capacity, Security And Change Analyses
Analytics
Big Data
Solution
Scale And Correlate Across All Tiers Of Your Technology Stack
15
16. How It Works
Splunk
UF/LF
Provides: Dashboards,
Views, Field Extractions
Splunk Add-on
for vCenter
>
Splunk App
for VMware
VMware ESXi
VMware ESXi
From VC:
VC Logs
vCenter
server
>
Data Collection
Node (DCN)
Splunk
UF/LF
>
From VC:
Performance Metrics*,
Inventory, Hierarchy, Tasks,
and Events Data
From ESXi:
ESXi Logs
* Performance data at 20 s granularity
16
17. What’s New in v3.0?
Fast Time To Value
UI-based setup for fast and
easy installation,
management and
monitoring
Effortless
Scale-out
Provide analytics for large-scale
VMware deployments with
fewer data collectors and
reduced data volumes
17
Accelerated
Reporting
Dramatically improved
performance for search
and reporting
19. End-to-end Visibility
“ We have deep visibility and
correlation across all tiers of our
cloud infrastructure – giving us not
only ongoing monitoring of key
datacenter statistics, but also giving
us business visibility into customer
experience and usage.
”
Elad Gotfrid,
Manager of IT
Splunk used to correlate the business data
(users, usage) with the IT/Infrastructure data
Understand resource/usage and cost per customer
Monitor the entire environment from server, storage,
network, hypervisors, custom cloud back-end for
possible SLA issues, trouble spots and more
19
20. One Splunk – Many Uses
“ Using Splunk for VMware gets
us our data in one place, for
many uses: capacity planning,
event monitoring,
performance analysis, security
monitoring and more.
”
Peter Cole
Technical Lead, ITS Operations
A definitive record of what happened in our environment
Analyze and trend performance as well as user
activities very easily
Useful for both operational monitoring, capacity usage,
performance metrics and for security monitoring
20
21. Detailed History For Analysis &
Troubleshooting
“ I love that I can track virtual
machines in my environment as
they move from host to host. I
can now identify the root cause
of issues or errors.
”
Matthew Cluver
Network Operations Analyst
Splunk already used for operating system and
applications event monitoring & analysis
For the first time, they have insight into granular
virtualization layer data – helps solve problems
immediately
21
22. Easy Access To A Variety Of Data
“ With all our data stored centrally in
Splunk, it helps us to dive straight
into the source of problems by
looking at the context of the error
rather than manually digging
through multi-gigabyte log files
”
Delivered end-to-end visibility across the
infrastructure
Enabled 100% up-time with a 50% increase in
transactions
Reduced troubleshooting times from 1.5 hours per
log file to 5 minutes across VMware infrastructure
-- Big premium retail chain
22
23. Centralized Monitoring Across IT Operations
“ Splunk has become a critical
part of our operations;
everything funnels through
Splunk. It provides central
visibility to our various
teams and business units
”
-- Major Healthcare Management
Company
Cross correlate data across technologies to accurately
detect problem spots in business critical claims systems
Significantly reduced MTTR from 7-8 hours to less than
5 minutes per issue
Gain end-to-end insights across multiple types of web
servers, operating systems and storage on complex
VMware deployments
23
25. Why Splunk Over Everyone Else!
You don’t know what data you will need till you need it
– Every other tool only has access to 5 min summaries of data
– Most don’t even incorporate log data
Most other tools find it hard to collect & retain all the data
– Splunk scales to the largest datacenters; and not just for virtualization data
– Can be used for any use case – capacity, configuration monitoring, security,
change and asset tracking and more...
Splunk isn't JUST for virtualization – it is for everything
25
26. Operational Intelligence for IT and Business Users
IT Operations Management
Web Intelligence
Application Management
Business Analytics
Security and Compliance
Customer
Support
LOB Owners/
Executives
Operations
Teams
Website/Business
Analysts
System
Administrator
Application
Developers
Security
Analysts
26
Auditors
IT
Executives
27. Proven at 6,400+ Customers in 90+ Countries
Over 60 of the Fortune 100
Cloud and Online Services
Education
Energy and Utilities
Financial Services and Insurance
Government
Healthcare
Manufacturing
Media
Retail
Technology
Telecommunications
Travel and Leisure
27
28. A Growing, Global Community of Users
1,000+ unique
visitors per week
to dev.splunk.com
Local User Groups
and
SplunkLive events
320+ Apps and
20,000+ questions –
and answers
28
Annual
Users’ Conference
1,800+ users
29. Easy to Get Started
Download and install in minutes
1. Download
2. Eat your Machine Data
29
3. Start Splunking
32. Do I Really Need The Splunk App For VMware?
I already have vCOPS, how will the Splunk App for VMware help me?
The Splunk App for VMware provides unique insights into VMware environments that complements the
vCOps solution. Splunk differentiators include the ability to:
-
Collect and persist performance metrics at 20s granularity for troubleshooting, trending and
analytics
-
Analyze and monitor log and event data from ESX/i hosts and VCs, with a topology overlay
-
Correlate virtualization metrics with events, logs and performance metrics from applications, OSes, storage, networking or any other virtualization, software and hardware technologies
-
Scale to monitor, analyze and report the largest VMware deployments
-
Provide a range of analytics like capacity, security, change tracking without needing additional
software purchases
32
33. How Is Splunk Different From Log Insight?
VMware integrates Log Insight with vCOPS – how is Splunk different?
•
Log Insight is for (VMware) logs only: Splunk is far beyond just logs and individual technology layers. It’s more
about building a broad scope of insight and operational intelligence across an enterprise, in IT and the business
•
Log Insight and vCOPS are silo’ed tools with limited integrations: The Splunk App for VMware incorporates
and support analytics on VMware logs, performance metrics, topology, tasks, and events in one console. It supports
multiple use cases such as security, operational health, capacity planning, etc. Equivalent functionality on the
VMware stack requires 4-5 different products, additional licenses and more investment
•
Log Insight & vCenter Ops do not support cross‐tier correlation or analytics: Splunk has a very powerful
query language with over 200 commands for advanced analytics, reporting and correlation
•
Log Insight is yet to prove itself, particularly with large data volumes: Splunk is a proven solution with
over 5600 paying customers and tens of thousands of users of our free offering, with vibrant a community that has
built more than 400 Apps, most of them for free. Our largest customer implementation indexes over 100 TBs a day
and reports off petabytes of data at rest proving it’s scalability over enterprise-class IT environments
33
35. Immediate Visibility into the Overall Health
Identify overall health of your hosts and
determine if too much memory is being
reclaimed or swapped, if the CPU consumption is
high and drill down for specifics
Quickly visualize VM CPU consumption,
memory usage and CPY Wait times to
understand overall VM health across your
environment
Drill down for additional details on specific issues from anywhere on this report
Determine datastore over/under
consumption quickly for
optimization of memory usage
Gain insights into any system
alarms in the environment that
may need immediate attention
35
36. Visualize Multiple vCenters Instantly
Visualize the topology of the VMware
implementation in a tree-like view across
multiple vCenters in a single console
36
37. Threshold Based Reports On VM Performance
Report on each performance
counter based on pre-defined
thresholds for immediate
insights into any problems in the
environment
Compare performance of a single VM in
relation to the rest of the VMs in the
environment
37
38. Report on Virtual Machine Performance
Get dynamically notified on any issues in the VM
immediately
Drill down into a report to gain insights
into the VM
Track VMs as they move from one
host to the other
38
39. Chart Performance Baselines
Identify performance abnormalities on
vCenters/hosts/clusters/VMs by
comparing performance metrics on a
single node with the rest of the virtualized
environment.
39
40. Get Detailed Visibility Into the Hosts
Get notified on the abnormalities in the
hosts immediately
Identify host
configuration …
…and the connected datastores
…and the VMs and status of these VMs
…and audit trail of all tasks and events
40
…and system errors from
host logs
41. Drilldown for Memory Consumption on
Datastores
Get insights into the datastores
Drill down into the datastore to
understand which files are consuming
most space and memory with a detailed
list of all files and memory consumption
41
43. Get Capacity Insights
Choose the performance type, threshold and frequency for
a defined time period
Identify VCs and ESX/i hosts that meet the filter criteria
Drill down for trend over time
43
44. Monitor The Security Posture
Access reports on user, config changes, harmful logins, repeated login
attempts outside of permissions and more and gain insights into
security vulnerabilities
44
45. Track Changes and Audit Tasks and Events
View any tasks performed/changes made to the host or
VMs
Filter specific hosts or VMs of
interest in a folder like view that
retains the virtual infrastructure
hierarchy
45
46. Browse Logs Easily With Intelligent Filters
Identify vCenter Requests
Add additional filters
Filter specific hosts or VMs of
interest in a folder like view that
retains the virtual infrastructure
hierarchy
Browse through
service consolde,
vmkernel, hostd,
agent... logs
46
Editor's Notes
Unlike traditional structured data or multi-dimensional data– for example data stored in a traditional relational database for batch reporting – machine data is non-standard, highly diverse, dynamic and high volume. You will notice that machine data events are also typically time-stamped – it is time-series data. Take the example of purchasing a product on your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data generated by the different systems supporting these different interactions. Each of the underlying systems can generate millions of machine data events daily. Here we see small excerpts from just some of them.
When we look more closely at the data we see that it contains valuable information – customer id, order id, time waiting on hold, twitter id … what was tweeted. What’s important is first of all the ability to actually see across all these disparate data sources, but then to correlate related events across disparate sources, to deliver meaningful insight.
When we look more closely at the data we see that it contains valuable information – customer id, order id, time waiting on hold, twitter id … what was tweeted. What’s important is first of all the ability to actually see across all these disparate data sources, but then to correlate related events across disparate sources, to deliver meaningful insight.
Over the last 7 years, Splunk has grown from being a search engine for your underlying logs and analogous to google for IT data to an engine for machine data to a platform for operational intelligence. What do we mean by that? We have extended our solution to incorporate data from various data sources. Splunkbase has 300+ Apps, most of them being free Apps. The purpose of these Apps is to put context around the data (say from your firewalls or storage or network and such) and these Apps comes with a pre-built understanding of that data. The Apps are step1 to accelerating your value from the data. However, you’re not limited to what is available. Splunk’s capability to integrate with existing IT solutions and other monitoring solutions make us a platform to get visibility and intelligence on your IT operatipons. The Splunk SDKs empower developers to customize and extend the power of Splunk, establishing Splunk as the platform for machine data. We have partnered with other monitoring vendors to ingest data from their solutions into Splunk thus provding you complete and holistic visibilty. We hope that this is just the beginning and expect to open up a whole new world of enterprise apps. What have developers been building using Splunk Enterprise? Examples include the following:Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)Log directly to Splunk from remote devices (Bosch use cases)Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)Programmatically extract data from Splunk for long-term data warehousingWe hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
Understand how much resources each customer consume (CPU, Memory, Network, etc …) and when.Customer can have more then 1 VM or environment , splunk help us aggregate the date easily and look at the customer level usageSLA DashboardsMeasure service level Analyze and present statistics according to business guidelines
Peter Cole from melbourne IT cant wait to get Splunk App for VMware deployed across his environment. Some of the big benefits he gets from it:Find where storage is way over provisioned, clean up snapshots where they are taking up space, find errors in logs related to storageFind out what happened when in the environment, for troubleshooting, issue diagnosis, security reporting and moreUnderstand service levels of virtual machines in detail during performance/load testing
Rapid Troubleshooting and AnalysisDiscovery Communications, the world's largest non-fiction media company, uses Splunk to monitor application and operating system logs and events. The Splunk App for VMware enhances their operational visibility by giving them access to their virtualization layer data. With Splunk Discovery Communications gets an immediate understanding of virtualization layer failures and receives alerts before there is a full-blown impact on operations."I love that I can track virtual machines in my environment as they move from host to host.I can now identify the root cause of issues or errors" -Matthew Cluver, Network Operations Analyst, Discovery Communications.When asked which views of the app he likes – he liked them all!
Consolidate VMware, Network, storage, operating system and applications data
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.Both IT and business professionals can analyze machine data to get real-time visibility and operational intelligence.With our data engine and our customers' machine data, organizations can meaningfully improve their performance in a wide range of areas e.g. meet service levels, reduce costs, mitigate security risks, maintain compliance and gain insights.
More than 5,600 users in over 90 countries have purchased the enterprise license of Splunk. This includes a majority of the Fortune 100. Enterprises, service providers and government agencies in 90 countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility.As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.
With thousands of enterprise customers and an order of magnitude more actual users, we have a thriving community.We launched a dev portal a few months back and already have over 1,000 unique visitors per week.We have over 300 apps contributed by ourselves, our partners and our community.Our knowledge exchange Answers site has over 20,000+ questions answered.And in August 2012 we ran our 3rd users’ conference with over 1,000 users in attendance, over 100 sessions of content, customers presenting.Best of all, this community demands more from Splunk and gives us incredible feedback.
Splunk Enterprise is simple to deploy, scales from a single server deployment to global large-scale operations and delivers fast payback. Download Splunk Enterprise for free, install it in 5 minutes on your laptop or on any commodity server, point it at any machine data and start using it. Splunk software is often deployed for the first time while under fire. A serious service outage or security incident in progress is stressful, but with Splunk Enterprise, you can complete your investigation in a few minutes versus hours or days.