This document discusses Splunk's HTTP Event Collector, which allows sending event data to Splunk via a token-based JSON API. Some key points covered include:
- The HTTP Event Collector provides a simple way to send events from anywhere to Splunk using HTTP and tokens.
- Events can be sent directly using HTTP requests or via supported logging libraries for languages like .NET, Java and JavaScript.
- The presentation demonstrates configuring and using the HTTP Event Collector via the CLI, as well as with CURL and Node.js. It also discusses scaling, high availability, and third party integrations.
Ever want to know the status of a device, host, or ip as it currently stands even after the log data that it generates is already in Splunk? In this track, we'll show you how simple custom built search commands can interrogate your host or ip to get the current status for common tasks such as ping, http, telnet server availability, anonymous ftp, trace route, and finger. In this context, you'll be making your Splunk instance an active interrogator of your network to get the most up to date status and can even save the results into a Splunk index for historical or analytic purposes. You can even alert on the responses. We'll also show you the minimum on how to write a Splunk search command in Python to do this and provide examples.
Ever want to know the status of a device, host, or ip as it currently stands even after the log data that it generates is already in Splunk? In this track, we'll show you how simple custom built search commands can interrogate your host or ip to get the current status for common tasks such as ping, http, telnet server availability, anonymous ftp, trace route, and finger. In this context, you'll be making your Splunk instance an active interrogator of your network to get the most up to date status and can even save the results into a Splunk index for historical or analytic purposes. You can even alert on the responses. We'll also show you the minimum on how to write a Splunk search command in Python to do this and provide examples.
Presentation from OSGi Community Event / EclipseCon Europe 2013
One of the major topics the OSGi alliance is working on is a proposal for distributed eventing especially in the cloud. This session starts with an overview of the current state in the alliance and then shows already available solutions from the Apache Sling open source project. This includes distributing events through event admin and controlled processing of events by exactly one processor in distributed installations. The current implementations will be set in context to the ongoing activations in the alliance.
Nagios Conference 2014 - Janice Singh - Real World Uses for Nagios APIsNagios
Janice Singh's presentation on Real World Uses for Nagios APIs.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
During this brief walkthrough of the setup, configuration and use of the toolset we will show you how to find the trees from the forest in today's modern cloud environments and beyond.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Nagios
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs. - Lee will present how he overcame timeperiod issues, through the use of MK_Livestatus, Pushbullet, and scripts to notify of him of alerts while he is at work. All the user needs to do is execute a command at the start of their shift, and they will receive all their notifications until their shift ends.
How to Build a Monitoring Application in 20 Minutes | Russ Savage | InfluxDataInfluxData
This talk will show how to use Tasks, Flux, dashboards and monitoring and alerting in InfluxDB 2.0 to create an external service or website monitor. It’ll tie all the work we’ve been doing for the last two years together in a simple example for everyone to use as a template for their own custom monitoring applications built on top of the InfluxDB 2.0 platform.
Distributed Eventing in OSGi - Carsten Ziegelermfrancis
OSGi Community Event 2013 (http://www.osgi.org/CommunityEvent2013/Schedule)
ABSTRACT
One of the major topics the OSGi alliance is working on is a proposal for distributed eventing especially in the cloud. This session starts with an overview of the current state in the alliance and then shows already available solutions from the Apache Sling open source project. This includes distributing events through event admin and controlled processing of events by exactly one processor in distributed installations. The current implementations will be set in context to the ongoing activations in the alliance.
SPEAKER BIO
Carsten Ziegeler is senior developer at Adobe Research Switzerland and spends most of his time on architectural and infrastructure topics. Working for over 25 years in open source projects, Carsten is a member of the Apache Software Foundation and heavily participates in several Apache communities including Sling, Felix and ACE. He is a frequent speaker on technology and open source conferences and participates in the OSGi Core Platform and Enterprise expert groups.
The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.
In this presentation, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.
Altitude NY 2018: 132 websites, 1 service: Your local news runs on FastlyFastly
When Gannett moved to Fastly, they migrated over one hundred websites in the USA Today Network. The ability to self-service CDN configurations, securely store config files, and spread the responsibility of managing configurations fundamentally changed the way they deliver media and troubleshoot — in fact it changed the way they work. Additionally, a number of changes Gannett made as they migrated to Fastly have benefited their business and put developers in a better state. This keynote will touch on topics such as instant publish, HTTPS/HTTP2, paywall, and instant metrics to demonstrate the changes they've made, as well as look to the future and what’s ahead for their relationship with Fastly.
Nagios Conference 2014 - James Clark - Nagios Cool Tips and TricksNagios
James Clark's presentation on Nagios Cool Tips and Tricks.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
Altitude NY 2018: Programming the edge workshopFastly
Through our support for running your own code on our edge servers, Fastly's network offers you a platform of unparalleled speed, reliability and efficiency to which you can delegate a surprising amount of logic that has traditionally been in the application layer. In this workshop, you'll implement a series of advanced edge solutions, and learn how to apply these patterns to your own applications to reduce your origin load, dramatically improve performance, and make your applications more secure.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
This talk focus on what admins need to know about the HTTP Event Collector. Why it exists, how it differs from existing options, and how to configure, manage, deploy and scale it.
Presentation from OSGi Community Event / EclipseCon Europe 2013
One of the major topics the OSGi alliance is working on is a proposal for distributed eventing especially in the cloud. This session starts with an overview of the current state in the alliance and then shows already available solutions from the Apache Sling open source project. This includes distributing events through event admin and controlled processing of events by exactly one processor in distributed installations. The current implementations will be set in context to the ongoing activations in the alliance.
Nagios Conference 2014 - Janice Singh - Real World Uses for Nagios APIsNagios
Janice Singh's presentation on Real World Uses for Nagios APIs.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
During this brief walkthrough of the setup, configuration and use of the toolset we will show you how to find the trees from the forest in today's modern cloud environments and beyond.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Nagios
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs. - Lee will present how he overcame timeperiod issues, through the use of MK_Livestatus, Pushbullet, and scripts to notify of him of alerts while he is at work. All the user needs to do is execute a command at the start of their shift, and they will receive all their notifications until their shift ends.
How to Build a Monitoring Application in 20 Minutes | Russ Savage | InfluxDataInfluxData
This talk will show how to use Tasks, Flux, dashboards and monitoring and alerting in InfluxDB 2.0 to create an external service or website monitor. It’ll tie all the work we’ve been doing for the last two years together in a simple example for everyone to use as a template for their own custom monitoring applications built on top of the InfluxDB 2.0 platform.
Distributed Eventing in OSGi - Carsten Ziegelermfrancis
OSGi Community Event 2013 (http://www.osgi.org/CommunityEvent2013/Schedule)
ABSTRACT
One of the major topics the OSGi alliance is working on is a proposal for distributed eventing especially in the cloud. This session starts with an overview of the current state in the alliance and then shows already available solutions from the Apache Sling open source project. This includes distributing events through event admin and controlled processing of events by exactly one processor in distributed installations. The current implementations will be set in context to the ongoing activations in the alliance.
SPEAKER BIO
Carsten Ziegeler is senior developer at Adobe Research Switzerland and spends most of his time on architectural and infrastructure topics. Working for over 25 years in open source projects, Carsten is a member of the Apache Software Foundation and heavily participates in several Apache communities including Sling, Felix and ACE. He is a frequent speaker on technology and open source conferences and participates in the OSGi Core Platform and Enterprise expert groups.
The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.
In this presentation, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.
Altitude NY 2018: 132 websites, 1 service: Your local news runs on FastlyFastly
When Gannett moved to Fastly, they migrated over one hundred websites in the USA Today Network. The ability to self-service CDN configurations, securely store config files, and spread the responsibility of managing configurations fundamentally changed the way they deliver media and troubleshoot — in fact it changed the way they work. Additionally, a number of changes Gannett made as they migrated to Fastly have benefited their business and put developers in a better state. This keynote will touch on topics such as instant publish, HTTPS/HTTP2, paywall, and instant metrics to demonstrate the changes they've made, as well as look to the future and what’s ahead for their relationship with Fastly.
Nagios Conference 2014 - James Clark - Nagios Cool Tips and TricksNagios
James Clark's presentation on Nagios Cool Tips and Tricks.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
Altitude NY 2018: Programming the edge workshopFastly
Through our support for running your own code on our edge servers, Fastly's network offers you a platform of unparalleled speed, reliability and efficiency to which you can delegate a surprising amount of logic that has traditionally been in the application layer. In this workshop, you'll implement a series of advanced edge solutions, and learn how to apply these patterns to your own applications to reduce your origin load, dramatically improve performance, and make your applications more secure.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
This talk focus on what admins need to know about the HTTP Event Collector. Why it exists, how it differs from existing options, and how to configure, manage, deploy and scale it.
Deploying Splunk on OpenShift – Part2 : Getting Data InEric Gardner
Description: In our last session we deployed Splunk on OpenShift. Now we will be deploying the Splunk Connect for Kubernetes and exploring ways to monitor the health of Kubernetes and how to get other data into Splunk Enterprise running on OpenShift.
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
Collecting, interpreting and reporting on what Splunk is doing, especially in a distributed Splunk deployment can be challenging for the Splunk administrator. Where is the data that I'm indexing in Splunk coming from? What searches are taking up large amounts of system resources? How are the machines that Splunk is running on performing? This session covers new native tools in the Splunk platform for performing these and other administrative activities.
System monitoring with Splunk Metrics logs and Telegraf.
Using Telegraf a plugin-driven server agent for collecting and sending metrics and Splunk metric indexes for storing, investigating, monitoring, and sharing systems metrics data in real time.
In this presentation we'll explore the latest developments in MuleSoft's Anypoint Code Builder IDE and how it can help streamline your integration projects. We'll also dive into the exciting world of Splunk and demonstrate how to efficiently push your application logs to Splunk for real-time analysis and troubleshooting.
Google Cloud Next '22 Recap: Serverless & Data editionDaniel Zivkovic
See what's new in #Serverless and #Data at GCP. Our guest, Guillaume Blaquiere - Stack Overflow contributor & #GCP #Developer Expert from France, covered the best #GoogleCloudNext announcements, practically demoed how to benefit from #BigQuery Remote Functions and answered many questions.
The meetup recording with TOC for easy navigation is at https://youtu.be/AuZZTwHIcdY
P.S. For more interactive lectures like this, go to http://youtube.serverlesstoronto.org/ or sign up for our upcoming live events at https://www.meetup.com/Serverless-Toronto/events/
SplunkLive! Tampa: Splunk Ninjas: New Features, Pivot, and Search Dojo Splunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Using Docker EE to Scale Operational Intelligence at SplunkDocker, Inc.
With more than 14,000 customers in 110+ countries, Splunk is the market leader in analyzing machine data to deliver operational intelligence for security, IT and the business. Our rapid growth as a company meant that our Infrastructure Engineering Team, responsible for all the common tooling, build and test systems and frameworks utilized by the Splunk engineers, was bogged down with a sprawl of virtual machines and physical servers that were becoming incredibly difficult to manage. And as our customer’s demand for data has grown, testing at the scale of petabytes/day has become our new normal. We needed a reliable and scalable “Test Lab” for functional and performance testing.
With Docker Enterprise Edition, our engineers are able to create small test stacks on their laptop just as easily as creating multi-petabyte stacks in our Test Lab. Support for Windows, Role Based Access Control and having support for both the orchestration platform and the container engine were key in deciding to go with Docker over other solutions.
In this talk, we will cover the architecture, tooling, and frameworks we built to manage our workloads, which have grown to run on over 600 bare-metal servers, with tens of thousands of containers being created every day. We will share the lessons learned from running at scale. Lastly, we will demonstrate how we use Splunk to monitor and manage Docker Enterprise Edition.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Similar to SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging (20)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
As Europe's leading economic powerhouse and the fourth-largest hashtag#economy globally, Germany stands at the forefront of innovation and industrial might. Renowned for its precision engineering and high-tech sectors, Germany's economic structure is heavily supported by a robust service industry, accounting for approximately 68% of its GDP. This economic clout and strategic geopolitical stance position Germany as a focal point in the global cyber threat landscape.
In the face of escalating global tensions, particularly those emanating from geopolitical disputes with nations like hashtag#Russia and hashtag#China, hashtag#Germany has witnessed a significant uptick in targeted cyber operations. Our analysis indicates a marked increase in hashtag#cyberattack sophistication aimed at critical infrastructure and key industrial sectors. These attacks range from ransomware campaigns to hashtag#AdvancedPersistentThreats (hashtag#APTs), threatening national security and business integrity.
🔑 Key findings include:
🔍 Increased frequency and complexity of cyber threats.
🔍 Escalation of state-sponsored and criminally motivated cyber operations.
🔍 Active dark web exchanges of malicious tools and tactics.
Our comprehensive report delves into these challenges, using a blend of open-source and proprietary data collection techniques. By monitoring activity on critical networks and analyzing attack patterns, our team provides a detailed overview of the threats facing German entities.
This report aims to equip stakeholders across public and private sectors with the knowledge to enhance their defensive strategies, reduce exposure to cyber risks, and reinforce Germany's resilience against cyber threats.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
2. Disclaimer
2
During
the
course
of
this
presentaUon,
we
may
make
forward
looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cauUon
you
that
such
statements
reflect
our
current
expectaUons
and
esUmates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐
looking
statements
made
in
the
this
presentaUon
are
being
made
as
of
the
Ume
and
date
of
its
live
presentaUon.
If
reviewed
aFer
its
live
presentaUon,
this
presentaUon
may
not
contain
current
or
accurate
informaUon.
We
do
not
assume
any
obligaUon
to
update
any
forward
looking
statements
we
may
make.
In
addiUon,
any
informaUon
about
our
roadmap
outlines
our
general
product
direcUon
and
is
subject
to
change
at
any
Ume
without
noUce.
It
is
for
informaUonal
purposes
only
and
shall
not,
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obligaUon
either
to
develop
the
features
or
funcUonality
described
or
to
include
any
such
feature
or
funcUonality
in
a
future
release.
3. HTTP
Event
Collector
3
• A
new
token-‐based
JSON
API
for
events
• Send
events
directly
from
anywhere
(servers,
mobile
devices,
IOT)
• Easy
to
configure
/
works
out
of
the
box.
• Easy
to
secure
• Highly
performant,
scalable
and
available
4. How
you
use
• Enable
HTTP
Event
Collector
• Create/Get
a
token
• Send
events
to
Splunk
using
the
token
– Use
HTTP
Directly
ê Create
a
POST
request
and
set
the
Auth
header
with
the
token
ê POST
JSON
in
our
event
format
to
the
collector
– Use
logging
libraries
ê Support
for
.NET,
Java
and
JavaScript
loggers
4
9. Demo
Using
the
HTTP
Event
Collector
With
nodejs
10. ./splunk_hhpinput/local/inputs.conf
Global
Stanza
Token
Stanza
Token
Name
Enable/Disable
the
collector
Auth
token
Enable/Disable
the
token
Default
metadata
Default
metadata
Default
index
Allowed
indexes
13. Permissions
and
delegaUon
HTTP
Event
Collector
requires
the
edit_token_h7p
cap.
You
can
delegate
token
admin
to
devops
/
eng
Token
admins
can
only
manage
the
feature,
they
do
not
have
any
other
admin
permissions
in
Splunk
13
14. A
few
Ups
Create
tokens
per
app,
department,
component,
service.
etc.
Not
per
user
or
device
especially
if
you
are
talking
about
a
large
number
(>
10000)
Consider
parUUoning
tokens
to
different
indexes.
This
will
speed
up
searches
and
make
it
easy
to
archive
Consider
delegaUng
token
management
to
devops/eng
Explicitly
set
allowed
indexes
on
the
token.
If
not
set,
the
token
can
send
data
to
any
index.
Use
HTTP
over
HTTPS
when
you
can.
You
can
get
about
a
30%
performance
gain.
Ask
your
devs
to
batch
events.
It
greatly
improves
throughtput.
14
16. Scale
and
High
Availability
16
Indexers
Search
Head
/
Deployment
Server
17. Scale
and
High
Availability
17
Event
Collectors
Indexers
Search
Heads
18. Distributed
deployment
HTTP
Event
Collector
can
scale
to
meet
your
needs!
• Built
into
splunkd,
nothing
special
to
install
• Run
directly
on
the
indexer
• Or
run
on
a
dedicated
Collector
instance
and
forward
to
an
indexer
• Uses
Deployment
Server
to
sync
tokens
across
the
Collector
instances
18
19. How
to
setup
a
DS
client
splunk
set
deploy-‐poll
[host]:8088
splunk
enable
deploy
server
splunk
restart
19
24. How
it
works
A
new
log
driver
capture
container’s
stdout
and
pushes
to
Splunk
Currently
it
is
in
development,
but
should
be
out
of
the
box
soon.
We’re
contribuUng
to
Docker!!!!!!!
docker
run
-‐-‐log-‐driver=splunk
-‐-‐log-‐opt
splunk-‐
token=F81DD289-‐863D-‐45EF-‐B9CE-‐A7D3514AF2C7
-‐-‐log-‐opt
splunk-‐
url=h7ps://10.20.17.169:8088
-‐-‐log-‐opt
splunk-‐
insecureskipverify=true
hello-‐world
24
25. And
finally,
some
useful
resources:
Developer
page
for
HEC:
– hhp://dev.splunk.com/view/event-‐collector/SP-‐CAAAE6M
nodejs
logger
–
hhps://www.npmjs.com/package/splunk-‐bunyan-‐logger
JS
Logging
resources:
– hhp://dev.splunk.com/view/splunk-‐logging-‐javascript/SP-‐CAAAE6U
HTML5
code
for
shake
demo
– hhps://github.com/splunk/parallel-‐piper
25
27. Next
steps?
27
Breakouts
Ø Liberate
Your
ApplicaUon
Logging
More
informaUon
Ø docs.splunk.com,
see
"Gevng
Data
In"
Ø dev.splunk.com
Come
by
the
Developer
Booth
and
say
hi
/
ask
quesSons!
Related
breakout
sessions
and
acUviUes…