SlideShare a Scribd company logo

Exploring Splunk

Dmitry Anoshin
Dmitry Anoshin

Platform for Machine Data and Operational Intelligence

Software
1 of 21
cleverdata.ru | info@cleverdata.ru EXPLORING SPLUNK>
Splunk to the Rescue in the Datacenter It’s 2 AM, the web site is down. Why did it fail? Was it the web servers, the applications, the database servers, a full disk, or load balancers on the fritz? cleverdata.ru | info@cleverdata.ru Relax. You deployed Splunk yesterday. Search the log files from all your web servers, databases, firewalls, routers, and load balancers, as well as search configuration files and data from all your other devices, operating systems, or applications of interest. A graph of web server show me when was a problem - at 5:03 PM, errors on the web servers spiked dramatically -> check top 10 pages with errors: The home page is okay. The search page is okay. The shopping cart is the problem. Starting at 5:03, every request to that page produced an error. Shopping cart connected to a database -> logs shows the database is up -> ecommerce server logs. At 5:03 PM, the ecommerce server cannot connect to the database server. -> changes to the configuration files and see that someone changed a network setting. It was done incorrectly. You contact the person who made the change, who rolls it back, and the system starts working again.
Splunk to the Rescue in the Marketing Department cleverdata.ru | info@cleverdata.ru The promotions department of a large retailer. Looking at the graph for the last few hours, you see a spike 20 minutes ago. Searches for your company name and your latest product are way up. You check a report on top referring URLs in the past hour and Splunk shows that a celebrity tweeted about the product and linked to your home page. You look at another graph that shows performance of the most frequently visited pages. The search page is overloaded and slowing down. A huge crowd of people is coming to your site but can’t find the product they are looking for, so they are all using search. You log on to your site’s content management system and put a promotional ad for the new product at the center of the home page. Search traffic starts to drop, and traffic to the new product page starts to rise, and so does traffic to the shopping cart page. You look at the top 10 products added to the cart and the top 10 products purchased; the new product tops the list. You send a note to the PR department to follow up. Incoming traffic is now converting to sales instead of frustration, exactly what you want to happen. Your ability to make the most of an unforeseen opportunity was made possible by Splunk. Your next step is to make sure that you have enough of that product in stock, a great problem to have.
Approaching Splunk cleverdata.ru | info@cleverdata.ru As you use Splunk to answer questions, you’ll find that you can break the task into three phases: • First, identify the data that can answer your question. • Second, transform the data into the results that can answer your question. • Third, display the answer in a report, interactive chart, or graph to make it intelligible to a wide range of audiences. Begin with the questions you want to answer: • Why did that system fail? • Why is it so slow lately? • Where are people having trouble with our web- site? • How many purchases? • What is conversion? • What are TOP/FLOP products? • And many others questions
Splunk: The Company and the Concept In 2002, Erik Swan and Rob Das started talking to companies about their problems. They asked prospective customers, “How do you solve problems in your infrastructure?” These practitioners told Splunk’s founders that solving infrastructure problems was like slowly crawling around in caves (their datacenters) with pickaxes, poor lighting, and limited navigational power (old scripts and log management technologies). In short, it was like spelunking—and so, the name “Splunk” was born. “Why couldn’t searching IT data be as easy and intuitive as a GoogleTM search?” cleverdata.ru | info@cleverdata.ru
How Splunk Mastered Machine Data in the Datacenter • Creating a central repository is vital: One of the major victories of Splunk is the way that diverse types of data from many different sources are centralized for searching. • Splunk converts data into answers: Splunk helps you find the in- sights that are buried cleverdata.ru | info@cleverdata.ru in the data. • Splunk helps you understand the structure and meaning of data: The more you understand your data, the more you’ll see in it. Splunk also helps you capture what you learn to make future investigations easier and to share what you’ve learned with others. • Visualization closes the loop: All that indexing and searching pays off when you see a chart or a report that makes an answer crystal clear. Being able to visualize data in different ways accelerates understanding and helps you share that understanding with others.
Operational Intelligence Splunk has been at the forefront of raising awareness about operational intelligence, a new category of methods and technology for using machine data to gain visibility into the business and discover insights for IT and the entire enterprise. Operational intelligence enables organizations to: • Use machine data to gain a deeper understanding of their customers: For example, if you just track transactions on a website, you see what people bought. But by looking closely at the web server logs you can see all the pages they looked at before they purchased, and, perhaps even more important for the bottom line, you can see the pages that the people who didn’t buy looked at. (Remember our new product search example from the intro?) • Reveal important patterns and analytics derived from correlating events from many sources: When you can track indicators of consumer behavior from websites, call detail records, social media, and in-store retail transactions, a far more complete picture of the customer emerges. As more and more customer interactions show up in machine data, more can be learned. • Reduce the time between an important event and its detection: Machine data can be monitored and cleverdata.ru | info@cleverdata.ru correlated in real time. • Leverage live feeds and historical data to make sense of what is happening now, to find trends and anomalies, and to make more informed decisions based on that information: For example, the traffic created by a web promotion can be measured in real time and compared with previous promotions. • Deploy a solution quickly and deliver the flexibility needed by organizations today and in the future—that is, the ability to provide ad hoc reports, answer questions, and add new data sources: Splunk data can be presented in traditional dashboards that allow users to explore the events and keep asking new questions.
Operational Intelligence at Work Using machine data in Splunk helps solve vexing business problems. Here are a few examples: • An operations team implemented a cloud-delivered customer-facing application and used Splunk for diagnostics. They soon realized they could track user statistics and better plan capacity—a metric with profound business implications. • Web server traffic logs can be used to track shopping carts being filled and abandoned in real time. The marketing department can use this information to determine where consumers are getting stuck and what types of purchases are being abandoned so that any problems can be fixed right away and promotions can target items that are abandoned. • Organizations using Splunk to monitor applications for troubleshooting have realized that they can easily provide views to their first-line support team to handle customer calls directly, versus escalating those calls to expensive engineering resources. • A major utility company was able to eliminate costly software maintenance fees by replacing six other monitoring and diagnostic tools with Splunk, while enhancing their NERC and SOX compliance efforts. • A major public media organization reduced the time it took to capture critical web analytics from months to hours. They were also able to track their digital assets with a granularity and accuracy that they couldn’t have otherwise, resulting in better royalty accounting and content marketing. • A taco fast-food restaurant connected its points of sale (POS) to Splunk, and within an hour, business analysts were able to begin answering questions like, “How many people are buying tacos in the midnight-to-2 AM period, in this geography, during this time of the year?” Operational intelligence enables organizations to ask the right questions, leading to answers that deliver business insights, using combinations of real-time and historical data, displayed in easily digestible dashboards and graphical tools. cleverdata.ru | info@cleverdata.ru
Machine Data Basics Splunk> mission is to make machine data useful for people. Systems (such as web servers or load balancers or video games or social media platforms) write to log files when they are running. This information (the machine data in the log files can use to understand what those systems are doing as they run (or fail to run). The universe covered by machine data is much more than log files—it includes data from configuration, clickstreams, change events, diagnostics, APIs, message queues, and custom applications. cleverdata.ru | info@cleverdata.ru Some types of machine data: • Applications Logs • Web Access Logs • Web Proxy Logs • Call Detail Record (CDR) • Clickstream data • Message Queue • Packet Data • Configuration Files • Firewall and IDS logs • Database Audit Logs and Tables • File System Audit Logs • Management and Logging APIs • OS Metrics, Status, and Diagnostic Commands • Logs from DNS, DHCP, and other network services record • Syslogs from your routers, switches, and network • OS logs • Tweets
Machine Data Contains Critical Insights cleverdata.ru | info@cleverdata.ru
Splunk Data Sources During indexing, Splunk can read machine data from any number of sources. The most common input sources are: cleverdata.ru | info@cleverdata.ru • files: Splunk can monitor specific files or directories. If data is added to a file or a new file is added to a monitored directory, Splunk reads that data. • the network: Splunk can listen on TCP or UDP ports, reading any data sent. • scripted inputs: Splunk can read the machine data output by pro- grams or scripts, such as a Unix® command or a custom script that monitors sensors. • apps
Platform for Machine Data cleverdata.ru | info@cleverdata.ru
Splunk indexes raw data by creating a time-based map of the words in the data without modifying the data itself by dividing a stream of machine data into individual events. cleverdata.ru | info@cleverdata.ru Each event has at leas 4 default fields: Understanding How Splunk Indexes Data
Searching with Splunk cleverdata.ru | info@cleverdata.ru
SPLTM: Search Processing Language index="mygizmostoreindex" | chart count AS views, count(eval(method="purchase")) AS purchases by categoryId | rename views as "Views", purchases AS "Purchases", categoryId AS "Category” index="csv_zakupki" | stats sum("Общая цена контракта тыс_ руб") as Summa, sum("Количество допущеных заявок") as Qty by "Победитель"| eval "Средняя цена контракта"=(Summa/Qty) |sort -"Средняя цена контракта" | head 10 | fields - Summa, Qty cleverdata.ru | info@cleverdata.ru
Geospatial data based on IP cleverdata.ru | info@cleverdata.ru
Web Store Dashboard cleverdata.ru | info@cleverdata.ru
Web Site Monitoring Tool cleverdata.ru | info@cleverdata.ru
Why Splunk fast? The typical components of a Splunk deployment are made up of the following (all of which can exist on a single machine): • Search Head: The web service you login to through your browser and submit searches, cleverdata.ru | info@cleverdata.ru view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer When a search is submitted by a user, the search head submits that search to each indexer individually and they run in parallel (distributed). A “map” function grabbing data in parallel execution fashion. sourcetype=syslog src_ip=192.168.1.1 | chart count by host The map function = “sourcetype=syslog src_ip=192.168.1.1” The reduce function = “chart count by host” Splunk is unique because it built a framework around MapReduce and setup a very handy search language that easily and directly gets translated into a MapReduce job.
Splunk Architecture • Scales to TBs/day and Thousands of Users • Automatic load balancing linearly scales indexing • Distributed search and MapReduce linearly scales search and reporting cleverdata.ru | info@cleverdata.ru
Scaling and High Availability cleverdata.ru | info@cleverdata.ru The functionality of Splunk can be roughly broken down into three basic areas: • Search Head: The web service you login to through your browser and submit searches, view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer Splunk can scale them individually. Clustering Splunk indexers is the way to achieve high availability. The coordination of the replication, failure, and other clustering specific items is done by a cluster master.

Recommended

Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
Splunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
Georg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojo
Splunk
 

Recommended

Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
Splunk
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
SplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with SplunkSplunkLive! - Getting started with Splunk
SplunkLive! - Getting started with Splunk
Splunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
Georg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojoSplunkLive! London: Splunk ninjas- new features and search dojo
SplunkLive! London: Splunk ninjas- new features and search dojo
Splunk
 
Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
Sunil Kumar
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
Robb Boyd
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
Splunk
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
Splunk
 
Splunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojoSplunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojo
Splunk
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
Dimitri McKay - CISSP
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
Splunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 

More Related Content

What's hot

Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
Splunk
 

What's hot (20)

Splunk Insights
Splunk InsightsSplunk Insights
Splunk Insights
 
SplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with SplunkSplunkLive! Presentation - Data Onboarding with Splunk
SplunkLive! Presentation - Data Onboarding with Splunk
 
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk WorkshopCisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
 
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boardingSplunkLive! Splunk Enterprise 6.3 - Data On-boarding
SplunkLive! Splunk Enterprise 6.3 - Data On-boarding
 
SplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT OperationsSplunkLive! - Splunk for IT Operations
SplunkLive! - Splunk for IT Operations
 
Splunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojoSplunk Ninjas: New features, pivot, and search dojo
Splunk Ninjas: New features, pivot, and search dojo
 
Splunk live beginner training nyc
Splunk live beginner training nycSplunk live beginner training nyc
Splunk live beginner training nyc
 
What's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-BoardingWhat's New in 6.3 + Data On-Boarding
What's New in 6.3 + Data On-Boarding
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

Viewers also liked

SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 

Viewers also liked (9)

SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
Taking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – ArchitectureTaking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – Architecture
 
Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimization
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better Code
 
Splunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into SplunkSplunk conf2014 - Onboarding Data Into Splunk
Splunk conf2014 - Onboarding Data Into Splunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Deploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do SplunkDeploying Splunk. Arquitetura e dimensionamento do Splunk
Deploying Splunk. Arquitetura e dimensionamento do Splunk
 

Similar to Exploring Splunk

Unlocking big data
Unlocking big dataUnlocking big data
Unlocking big data
Orchestrate Mortgage and Title Solutions, LLC
 
Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0
Isaac Mosquera
 
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Lucidworks (Archived)
 
BigData Analytics_1.7
BigData Analytics_1.7BigData Analytics_1.7
BigData Analytics_1.7
Rohit Mittal
 
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryAge of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Inside Analysis
 

Similar to Exploring Splunk (20)

Splunk for big_data
Splunk for big_dataSplunk for big_data
Splunk for big_data
 
Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Operational Analytics: Best Software For Sourcing Actionable Insights 2013Operational Analytics: Best Software For Sourcing Actionable Insights 2013
Operational Analytics: Best Software For Sourcing Actionable Insights 2013
 
How Startups can leverage big data?
How Startups can leverage big data?How Startups can leverage big data?
How Startups can leverage big data?
 
Big Data
Big DataBig Data
Big Data
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
 
Splunk
SplunkSplunk
Splunk
 
Unlocking big data
Unlocking big dataUnlocking big data
Unlocking big data
 
Web Scraping Services.pptx
Web Scraping Services.pptxWeb Scraping Services.pptx
Web Scraping Services.pptx
 
Harness the power of data
Harness the power of dataHarness the power of data
Harness the power of data
 
Big Data at the Speed of Business: Lessons Learned from Leading at the Edge
Big Data at the Speed of Business: Lessons Learned from Leading at the EdgeBig Data at the Speed of Business: Lessons Learned from Leading at the Edge
Big Data at the Speed of Business: Lessons Learned from Leading at the Edge
 
Splunk/Socialize at Hadoop Summit
Splunk/Socialize at Hadoop SummitSplunk/Socialize at Hadoop Summit
Splunk/Socialize at Hadoop Summit
 
Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0Hadoop summit socialize_v1.0
Hadoop summit socialize_v1.0
 
Going Responsive with Google Analytics - EdUi
Going Responsive with Google Analytics - EdUiGoing Responsive with Google Analytics - EdUi
Going Responsive with Google Analytics - EdUi
 
Top Big data Analytics tools: Emerging trends and Best practices
Top Big data Analytics tools: Emerging trends and Best practicesTop Big data Analytics tools: Emerging trends and Best practices
Top Big data Analytics tools: Emerging trends and Best practices
 
Gain a Holistic View of your Customer's Journey
Gain a Holistic View of your Customer's JourneyGain a Holistic View of your Customer's Journey
Gain a Holistic View of your Customer's Journey
 
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
Guidelines for Managers: What Lucene and Solr Open Source Search can do for E...
 
BigData Analytics_1.7
BigData Analytics_1.7BigData Analytics_1.7
BigData Analytics_1.7
 
Mighty Guides- Data Disruption
Mighty Guides- Data DisruptionMighty Guides- Data Disruption
Mighty Guides- Data Disruption
 
Age of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide DiscoveryAge of Exploration: How to Achieve Enterprise-Wide Discovery
Age of Exploration: How to Achieve Enterprise-Wide Discovery
 
Hh
HhHh
Hh
 

More from Dmitry Anoshin

Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical SolutionEnterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Dmitry Anoshin
 
AWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWSAWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWS
Dmitry Anoshin
 
Microstrategy for Retailer Company
Microstrategy for Retailer CompanyMicrostrategy for Retailer Company
Microstrategy for Retailer Company
Dmitry Anoshin
 
SAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report DevelopmentSAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report Development
Dmitry Anoshin
 

More from Dmitry Anoshin (20)

Building Modern Data Platform with Microsoft Azure
Building Modern Data Platform with Microsoft AzureBuilding Modern Data Platform with Microsoft Azure
Building Modern Data Platform with Microsoft Azure
 
Building Modern Data Platform with AWS
Building Modern Data Platform with AWSBuilding Modern Data Platform with AWS
Building Modern Data Platform with AWS
 
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
Cloud Analytics Use Cases and Architecture, Math Marketing Conference, Russia...
 
Victoria Tableau User Group - Getting started with Tableau
Victoria Tableau User Group - Getting started with TableauVictoria Tableau User Group - Getting started with Tableau
Victoria Tableau User Group - Getting started with Tableau
 
Hey, what is about data?
Hey, what is about data?Hey, what is about data?
Hey, what is about data?
 
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical SolutionEnterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
Enterprise Data World 2018 - Building Cloud Self-Service Analytical Solution
 
AWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWSAWS User Group: Building Cloud Analytics Solution with AWS
AWS User Group: Building Cloud Analytics Solution with AWS
 
Tableau API
Tableau APITableau API
Tableau API
 
My experience of writing technical books
My experience of writing technical booksMy experience of writing technical books
My experience of writing technical books
 
Business objects activities web intelligence
Business objects activities web intelligenceBusiness objects activities web intelligence
Business objects activities web intelligence
 
Splunk 6.2 new features
Splunk 6.2 new featuresSplunk 6.2 new features
Splunk 6.2 new features
 
Business Analytics Paradigm Change
Business Analytics Paradigm ChangeBusiness Analytics Paradigm Change
Business Analytics Paradigm Change
 
SAP BO and Teradata best practices
SAP BO and Teradata best practicesSAP BO and Teradata best practices
SAP BO and Teradata best practices
 
Splunk Digital Intelligence
Splunk Digital IntelligenceSplunk Digital Intelligence
Splunk Digital Intelligence
 
Role of Tableau on the Data Discovery Market
Role of Tableau on the Data Discovery MarketRole of Tableau on the Data Discovery Market
Role of Tableau on the Data Discovery Market
 
SAP Lumira - Building visualizations
SAP Lumira - Building visualizationsSAP Lumira - Building visualizations
SAP Lumira - Building visualizations
 
SAP Lumira - Acquiring data
SAP Lumira - Acquiring dataSAP Lumira - Acquiring data
SAP Lumira - Acquiring data
 
SAP Lumira - Enriching data
SAP Lumira - Enriching dataSAP Lumira - Enriching data
SAP Lumira - Enriching data
 
Microstrategy for Retailer Company
Microstrategy for Retailer CompanyMicrostrategy for Retailer Company
Microstrategy for Retailer Company
 
SAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report DevelopmentSAP BusinessObjects 4.1 Web Intelligence Report Development
SAP BusinessObjects 4.1 Web Intelligence Report Development
 

Recently uploaded

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 

Recently uploaded (20)

Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Exploring Splunk

  • 2. Splunk to the Rescue in the Datacenter It’s 2 AM, the web site is down. Why did it fail? Was it the web servers, the applications, the database servers, a full disk, or load balancers on the fritz? cleverdata.ru | info@cleverdata.ru Relax. You deployed Splunk yesterday. Search the log files from all your web servers, databases, firewalls, routers, and load balancers, as well as search configuration files and data from all your other devices, operating systems, or applications of interest. A graph of web server show me when was a problem - at 5:03 PM, errors on the web servers spiked dramatically -> check top 10 pages with errors: The home page is okay. The search page is okay. The shopping cart is the problem. Starting at 5:03, every request to that page produced an error. Shopping cart connected to a database -> logs shows the database is up -> ecommerce server logs. At 5:03 PM, the ecommerce server cannot connect to the database server. -> changes to the configuration files and see that someone changed a network setting. It was done incorrectly. You contact the person who made the change, who rolls it back, and the system starts working again.
  • 3. Splunk to the Rescue in the Marketing Department cleverdata.ru | info@cleverdata.ru The promotions department of a large retailer. Looking at the graph for the last few hours, you see a spike 20 minutes ago. Searches for your company name and your latest product are way up. You check a report on top referring URLs in the past hour and Splunk shows that a celebrity tweeted about the product and linked to your home page. You look at another graph that shows performance of the most frequently visited pages. The search page is overloaded and slowing down. A huge crowd of people is coming to your site but can’t find the product they are looking for, so they are all using search. You log on to your site’s content management system and put a promotional ad for the new product at the center of the home page. Search traffic starts to drop, and traffic to the new product page starts to rise, and so does traffic to the shopping cart page. You look at the top 10 products added to the cart and the top 10 products purchased; the new product tops the list. You send a note to the PR department to follow up. Incoming traffic is now converting to sales instead of frustration, exactly what you want to happen. Your ability to make the most of an unforeseen opportunity was made possible by Splunk. Your next step is to make sure that you have enough of that product in stock, a great problem to have.
  • 4. Approaching Splunk cleverdata.ru | info@cleverdata.ru As you use Splunk to answer questions, you’ll find that you can break the task into three phases: • First, identify the data that can answer your question. • Second, transform the data into the results that can answer your question. • Third, display the answer in a report, interactive chart, or graph to make it intelligible to a wide range of audiences. Begin with the questions you want to answer: • Why did that system fail? • Why is it so slow lately? • Where are people having trouble with our web- site? • How many purchases? • What is conversion? • What are TOP/FLOP products? • And many others questions
  • 5. Splunk: The Company and the Concept In 2002, Erik Swan and Rob Das started talking to companies about their problems. They asked prospective customers, “How do you solve problems in your infrastructure?” These practitioners told Splunk’s founders that solving infrastructure problems was like slowly crawling around in caves (their datacenters) with pickaxes, poor lighting, and limited navigational power (old scripts and log management technologies). In short, it was like spelunking—and so, the name “Splunk” was born. “Why couldn’t searching IT data be as easy and intuitive as a GoogleTM search?” cleverdata.ru | info@cleverdata.ru
  • 6. How Splunk Mastered Machine Data in the Datacenter • Creating a central repository is vital: One of the major victories of Splunk is the way that diverse types of data from many different sources are centralized for searching. • Splunk converts data into answers: Splunk helps you find the in- sights that are buried cleverdata.ru | info@cleverdata.ru in the data. • Splunk helps you understand the structure and meaning of data: The more you understand your data, the more you’ll see in it. Splunk also helps you capture what you learn to make future investigations easier and to share what you’ve learned with others. • Visualization closes the loop: All that indexing and searching pays off when you see a chart or a report that makes an answer crystal clear. Being able to visualize data in different ways accelerates understanding and helps you share that understanding with others.
  • 7. Operational Intelligence Splunk has been at the forefront of raising awareness about operational intelligence, a new category of methods and technology for using machine data to gain visibility into the business and discover insights for IT and the entire enterprise. Operational intelligence enables organizations to: • Use machine data to gain a deeper understanding of their customers: For example, if you just track transactions on a website, you see what people bought. But by looking closely at the web server logs you can see all the pages they looked at before they purchased, and, perhaps even more important for the bottom line, you can see the pages that the people who didn’t buy looked at. (Remember our new product search example from the intro?) • Reveal important patterns and analytics derived from correlating events from many sources: When you can track indicators of consumer behavior from websites, call detail records, social media, and in-store retail transactions, a far more complete picture of the customer emerges. As more and more customer interactions show up in machine data, more can be learned. • Reduce the time between an important event and its detection: Machine data can be monitored and cleverdata.ru | info@cleverdata.ru correlated in real time. • Leverage live feeds and historical data to make sense of what is happening now, to find trends and anomalies, and to make more informed decisions based on that information: For example, the traffic created by a web promotion can be measured in real time and compared with previous promotions. • Deploy a solution quickly and deliver the flexibility needed by organizations today and in the future—that is, the ability to provide ad hoc reports, answer questions, and add new data sources: Splunk data can be presented in traditional dashboards that allow users to explore the events and keep asking new questions.
  • 8. Operational Intelligence at Work Using machine data in Splunk helps solve vexing business problems. Here are a few examples: • An operations team implemented a cloud-delivered customer-facing application and used Splunk for diagnostics. They soon realized they could track user statistics and better plan capacity—a metric with profound business implications. • Web server traffic logs can be used to track shopping carts being filled and abandoned in real time. The marketing department can use this information to determine where consumers are getting stuck and what types of purchases are being abandoned so that any problems can be fixed right away and promotions can target items that are abandoned. • Organizations using Splunk to monitor applications for troubleshooting have realized that they can easily provide views to their first-line support team to handle customer calls directly, versus escalating those calls to expensive engineering resources. • A major utility company was able to eliminate costly software maintenance fees by replacing six other monitoring and diagnostic tools with Splunk, while enhancing their NERC and SOX compliance efforts. • A major public media organization reduced the time it took to capture critical web analytics from months to hours. They were also able to track their digital assets with a granularity and accuracy that they couldn’t have otherwise, resulting in better royalty accounting and content marketing. • A taco fast-food restaurant connected its points of sale (POS) to Splunk, and within an hour, business analysts were able to begin answering questions like, “How many people are buying tacos in the midnight-to-2 AM period, in this geography, during this time of the year?” Operational intelligence enables organizations to ask the right questions, leading to answers that deliver business insights, using combinations of real-time and historical data, displayed in easily digestible dashboards and graphical tools. cleverdata.ru | info@cleverdata.ru
  • 9. Machine Data Basics Splunk> mission is to make machine data useful for people. Systems (such as web servers or load balancers or video games or social media platforms) write to log files when they are running. This information (the machine data in the log files can use to understand what those systems are doing as they run (or fail to run). The universe covered by machine data is much more than log files—it includes data from configuration, clickstreams, change events, diagnostics, APIs, message queues, and custom applications. cleverdata.ru | info@cleverdata.ru Some types of machine data: • Applications Logs • Web Access Logs • Web Proxy Logs • Call Detail Record (CDR) • Clickstream data • Message Queue • Packet Data • Configuration Files • Firewall and IDS logs • Database Audit Logs and Tables • File System Audit Logs • Management and Logging APIs • OS Metrics, Status, and Diagnostic Commands • Logs from DNS, DHCP, and other network services record • Syslogs from your routers, switches, and network • OS logs • Tweets
  • 10. Machine Data Contains Critical Insights cleverdata.ru | info@cleverdata.ru
  • 11. Splunk Data Sources During indexing, Splunk can read machine data from any number of sources. The most common input sources are: cleverdata.ru | info@cleverdata.ru • files: Splunk can monitor specific files or directories. If data is added to a file or a new file is added to a monitored directory, Splunk reads that data. • the network: Splunk can listen on TCP or UDP ports, reading any data sent. • scripted inputs: Splunk can read the machine data output by pro- grams or scripts, such as a Unix® command or a custom script that monitors sensors. • apps
  • 12. Platform for Machine Data cleverdata.ru | info@cleverdata.ru
  • 13. Splunk indexes raw data by creating a time-based map of the words in the data without modifying the data itself by dividing a stream of machine data into individual events. cleverdata.ru | info@cleverdata.ru Each event has at leas 4 default fields: Understanding How Splunk Indexes Data
  • 14. Searching with Splunk cleverdata.ru | info@cleverdata.ru
  • 15. SPLTM: Search Processing Language index="mygizmostoreindex" | chart count AS views, count(eval(method="purchase")) AS purchases by categoryId | rename views as "Views", purchases AS "Purchases", categoryId AS "Category” index="csv_zakupki" | stats sum("Общая цена контракта тыс_ руб") as Summa, sum("Количество допущеных заявок") as Qty by "Победитель"| eval "Средняя цена контракта"=(Summa/Qty) |sort -"Средняя цена контракта" | head 10 | fields - Summa, Qty cleverdata.ru | info@cleverdata.ru
  • 16. Geospatial data based on IP cleverdata.ru | info@cleverdata.ru
  • 17. Web Store Dashboard cleverdata.ru | info@cleverdata.ru
  • 18. Web Site Monitoring Tool cleverdata.ru | info@cleverdata.ru
  • 19. Why Splunk fast? The typical components of a Splunk deployment are made up of the following (all of which can exist on a single machine): • Search Head: The web service you login to through your browser and submit searches, cleverdata.ru | info@cleverdata.ru view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer When a search is submitted by a user, the search head submits that search to each indexer individually and they run in parallel (distributed). A “map” function grabbing data in parallel execution fashion. sourcetype=syslog src_ip=192.168.1.1 | chart count by host The map function = “sourcetype=syslog src_ip=192.168.1.1” The reduce function = “chart count by host” Splunk is unique because it built a framework around MapReduce and setup a very handy search language that easily and directly gets translated into a MapReduce job.
  • 20. Splunk Architecture • Scales to TBs/day and Thousands of Users • Automatic load balancing linearly scales indexing • Distributed search and MapReduce linearly scales search and reporting cleverdata.ru | info@cleverdata.ru
  • 21. Scaling and High Availability cleverdata.ru | info@cleverdata.ru The functionality of Splunk can be roughly broken down into three basic areas: • Search Head: The web service you login to through your browser and submit searches, view dashboards, etc. • Indexer: Does initial parsing of event data and stores it to disk • Forwarder: Gathers the event data and delivers it to an Indexer Splunk can scale them individually. Clustering Splunk indexers is the way to achieve high availability. The coordination of the replication, failure, and other clustering specific items is done by a cluster master.

Editor's Notes

  1. Machine-generated data has long been used in the data center by IT professionals but has only recently been recognized as a new source for helping other departments. Sometimes called IT data or operational data, machine data is all of the data generated by applications, servers, network devices, security devices, and other systems in your business. The universe covered by machine data is much more than log files—it includes data from configuration, clickstreams, change events, diagnos- tics, APIs, message queues, and custom applications. This data is rigidly structured, time-series based, and high-volume. It’s generated by almost every component in IT, and its formats and sources vary widely. Thou- sands of distinct log formats, many from custom applications, are critical to diagnosing service problems, detecting sophisticated security threats, and demonstrating compliance. And with the explosion of connected de- vices, the sheer amount of information being created by machines of all kinds—GPS devices, RFID tags, mobile phones, utility equipment, and so on—is expanding more quickly than our ability to process and use it. The value of machine data is not news to IT professionals; they have used it for years. Increasingly, users of Splunk find that it can also help shed light on business issues. Machine data is most often stored in large files, and before Splunk, it would lie around dormant until problems arose and these files had to be manually inspected. With Splunk these files are indexed and useable. Business users are used to dealing with data generated by people par- ticipating in business processes. Most often this transactional data, as it’s called, is stored in one of two forms.