Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Splunk Sales Presentation: Operational Intelligence from Machine Data
Similar to Splunk Sales Presentation: Operational Intelligence from Machine Data (20)
Recently uploaded
Recently uploaded (20)
Splunk Sales Presentation: Operational Intelligence from Machine Data
- 1. Copyright © 2011, Splunk Inc. Listen to your data. 2/10/2015 Sales Presentation Splunk
- 2. Copyright © 2011, Splunk Inc. Listen to your data. Agenda 2 • Splunk Company Overview • What is Splunk • Enabling Operational Intelligence • Splunk Use Examples • Splunk Trial & Demo • Q & A
- 3. Copyright © 2011, Splunk Inc. Listen to your data. Company Overview • Splunk (NASDAQ: SPLK) Founded 2004, First software release in 2006 • HQ: San Francisco / Region HQ: London, Hong Kong Over 600 employees, based in 12 countries • Customers in over 85 countries 54 of the Fortune 100 • Largest license: 100 Terabytes per day 3
- 4. Copyright © 2011, Splunk Inc. Listen to your data. Managing Machine Driven Data Across All IT 4 No real standards– formats,types and sources vary widely IT environmentsbecomingmore dynamic and complex Volumes of log data growing Traditionalmanagementtools too costlyand don’t scale Logs containdatacriticalfor running, securingand auditingIT
- 5. Copyright © 2011, Splunk Inc. Listen to your data. Industry Leading Platform for Machine Data 5 Enterprise Scalability Search and Investigation Proactive Monitoring Operational Visibility Real-time Business Insights Operational IntelligenceAny Machine Data Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom Applications Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID Datacenter Private Cloud Public Cloud
- 6. Copyright © 2011, Splunk Inc. Listen to your data. Industry Leading Platform for Machine Data 6 Enterprise Scalability Search and Investigation Proactive Monitoring Operational Visibility Real-time Business Insights Operational IntelligenceAny Machine Data Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstream s Databases Energy Meters Call Detail Records Smartphones and Devices RFID Datacenter Private Cloud Public Cloud Any amount, any location, any source Schema- on-the-fly Universal indexing No back-end RDBMS No need to filter data
- 7. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Functions 7 Searching and Reporting (Search Head) Indexing and Search Services (Indexer) Data Collection and Forwarding (Forwarder) Local and Distributed Management (Deployment Server) A splunk> installation can be one or all of these …
- 8. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Indexer 8 Get started with a single splunk> Indexer. You can index, search, alert, report, correlate within 15 minutes. Send in syslog data Pull in local data via File or Dir monitoring, WMI, and/or Scripted Inputs Scripts Logs Messages Servers & Desktops Firewalls, Routers, Switches
- 9. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Scales to TBs/day and 1,000s of Users 9 Automatic load balancing linearly scales indexing Distributed Search with MapReduce linearly scales search and reporting
- 10. Copyright © 2011, Splunk Inc. Listen to your data. Enabling Operational Intelligence 10 Search and Discovery Reactive IT silo chaos Investigate, find and fix problems dramatically faster across your organization Proactive
- 11. Copyright © 2011, Splunk Inc. Listen to your data. Search & Discovery 11 Search and Discovery Reactive IT silo chaos Investigate, find and fix problems dramatically faster across your organization Proactive
- 12. Copyright © 2011, Splunk Inc. Listen to your data. Multiple Datacenters 12 Headquarters Arizona California Georgia New York Distributed Search Index and store locally. Distribute searches to datacenters, networks & geographies.
- 13. Copyright © 2011, Splunk Inc. Listen to your data. Enabling Operational Intelligence 13 Search and Investigate Proactive Monitoring Reactive Automatically monitor to identify issues, problems and attacks before they impact your customers and services IT silo chaos Proactive
- 14. Copyright © 2011, Splunk Inc. Listen to your data. Proactive Monitoring 14
- 15. Copyright © 2011, Splunk Inc. Listen to your data. Enabling Operational Intelligence 15 Search and Investigate Proactive Monitoring Operational Visibility Reactive IT silo chaos Proactive
- 16. Copyright © 2011, Splunk Inc. Listen to your data. Operational Visibility 16
- 17. Copyright © 2011, Splunk Inc. Listen to your data. Enabling Operational Intelligence 17 Search and Investigate Proactive Monitoring Operational Visibility Real-time Business Insights Proactive Reactive IT silo chaos Gain real-time insight from operational data to make better-informed business decisions
- 18. Copyright © 2011, Splunk Inc. Listen to your data. Real Time Operations Insights 18
- 19. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for Operating Systems 19 Proactive Monitoring Operational Analytics End-to-End Visibility Get instant insight into infrastructure health OS metrics for performance, capacity & resource allocation analyses Scale and correlate across all tiers of your technology stack
- 20. Copyright © 2011, Splunk Inc. Listen to your data. Splunk for Virtualization & Storage 20 Proactive Monitoring Operational Analytics End-to-End Visibility Real-time actionable insights into problem spots and health issues Real-time & historical insights into performance, security, capacity, forecasting and change tracking Scalable Big Data solution for holistic visibility across all technology tiers
- 21. Copyright © 2011, Splunk Inc. Listen to your data. Splunk For Infrastructure 21 Keep the Agency or Organization Running Increase Productivity Access to Intelligence Proactively monitor the one service that all other systems actively depend on Analyze, report & monitor via simple dashboards and decrease troubleshooting time Get detailed information on irregular activities affecting security policies or SLA
- 22. Copyright © 2011, Splunk Inc. Listen to your data. Powerful Cross-Tier Operational Analytics 22 Harness IT data for business decision-making Data driven decisions across the enterprise Forecasting and planning Root cause analysis Proactive alerting User/Usage analytics Change monitoring Security and forensics
- 23. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Supports Diverse Apps/Solutions 23 Security IronPort WSA CDR
- 24. Copyright © 2011, Splunk Inc. Listen to your data. DEMO 24
- 25. Copyright © 2011, Splunk Inc. Listen to your data. Pricing 25 Index Volume Perpetual License (per GB) Annual Term License (per GB) Volume Purchase Discount 1GB Per Day $4,500 $1,800 0% 10GB Per Day $2,500 $1,000 44% 50GB Per Day $1,900 $760 58% 100GB Per Day $1,500 $600 67% >100GB Per Day for custom pricing with additional volume discounts
- 26. Copyright © 2011, Splunk Inc. Listen to your data. Splunk = Platform For IT Operational Intelligence 26 Apps and Add-ons Accelerate Value From Machine Data API SDKs UI Server, Storage, Network Server Virtualization Operating Systems Infrastructure Applications Business Applications Cloud Services XenApp XenDesktop Other Monitoring Ticketing/Help Desk Web Intelligence No rigid schemas– Add in data from any other source Custom Applications
- 27. Copyright © 2011, Splunk Inc. Listen to your data.27 Splunk provides a platform for IT and Government Operations to gain visibility, insights and intelligence from all machine data Strong ecosystem of apps deliver end-to-end operational visibility enabling IT to reduce costs, consolidate tools and eliminate silos Splunk delivers Operational Intelligence allowing IT to go beyond maintenance to enabling Government organizational insights, security and Mission operational improvements
- 28. Copyright © 2011, Splunk Inc. Listen to your data. Thank You :)
- 29. Copyright © 2011, Splunk Inc. Listen to your data. Technical Help: Splunk Answers 29 http://answers.splunk.com Community driven Splunk supported Knowledge exchange Q & A
- 30. Copyright © 2011, Splunk Inc. Listen to your data. Integrate Users and Roles 30 Problem Investigation Problem Investigation Problem Investigation Save Searches Share Searches LDAP, AD Users and Groups SplunkFlexibleRoles Manage Users Manage Indexes Capabilities& Filters org=OIT app=ERP … Map LDAP & AD groups to flexible Splunk roles. Define any search as a filter. Integrate authentication with LDAP and Active Directory.
- 31. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Indexer 31 Get started with a single splunk> Indexer. You can index, search, alert, report, correlate within 15 minutes. Send in syslog data Pull in local data via File or Dir monitoring, WMI, and/or Scripted Inputs Scripts Logs Messages Servers & Desktops Firewalls, Routers, Switches
- 32. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Indexer with Forwarders 32
- 33. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Scales Across the Datacenter 33 Send data from 1,000s of servers using combination of splunk> Forwarders, syslog, WMI, message queues, or other remote protocols Auto load-balanced forwarding to as many splunk> Indexers as you need to index, up to TBs/day Offload search with dedicated splunk> Search Head(s)
- 34. Copyright © 2011, Splunk Inc. Listen to your data. Splunk Runs Across Data Centers 34 Distributed search unifies the view across locations Role-based access controls how far a given user's search will span
Editor's Notes
- Splunk’s patent technology makes us the industry leader in addressing complex management of Machine Data across your agencies entire IT environment. This slide shows some of the challenges Government and other organizations have with Machine data across their organizations. Splunk was built on our founders’ frustrations running some of the world’s largest data centers and e-commerce sites. Companies like Infoseek, Yahoo, Disney, all of which had issues managing large geographically dispersed, complex, and highly dynamic infrastructures. While they were surrounded by the most state-of-the-art IT management technologies available, they found it nearly impossible to easily troubleshoot, secure and audit these various new IT Big Data Technologies in their environments. They knew there was a better way and they founded Splunk. Getting the data you need when you need it is labor-intensive, complex, and in many cases not possible without spending allot of money and resources. And as Virtualization, SaaS, Mobile, and Big Data Technology adoption keeps growing within the Government and in industry at a rapid rate, this keeps adding more data with increased abstraction and added management complexity.
- The concept behind Splunk is simple: if Google could make it possible for users to search billions of pages of Web content, why couldn’t we do that across datacenters and IT environments? That’s what we have built, an engine to search, alert, monitor and report on all “IT data”. And we do this in a way that can be understood and visualized by decision makers who may or may not be IT Data Architects or Analyst. For example SPLUNK MINT (Mobile Intelligence for your Mobile Apps) enabling your organization to work more effectively by ensuring mobile apps are performing as expected and and providing insights on mobile transaction performance and usage. This results in improvements to mobile app development or investing based on users behavours, keeping mobile users more effective and efficient, and
- With Splunk Government Agencies can search and analyze all their IT data from one location in real-time. IT data such as all your logs, messages, configurations, metrics in virtual and non-virtual environments. This enables organizations to make better use of their investments in data and run IT with less cost, resources, and more effectively and efficiently. Traditional approaches have been built using a “schema first” mindset and attempt to normalize every data source to fit it into this predetermined database schema. This approach is costly and rigid. New data sources require new schemas or custom adapters. As Government moves toward SaaS, cloud and NoSQL environments in some cases with certain areas and not in others it becomes even more complex. Making searching and retrieving data the traditional ways not possible extremely costly and inefficient. Splunk ingests any type of IT data: no database, no schema, no DBA, no RDBMS license, no custom connector and it scales on inexpensive commodity servers.
- Splunk can be divided into four logical functions. First is Splunk search head. This is the webserver and app interpreting engine that provides the primary, web-based user interface. Since most of the data interpretation happens as-needed at search time, the role of the search head is to translate user and app requests into actionable searches for it’s indexer(s) and display the results. The Splunk web UI is highly customizable, either through our own view and app system, or by embedding Splunk searches in your own web apps via includes or our API. Next, is The core of the Splunk infrastructure which is indexing. An indexer does two things – it accepts and processes new data, adding it to the index and compressing it. The indexer also services search requests, looking through the data it has via it’s indices and returning the appropriate results to the searcher over a compressed communication channel. Indexers scale out almost limitlessly and with almost no degradation in overall performance, allowing Splunk to scale from single-instance small deployments to truly massive Big Data challenges. Splunk forwarders come in two types distribution or a dedicated “Universal Forwarder” . The distribution forwarder can be configured to filter data before transmitting and execute scripts locally. The universal forwarder is an ultra-lightweight agent designed to collect data in the smallest possible footprint. Both flavors of forwarder come with automatic load balancing, SSL encryption and data compression, and the ability to route data to multiple Splunk instances or third party systems. Last but definitely not least to manage your distributed environments, there is the Deployment Server. Deployment server helps you synchronize the configuration of your search heads during distributed searching across your data sources, as well as your forwarders to centrally manage your distributed data collection. Splunk has a simple flat-file configuration system, so if you already have your own config management tools your more comfortable with, you can still utilize them.
- Splunk scales linearly and scales to big data deployments across commodity servers thanks to a MapReduce-based architecture (scalability architecture made popular by Google). A single Splunk indexer can index hundreds of gigabytes per day depending the data sources and load from searching If you have terabytes a day you can linearly scale a single, logical Splunk deployment by adding index servers, using Splunk’s built in forwarder load balancing to distribute the data and using distributed search to provide a single view across all of these servers. Unlike some log management products you get full consolidated reporting and alerting not simply merged query results. We provide a rich set of benchmarking tools and are able to recommend the indexing throughput and compression rate on your particular data in your target configuration. And of course, if you are not sure how much data you need to index, you can set up a test deployment with a trial license and use Splunk itself to measure how much data you’re indexing. Single splunk server called an indexer. Might be sending syslog data from a port or Windows event log data either locally or remotely.
- Splunk allows you divide up the work of search and indexing across as many servers as you need to achieve the performance and scale you require. Using work dividing techniques such as MapReduce, Splunk can take a single search and query as many indexers as you need to complete the job, allowing you to use inexpensive commodity hardware in massively parallel clusters. For example, if you had 1 million events to search, one Indexer can easily complete that search. But it will take a little time – let’s say 30 seconds. However, if the same million events was spread across 10 indexers, the same search would complete in 3 seconds. How fast and how large you want your searches is yours to control by adding indexers as desired.
- Starting w. providing Splunk Search Head - we enable our customers to successfully harnessing their machine data. They can Download and start searching and investigating. The interface would look like this. Search bar for entering errors.
- Search and Discovery Download and start searching and investigating. The interface would look like this. Search bar for entering errors.
- Splunk enables distributed search so entities still have locale access to their own data, while providing a combined views. Whether to optimize your network traffic or meet data segmentation requirements, the Splunk infrastructure can scaled and built out as it makes sense for your organization.
- Enable them to get more proactive by automatically monitor their infrastructure to identify issues, problems and attacks before they impact their operations and services. Customer systems that used to experience outage have remained running because of implementation of this approach.
- Splunk enables our customers to gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions. Operational visibility provides large amounts of intelligence to both Operational Data Analyst and senior IT personnel. Being able to spot SLA infractions in real time, or measure utilization as new services are launched enables IT to not only meet and exceed objectives but gives IT the ability to create those objectives that become measurable using Splunk.
- Finally, delivering real-time operational insight - gain real-time insight from operational data to make better-informed operational decisions. Combining and correlating machine data with operational data provides unique Operational Intelligence. Watching the consumption of new online services by users, channels, or demographics. For example seeing in real time events, creating triggers, getting real time alerts, reporting and dash board views of operational intelligence enable users to be better informed so they can serve customers or public communities and end users much better.
- Example I have here is failed purchase transactions but this could also be – New bad guys/ or hackers trying to enter our system identified over past 72hrs etc..
- Arizona Police Dept.
- Splunk has an enormous user community and support network inside and outside our company. There are over 200 Splunk Apps that are useful downloads to extend Splunk developed by Splunk, users, communities, vendors and our partners. All of them have been created using Splunk knowledge and most of them are free.
- There are two options for licensing Splunk Enterprise: Perpetual license: Includes the full functionality of Splunk Enterprise and starts as low as $4,500 for 1GB/day*, plus annual support fees. Term license: Provides the option of paying a yearly fee instead of the one-time perpetual license fee. Term licenses start at $1,800 per year*, which includes annual support fees. Significant Volume Discounts Customers receive significant volume discounts with larger licenses ( or higher daily indexing levels).
- Collects, indexes and harnesses your machine data to identify problems, patterns, risks and opportunities and drive better decisions for IT improving your organization.
- Splunk Answers(http://splunk-base.splunk.com/answers/ or http://answers.splunk.com) is a web based Splunk community which can be utilized to answer questions. Many Splunk employees are users and check the site on a regular basis. We are happy to provide feedback on the questions being asked here. This is an excellent option for people who do not have direct access to Splunk support to find quick answers to their questions. This site is a great place to see if other people may have encountered a similar issue to the one you are experiencing. We encourage Splunk users to utilize this resource as a first line of investigation. We welcome you to engage the Splunk community for any and all questions you may have related to Splunk. It is a friendly community full of people who are willing and able to assist you with your inquiries. It can be useful in answering basic questions , or even questions about advanced deployment use cases. Whatever you'd like to know about Splunk, there is a good chance someone in the community has this knowledge, and is willing to share it with you.
- Splunk allows you to extend your existing Authentication, Authorization and Accounting (AAA) systems into the Splunk search system for both security and convenience. Splunk can connect to your Light Weight Directory Access Protocall (LDAP) based systems, like Active Directory (AD), and directly map your groups and users to Splunk users and roles. From there, define what users and groups can access Splunk, which apps and searches they have access to, and automatically (and transparently) filter their results by any search you can define. That allows you to not only exclude whole events that are inappropriate for a user to see, but also mask or hide specific fields in the data – such as customer names or credit card numbers – from those not authorized to see the entire event.
- Splunk scales linearly and scales to big data deployments across commodity servers thanks to a MapReduce-based architecture (scalability architecture made popular by Google). A single Splunk indexer can index hundreds of gigabytes per day depending the data sources and load from searching If you have terabytes a day you can linearly scale a single, logical Splunk deployment by adding index servers, using Splunk’s built in forwarder load balancing to distribute the data and using distributed search to provide a single view across all of these servers. Unlike some log management products you get full consolidated reporting and alerting not simply merged query results. We provide a rich set of benchmarking tools and recommend using them to get the indexing throughput and compression rate on your particular data in your target configuration. And of course, if customers or you are not sure how much data you need to index, you can set up a test deployment with a trial license and use Splunk itself to measure how much data you’re indexing. Single splunk server called an indexer. Might be sending syslog data from a port or Windows event log data either locally or remotely.
- Splunk scales linearly and scales to big data deployments across commodity servers thanks to a MapReduce-based architecture (scalability architecture made popular by Google). A single Splunk indexer can index hundreds of gigabytes per day depending the data sources and load from searching If you have terabytes a day you can linearly scale a single, logical Splunk deployment by adding index servers, using Splunk’s built in forwarder load balancing to distribute the data and using distributed search to provide a single view across all of these servers. Unlike some log management products you get full consolidated reporting and alerting not simply merged query results. We provide a rich set of benchmarking tools and recommend using them to get the indexing throughput and compression rate on your particular data in your target configuration. And of course, if customers or you are not sure how much data you need to index, you can set up a test deployment with a trial license and use Splunk itself to measure how much data you’re indexing.
- Splunk scales linearly and scales to big data deployments across commodity servers thanks to a MapReduce-based architecture (scalability architecture made popular by Google). A single Splunk indexer can index hundreds of gigabytes per day depending the data sources and load from searching If you have terabytes a day you can linearly scale a single, logical Splunk deployment by adding index servers, using Splunk’s built in forwarder load balancing to distribute the data and using distributed search to provide a single view across all of these servers. Unlike some log management products you get full consolidated reporting and alerting not simply merged query results. We provide a rich set of benchmarking tools and recommend using them to get the indexing throughput and compression rate on your particular data in your target configuration. And of course, if customers or you are not sure how much data you need to index, you can set up a test deployment with a trial license and use Splunk itself to measure how much data you’re indexing. During your evaluation you might be indexing over 100GB of data per day. You can deploy multiple indexers to handle the load. You might need to deploy indexers to different data centers.
- Splunk can not only distribute the data collection challenge, but also search tasks as well. To achieve massive scale, as well as meeting data segmentation requirements, Splunk can distribute searches from a single Splunk searcher to any number of Splunk indexers. These indexers can all be local for massive parallelization for Big Data problems, or spread across a global enterprise to help you keep data wherever makes the most sense for your network and security requirements