Access machine data and gain operational intelligence with Splunk Enterprise 5
•
1 gefällt mir•1,233 views
This document provides an overview of Splunk Enterprise 5 software. The key points are: 1. Splunk Enterprise 5 provides faster reports that are up to 1000x faster through new report acceleration technology, easier to create dynamic drill-downs, and integrated PDF sharing capabilities. 2. It offers enterprise-scale resilience and high availability through features like index replication that allows indexed data to remain searchable even if an indexer fails. 3. The software includes enhanced modularity, interoperability and extensibility through tools like modular inputs that simplify adding new data sources, and APIs/SDKs that allow developers to integrate Splunk with other technologies.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (12)
Ähnlich wie Access machine data and gain operational intelligence with Splunk Enterprise 5
Ähnlich wie Access machine data and gain operational intelligence with Splunk Enterprise 5 (20)
Mehr von Splunk
Mehr von Splunk (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Access machine data and gain operational intelligence with Splunk Enterprise 5
- 1. Copyright © 2013 Splunk Inc. Splunk Enterprise 5 Clint Sharp, Sr. Product Manager, Big Data Solutions
- 2. Make machine data accessible, usable and valuable to everyone. 2 Mission
- 3. Innovative, Powerful and Easy to Use Software 3 Splunk storage Other Big Data stores Report and analyze Custom dashboards Monitor and alert Ad hoc search Developer Platform Data collection and indexing
- 4. LOB Owners/ Executives System Administrator Operations Teams Security Analysts IT Executives Application Developers Auditors Website/Business Analysts Customer Support 4 IT Operations Management Web Intelligence Business AnalyticsApplication Management Security and Compliance Broad Use Across IT and the Business
- 5. Splunk Supporting a World Beyond IT Personal Activity Tracking Flood monitoring warningCars as telemetry sensors Supporting the next gen airliner Health and SafetyCommercial Transport Home Energy Management Building Power Consumption Power and Energy
- 6. 300+ Apps and 20,000+ questions – and answers 1,000+ unique visitors per week to dev.splunk.com Local User Groups and SplunkLive events Annual Users’ Conference 1,000+ users A Growing, Global Community of Users
- 7. Continuous Development for Over 8 Years 7 Engine Platform1 2 3 Tool 4 4.1 4.2 4.3 5 “Google for the datacenter” “Engine for machine- generated data” “Platform for operational intelligence”
- 8. Key Focus Areas for Splunk Enterprise 5 8 How can we deliver much faster reporting, at scale? How can we build-in resilience on commodity hardware? How can we create a better platform for enterprise apps?
- 9. Splunk Enterprise 5 Overview 9 Enterprise-class Scale and Resilience Faster, Easier Reports and Dashboards Modularity Interoperability Extensibility New reporting technology delivers dramatically faster reports New high availability architecture delivers built-in resilience on commodity hardware Developer platform API, SDKs, resources Big data ecosystem integrations
- 10. Faster, Easier Reports and Dashboards Blazing Fast Reports, Made Simple Report Acceleration Based on new transparent summarization technology Speeds up reports by up to 1,000x Easy to set-up, works across all types of data Data is up-to-date, scalable, used automatically by eligible searches Works with preexisting 4.x Splunk reports as well Create dashboard Click acceleration Reports run faster 10
- 11. Dynamic Drilldowns Create custom drill down behavior Click through to another dashboard, form, view, or external website Carry forward relevant context More Intelligent Dashboards 11 User creates a drilldown on a chart or table Click sends context (fields, values) to any URL Faster, Easier Reports and Dashboards
- 12. Share Dashboards with Anyone 12 Improved, simpler experience sharing dashboards as PDF Send PDF dashboards and reports to anyone Integrated with alerting framework for scheduling Works across Windows, Linux, Unix, or Mac platforms Integrated PDF Faster, Easier Reports and Dashboards
- 13. Enterprise-class Scale and Resilience High Availability, On Commodity Servers and Storage 13 As Splunk collects data, it keeps multiple identical copies If indexer fails, incoming data continues to get indexed Indexed data continues to be searchable Easy setup and administration Data integrity and resilience without a SAN Index Replication Splunk Universal Forwarder Pool Constant Uptime
- 14. Get New Data Sources Into Splunk 14 App is installed from Splunkbase containing input 1 Configure the input via a customer page, or Manager 2 Copy configured input(s) to Deployment Server 3 Deploy to Forwarders according to server class 4 Develop and share your own data input programs 5 1 2 3 4 5 Modular Inputs Extend Splunk framework to define new inputs Simplifies the installation and configuration of new inputs Shipped outside product release cycle Available on Splunkbase and appear automatically in Splunk Manager UI Modularity Interoperability Extensibility
- 15. Enabling Big Data Ecosystem 15 Modularity Interoperability Extensibility >> >> Real-time Collection and Analysis Dashboards, Reports, Access Controls >> • Reliable Data Export • Index Hadoop Data Splunk App for HadoopOps • Troubleshoot, monitor and analyze end-to-end Hadoop environment
- 16. 1,000+ unique visitors /week to dev.splunk.com Software freely available on GitHub @splunkdev An Engaged Community of Developers 16
- 17. How Do Developers Use Splunk? Integrate with IT Infrastructure Build Real-time Data Applications Accelerate Dev & Test 1 2 3 Modularity Interoperability Extensibility
- 18. What’s Possible with the Splunk Platform? 18 Power mobile apps with KPIs and alerts from Splunk Log directly to Splunk from remote devices Extract Splunk data for long term warehousing Customer specific dashboards with user data Integrate Splunk with your BI tools Run Splunk searches from within your application API SDKs UI
- 19. Enterprise-class SDKs and Developer Enablement Available SDKs Python Beta Java Beta JavaScript Beta PHP Public Preview Shipping with Splunk Enterprise 5 JavaScript SDK Versioned API JSON Everywhere 19 Modularity Interoperability Extensibility
- 20. Upgrade / Migration 20 Report Acceleration – 4.3 reports can be accelerated by clicking the check box Index Replication – 4.3 indexed data are immediately searchable under replication PDF Printing – Any reports with simple XML can be printed in PDF form
- 21. Key Benefits of Splunk Enterprise 5 21 Resilience that is built in, even as you scale on low-cost servers and storage Up to 1000x faster reports that are easier to navigate and share Enterprise-class Scale and Resilience Faster, Easier Reports and Dashboards Modularity Interoperability Extensibility Developer SDKs, resources and tools to maximize enterprise technology investments
- 22. Thank You
Hinweis der Redaktion
- At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. Machine data is one of the fastest growing, most complex and most valuable areas of big data. It consists of the data generated by technology infrastructure – for example applications, websites, servers and network devices in the datacenter. The log files, the clickstreams, the alerts, etc.It’s difficult to collect and make use of – it inhibits the qualities of volume, velocity, variety and variability.Machine data is valuable because it contains a trace of all activity and behavior – of customers, users, transactions, applications, security threats, and more.This overarching mission is what drives our product priorities.
- Splunk’s flagship product is Splunk Enterprise. Splunk Enterprise is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data.Splunk collects machine data securely and reliably from wherever it’s generated. It stores and indexes the data in real time in a centralized location and protects it with role-based access controls. You can even leverage other data stores. Splunk lets you search, monitor, report and analyze your real-time and historical data. Now you have the ability to quickly visualize and share your data, no matter how unstructured, large or diverse it may be. Troubleshoot problems and investigate security incidents in minutes (not hours or days). Monitor your end-to-end infrastructure to avoid service degradation or outages. Gain real-time visibility and critical insights into customer experience, transactions and behavior. Use Splunk and make your data accessible, usable and valuable across the enterprise.
- Splunk delivers operational intelligence across IT and the business.There definitely a wider number of use cases within IT. Helping better run, secure and audit IT. Providing end-to-end visibility to IT executives of service levels, overall performance and other operational metrics. Increasingly, data from Splunk is finding value in the business. Correlating machine data with traditional data to spot new trends, usage patterns, product performance and costs.Dashboards make it easy to package up searches, charts, reports and visualizations for specific roles or users.
- Splunk is finding a wide range of use cases beyond the traditional world of IT.‘FitBit’Devices like this Fitbit measure a persons activity on a given day. It has an open API so you can track offline movements and analyze them online. Correlate daily activity with other measurements, calorie intake, blood pressure and maybe even number of unread emails in my inbox on a given day and start to correlate health related activities to work productivity. Splunk is being used to quantify these factors. 'Building Power Consumption’Splunk indexes data from 'power-taps' in buildings and correlates it with power tap-location information to provide real-time insight and analysis of power consumption per floor/area/room. You can drill-down to identify the reason for any excessive power consumption and trigger automatic remote shut-off to save energy (weekends, based on power levels, etc.).Several organizations are Splunking power consumption to look for cost savings and environmental benefits. 'Flood Monitoring Warning' ExampleDeveloped by a partner in Thailand in conjunction with the Thai govt. Splunk collects, indexes and monitors water level sensor data in real-time and alerts subscribers in advance of any future impending flood situations.
- With thousands of enterprise customers and an order of magnitude more actual users, we have a thriving community.We launched a dev portal a few months back and already have over 1,000 unique visitors per week.We have over 300 apps contributed by ourselves, our partners and our community.Our knowledge exchange Answers site has over 20,000+ questions answered.And in August 2012 we ran our 3rd users’ conference with over 1,000 users in attendance, over 100 sessions of content, customers presenting.Best of all, this community demands more from Splunk and gives us incredible feedback.
- Splunk 1, 2 and 3 introduced applying the ‘search’ paradigm to troubleshoot IT operations and application management issues muchfaster than before. To find the proverbial needle in the haystack. Splunk was a tremendous ‘IT Search’ tool. When asking customers, they often referred to it like “google for the datacenter”.Splunk 4 introduced enterprise-class features – dashboards and apps, real-time search and alerts, universal collection and indexing, enterprise controls and map-reduce for horizontal scalability on commodity servers. And you could use Splunk on iOS devices (iPhones, iPads) and non-Flash browsers. Splunk evolved from an IT Search tool to an “engine for machine-generated data”.Splunk Enterprise 5 represents the evolution of Splunk as an “enterprise platform for operational intelligence”.
- The Splunk Enterprise 5 release represents Splunk evolving to a platform, encompassing breakthrough innovations and platform features. Key focus areas for Splunk Enterprise 5 include addressing: How do deliver much faster reporting?How to build-in resilience even as you scale Splunk on commodity hardware and storageCreating a better platform for big data apps.
- To address these key focus areas and requirements, Splunk Enterprise 5 delivers:A new reporting architecture and technology that delivers dramatically faster reportsA new high availability architecture that delivers enterprise-class scale and resilience, even as you scale on commodity servers and storageA robust API and SDKs for popular programming languages, plus big data ecosystem integrations
- We wanted to deliver blazingly fast reports and make it simple. Without an intermediate DBA-managed layer, building data marts.Accelerating search for reporting over large datasets is now as easy as clicking a checkbox and setting a time range. Summaries are stored on the indexers rather than the search head to allow map reduce parallelism for any search that uses reporting and/or streaming commands. You can enable report acceleration for an eligible search when you save it or add it to a dashboard in the Splunk Web UI. You can also enable report acceleration for an eligible search in Manager > Searches and Reports.Advanced Splunk users may have taken advantage of summary indexing. This was difficult to set up often needing training and summaries were managed at the search head minimizing reuse. We listened to you and created a more scalable, powerful technology with an easy button!Other benefits:Summaries are stored on the indexers, not on search headsMap-reducible summary generation provides unmatched parallelismSummaries can be reused across searches without manual interventionEasy to manage summaries through a single UI
- It's really powerful when you can click on any chart or table and get directly to the raw events. Going from the what? To the why?Dynamic drilldowns let you go one step further.Create custom drilldown behavior for any simple XML table or chart. Specify custom drilldown behavior on a per-field basis. Click through to another dashboard, form, view, or external website – carrying forward any relevant context.Build in intelligent workflows into your dashboards to deliver a more intuitive experience for users.
- You can now create PDF files from your simple XML dashboards, views, searches, or reports on any OS running on an Intel-compatible platform. All PDF features in Splunk Web work without the need to install the PDF Report Server app. Non-UI PDF reporting functionality also uses Integrated PDF generation.Unlimited table sizesSmart pagination and layoutSupported on x86 32-bit and 64-bit platformsSimple XML dashboards and reports, no Advanced XML
- The insights from your data are mission-critical. With Splunk Enterprise 5 we wanted to deliver a highly available system, with enterprise-grade data resiliency, even as you scale on commodity storage. And we wanted to maintain Splunk’s robust, real-time and ease of use features.Splunk indexers can now be grouped together to replicate each other’s data, maintaining multiple copies of all data – preventing data loss and delivering highly available data for Splunk search. Using index replication, if one or more indexers fail, incoming data continues to get indexed and indexed data continues to be searchable.By spreading data across multiple indexers, searches can read from many indexers in parallel, improving parallelism of operations and performance. All as you scale on commodity servers and storage. And without a SAN.
- Splunk supports 3 main types of data input: files, streaming over UDP and TCP and scripted inputs.Scripted inputs can be complex and require administrators and developers to know the inner workings of Splunk. Platforms need a certain level of configurability or ease of configurability for administrators. Doing this properly requires leveraging Splunk’s ability to install, configure, manage new data inputs as Apps. We see this as a minimum requirement for a platform like this to operate.Modular Inputs allow you to extend the Splunk framework to define new inputs.Examples include inputs for Amazon S2, Twitter, FTP based inputs, custom scripts for your own databases and own types of data stores, modular inputs for noSQL data stores, etc.Enable any data inputs installed by a Splunk App, making them easier to manage and deploy. Inputs appear automatically on the Splunk Manager > Data Inputs page and are accessible from REST API endpoints for advanced management. Improved modularity means we can ship new data input types outside of the Splunk enterprise release schedule.
- Platforms need to provide better interoperability. And for Hadoop users, we are providing just that. To help address common challenges deploying and running Hadoop. Splunk Hadoop Connect enables Hadoop users to leverage Splunk to reliably collect massive volumes of machine data. Analyze data in real-time, create visualizations, custom dashboards and protect data with secure role-based access. Then reliably deliver data to Hadoop for ongoing batch analytics. You can also index data stored in Hadoop because once in Splunk, your data’s available for rapid visualization, reporting, analysis and sharing.The Splunk App for HadoopOpsextends what Splunk already does well - troubleshoot and monitor your Hadoop infrastructure. And because it's Splunk it doesn't stop with the Hadoop components, it includes everything. End-to-end. So you get a more complete view of your environment
- We have experienced a tremendous community building around the Splunk developer platform.Over 1,000+ unique visitors to our developer portal.Open source application packs and code on Github.
- There are a whole host of ways developers can leverage Splunk to maximize enterprise technology investments.Specifically, developers use Splunk in 3 ways:Accelerate Dev & Test: this is using Splunk out of the box. Splunk increases the speed and efficiency of application development, testing and provides proactive monitoring and analytics for applications in production.Integrate with IT Infrastructure: We know that you have a many applications and systems and we want to make it easy for you to integrate Splunk across the enterprise. We are delivering SDKs on top of our REST API to help you integrate Splunk data with other applications. Build real-time data applications: We are providing a familiar and intuitive experience for developers to build applications that take the value of Splunk beyond IT. IT early-warning systems, security and fraud protection, clickstream analysis & other revenue enhancing analytics. A great example is Hurricane Labs, a managed service provider that’s using the Python SDK to deliver security intelligence to their end customer in a custom-built application.
- What have developers been building using Splunk Enterprise? Examples include the following:Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)Log directly to Splunk from remote devices (Bosch use cases)Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)Programmatically extract data from Splunk for long-term data warehousingWe hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
- JavaScript, Java and Python SDKs being integrated into core Splunk, starting with JavaScript.The REST API is fully versioned, so you can integrate with Splunk in either XML or JSON formats. And have the assurance of a particular endpoint behavior.With Splunk Enterprise 5 you can add all new kinds of visualizations and customizability to your Splunk Apps or other in-house Apps.
- We’ve made key investments in Splunk Enterprise 5 that deliver: Powerful and intuitive user interfaceEnterprise-class performance and scaleImproved modularity, interoperability and extensibilityGetting value from machine data is now faster, more resilient and accessible to the developer community.Splunk 5 is available now. For more information, check out the ‘what’s new’ section of the documentation. OR download it today from our website.