Scribd Logo
Upload

Welcome to Scribd!

  • 122 views

    Splunk 4.2: Name Title

    Uploaded by

    Chieu Le

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd

    Splunk 4.2: Name Title

    Uploaded by

    Chieu Le
    122 views24 pages

    Original Title

    Splunk_4.2_Overview_V1.7

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    122 views24 pages

    Splunk 4.2: Name Title

    Uploaded by

    Chieu Le

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    You are on page 1of 24

    Splunk 4.

    Name
    Title
    Date
    Recent Company Highlights
    Company revenue: $66M in 2010
    Year-over-year Growth: 96%
    Cash flow positive since Q3 2009

    2300 Customers
    Customers in 74 countries
    48 in the Fortune 100

    New Seattle office


    New R&D facility led by former Microsoft Technical Fellow
    Goal to accelerate development of Splunk as a platform for Operational Intelligence

    Copyright © 2011, Splunk Inc. 2 Listen to your data.


    The Engine for Machine Data

    Copyright © 2011, Splunk Inc. 3 Listen to your data.


    Splunk: Providing Operational Intelligence

    App IT Business Web


    Security Compliance Analytics Analytics
    Mgmt Ops

    Developer Framework

    Copyright © 2011, Splunk Inc. 4 Listen to your data.


    Splunk 4.2 – The Adventure Continues
    2009 2010 2011

    > Splunk 4.2

    Real-time Alerting
    Universal Forwarder
    > Splunk 4.1 Performance and Scalability
    Management, Flexibility,
    Real-time search and Ease of Use
    monitoring
    231,657 downloads
    > Splunk 4.0

    Massive scalability & performance


    Custom views and dashboards
    Enterprise manageability
    178,618 downloads

    Copyright © 2011, Splunk Inc. 5 Listen to your data.


    Splunk 4.2: Addressing Evolving User Needs
    Real-time business requires real-time IT Real-time alerting

    Any machine data Universal Forwarder

    Massive data streams and stores Performance and scalability

    Global deployments Manageability


    Flexibility
    Ease of Use
    Copyright © 2011, Splunk Inc. 6 Listen to your data.
    Real-time Alerts on Live Streaming Data
    Respond immediately to patterns, incidents and attacks as they occur.

    Builds on Splunk real-time Live streaming data


    capabilities and powerful Script
    search 10.2.1.44 - [25/Sep/2009:09:52:30 -0700]
    type=USER_LOGIN msg=audit(1253898008.056:199891): user pid=25702 uid=0
    auid=4294967295 msg='acct="TAYLOR": exe="/usr/sbin/sshd" (hostname=?,
    Works across all uses of addr=10.2.1.48, terminal=sshd res=failed)'
    10.2.1.80 - - [25/Jan/2010:09:52:30 -0700]
    RSS
    Splunk: especially security "GET /petstore/product.screen
    ?product_id=AV-CB-01 HTTP/1.1" 200 9967 "http://10.2.1.224/petstore/
    category.screen?category_id=BIRDS" "Mozilla/5.0 (compatible; Konqueror/3.1;
    Linux)”"JSESSIONID=xZDTK81Gjq9gJLGWnt2NXrJ2tpGZb1HyHHV8hJGYFj1DFByvL5L!-1539148667"

    Sophisticated capabilities Email


    – Thresholds
    – Throttling
    – Automatic execution of script SNMP
    – Alert management

    Trigger execution of Alert in real-time on individual and correlated


    corrective actions or events, based on keywords, values, patterns,
    notifications statistical outliers

    Copyright © 2011, Splunk Inc. 7 Listen to your data.


    Setting and Managing Real-time Alerts
    1 2 3

    Set threshold before


    notification
    Alert on individual and Throttle notifications in event of Manage and
    correlated events, based on an alert storm track alerts
    keywords, values, patterns, Notify designated personnel or
    statistical outliers execute script

    Copyright © 2011, Splunk Inc. 8 Listen to your data.


    Universal Forwarder
    Forward data without negatively impacting production performance.

    Delivers secure, distributed, real- Universal Forwarder Deployment

    time universal data collection for


    Logs Messages Configurations Metrics Scripts
    tens of thousands of endpoints
    Extends Splunk data fabric to large
    scale private cloud and desktop
    environments
    Uses minimal system resources,
    Central Deployment Management
    easy to install and deploy
    – < half memory and footprint of Splunk 4.1;
    <1% of single core CPU Monitor files, changes and the system registry; capture metrics and status.

    Copyright © 2011, Splunk Inc. 9 Listen to your data.


    Performance and Scalability
    Continuing to deliver faster results.
    Single-server search experience
    2-5x faster
    – Improved raw data format – less data
    decompression per search
    Distributed search experience
    2-10x faster
    – MapReduce of field discovery sidebar and events
    histogram
    – Disabling auto-field discovery increases search
    performance even further
    UI page render speed up to
    2.5x faster
    – Reduced CSS & Javascript overhead

    Copyright © 2011, Splunk Inc. 10 Listen to your data.


    Scaling Splunk Via Search Head Pooling
    Improved throughput, scalability and availability.

    Users Deploy Splunk using


    load balancer +
    multiple search heads
    Load Balancer with shared context.

    Search Heads

    Shared Storage
    Indexers
    Automated reload and schedule coordination keeps Splunk knowledge in sync.
    Copyright © 2011, Splunk Inc. 11 Listen to your data.
    Management and Flexibility
    Monitor distributed deployments of Splunk from one place.

    At a glance monitoring of all


    Splunk forwarders and indexers
    See throughput, number of
    connections, sourcetypes, and
    license usage
    Warnings for aberrant indexer
    and forwarder behavior
    Drill down into individual
    forwarder and indexer details

    Copyright
    12 © 2011, Splunk Inc. 12 Listen to your data.
    Management and Flexibility
    Provide customers complete flexibility to self-manage distributed licenses.

    New central license manager


    makes it easy to combine and
    distribute Enterprise licenses
    across multi-index deployments
    Stack multiple licenses together
    Group licenses into pools with
    specific entitlements
    Flexibility to re-allocate as
    needed

    Copyright © 2011, Splunk Inc. 13 Listen to your data.


    Ease of Use: Simplified User Interface
    New and less technical users become successful with Splunk more quickly.
    Quickstart recipe for adding new data sources. Rapid search, alert and dashboard creation
    directly from search interface.

    Copyright © 2011, Splunk Inc. 14 Listen to your data.


    Ease of Use: Visualizations
    Quickly visualize real-time data and thresholds.

    Website Transactions Current Service Uptime Tier 2 Escalated Issues


    Per Minute (in days) (last 24 hours)

    New linear and radial gauges.


    Copyright © 2011, Splunk Inc. 15 Listen to your data.
    Enhancements for Microsoft Environments
    Easier collection of data from Windows machines and applications.

    Universal Forwarder makes it easy to Universal Forwarder Deployment


    deploy onto Windows machines
    Logs Messages Configurations Metrics Scripts
    Bypasses WMI and can gather Perfmon
    data efficiently ADMon

    WMI
    Getting Started Experience provides
    Security
    clear steps from installation to custom Event Logs

    dashboards SharePoint

    Runs on Windows Embedded POS Perfmon Central Deployment Management

    devices FSChange

    Monitor files, changes and the system registry; capture metrics and status.

    Copyright © 2011, Splunk Inc. 16 Listen to your data.


    Extensive Beta Program
    Most extensive Splunk Beta program to date
    196 customers participating with over 862 unique
    downloads

    Copyright © 2011, Splunk Inc. 17 Listen to your data.


    What Our Customers Are Saying
    AT&T Interactive

    “Our CIO is driving a real-time dashboarding


    initiative across the organization. Splunk’s
    ability to correlate and alert on events and
    rapidly build dashboards give us real-time
    insight into our infrastructure we need to
    deliver quickly on our CIO’s decree.”

    Noah Gift, Title, AT&T Interactive

    Copyright © 2011, Splunk Inc. 19 Listen to your data.


    PCC Natural Markets
    “Splunk’s universal forwarder makes it easy to push
    updates across our distributed retail infrastructure—
    saving us days per update. The minimal footprint
    ensures other processes continue to run smoothly.”
    Chris Haas, Title, PCC Natural Markets

    “Real-time Windows monitoring from Splunk exposes


    issues before they knock out point-of-sale devices,
    preventing revenue loss and dissatisfied customers.”
    Chris Haas, Title, PCC Natural Markets

    Copyright © 2011, Splunk Inc. 20 Listen to your data.


    Prominent New England University

    “Splunk’s new real-time gauges will help our IT


    team to proactively address security and
    New England infrastructure challenges. With just a glance we
    University can see when we’re approaching a threshold
    and take appropriate action to minimize
    downtime and keep customers happy.”

    Network Management Systems Engineer,


    Prominent New England University

    Copyright © 2011, Splunk Inc. 21 Listen to your data.


    Swisscom
    “Splunk real-time alerts help us to see abuse and
    fraud activities as they happen. The more
    quickly we can see these attacks the more
    quickly we can address them—ensuring the
    security and availability of critical services for
    our largest and most prestigious customers.”

    Mika Borner,
    System Administrator, Swisscom

    Copyright © 2011, Splunk Inc. 22 Listen to your data.


    Splunk 4.2 Demonstration
    Splunk 4.2

    Thank you

    You might also like