Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
2 likes•3,171 views
The presentation discusses creating an interactive transaction profiler dashboard using Splunk, focusing on data exploration and insights for various departments. It highlights challenges in data interpretation and provides methods for visualizing and analyzing transaction data. Additionally, it promotes Splunk Mint Express as a mobile intelligence solution with a trial offer for attendees.
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction Profiler
- 1. Copyright © 2014 Splunk Inc. Ma:hias Maier Sales Engineer, Splunk Dashboard Fun CreaCng an interacCve TransacCon Profiler
- 2. Disclaimer 2 During the course of this presentaCon, we may make forward-‐looking statements regarding future events or the expected performance of the company. We cauCon you that such statements reflect our current expectaCons and esCmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in the this presentaCon are being made as of the Cme and date of its live presentaCon. If reviewed aPer its live presentaCon, this presentaCon may not contain current or accurate informaCon. We do not assume any obligaCon to update any forward-‐looking statements we may make. In addiCon, any informaCon about our roadmap outlines our general product direcCon and is subject to change at any Cme without noCce. It is for informaConal purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligaCon either to develop the features or funcConality described or to include any such feature or funcConality in a future release.
- 3. Who I am 3 ! Sales Engineer in Germany ! Splunker nearly 2 years ! Like to get hands on real world scenarios ! CISSP ! Worked in the past for McAfee (Security) and Tibco (AnalyCcs)
- 4. Self AnalyCcs / TransacCon Profiler Dashboard • Goals: – Self exploraCon of data – Gaining Ideas from other departmental users for new use cases and business insight ê “Do we have this informaCon available?” ê “Can we add this?” ê “Can we correlate with this?” – How to get to this stage? 4
- 5. Adding Value 5 I loaded 1.000.000 Records. Start to add value for other departments
- 6. You might want to provide an impressive starCng point for other people to explore the Data (Next to the RAW Searches and DATA Models) Challenge for Machine Data in Business Context ! Not every user who can benefit might have SPLK Language skills ! Not every user is creaCve with data in the first step ! YOU as a Splunk Data Analyst might not be able to interpret business data for Business Insights 6
- 7. DemonstraCon 7 Demo (That is what you learn how to create/get this aPer my session): Profiling Dashboard
- 8. TransacCon Profiler With IP Traffic 8
- 9. Start With One Single “TransacCon” 1. Search and InvesCgate a TransacCon Field ‒ Filter down to one session 9 Sample “transac7on” fields Username + Session InformaCon TransacCon ID Order-‐ID E-‐Mail Address Service Name IP-‐Address/Hostname/System name
- 10. Interview 2. Go to a object ma:er expert and let them explain what happened in this session 10
- 11. DemonstraCon 11 Demo (raw search, explain data-‐set)
- 12. TransacCon Profiler With IP Traffic 12
- 13. Create Dashboards 3. Create consistent dashboards by using some of the following methods 13 Search Descrip7on … | Cmechart count Easiest one ever … | stats dc(<fieldname>) by <fieldname> DisCnct count gives a lot of interesCng insights: • Why is this user logging on from so many different systems • Why has this transacCon id so many different status codes • Why is this IP communicaCng to so many desCnaCon ports … | transacCon <fieldname> | table duraCon As single value How long did it take? … | head 1 | table _Cme … | tail 1 | table _Cme • When was the first “session”, • When was the last “interacCon with the system”
- 14. DemonstraCon 14 Demo (dashboard with some single values + stats + Cme charts based on ONE TransacCon)
- 15. My IP Profiler 15
- 16. Create Drop Down Lists 4. Create drop down lists and input fields to make the dashboard interacCve ‒ Thanks to Version 6.1 it can be done via the Gui without coding ‒ Review the dashboard example app for addiConal visualizaCon tricks 5. Tokenize the searches to make them flexible 16
- 17. DemonstraCon 17 Demo (add free text field, pickers (dynamic), token fields + replace single transacCon id with token)
- 18. My IP Profiler 18
- 19. Example 19
- 20. We are not done 6. Make sure you add default values for each of the drop down fields. So in case someone wants to see something, you guide him to the right choice to get a dashboard populated. 20
- 21. DemonstraCon 21 Demo (add default values and show first user experience accessing the dashboard)
- 22. 22
- 23. 23
- 24. 24 TransacCon Profiler Use Cases for… ! Helpdesk ! Support Desk ! Second + Third Level Support ! Developers of In House ApplicaCons ! Service Level Manager ! MarkeCng Departments ! IT-‐Security / SIEM Use Cases ! Business Fraud DetecCon Search and InvesCgate a Single TransacCon Review transacCon with a subject ma:er expert from the business Create a Dashboard for a single transacCon Create drop downs for exploraCon Tokenize the searches Set default values Gain new ideas and business insight from Machine Data • Give this in the hand’s of Business People for • gather Feedback and tune
- 25. Special Offer: Try Splunk MINT Express for Free! Splunk MINT offers a fast path to mobile intelligence. How fast? Find out with a 6-‐month trial* • Register for your free trial: h:p://mint.splunk.com/conf2014offer • Download the Splunk MINT SDKs • Add the Splunk MINT line of SDK code and publish** • Start gexng digital intelligence at your fingerCps! *Offer valid for .conf2014 a5endees and coworkers of a5endees only. **Trial allows monitoring of up to 750,000 monthly acDve users (MAUs). 25