Getting Started with Splunk Enterprise
0 likes436 views
The document outlines an introduction to Splunk Enterprise, a platform designed for indexing and analyzing machine data from various sources such as web servers, databases, and sensors. It covers key features including real-time operational intelligence, scalability, and deployment steps for new users. The purpose of Splunk is to transform machine data into valuable insights for operational efficiency and decision-making.
Getting Started with Splunk Enterprise
- 1. Ge#ng Started with Splunk Enterprise Andrew Goodall Sales Engineer, Australia & New Zealand
- 2. What is Splunk Enterprise? Deployment and IntegraAon Searching, AlerAng, and ReporAng Universal Indexing Explained DemonstraAon AGENDA
- 3. 3 Spelunking: to explore underground caves Splunking: to explore large amounts of machine data (volume at velocity)
- 4. Big Data Comes from Machines Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, TelemaJcs, Storage, Servers, Security Devices, Desktops 4
- 5. 5 Make machine data accessible, usable and valuable to everyone. 5 5 5
- 6. 6 Industry Leading PlaLorm For Machine Data Machine Data: Any LocaJon, Type, Volume Online Services Web Services Servers Security GPS LocaAon Storage Desktops Networks Packaged ApplicaAons Custom ApplicaAons Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On-‐ Premises Private Cloud Public Cloud PlaLorm Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Answer Any QuesJon Developer PlaLorm Report and analyze Custom dashboards Monitor and alert Ad hoc search
- 7. Industry Leading PlaLorm For Machine Data Machine Data: Any LocaJon, Type, Volume Online Services Web Services Servers Security GPS LocaAon Storage Desktops Networks Packaged ApplicaAons Custom ApplicaAons Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On-‐ Premises Private Cloud Public Cloud PlaLorm Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Answer Any QuesJon Developer PlaLorm Report and analyze Custom dashboards Monitor and alert Ad hoc search Any amount, any locaAon, any source Schema-‐ on-‐the-‐fly Universal indexing No back-‐end RDBMS No need to filter data
- 9. 9 1. 2. 3. 4. Simple Steps to Deploy Splunk Enterprise Download Install Forward data Search Databases Networks Servers Virtual Machines Smart phones and Devices Custom ApplicaAons Security Web Server Sensors Four steps
- 10. FREE ONLINE SANDBOX FREE DOWNLOAD FREE AMAZON MACHINE IMAGES (AMI) 10 Easy to Try & Get Started 1 3 2
- 14. 14 Define Product Roles ! Searching and ReporAng (Search Head) ! Indexing and Search Services (Indexer) ! Data CollecAon and Forwarding (Forwarder) ! Data Governor (Cluster Master) ! Distributed Management (Deployment Server) Databases Networks Servers Virtual Machines Smart phones and Devices Custom ApplicaAons Security Web Server Sensors
- 15. Scales to Hundreds of TBs/Day Enterprise-‐class Scale, Resilience and Interoperability Send data from thousands of servers using any combinaAon of Splunk forwarders Auto load-‐balanced forwarding to Splunk Indexers Offload search load to Splunk Search Heads
- 16. Visibility Across Datacenters ! Distributed search unifies the view across locaAons ! Role-‐based access controls how far a given user's search will span New York Tokyo London Cloud
- 17. Ingests Data From Heterogeneous Data Sources Agent and Agent-‐less Approach for Flexibility perf shell code Mounted File Systems hostnamemount syslog TCP/UDP Event Logs Performance AcJve Directory syslog hosts and network devices Unix, Linux and Windows hosts Custom apps and scripted API connecJons Local File Monitoring log filesconfig files dumps and trace files Windows Inputs Event Logs performance counters registry monitoring Ac@ve Directory monitoring virtual host Windows Scripted Inputs shell scripts custom parsers batch loading Agent-‐less Data Input Splunk Forwarder Mainframes *nix
- 18. Forwards Events to Third-‐party Systems Problem InvesAgaAon Service Desk Event Console SIEM RAW Formaced
- 20. Turn Machine Data Into OperaJonal Intelligence PlaLorm Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Answer Any QuesJon Developer PlaLorm Report and analyze Custom dashboards Monitor and alert Ad hoc search
- 21. Search All Your Machine Data Search all your data Results right away Schema on the fly • Search across real-‐Ame and historical data • Over 135 search commands built in • See results instantly Data Parsing Queue Parsing Pipeline • Source, event typing • Character set normalizaAon • Line breaking • Timestamp idenAficaAon • Regex transforms Indexing Pipeline Real-‐ Ame Buffer Raw data Index Files Real-‐Ame Search Process Monitor Input Index Queue TCP/UDP Input Scripted Input Splunk Index
- 22. Enrich Raw Data to Make More Meaningful Create addiAonal fields from the raw data with a lookup to an external data source LDAP, AD Watch Lists CRM/ERP CMDB External Data Sources Insight comes out Data goes in
- 23. AcJonable AlerJng Alerts • Create alerts based on any search • Customize content and format of email alerts • Provide context • Highlight next steps • Enable custom workflows • Trigger a script • SMS alert • SNMP trap • Other
- 24. Combine Reports to Create Dashboards Use the built-‐in dashboard editor Or embed the reports into external sites like a wiki
- 25. Turning Machine Data Into OperaJonal Intelligence ReacJve Search and InvesAgate ProacAve Monitoring and AlerAng OperaAonal Visibility ProacJve Real-‐Ame Business Insight
- 26. Summary • Real-‐Ame architecture • Schema-‐on-‐the-‐fly • Massive scalability • Easy reporAng and analyAcs • Plaiorm for all machine data
- 27. 27 Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS LocaAon Storage Desktops Networks Packaged ApplicaAons Custom ApplicaAons Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On-‐ Premises Private Cloud Public Cloud Ask Any QuesJon ApplicaJon Delivery Security, Compliance and Fraud IT OperaJons Business AnalyJcs Industrial Data and the Internet of Things
- 28. COLLECT DATA FROM ANYWHERE SEARCH AND ANALYZE EVERYTHING GAIN REAL-‐TIME OPERATIONAL INTELLIGENCE The Power of Splunk 28
- 29. 29 Why Splunk? FAST TIME-‐TO-‐VALUE ONE PLATFORM, MULTIPLE USE CASES VISIBILITY ACROSS STACK, NOT JUST SILOS ASK ANY QUESTION OF DATA ANY DATA, ANY SOURCE OR DEPLOYMENT MODEL
- 30. Phases of OperaJonal Intelligence ReacJve Search and InvesAgate ProacAve Monitoring and AlerAng OperaAonal Visibility ProacJve Real-‐Ame Business Insight
- 31. Dev.splunk.com 40,000+ quesJons and answers 600+ apps Local User Groups and SplunkLive! events 31 Thriving Community
- 32. 1. 2. 3. 4. Simple Steps to Deploy Splunk Enterprise Download Install Forward data Search Databases Networks Servers Virtual Machines Smart phones and Devices Custom ApplicaAons Security Web Server Sensors Four steps