SlideShare une entreprise Scribd logo

Getting Started with Splunk

Splunk
Splunk

What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.

Technologie
1  sur  37
Copyright © 2013 Splunk Inc. June 11, 2015 Getting Started User Training Getting Started with Splunk Enterprise Ryan Ahlers – Splunk Engineer
Agenda • Splunk Enterprise Overview • Using Splunk (Live) – Installing, Indexing, Searching, Reports & Dashboards, Alerting • Deploying Splunk • Splunk Community (Apps, portals, docs, etc.) 2
Splunk Enterprise Overview
Splunk Inc. 4 Public company, founded in 2004 Headquartered in San Francisco Universal Platform for Machine Data  Any Machine Data  Any Volume Deployments from 10MB to 350TB/day  On Premise  In the Cloud  SAAS 9,000+ Customers in 100+ Countries 2/3 of the Fortune 100
What is Machine Data? Sources Order Processing Twitter Care IVR Middleware Error
Machine Data Contains Critical Insights Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
Machine Data is Growing Exponentially Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Machine data is the fastest growing, most complex, most valuable area of big data
Universal Platform for Machine Data 8 Real-time indexing of ANY machine data Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premise Private Cloud Public Cloud Local Storage SAN NoSQL Explore Visualize ShareAnalyze Develop
Universal Platform for Machine Data 9 Real-time indexing of ANY machine data Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search Any amount, any location, any source Schema-on-the-flyNo Database No need to filter data
Splunk Delivers Value Across IT and the Business IT Operations Security & Compliance Web Intelligence Application Management Developer Platform (Java, Python, JavaScript, PHP, SDKs, REST API) Business Analytics Industrial Data Small Data. Big Data. Huge Data.
Insights Across Roles & Departments Product Managers Sales Operations Executive Management Customer Service & SupportIT Management & Operations Marketing Managers 11
Scales to Hundreds of TBs/Day Enterprise-class Scale, Resilience and Interoperability Collect machine data from thousands sources via Splunk forwarders Compress and store data on Splunk Indexers Initiate searches and visualize results via Search Heads
Delivers Mission-critical Availability  Data replication – maintain searchability even if servers go down  Multi-site capable – maintain searchability even if a site goes down  Search Affinity – optimized searches by fetching from the closest/fastest location REPLICATION Portland Datacenter New York Datacenter Clustering
Drastically Reduces Time-to-Value Over 600 apps available on splunkbase REST API XenApp XenDesktop Server, Storage, Network Server Virtualization Operating Systems Infrastructure Applications Mobile Applications Cloud Services Other Monitoring Ticketing/Help Desk Custom Biz Applications SDKs Web Framework
Using Splunk (Live)
Install Splunk Splunk Home • WIN: Program FilesSplunk • Other: /opt/splunk (Applications/splunk) Start Splunk • WIN: Program FilesSplunkbinsplunk.exe start (services start) • *NIX: /opt/splunk/bin/splunk start www.splunk.com/download
Splunk Licenses Free Download Limits Indexing to 500MB/day • Enterprise Trial License expires after 60 days • Reverts to Free License Features Disabled in Free License • Multiple user accounts and role-based access controls • Distributed search • Forwarding to non-Splunk Instances • Deployment management • Scheduled saved searches and alerting • Summary indexing
Default installation on: http://localhost:8000 18 Splunk Console Browser Support • Firefox 10.x and latest • Internet Explorer 7, 8, 9 and 10 • Safari (latest) • Chrome (latest)
Indexing Demonstration Download the sample file, follow this link and save the file to your desktop, then unzip: http://bit.ly/UBPFWP (Exploring Splunk Book) To add the file to Splunk: – Click Add Data – Click Upload files from my computer. – Drag and drop you sample data zip file. – Add a new Index – Review and Finish. 19
Search & Alert Demonstration 20 Search App Field Extractions (Auto/Manual) Free-form Searching 130+ Commands
Report & Dashboard Demonstration 21
Settings Demonstration 22 For All of that Cool Stuff You Just Created (and more!) • Permissions • Saved Searches/Reports • Custom Views • Distributed Splunk • Deployment Server • License Usage….
Deploying Splunk
Splunk’s Core Components 24 A Splunk install can be one or all roles… Search HeadIndexerForwarder
Single Instance or Distributed? 25 < 150GB per Day > 1500GB per Day 6X2 Core CPUs/12GB RAM/800+ IOPs
Distributed Architecture Universal Forwarder 26 Collect and Forward Machine Data to Indexers May or May not be Required Agent or Agentless are both supported Overhead ~1% CPU, ~50MB RAM, ~256kb/sec
Distributed Architecture Indexer 27 Compresses, Index and Search up to 150GB/day Compressed Raw Data (~15% raw data size) Time Series Index (~35% raw data size) Executes Searches Scales Horizontally via Commodity Hardware 6X2 Core CPUs/12GB RAM/800+ IOPs
Distributed Architecture Search Head 28 Initiates Distributed Searches Publishes Reports/Dashboards/Apps Scales Horizontally via Commodity Hardware 4X4 Core CPUs/12GB RAM/2 x 300GB, 10,000 RPM SAS Raid 1
Scalability & High Availability 29 Forwarders load balance across Indexers Indexed data can be replicated across peers and different physical sites Search Heads can be Clustered to eliminate single point of failure and handle large search loads
Service Desk Event Console SIEM Send Data to Other Systems 30 Route raw data in real time or send alerts based on searches.
Integrate External Data 31 LDAP, AD Watch Lists CRM/ER P CMDB Correlate IP addresses with locations, accounts with regions Extend search with lookups to external data sources.
Integrate Users and Roles 32 Problem Investigation Problem Investigation Problem Investigation Save Searches Share Searches LDAP, AD Users and Groups Splunk Flexible Roles Manage Users Manage Indexes Capabilities& Filters NOT tag=PCI App=ERP … Map LDAP & AD groups to flexible Splunk roles. Define any search as a filter. Integrate authentication with LDAP and Active Directory.
Splunk’s Core Components 33 Time to start SPLUNKING!!! Search HeadIndexerForwarder
Support and Community
Support Through the Splunk Community 35 Browse and share Apps from Splunk, Partners and the Community splunkbase.splunk.com Splunkbase Community-driven knowledge exchange and Q&A answers.splunk.com 5 tracks, more than 40 sessions, the smartest Splunk users together conf.splunk.com .conf2014
Where to Go for Help 36 • Documentation – http://www.splunk.com/base/Documentation • Technical Support – http://www.splunk.com/support • Videos – http://www.splunk.com/videos • Education – http://www.splunk.com/goto/education • Community – http://answers.splunk.com • Splunk Book – http://splunkbook.com
Thank you November 12st, 2012 Thank You!!

Recommandé

SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOps
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 

Recommandé

SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Splunk overview
Splunk overviewSplunk overview
Splunk overview
Daniel Hernandez
 
Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)Power of Splunk Search Processing Language (SPL)
Power of Splunk Search Processing Language (SPL)
Splunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOps
Splunk
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
Alex Fok
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Building Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSIBuilding Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSI
Splunk
 
Getting Started With Splunk It Service Intelligence
Getting Started With Splunk It Service IntelligenceGetting Started With Splunk It Service Intelligence
Getting Started With Splunk It Service Intelligence
Splunk
 
Splunk IT Service Intelligence Sandbox Guidebook
Splunk IT Service Intelligence Sandbox GuidebookSplunk IT Service Intelligence Sandbox Guidebook
Splunk IT Service Intelligence Sandbox Guidebook
Splunk
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Edureka!
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
Splunk
 
Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...
Splunk
 
Change Data Feed in Delta
Change Data Feed in DeltaChange Data Feed in Delta
Change Data Feed in Delta
Databricks
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
Splunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
Splunk
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
Splunk
 
Apache NiFi Meetup - Princeton NJ 2016
Apache NiFi Meetup - Princeton NJ 2016Apache NiFi Meetup - Princeton NJ 2016
Apache NiFi Meetup - Princeton NJ 2016
Timothy Spann
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk introduction
Splunk introductionSplunk introduction
Splunk introduction
Truong Cuong
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
Georg Knon
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
AHA Corporate Training
AHA Corporate TrainingAHA Corporate Training
AHA Corporate Training
Cindi Reiman
 

Contenu connexe

Tendances

Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Getting Started With Splunk It Service Intelligence
Getting Started With Splunk It Service IntelligenceGetting Started With Splunk It Service Intelligence
Getting Started With Splunk It Service Intelligence
Splunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
Splunk
 

Tendances (20)

Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Splunk 101
Splunk 101Splunk 101
Splunk 101
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Building Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSIBuilding Business Service Intelligence with ITSI
Building Business Service Intelligence with ITSI
 
Getting Started With Splunk It Service Intelligence
Getting Started With Splunk It Service IntelligenceGetting Started With Splunk It Service Intelligence
Getting Started With Splunk It Service Intelligence
 
Splunk IT Service Intelligence Sandbox Guidebook
Splunk IT Service Intelligence Sandbox GuidebookSplunk IT Service Intelligence Sandbox Guidebook
Splunk IT Service Intelligence Sandbox Guidebook
 
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
Splunk Architecture | Splunk Tutorial For Beginners | Splunk Training | Splun...
 
Getting Started with IT Service Intelligence
Getting Started with IT Service IntelligenceGetting Started with IT Service Intelligence
Getting Started with IT Service Intelligence
 
Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...Power of Splunk Search Processing Language (SPL) ...
Power of Splunk Search Processing Language (SPL) ...
 
Change Data Feed in Delta
Change Data Feed in DeltaChange Data Feed in Delta
Change Data Feed in Delta
 
How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | EdurekaSplunk Tutorial for Beginners - What is Splunk | Edureka
Splunk Tutorial for Beginners - What is Splunk | Edureka
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
 
Apache NiFi Meetup - Princeton NJ 2016
Apache NiFi Meetup - Princeton NJ 2016Apache NiFi Meetup - Princeton NJ 2016
Apache NiFi Meetup - Princeton NJ 2016
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Splunk introduction
Splunk introductionSplunk introduction
Splunk introduction
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
 

En vedette

AHA Corporate Training
AHA Corporate TrainingAHA Corporate Training
AHA Corporate Training
Cindi Reiman
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
Splunk
 

En vedette (7)

Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
AHA Corporate Training
AHA Corporate TrainingAHA Corporate Training
AHA Corporate Training
 
SplunkLive! Beginner Session
SplunkLive! Beginner SessionSplunkLive! Beginner Session
SplunkLive! Beginner Session
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search Optimization
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 

Similaire à Getting Started with Splunk

SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
Splunk
 
SplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin InternationalSplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin International
Splunk
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
Splunk
 

Similaire à Getting Started with Splunk (20)

Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Taking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – ArchitectureTaking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – Architecture
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
SplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin InternationalSplunkLive! Customer Presentation - Garmin International
SplunkLive! Customer Presentation - Garmin International
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk OverviewSplunkLive! London 2016 Splunk Overview
SplunkLive! London 2016 Splunk Overview
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
 
SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...
SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...
SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...
 
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
 
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
SplunkLive Sydney Scaling and best practice for Splunk on premise and in the ...
 
SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...
SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...
SplunkLive Melbourne Scaling and best practice for Splunk on premise and in t...
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data In
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

Plus de Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

Plus de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Getting Started with Splunk

  • 1. Copyright © 2013 Splunk Inc. June 11, 2015 Getting Started User Training Getting Started with Splunk Enterprise Ryan Ahlers – Splunk Engineer
  • 2. Agenda • Splunk Enterprise Overview • Using Splunk (Live) – Installing, Indexing, Searching, Reports & Dashboards, Alerting • Deploying Splunk • Splunk Community (Apps, portals, docs, etc.) 2
  • 4. Splunk Inc. 4 Public company, founded in 2004 Headquartered in San Francisco Universal Platform for Machine Data  Any Machine Data  Any Volume Deployments from 10MB to 350TB/day  On Premise  In the Cloud  SAAS 9,000+ Customers in 100+ Countries 2/3 of the Fortune 100
  • 5. What is Machine Data? Sources Order Processing Twitter Care IVR Middleware Error
  • 6. Machine Data Contains Critical Insights Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
  • 7. Machine Data is Growing Exponentially Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Machine data is the fastest growing, most complex, most valuable area of big data
  • 8. Universal Platform for Machine Data 8 Real-time indexing of ANY machine data Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premise Private Cloud Public Cloud Local Storage SAN NoSQL Explore Visualize ShareAnalyze Develop
  • 9. Universal Platform for Machine Data 9 Real-time indexing of ANY machine data Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search Any amount, any location, any source Schema-on-the-flyNo Database No need to filter data
  • 10. Splunk Delivers Value Across IT and the Business IT Operations Security & Compliance Web Intelligence Application Management Developer Platform (Java, Python, JavaScript, PHP, SDKs, REST API) Business Analytics Industrial Data Small Data. Big Data. Huge Data.
  • 11. Insights Across Roles & Departments Product Managers Sales Operations Executive Management Customer Service & SupportIT Management & Operations Marketing Managers 11
  • 12. Scales to Hundreds of TBs/Day Enterprise-class Scale, Resilience and Interoperability Collect machine data from thousands sources via Splunk forwarders Compress and store data on Splunk Indexers Initiate searches and visualize results via Search Heads
  • 13. Delivers Mission-critical Availability  Data replication – maintain searchability even if servers go down  Multi-site capable – maintain searchability even if a site goes down  Search Affinity – optimized searches by fetching from the closest/fastest location REPLICATION Portland Datacenter New York Datacenter Clustering
  • 14. Drastically Reduces Time-to-Value Over 600 apps available on splunkbase REST API XenApp XenDesktop Server, Storage, Network Server Virtualization Operating Systems Infrastructure Applications Mobile Applications Cloud Services Other Monitoring Ticketing/Help Desk Custom Biz Applications SDKs Web Framework
  • 16. Install Splunk Splunk Home • WIN: Program FilesSplunk • Other: /opt/splunk (Applications/splunk) Start Splunk • WIN: Program FilesSplunkbinsplunk.exe start (services start) • *NIX: /opt/splunk/bin/splunk start www.splunk.com/download
  • 17. Splunk Licenses Free Download Limits Indexing to 500MB/day • Enterprise Trial License expires after 60 days • Reverts to Free License Features Disabled in Free License • Multiple user accounts and role-based access controls • Distributed search • Forwarding to non-Splunk Instances • Deployment management • Scheduled saved searches and alerting • Summary indexing
  • 18. Default installation on: http://localhost:8000 18 Splunk Console Browser Support • Firefox 10.x and latest • Internet Explorer 7, 8, 9 and 10 • Safari (latest) • Chrome (latest)
  • 19. Indexing Demonstration Download the sample file, follow this link and save the file to your desktop, then unzip: http://bit.ly/UBPFWP (Exploring Splunk Book) To add the file to Splunk: – Click Add Data – Click Upload files from my computer. – Drag and drop you sample data zip file. – Add a new Index – Review and Finish. 19
  • 20. Search & Alert Demonstration 20 Search App Field Extractions (Auto/Manual) Free-form Searching 130+ Commands
  • 21. Report & Dashboard Demonstration 21
  • 22. Settings Demonstration 22 For All of that Cool Stuff You Just Created (and more!) • Permissions • Saved Searches/Reports • Custom Views • Distributed Splunk • Deployment Server • License Usage….
  • 24. Splunk’s Core Components 24 A Splunk install can be one or all roles… Search HeadIndexerForwarder
  • 25. Single Instance or Distributed? 25 < 150GB per Day > 1500GB per Day 6X2 Core CPUs/12GB RAM/800+ IOPs
  • 26. Distributed Architecture Universal Forwarder 26 Collect and Forward Machine Data to Indexers May or May not be Required Agent or Agentless are both supported Overhead ~1% CPU, ~50MB RAM, ~256kb/sec
  • 27. Distributed Architecture Indexer 27 Compresses, Index and Search up to 150GB/day Compressed Raw Data (~15% raw data size) Time Series Index (~35% raw data size) Executes Searches Scales Horizontally via Commodity Hardware 6X2 Core CPUs/12GB RAM/800+ IOPs
  • 28. Distributed Architecture Search Head 28 Initiates Distributed Searches Publishes Reports/Dashboards/Apps Scales Horizontally via Commodity Hardware 4X4 Core CPUs/12GB RAM/2 x 300GB, 10,000 RPM SAS Raid 1
  • 29. Scalability & High Availability 29 Forwarders load balance across Indexers Indexed data can be replicated across peers and different physical sites Search Heads can be Clustered to eliminate single point of failure and handle large search loads
  • 30. Service Desk Event Console SIEM Send Data to Other Systems 30 Route raw data in real time or send alerts based on searches.
  • 31. Integrate External Data 31 LDAP, AD Watch Lists CRM/ER P CMDB Correlate IP addresses with locations, accounts with regions Extend search with lookups to external data sources.
  • 32. Integrate Users and Roles 32 Problem Investigation Problem Investigation Problem Investigation Save Searches Share Searches LDAP, AD Users and Groups Splunk Flexible Roles Manage Users Manage Indexes Capabilities& Filters NOT tag=PCI App=ERP … Map LDAP & AD groups to flexible Splunk roles. Define any search as a filter. Integrate authentication with LDAP and Active Directory.
  • 33. Splunk’s Core Components 33 Time to start SPLUNKING!!! Search HeadIndexerForwarder
  • 35. Support Through the Splunk Community 35 Browse and share Apps from Splunk, Partners and the Community splunkbase.splunk.com Splunkbase Community-driven knowledge exchange and Q&A answers.splunk.com 5 tracks, more than 40 sessions, the smartest Splunk users together conf.splunk.com .conf2014
  • 36. Where to Go for Help 36 • Documentation – http://www.splunk.com/base/Documentation • Technical Support – http://www.splunk.com/support • Videos – http://www.splunk.com/videos • Education – http://www.splunk.com/goto/education • Community – http://answers.splunk.com • Splunk Book – http://splunkbook.com

Notes de l'éditeur

  1. Splunk Inc. is a public company, founded in 2004 with the goal of providing a universal platform for machine data. We have more than 9,000 global customers with deployments ranging from home use to massive enterprises indexing 250TB of data a day. So what is machine data?
  2. Every machine on the planet, from internal servers and applications to call center hardware and the networks they run on to social media all generate some kind of structured or unstructured machine data.
  3. Within that machine data are critical insights about the performance availability and value of business services provided to the end user. But there is a challenge with this Machine Data. It is growing exponentially.
  4. But there is a big challenge with this Machine Data. It is growing exponentially both in volume as well as complexity. – And that’s where Splunk comes in.
  5. No matter what type of machine data the systems powering your business produce, Splunk can collect and index that data in real-time; allowing you to immediately explore, Analyze and visualize that data, and achieving what we at Splunk refer to as “Operational Intelligence”. As machine data flows into Splunk, it is compressed and stored on local storage or a SAN for real-time investigation and alerting of incidents or Security challenges. NoSQL Datastores can be used to store longer-term machine data not required for real-time analysis or can be queried directly to correlate the petabytes of unstructured NoSQL Datastore data with the unlimited types of Machine data indexed by Splunk. In addition to a wizard-driven console for easily visualizing all of your data, Splunk provides a full development platform for collecting new Machine Data types or sharing data with third party products, ticketing systems or custom interfaces.
  6. All of this is done without the limitation of a back end relational database. Which means the integrity of your data is never compromised, any field within your machine data is fair game for investigation, and scalability is never an issue.
  7. Machine data is useful across both IT and the Business. Splunk use cases range from standard IT Operations management to Security and Business Analytics.
  8. Splunk Dashboards are easy to generate and customize to meet the needs of a wide variety of roles within your organization. And no matter how much machine data is generated by your business processes and services, Splunk can scale to meet your needs.
  9. Splunk Forwarders are lightweight components which collect Machine data throughout your environment. Forwarder deployment is highly customizable, you can have the forwarder remotely collect data or place the forwarder locally on hundreds of thousands of devices as some of our customers do. Forwarders automatically load-balance their collected machine data across a pool of Indexers, which scale horizontally on commodity hardware to adjust to your growing pool of Machine Data. Search Heads initiate map-reduced searches across the indexer tier, combine and return the results to the Splunk console or your interface of choice. Like Indexers, Search Heads can scale horizontally to meet your needs on commodity hardware.
  10. Even if an entire datacenter were to go down, Splunk’s ability to replicate data across sites ensures a true high availability environment.
  11. Finally, Splunk’s robust community of users and partners have created more than 500 apps which plug into Splunk Enterprise to get you up and running quickly. The vast majority of these apps are free. Some apps, which have dedicated SCRUM development and support teams are charged for. For Example: HUNK is an application which provides easy NoSQL Connectivity, Search, and Reporting capabilities across your NoSQL nodes The Exchange App provides out of the box monitoring of your email environment The VM Ware app monitors virtual environments. And Splunk’s Enterprise Security app provides Security Analysts with the ability to search across all Machine Data within an environment, not just data limited by a particular SIEM; which has propelled Splunk to a “Leader” in the Gartner Magic Quadrant for Security.