SplunkLive! London - Splunk App for Stream & MINT Breakout
•
0 j'aime•534 vues
Slides from Splunk App for Stream & MINT Breakout at SplunkLive! London May 2015
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
Similaire à SplunkLive! London - Splunk App for Stream & MINT Breakout
Similaire à SplunkLive! London - Splunk App for Stream & MINT Breakout (20)
Plus de Splunk
Plus de Splunk (20)
Dernier
Dernier (20)
SplunkLive! London - Splunk App for Stream & MINT Breakout
- 1. Copyright © 2015 Splunk Inc. What’s New: Splunk App for Stream and Splunk MINT Stela Udovicic Sr. Product MarkeIng Manager
- 2. Disclaimer During the course of this presentaIon, we may make forward looking statements regarding future events or the expected performance of the company. We cauIon you that such statements reflect our current expectaIons and esImates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in the this presentaIon are being made as of the Ime and date of its live presentaIon. If reviewed aTer its live presentaIon, this presentaIon may not contain current or accurate informaIon. We do not assume any obligaIon to update any forward looking statements we may make. In addiIon, any informaIon about our roadmap outlines our general product direcIon and is subject to change at any Ime without noIce. It is for informaIonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaIon either to develop the features or funcIonality described or to include any such feature or funcIonality in a future release.
- 3. Agenda Intro Splunk App for Stream Overview Splunk for Mobile Intelligence Demo
- 4. Ad-‐hoc Analysis On Wire Data Is Challenging Volume, velocity and variety make it difficult to collect, explore, analyze and visualize wire data Distributed datacenters introduce challenges in accessing wire data from public and hybrid clouds Complex network environments make installaIon and management of probes and appliances laborious
- 5. See Everything with Splunk App for Stream Enables real-‐<me insights into private, public and hybrid cloud infrastructures Delivers rapid deployment, easy scale out and efficient wire data capture Capture and analyze cri<cal events not found in logs or with other collec<on methods. 1 2 3 Enhance Opera<onal Intelligence With Wire Data Capture
- 6. Example: What Is Available From The Wire Performance Metrics Round Trip Time Client Request Time Server Reply Time Server Send Time Total Time Taken Base HTML Load Time Page Content Load Time Total Page Load Time Applica<on Data POST Content AJAX Data SecIon Sub-‐SecIon Page Title Session Cookie Proxied IP Address Error Message Business Data Product ID Customer ID Shopping Cart ID Cart Items Cart Values Discounts Order ID Abandoned?
- 7. 7 Enable New OperaIonal Insights • Add informaIon about applicaIon, infrastructure, security and business acIvity, without needing instrumentaIon • Support new and extends exisIng Splunk use cases across IT, security and the business with wire data capture Enhanced Opera<onal Intelligence Efficient, Cloud-‐Ready Wire Data Collec<on Fast Time to Value • Gain visibility into any public, private or hybrid cloud infrastructures with a soTware soluIon • Control data collecIon volumes with fine-‐grained protocol and adribute filtering • Deploy quickly from interface-‐driven install • Enable rapid incident response • Easily scale out with centralized management
- 8. Beder Insights for IT OperaIons • Get real-‐Ime granular insights to reduce MTTR without costly appliances • Analyze all applicaIons and user behavior, measure applicaIon response Imes and trace transacIon paths • IdenIfy infrastructure performance issues, capacity constraints, changes and establish baselines Value + Contextual Data Applica<on logs, infrastructure (storage, network, server) logs, performance metrics, events 8 SQL queries, DNS records, IP conversa<ons, transac<on traces, ICA latency, response <mes Wire Data
- 9. Beder Insights for Security • Real-‐Ime DPI of wire data backed with analyIcs enables easier forensics analyses and quicker incident response • Analyze all user and applicaIons behavior and respond Imely to threats with cost efficient real-‐Ime header and payload field extracIon • Baseline network traffic and understand anomalies associated with advanced and insider threats • Quick soTware install at end points, network infrastructures and cloud without expensive appliances Value + Contextual Data Firewall logs, applica<on logs, IDS logs, network logs, perf. metrics, events 9 User and applica<on traffic, protocol iden<fica<on (TCP, DNS, HTTP, etc.), protocol headers & payload extrac<on, SSL decryp<on Wire Data
- 10. 10 Custom Content ExtracIon Enables Efficient Real-‐Time Insights • Easily and selecIvely analyze web traffic for security risks • IdenIfy data exfiltraIon, including PII or exposed assets • Prevent data loss, perform forensics and reduce troubleshooIng Ime Improved Security Posture Efficient Real-‐Time Business Analyses Efficient IT Ops and Applica<ons Visibility • Real-‐Ime granular insights into key business indicators from web traffic • SelecIve on-‐the-‐fly visibility into shopping carts, user interacIons, etc. • Monitor web services performance on-‐the-‐fly for quick troubleshooIng and performance analysis • Enable real-‐Ime custom protocol monitoring
- 11. ApplicaIons Visibility for Easy Capacity Planning AVP of Networks and Communica<ons, Large Na<onal Bank “I enjoyed using the Splunk App for Stream as it's giving us a bunch of different perspecIves on our traffic and beder granularity compared to some of the other tools we used. Stream is unique because Splunk analyIcs are Ied to a network monitoring tool.” • Granular applicaIon and network visibility drives easy remediaIon • ProacIve applicaIons and network traffic monitoring enables beder capacity reporIng and planning • Powerful analyIcal engine enables data analyses by novice users Key Customer Benefits Deployment • Quick host-‐based deployment at criIcal network segments – Ability to observe both client and server traffic 11
- 12. Stream at CanDeal: Breaking the Silos Kris Laxdal, IT Manager & Security Analyst “Stream allows our IT Ops, security and developers teams to get relevant data quickly.” “You cannot show up with tradi<onal packet captures tool in the boardroom. Stream and Splunk help us understand issues at the high level and if exec team wants to see the details we can drill down easily. That is what's great about Stream! ” IT Opera<ons • High level view with contextual drill-‐down ability • Easy access and visibility into producIon MySQL environment helps applicaIon developers troubleshoot issues and roll out releases quicker • Improved collaboraIon between teams: IT OperaIons, QA (pre-‐producIon tesIng), security and development • Improved customer response Imes due to real-‐Ime visibility into applicaIon issues Security • CorrelaIon against indicators of compromise helps invesIgate and miIgate Advanced Persistent Threats (APTs), potenIal data exfiltraIon & other risks Key Customer Benefits 12
- 13. Real-‐Ime Business Insights for Canadian Service Provider Technical Analyst, Canadian Telco (Crown CorporaIon) “Splunk helps us provide real-‐Ime business insights for our MarkeIng team” “During the first day of using Stream and visibility into Diameter we (support team) idenIfied infrastructure capacity issue before our IT OperaIons team.” “Everyone in our industry should be deploying Splunk & Stream. The value we get from it is tremendous.” • Visibility into customer behaviour results in efficient markeIng campaigns and be^er business decisions – IdenIfied “grey market” phones in our network – AnalyIcs driven ads and understand user behaviour at big sporIng events • Visibility into mobile backhaul infrastructure helps us resolve operaIonal issues quicker • Beder collaboraIon between teams: Network support team, IT OperaIons & MarkeIng Key Customer Benefits 13
- 14. Wire Data Intelligence Improves Security One plaqorm: Value for IT and Security Security Analyst, Payment Processing Company “The thing that makes the Stream app beder than any other packet analysis soluIon out there is the staIsIcal analysis from Splunk Enterprise. You can apply it freely to all of the wire data, which enables me to analyze this data in ways not possible before. This visibility help us prevents external infiltraIon and avoid malicious adacks.” • Real-‐Ime security intelligence to prevent adacks and infiltraIons • Baselining, trending and applying analyIcs to detect anomalies in traffic (mySQL, postgres, etc.) • Centralized management of all wire data results in operaIonal cost savings • Efficient monitoring of user authenIcaIons for audit and security Key Customer Benefits • Non-‐intrusive and easy monitoring of server communicaIon • Flexible and easy integraIon with exisIng Splunk security dashboards 14
- 15. Wire Data Speeds Up Forensics Security Engineer, Financial Services Ins<tu<on “The biggest value of Stream is how fast can we resolve and close security cases. Before Stream, I had to collect data from mulIple systems and it would take me an hour. With Stream, informaIon is already there and I can get answers within 5 minutes. It is much easier to get data now.” • 90% reducIon in incident triage and invesIgaIon Ime • Deeper, quicker and easier understanding of traffic and user acIvity for forensic purposes • Immediate insights and improved data collecIon: – EliminaIon of moving pcap files around between several tools Key Customer Benefits Deployment • Flexible and easy deployment on key network locaIons 15
- 16. Supported Protocols and Plaqorms • UDP • TCP • HTTP • IMAP • MySQL (login/cmd/ query) • Oracle (TNS) • PostgreSQL • Sybase/SQL Server (TDS) • FTP • SMB • NFS • POP3 • SMTP • LDAP/AD • SIP • XMPP • AMQP • MAPI • IRC Supports Windows 7 (64-‐bit), Windows 2008 R2 (64 bit), Linux (32-‐bit/64-‐bit) and Mac OSX (64-‐bit) • DNS • DHCP • RADIUS • Diameter • BitTorrent • SMPP 16 Improved performance requiring less compute/memory power!
- 17. Stream Forwarder Architecture Protocol Decoder (Deep Packet Inspec<on) Events Decryp<on Request/ Response Network Interface (eth1) Standard Out (To Splunk Forwarder) Packets Streams Request/ Response Request/ Response Protocol Decoder (Deep Packet Inspec<on) Events Decryp<on Standard Out (To Splunk Forwarder) Protocol Decoder (Deep Packet Inspec<on) Events Decryp<on Standard Out (To Splunk Forwarder) Network Interface (ethN) Packets … Threads 17
- 18. Architecture: Dedicated Server 18 End Users TAP or SPAN Firewall Splunk Indexers Search head Linux Forwarder Splunk_TA_Stream Servers Internet
- 19. Architecture: Run on Servers 19 End Users Firewall Splunk Indexers Search head Physical or Virtual Servers Universal Forwarder Splunk_TA_stream Internet Physical Datacenter, Public or Private Cloud
- 20. Copyright © 2015 Splunk Inc. Splunk for Mobile Intelligence
- 21. • New OS versions break apps • Network issues are difficult to find and simulate • Limited Ime to make changes and fixes The Challenges of Delivering Mobile Apps 21 • Plan for growth • Solve infrastructure, API and app issues • Feature usage • Monitor/analyze user behavior • Deliver omni-‐channel analyIcs • Mobile+web+desktop Form Factor, Plahorm, Interac<on Style Variety Rapid App Dev Cycles, Break-‐Fix Needs Infrastructure Analy<cs • OS and device-‐ centric development • Need to correlate devices, versions
- 22. Mobile App Delivery: Different Challenges for Different Roles 22 • How do I find the root cause of app crashes/poor performance? • What were users doing when the issue happened? • How do I get more insight into transacIon paths? • Is the problem with the app, the network or the backend system? • Do I have the right capacity in place to handle transacIon volume? • How does performance compare mobile vs. web vs. desktop? • How are customers using my app? • Which features should I prioriIze for future versions? • How does customer behavior compare across channels? APP MANAGERS/ OPERATIONS PRODUCT MANAGERS/ BUSINESS OWNERS MOBILE APP DEVELOPERS
- 23. Enhance Opera<onal Intelligence Using Mobile Data 23 Deliver Beder Performing, More Reliable Apps Deliver Real-‐Time AnalyIcs Achieve End-‐to-‐End Visibility
- 24. How Splunk MINT Works • Embed Splunk MINT SDKs in your mobile app • AcIvate with one line of code • Your app’s operaIonal data is securely transmided to the Splunk MINT Data Collector • Analyze your mobile operaIonal data using the Splunk MINT App • Correlate the data with other sources using Splunk Enterprise 24 Mobile App OperaIons Data Splunk MINT Data Collector Real-‐Ime Mobile OperaIonal AnalyIcs
- 25. Deliver Be^er Performing, More Reliable Apps • Improve user retenIon by quickly idenIfying crashes and performance issues • Immediate insight on transacIon performance and causes of transacIon failures • IdenIfy network performance issues and assess how they impact your app 25 Real-‐Ime monitoring of crashes and performance
- 26. Achieve End-‐to-‐End Visibility • Correlate Splunk MINT data with other OperaIonal Intelligence for end-‐to-‐end transacIon analysis • Use Splunk Enterprise search capabiliIes to correlate and drill down into your mobile and non-‐ mobile data 26 Use correlaIons to get comprehensive insights
- 27. Deliver Real-‐Time Analy<cs • Network performance: Create dashboards that compare network performance by carrier (Wi-‐Fi, LTE networks, etc.) • Geoloca<on: Gain insight on usage and performance by where users are located • Search and Pivot: UIlize search and analyIcs capabiliIes to explore your mobile data 27 Get granular insights into your app and its users
- 28. Gelng Started With Splunk MINT 28 Mobile Developers Sign up on mint.splunk.com Download SDKs and create mobile projects Download Splunk Enterprise Splunk Admin Re-‐deploy Splunk MINT enabled apps Check Splunk MINT Management console Download the Splunk MINT App Run Wizard to connect to the Splunk MINT Data Collector Get dashboards and search, correlate
- 29. MINT Benefits Developers and the Business 29 • Immediate quality insights • User, usage, transacIon, network visibility • Fast Ime-‐to-‐value with lightweight SDK • Find bodlenecks across app, network, backend, APIs • Right size capacity for transacIon volumes • Ensure performance across all channels • User behavior, user experience insights • Faster, more valuable improvements • Omni-‐channel analyIcs APP MANAGERS/ OPERATIONS PRODUCT MANAGERS/ BUSINESS OWNERS MOBILE APP DEVELOPERS
- 30. Demo
- 31. Three Takeaways Splunk App for Stream helps you see everything! Splunk MINT helps you deliver more reliable and be^er performing mobile apps! Use Splunk somware for an end-‐to-‐end view of your cri<cal applica<ons! 1 2 3
- 32. 32 The 6th Annual Splunk Worldwide Users’ Conference • September 21-‐24, 2015 • The MGM Grand Hotel, Las Vegas • 4000 IT & Business Professionals • 2 Keynote Sessions • 3 days of technical content – 165 sessions • 3 days of Splunk University – Sept 19-‐21, 2015 – Get Splunk CerIfied for FREE! – Get CPE credits for CISSP, CAP, SSCP, etc. – Save thousands on Splunk educaIon! • 80 Customer Speakers • 80 Splunk Speakers • 35 Apps in Splunk Apps Showcase • 65 Technology Partners • Ask The Experts and Security Experts, Birds of a Feather, Chalk Talks and a new & improved Partner Pavilion! • Register at conf.splunk.com