SlideShare une entreprise Scribd logo
1  sur  44
UNICREDIT
IT Ops & App Delivery
UniCredit and V-TServices:
Four Years of Splunk Integration Facing Heterogeneous Use Cases
Stefano Guidobaldi, Advanced Engineering – UniCredit Group ICT & Security Officer
Agenda
• About us
• Our journey with Splunk
• Splunk deployment topology
• Use cases: overview
o Business Analytics
o Application Delivery
o IT Operational Analytics
o Accounting
o APInthusiasts
• Recap and Takeaways
• Q&A
About us
Stefano Guidobaldi
• Current position: IT System Architect at UniCredit
• Formerly advisor for UniCredit, working on Splunk projects/developments
• Area of expertise: system administration, tuning and automation, analytics
• Contact: stefano.guidobaldi@unicredit.eu
UniCredit: at a Glance
 Employees: more than 127,000*
 Branches: 7,100*
 Banking operations in 17 countries
 International network spanning:
~ 50 countries
 Global player in asset management: € 221 bn in
managed assets*
 Market leader in Central and Eastern Europe
leveraging on the region's structural strengths
* Source: UniCredit Company Profile, data as at June 30, 2015
Why Splunk: troubleshooting complex problems
• Highly distributed and multi-layered SOA architectures
• Huge number of log files
• Logs contain 70% of diagnostic data useful for problem isolation
Our journey with Splunk
Our journey with Splunk
Why Splunk: a flexible solution to a complex problem
Our journey with Splunk
• 2010 Q3: a Splunk 4 Enterprise trial installed in a test server. Used for POC and to analyze
logs for on demand troubleshooting and data analysis.
• 2011 Q1: 250GB/day license arrived! First production deployment made by 3 indexers
collecting application/system logs from some java applications.
Used by Service Delivery Team and some pilot users to speed up troubleshooting and for
monitoring some services.
• 2013 Q1: License enlarged. 8 indexers collecting 700GB/day. Added more sources related to
java applications logs, web servers, operating systems and some DB2 logging tables.
Middleware team and many Developers use Splunk during their daily business.
Our journey with Splunk
• 2014 Q4: 12 indexers collecting 1.7TB/day. Splunk became the main solution to enable
developers to view and analyze theirs application logs. Added custom application logs from
several different applications. Added more source from systems (loadbalancer, dns, dhcp).
UniCredit Security Team evaluated Splunk as a solution for Log Management and
Security/Audit.
• 2015 Q1: UniCredit Security Team deployed a new Splunk deployment capable of collecting
and analyzing more than 4TB/day (not covered by this session). This new deployment (Splunk
Security) runs in parallel with the existing deployment (Splunk ITOA/AM).
This session will cover the deployment named Splunk ITOA/AM only.
Our journey with Splunk
• Today: Splunk is one of the main solution for:
oIT Operational Analytics
oApplication Management.
• It is widely used by Developers, System Administrators, Service Delivery Analysts,
Network and Network Security Engineers, etc.
• Still important to boost troubleshooting and problem isolation.
• It has a crucial role in the monitoring and reporting area.
• Many new projects include Splunk as an important component for production readiness.
Our journey with Splunk
Splunk scope as today:
Splunk ITOA/AM deployment in UniCredit
Our deployment in figures:
• ~2.5 TB data collected daily
• >30 days data retention
• >8 billion events collected daily
• >400k events per second (peaks)
• >180 sourcetypes
• >500 universal forwarders
• >15k syslog senders
• ~15k searches executed by users daily
• ~90k searches executed by scheduler daily
• >500 dc(users) logged-in during last month
Why Heavy Forwarders:
• Aggregation: using intermediate collectors enables to establish a «many to few» relation
between senders located on a specific zone and a set of receivers.
• Scale Deployment Server: some Heavy Forwarders works also as intermediate Deployment
Server.
• Parsing/Masking: let offload parsing and masking workload from indexer layer.
Splunk ITOA/AM deployment in
UniCredit
Use Cases
• Business Analytics: We were able to leverage transactions log from our POS and cardholders (previously used
for monitoring purposes) to build a new big data tool for our merchants
• Application Delivery (and Advanced Monitoring): One of our biggest enterprise applications is currently
monitored using Splunk at many levels. Tons of customizations, dynamic interaction, advanced troubleshooting: be
ready to discover more
• IT Operational Analytics: We’ll go through many ways to answer classic and modern IT questions and provide
key concepts to apply same approaches to your environment.
• Accounting: We’ll show how to replace a standard data entry activity with Excel letting Splunk do the dirt job for us
• APInthusiasts - from data collector to data distribution platform: Initially we were in the condition of
using Splunk to collect and send data to a DB, like a big vacuum cleaner. It ended up with the customer asking us to
remove DB and use Splunk as the data engine through its REST API
Business Analytics:
How a single data-source served different purposes
How a single data-source served different purposes
[2014-09-04-14.45.54.608000] proc_source="B24A",
tmst_target="2013-09-04-14.45.54.724000", serv_id="ISS",
proc_input="MAST", proc_target="B24H", interface_acq="BNET_1",
interface_iss="02008", cod_msg="XJYZ", oper_rrn="XJYZ",
card_id="52xxxxxxxxxxx", oper_amount="000000000050",
oper_currency="978", oper_country="380", term_id="0059XXXX",
circuito="", sett_merc="4722", bin_acq="XXXX",
id_merc="32xxxxxxxxxx", prcode="XYZ", action_code="XXX",
...
...
auth_rout_id="HISO_AUTH", msg_subst="", ndg="00000xxxxxxxx",
station_acq="STA-BNET-MI1", acceptor="A COOL SHOP",
tmst_ins="2013-09-04-14.48.56.277466", ...
Mastercard Circuit
Client IDMerchant name
Amount
Card ID (masked)
Merchant category IDMerchant ID
How a single data-source served different purposes
[2014-09-04-14.45.54.608000] proc_source="B24A",
tmst_target="2013-09-04-14.45.54.724000", serv_id="ISS",
proc_input="MAST", proc_target="B24H", interface_acq="BNET_1",
interface_iss="02008", cod_msg="1110", ...
id_merc="32xxxxxxxx", prcode="003000", action_code="000",
approval_code="X", oper_mod_input="1", channel="O",
flag_dupl="Y", flag_onus="N", auth_rout_dst="XXXX",
auth_rout_id="HISO_AUTH", msg_subst="", ndg="00000xxxxxxxx",
station_acq="STA-BNET-MI1", acceptor="COOL SHOP" 380",
tmst_ins="2013-09-04-14.48.56.277466", ...
2013 – first implementation: Application Monitoring
• In 2013 we started gathering UniCredit cards’ transactions
• Initially they served as operational monitoring data for our Application Delivery team
• Of the whole transaction, only few fields were actually used to monitor system behaviour
• Few clear graphs in 3-4 interactive dashboards, featuring:
green/yellow/red dots for alerts, authorization rates, volumes
How a single data-source served different purposes
2013 – first implementation: Application Monitoring
• Application Team is able to drill down until they reach the root cause of the alert
• 3 clicks lead to the problem highlighted
[2014-09-04-14.45.54.608000] proc_source="B24A",
tmst_target="2013-09-04-14.45.54.724000", serv_id="ISS",
proc_input="MAST", proc_target="B24H", interface_acq="BNET_1",
interface_iss="02008", cod_msg="XJYZ", oper_rrn="XJYZ",
card_id="52xxxxxxxxxxx", oper_amount="000000000050",
oper_currency="978", oper_country="380", term_id="0059XXXX",
circuito="", sett_merc="4722", bin_acq="XXXX",
id_merc="32xxxxxxxxxx", prcode="XYZ", action_code="XXX",
...
...
auth_rout_id="HISO_AUTH", msg_subst="", ndg="00000xxxxxxxx",
station_acq="STA-BNET-MI1", acceptor="A COOL SHOP",
tmst_ins="2013-09-04-14.48.56.277466", ...
How a single data-source served different purposes
2014 – second implementation: Business Analytics
• With the same piece of information, our business teams went up with a new product for our merchants: a dashboard
with business data intertwined with customers data
• Monitoring log is full of interesting fields that could be leveraged to setup a business analytics view:
o Unique ID for customer (hashed, obviously)
o Amount
o Currency
o Country
o Merchant ID (internal reference)
o Merchant category ID (e.g. clothing)
o Acceptor (shop name)
How a single data-source served different purposes
2014 – second implementation: Business Analytics
• Totally brand new 3rd-party application
• Web-based interface for merchants
• Tablet-friendly, interactive, innovative
How a single data-source served different purposes
Key takeaways
 Many use cases share the same set of data
• When preparing a new log include anything that can be valuable in
the future
 Use summary indexes to aggregate data
Application Delivery:
See the forest *AND* the trees
See the forest *AND* the trees
Target architecture
• For SDD system monitoring, Splunk is configured to retrieve these
types of log:
– application server log (e.g. Websphere server.log, server.err, ecc..)
– application data log (e.g. GPE log4j, JGH, ecc...)
– custom monitoring data log provided by scripts
• Components involved:
– NAS server used by GPE and e2e systems
– Oracle Database
– WebSphere Application Servers
– ITA Mainframe
– AUT Mainframe (stricter policies)
See the forest *AND* the trees
Splunk Monitoring Engine (SME)
• The custom scripts that compose the Splunk Monitoring
Engine are grouped in 4 categories according to their purpose:
– system scripts
– e2e scripts
– db query execution scripts
– parked files scripts
Application Name
Aggregated metric
Group of metrics/alerts
See the forest *AND* the trees
One single pane of view to rule them all!
See the forest *AND* the trees
Four points of view
• Technical
• Functional
• Statistical (and, thus, predictive)
• Performance
Plus, every button is CLICKABLE
See the forest *AND* the trees
Focus: functional monitoring on queries
• Scheduling overview of daily jobs
• Colour based on criticality
• Find immediately jobs missing
• Grouped in categories
Easily identify critical periods during day
See the forest *AND* the trees
Focus: statistics and forecasting
• Predict next two weeks of scheduled jobs
• Table with statistical details
• Use custom algorithms
See the forest *AND* the trees
Key takeaways
• Multi-layer, multi applications single monitoring tool
• Splunk flexibility is awesome: execute scripts, gather results, collect data from many different
sources and get insights, keep historical trends
• Aggregation made easy
• Navigation sets the context (and, therefore, forces which data has to be loaded in the template
dashboard)
Next Steps
• Same approach will be used for other payments related applications
• Aggregate statistical and performance metrics
• Migrate everything to Splunk 6 (heavy visual customizations – CSS/HTML)
IT Operational Analytics:
Proactive is way better than reactive
Proactive is way better than reactive
Focus: known errors monitoring
How it works:
• Visualize time distribution and
stats of an eventype which
aggregates known errors
• It shows only matching event
categories
• Service Reliability members
collaborate to add more and
more event categories
Proactive is way better than reactive
Focus: known errors monitoring
Values:
• Immediate notification about common problems
• Historical or real-time analysis
• See trends and stop disruptive behavior before
incidents happen
• It learns day by day by adding new categories to
«monitoring» eventype
«Still one of the most value-adding dashboards ever!»
Service Reliability Team
Proactive is way better than reactive
Focus: Apache HTTP status, or how we substituted an «old but gold» tool based on Cacti
aimed to monitor Apache Httpd server status
How it works:
• A custom script retrieves and parses
http://server:port/server-status output
• Parsed output is written to a log file which is
collected by Splunk
Added values:
• Historical Values
• Possibility to reuse data on other
dashboards
• Alerting
..to Splunk
From
Cacti..
Proactive is way better than reactive
Focus: monitoring tools data in SplunkSitescope:
• Install UF on SiteScope Server
• Collect ...logsSiteScope*.log
• Take the best from «Splunk for SiteScope» app
ITCAM:
• Use DBConnect to collect data from ITCAM db
Added value:
• Easily create status reports based on historical data
• Visualize events over time
• Integration: add SiteScope data in a Splunk dashboards
• Create advanced alerting (something OR smthelse NOT disabled AND
field>X)
Proactive is way better than reactive
Key takeaways
• Same approaches, different purposes
• DevOps re-mastered: IT Ops and Dev teams sharing the same
perspective
 Always involve people who knows the data
Accounting:
Build reports like never before
Build reports like never before
Data input for recording
• Mainframe log dumped with an FTP job: single string of data
• Fixed-length fields -> EASY PARSING (FOR SPLUNK), they never change in size
Time Event
31/08/15
06.09.32,000 060450142xxxx9999999999990010000000000000999999920120725201202022009093006 11111111112012072584050076
7 002400840000554 002400TE20120725 000 AWESOME GENERIC SHOP IN SOME KNOWN CITY SOME USEFUL INFO
VIA ITALIA MILAN 39044BZ0471820323 1111111111111111549903000016000038360500000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000460 999999999999999999999999999 00010101 00010101 001 EURD 5837060459 FFFFFFFF 60459S20120725
C 037C 036N 0 2015-08-31-05.00.01.561318NNN
Terminal (PoS) ID Last operation date
Address
Installation date
Customer Name
Build reports like never before
Result: replace that huge Excel report and welcome your interactive dashboard!
APInthusiasts:
From data collector to data engine
From data collector to data engine
2014 Q4 – Splunk used to collect and transport data
How:
• Application logs collected by Splunk from
application servers log folders.
• Read and indexed by Splunk
• Sent to DB with a custom Python script
performing export + load
Challenges:
• Very high performances needed
• High availability
• Dependency from a «custom script»
• Complex mapping between Splunk indexes
and DB tables
From data collector to data engine
2015 Q2 – Splunk as a data engine
Key differences:
• DB dependency removed
• Client application read data from Splunk using
REST API; HTTP calls are simple!
• Fully dedicated Splunk deployment to answer
use case needs: indexes replication, data ack,
no downtimes, etc.
Recap and final takeaways
What we’ve learned and what we believe you should interiorize:
«Be sure to add as many information (i.e. fields) to every input stream available.
Only God (or your best data scientists) know how you can exploit them, in the future»
(Somewhere in the Bible)
«Knowledge is power, use it well (and often)»
(Someone in the far future, ca. 40,000 AD)
«Why do it with a random tool when you can do it with Splunk?»
(Splunk Lead @V-TS)
Questions?
THANK YOU!
Stefano Guidobaldi, Advanced Engineering – UniCredit Group ICT & Security Officer

Contenu connexe

Tendances

Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankSplunk
 
Splunk Discovery Day Düsseldorf 2016
Splunk Discovery Day Düsseldorf 2016Splunk Discovery Day Düsseldorf 2016
Splunk Discovery Day Düsseldorf 2016Splunk
 
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunk
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk
 
Доступная безопасность: смесь инструментов с данными. Советы архитектора Oracle
Доступная безопасность: смесь инструментов с данными. Советы архитектора OracleДоступная безопасность: смесь инструментов с данными. Советы архитектора Oracle
Доступная безопасность: смесь инструментов с данными. Советы архитектора OracleTimur Bagirov
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Best Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseBest Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseSplunk
 
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunk
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainSplunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
SplunkLive! Wien 2016 - Splunk Enterprise 6.4
SplunkLive! Wien 2016 - Splunk Enterprise 6.4SplunkLive! Wien 2016 - Splunk Enterprise 6.4
SplunkLive! Wien 2016 - Splunk Enterprise 6.4Splunk
 
Driving Efficiency with Splunk Cloud at Gatwick Airport
Driving Efficiency with Splunk Cloud at Gatwick AirportDriving Efficiency with Splunk Cloud at Gatwick Airport
Driving Efficiency with Splunk Cloud at Gatwick AirportSplunk
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodePhilipp Drieger
 

Tendances (20)

Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für SecuritySplunk Discovery Day Düsseldorf 2016 - Splunk für Security
Splunk Discovery Day Düsseldorf 2016 - Splunk für Security
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING Bank
 
Splunk Discovery Day Düsseldorf 2016
Splunk Discovery Day Düsseldorf 2016Splunk Discovery Day Düsseldorf 2016
Splunk Discovery Day Düsseldorf 2016
 
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
SplunkLive! Utrecht - Splunk for IT Operations - Rick Fitz
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
 
Доступная безопасность: смесь инструментов с данными. Советы архитектора Oracle
Доступная безопасность: смесь инструментов с данными. Советы архитектора OracleДоступная безопасность: смесь инструментов с данными. Советы архитектора Oracle
Доступная безопасность: смесь инструментов с данными. Советы архитектора Oracle
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior Analytics
 
Best Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseBest Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The Enteprrise
 
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
 
Hands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill ChainHands-On Security Breakout Session- Disrupting the Kill Chain
Hands-On Security Breakout Session- Disrupting the Kill Chain
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
SplunkLive! Wien 2016 - Splunk Enterprise 6.4
SplunkLive! Wien 2016 - Splunk Enterprise 6.4SplunkLive! Wien 2016 - Splunk Enterprise 6.4
SplunkLive! Wien 2016 - Splunk Enterprise 6.4
 
Driving Efficiency with Splunk Cloud at Gatwick Airport
Driving Efficiency with Splunk Cloud at Gatwick AirportDriving Efficiency with Splunk Cloud at Gatwick Airport
Driving Efficiency with Splunk Cloud at Gatwick Airport
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EU
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better CodeSplunk for DevOps - Faster Insights - Better Code
Splunk for DevOps - Faster Insights - Better Code
 

En vedette

SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.Splunk
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
 
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with SplunkSplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with SplunkSplunk
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...Splunk
 
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk
 
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry PeopleSplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry PeopleSplunk
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk
 
Splunk at Scotiabank
Splunk at ScotiabankSplunk at Scotiabank
Splunk at ScotiabankSplunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
Using Splunk at MoneyGram International
Using Splunk at MoneyGram InternationalUsing Splunk at MoneyGram International
Using Splunk at MoneyGram InternationalSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVOSplunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVOSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event ManagementSplunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event ManagementSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk
 

En vedette (20)

SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.
 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNow
 
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with SplunkSplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
 
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
 
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry PeopleSplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17
 
Splunk at Scotiabank
Splunk at ScotiabankSplunk at Scotiabank
Splunk at Scotiabank
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
 
Using Splunk at MoneyGram International
Using Splunk at MoneyGram InternationalUsing Splunk at MoneyGram International
Using Splunk at MoneyGram International
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event Management
 
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVOSplunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
 
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event ManagementSplunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
 

Similaire à SplunkLive! Milano 2016 - customer presentation - Unicredit

IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...
IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...
IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...In-Memory Computing Summit
 
Living objects network performance_management_v2
Living objects network performance_management_v2Living objects network performance_management_v2
Living objects network performance_management_v2Yoan SMADJA
 
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !Piyush Kumar
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunk
 
WSO2 Data Analytics Server - Product Overview
WSO2 Data Analytics Server - Product OverviewWSO2 Data Analytics Server - Product Overview
WSO2 Data Analytics Server - Product OverviewWSO2
 
Bridging the Last Mile: Getting Data to the People Who Need It (APAC)
Bridging the Last Mile: Getting Data to the People Who Need It (APAC)Bridging the Last Mile: Getting Data to the People Who Need It (APAC)
Bridging the Last Mile: Getting Data to the People Who Need It (APAC)Denodo
 
Corporate presentation (short with examples)
Corporate presentation (short with examples)Corporate presentation (short with examples)
Corporate presentation (short with examples)PCA Services
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk
 
Running containers in production, the ING story
Running containers in production, the ING storyRunning containers in production, the ING story
Running containers in production, the ING storyThijs Ebbers
 
InfoSphere BigInsights
InfoSphere BigInsightsInfoSphere BigInsights
InfoSphere BigInsightsWilfried Hoge
 
Sourav_Giri_Resume_2015
Sourav_Giri_Resume_2015Sourav_Giri_Resume_2015
Sourav_Giri_Resume_2015sourav giri
 
Making Hadoop Realtime by Dr. William Bain of Scaleout Software
Making Hadoop Realtime by Dr. William Bain of Scaleout SoftwareMaking Hadoop Realtime by Dr. William Bain of Scaleout Software
Making Hadoop Realtime by Dr. William Bain of Scaleout SoftwareData Con LA
 
Viadeos Segmentation platform with Spark on Mesos
Viadeos Segmentation platform with Spark on MesosViadeos Segmentation platform with Spark on Mesos
Viadeos Segmentation platform with Spark on MesosCepoi Eugen
 
Advanced Analytics and Machine Learning with Data Virtualization
Advanced Analytics and Machine Learning with Data VirtualizationAdvanced Analytics and Machine Learning with Data Virtualization
Advanced Analytics and Machine Learning with Data VirtualizationDenodo
 
WSO2 Analytics Platform - The one stop shop for all your data needs
WSO2 Analytics Platform - The one stop shop for all your data needsWSO2 Analytics Platform - The one stop shop for all your data needs
WSO2 Analytics Platform - The one stop shop for all your data needsSriskandarajah Suhothayan
 
AdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenAdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenChristoph Adler
 
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...InfluxData
 

Similaire à SplunkLive! Milano 2016 - customer presentation - Unicredit (20)

IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...
IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...
IMCSummit 2015 - Day 1 Developer Track - Implementing Operational Intelligenc...
 
Living objects network performance_management_v2
Living objects network performance_management_v2Living objects network performance_management_v2
Living objects network performance_management_v2
 
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
Importance of ‘Centralized Event collection’ and BigData platform for Analysis !
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
 
WSO2 Data Analytics Server - Product Overview
WSO2 Data Analytics Server - Product OverviewWSO2 Data Analytics Server - Product Overview
WSO2 Data Analytics Server - Product Overview
 
Bridging the Last Mile: Getting Data to the People Who Need It (APAC)
Bridging the Last Mile: Getting Data to the People Who Need It (APAC)Bridging the Last Mile: Getting Data to the People Who Need It (APAC)
Bridging the Last Mile: Getting Data to the People Who Need It (APAC)
 
Corporate presentation (short with examples)
Corporate presentation (short with examples)Corporate presentation (short with examples)
Corporate presentation (short with examples)
 
Tamilarasu_Uthirasamy_10Yrs_Resume
Tamilarasu_Uthirasamy_10Yrs_ResumeTamilarasu_Uthirasamy_10Yrs_Resume
Tamilarasu_Uthirasamy_10Yrs_Resume
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
 
Running containers in production, the ING story
Running containers in production, the ING storyRunning containers in production, the ING story
Running containers in production, the ING story
 
InfoSphere BigInsights
InfoSphere BigInsightsInfoSphere BigInsights
InfoSphere BigInsights
 
Sourav_Giri_Resume_2015
Sourav_Giri_Resume_2015Sourav_Giri_Resume_2015
Sourav_Giri_Resume_2015
 
Making Hadoop Realtime by Dr. William Bain of Scaleout Software
Making Hadoop Realtime by Dr. William Bain of Scaleout SoftwareMaking Hadoop Realtime by Dr. William Bain of Scaleout Software
Making Hadoop Realtime by Dr. William Bain of Scaleout Software
 
Viadeos Segmentation platform with Spark on Mesos
Viadeos Segmentation platform with Spark on MesosViadeos Segmentation platform with Spark on Mesos
Viadeos Segmentation platform with Spark on Mesos
 
Advanced Analytics and Machine Learning with Data Virtualization
Advanced Analytics and Machine Learning with Data VirtualizationAdvanced Analytics and Machine Learning with Data Virtualization
Advanced Analytics and Machine Learning with Data Virtualization
 
Resume (1)
Resume (1)Resume (1)
Resume (1)
 
Resume (1)
Resume (1)Resume (1)
Resume (1)
 
WSO2 Analytics Platform - The one stop shop for all your data needs
WSO2 Analytics Platform - The one stop shop for all your data needsWSO2 Analytics Platform - The one stop shop for all your data needs
WSO2 Analytics Platform - The one stop shop for all your data needs
 
AdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für AdministratorenAdminCamp 2018 - ApplicationInsights für Administratoren
AdminCamp 2018 - ApplicationInsights für Administratoren
 
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
How a Time Series Database Contributes to a Decentralized Cloud Object Storag...
 

Plus de Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

Plus de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Dernier

Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 

Dernier (20)

Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 

SplunkLive! Milano 2016 - customer presentation - Unicredit

  • 1. UNICREDIT IT Ops & App Delivery
  • 2. UniCredit and V-TServices: Four Years of Splunk Integration Facing Heterogeneous Use Cases Stefano Guidobaldi, Advanced Engineering – UniCredit Group ICT & Security Officer
  • 3. Agenda • About us • Our journey with Splunk • Splunk deployment topology • Use cases: overview o Business Analytics o Application Delivery o IT Operational Analytics o Accounting o APInthusiasts • Recap and Takeaways • Q&A
  • 4. About us Stefano Guidobaldi • Current position: IT System Architect at UniCredit • Formerly advisor for UniCredit, working on Splunk projects/developments • Area of expertise: system administration, tuning and automation, analytics • Contact: stefano.guidobaldi@unicredit.eu
  • 5. UniCredit: at a Glance  Employees: more than 127,000*  Branches: 7,100*  Banking operations in 17 countries  International network spanning: ~ 50 countries  Global player in asset management: € 221 bn in managed assets*  Market leader in Central and Eastern Europe leveraging on the region's structural strengths * Source: UniCredit Company Profile, data as at June 30, 2015
  • 6. Why Splunk: troubleshooting complex problems • Highly distributed and multi-layered SOA architectures • Huge number of log files • Logs contain 70% of diagnostic data useful for problem isolation Our journey with Splunk
  • 7. Our journey with Splunk Why Splunk: a flexible solution to a complex problem
  • 8. Our journey with Splunk • 2010 Q3: a Splunk 4 Enterprise trial installed in a test server. Used for POC and to analyze logs for on demand troubleshooting and data analysis. • 2011 Q1: 250GB/day license arrived! First production deployment made by 3 indexers collecting application/system logs from some java applications. Used by Service Delivery Team and some pilot users to speed up troubleshooting and for monitoring some services. • 2013 Q1: License enlarged. 8 indexers collecting 700GB/day. Added more sources related to java applications logs, web servers, operating systems and some DB2 logging tables. Middleware team and many Developers use Splunk during their daily business.
  • 9. Our journey with Splunk • 2014 Q4: 12 indexers collecting 1.7TB/day. Splunk became the main solution to enable developers to view and analyze theirs application logs. Added custom application logs from several different applications. Added more source from systems (loadbalancer, dns, dhcp). UniCredit Security Team evaluated Splunk as a solution for Log Management and Security/Audit. • 2015 Q1: UniCredit Security Team deployed a new Splunk deployment capable of collecting and analyzing more than 4TB/day (not covered by this session). This new deployment (Splunk Security) runs in parallel with the existing deployment (Splunk ITOA/AM). This session will cover the deployment named Splunk ITOA/AM only.
  • 10. Our journey with Splunk • Today: Splunk is one of the main solution for: oIT Operational Analytics oApplication Management. • It is widely used by Developers, System Administrators, Service Delivery Analysts, Network and Network Security Engineers, etc. • Still important to boost troubleshooting and problem isolation. • It has a crucial role in the monitoring and reporting area. • Many new projects include Splunk as an important component for production readiness.
  • 11. Our journey with Splunk Splunk scope as today:
  • 12. Splunk ITOA/AM deployment in UniCredit Our deployment in figures: • ~2.5 TB data collected daily • >30 days data retention • >8 billion events collected daily • >400k events per second (peaks) • >180 sourcetypes • >500 universal forwarders • >15k syslog senders • ~15k searches executed by users daily • ~90k searches executed by scheduler daily • >500 dc(users) logged-in during last month
  • 13. Why Heavy Forwarders: • Aggregation: using intermediate collectors enables to establish a «many to few» relation between senders located on a specific zone and a set of receivers. • Scale Deployment Server: some Heavy Forwarders works also as intermediate Deployment Server. • Parsing/Masking: let offload parsing and masking workload from indexer layer. Splunk ITOA/AM deployment in UniCredit
  • 14. Use Cases • Business Analytics: We were able to leverage transactions log from our POS and cardholders (previously used for monitoring purposes) to build a new big data tool for our merchants • Application Delivery (and Advanced Monitoring): One of our biggest enterprise applications is currently monitored using Splunk at many levels. Tons of customizations, dynamic interaction, advanced troubleshooting: be ready to discover more • IT Operational Analytics: We’ll go through many ways to answer classic and modern IT questions and provide key concepts to apply same approaches to your environment. • Accounting: We’ll show how to replace a standard data entry activity with Excel letting Splunk do the dirt job for us • APInthusiasts - from data collector to data distribution platform: Initially we were in the condition of using Splunk to collect and send data to a DB, like a big vacuum cleaner. It ended up with the customer asking us to remove DB and use Splunk as the data engine through its REST API
  • 15. Business Analytics: How a single data-source served different purposes
  • 16. How a single data-source served different purposes [2014-09-04-14.45.54.608000] proc_source="B24A", tmst_target="2013-09-04-14.45.54.724000", serv_id="ISS", proc_input="MAST", proc_target="B24H", interface_acq="BNET_1", interface_iss="02008", cod_msg="XJYZ", oper_rrn="XJYZ", card_id="52xxxxxxxxxxx", oper_amount="000000000050", oper_currency="978", oper_country="380", term_id="0059XXXX", circuito="", sett_merc="4722", bin_acq="XXXX", id_merc="32xxxxxxxxxx", prcode="XYZ", action_code="XXX", ... ... auth_rout_id="HISO_AUTH", msg_subst="", ndg="00000xxxxxxxx", station_acq="STA-BNET-MI1", acceptor="A COOL SHOP", tmst_ins="2013-09-04-14.48.56.277466", ... Mastercard Circuit Client IDMerchant name Amount Card ID (masked) Merchant category IDMerchant ID
  • 17. How a single data-source served different purposes [2014-09-04-14.45.54.608000] proc_source="B24A", tmst_target="2013-09-04-14.45.54.724000", serv_id="ISS", proc_input="MAST", proc_target="B24H", interface_acq="BNET_1", interface_iss="02008", cod_msg="1110", ... id_merc="32xxxxxxxx", prcode="003000", action_code="000", approval_code="X", oper_mod_input="1", channel="O", flag_dupl="Y", flag_onus="N", auth_rout_dst="XXXX", auth_rout_id="HISO_AUTH", msg_subst="", ndg="00000xxxxxxxx", station_acq="STA-BNET-MI1", acceptor="COOL SHOP" 380", tmst_ins="2013-09-04-14.48.56.277466", ... 2013 – first implementation: Application Monitoring • In 2013 we started gathering UniCredit cards’ transactions • Initially they served as operational monitoring data for our Application Delivery team • Of the whole transaction, only few fields were actually used to monitor system behaviour • Few clear graphs in 3-4 interactive dashboards, featuring: green/yellow/red dots for alerts, authorization rates, volumes
  • 18. How a single data-source served different purposes 2013 – first implementation: Application Monitoring • Application Team is able to drill down until they reach the root cause of the alert • 3 clicks lead to the problem highlighted
  • 19. [2014-09-04-14.45.54.608000] proc_source="B24A", tmst_target="2013-09-04-14.45.54.724000", serv_id="ISS", proc_input="MAST", proc_target="B24H", interface_acq="BNET_1", interface_iss="02008", cod_msg="XJYZ", oper_rrn="XJYZ", card_id="52xxxxxxxxxxx", oper_amount="000000000050", oper_currency="978", oper_country="380", term_id="0059XXXX", circuito="", sett_merc="4722", bin_acq="XXXX", id_merc="32xxxxxxxxxx", prcode="XYZ", action_code="XXX", ... ... auth_rout_id="HISO_AUTH", msg_subst="", ndg="00000xxxxxxxx", station_acq="STA-BNET-MI1", acceptor="A COOL SHOP", tmst_ins="2013-09-04-14.48.56.277466", ... How a single data-source served different purposes 2014 – second implementation: Business Analytics • With the same piece of information, our business teams went up with a new product for our merchants: a dashboard with business data intertwined with customers data • Monitoring log is full of interesting fields that could be leveraged to setup a business analytics view: o Unique ID for customer (hashed, obviously) o Amount o Currency o Country o Merchant ID (internal reference) o Merchant category ID (e.g. clothing) o Acceptor (shop name)
  • 20. How a single data-source served different purposes 2014 – second implementation: Business Analytics • Totally brand new 3rd-party application • Web-based interface for merchants • Tablet-friendly, interactive, innovative
  • 21. How a single data-source served different purposes Key takeaways  Many use cases share the same set of data • When preparing a new log include anything that can be valuable in the future  Use summary indexes to aggregate data
  • 22. Application Delivery: See the forest *AND* the trees
  • 23. See the forest *AND* the trees Target architecture • For SDD system monitoring, Splunk is configured to retrieve these types of log: – application server log (e.g. Websphere server.log, server.err, ecc..) – application data log (e.g. GPE log4j, JGH, ecc...) – custom monitoring data log provided by scripts • Components involved: – NAS server used by GPE and e2e systems – Oracle Database – WebSphere Application Servers – ITA Mainframe – AUT Mainframe (stricter policies)
  • 24. See the forest *AND* the trees Splunk Monitoring Engine (SME) • The custom scripts that compose the Splunk Monitoring Engine are grouped in 4 categories according to their purpose: – system scripts – e2e scripts – db query execution scripts – parked files scripts
  • 25. Application Name Aggregated metric Group of metrics/alerts See the forest *AND* the trees One single pane of view to rule them all!
  • 26. See the forest *AND* the trees Four points of view • Technical • Functional • Statistical (and, thus, predictive) • Performance Plus, every button is CLICKABLE
  • 27. See the forest *AND* the trees Focus: functional monitoring on queries • Scheduling overview of daily jobs • Colour based on criticality • Find immediately jobs missing • Grouped in categories Easily identify critical periods during day
  • 28. See the forest *AND* the trees Focus: statistics and forecasting • Predict next two weeks of scheduled jobs • Table with statistical details • Use custom algorithms
  • 29. See the forest *AND* the trees Key takeaways • Multi-layer, multi applications single monitoring tool • Splunk flexibility is awesome: execute scripts, gather results, collect data from many different sources and get insights, keep historical trends • Aggregation made easy • Navigation sets the context (and, therefore, forces which data has to be loaded in the template dashboard) Next Steps • Same approach will be used for other payments related applications • Aggregate statistical and performance metrics • Migrate everything to Splunk 6 (heavy visual customizations – CSS/HTML)
  • 30. IT Operational Analytics: Proactive is way better than reactive
  • 31. Proactive is way better than reactive Focus: known errors monitoring How it works: • Visualize time distribution and stats of an eventype which aggregates known errors • It shows only matching event categories • Service Reliability members collaborate to add more and more event categories
  • 32. Proactive is way better than reactive Focus: known errors monitoring Values: • Immediate notification about common problems • Historical or real-time analysis • See trends and stop disruptive behavior before incidents happen • It learns day by day by adding new categories to «monitoring» eventype «Still one of the most value-adding dashboards ever!» Service Reliability Team
  • 33. Proactive is way better than reactive Focus: Apache HTTP status, or how we substituted an «old but gold» tool based on Cacti aimed to monitor Apache Httpd server status How it works: • A custom script retrieves and parses http://server:port/server-status output • Parsed output is written to a log file which is collected by Splunk Added values: • Historical Values • Possibility to reuse data on other dashboards • Alerting ..to Splunk From Cacti..
  • 34. Proactive is way better than reactive Focus: monitoring tools data in SplunkSitescope: • Install UF on SiteScope Server • Collect ...logsSiteScope*.log • Take the best from «Splunk for SiteScope» app ITCAM: • Use DBConnect to collect data from ITCAM db Added value: • Easily create status reports based on historical data • Visualize events over time • Integration: add SiteScope data in a Splunk dashboards • Create advanced alerting (something OR smthelse NOT disabled AND field>X)
  • 35. Proactive is way better than reactive Key takeaways • Same approaches, different purposes • DevOps re-mastered: IT Ops and Dev teams sharing the same perspective  Always involve people who knows the data
  • 37. Build reports like never before Data input for recording • Mainframe log dumped with an FTP job: single string of data • Fixed-length fields -> EASY PARSING (FOR SPLUNK), they never change in size Time Event 31/08/15 06.09.32,000 060450142xxxx9999999999990010000000000000999999920120725201202022009093006 11111111112012072584050076 7 002400840000554 002400TE20120725 000 AWESOME GENERIC SHOP IN SOME KNOWN CITY SOME USEFUL INFO VIA ITALIA MILAN 39044BZ0471820323 1111111111111111549903000016000038360500000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00000000460 999999999999999999999999999 00010101 00010101 001 EURD 5837060459 FFFFFFFF 60459S20120725 C 037C 036N 0 2015-08-31-05.00.01.561318NNN Terminal (PoS) ID Last operation date Address Installation date Customer Name
  • 38. Build reports like never before Result: replace that huge Excel report and welcome your interactive dashboard!
  • 40. From data collector to data engine 2014 Q4 – Splunk used to collect and transport data How: • Application logs collected by Splunk from application servers log folders. • Read and indexed by Splunk • Sent to DB with a custom Python script performing export + load Challenges: • Very high performances needed • High availability • Dependency from a «custom script» • Complex mapping between Splunk indexes and DB tables
  • 41. From data collector to data engine 2015 Q2 – Splunk as a data engine Key differences: • DB dependency removed • Client application read data from Splunk using REST API; HTTP calls are simple! • Fully dedicated Splunk deployment to answer use case needs: indexes replication, data ack, no downtimes, etc.
  • 42. Recap and final takeaways What we’ve learned and what we believe you should interiorize: «Be sure to add as many information (i.e. fields) to every input stream available. Only God (or your best data scientists) know how you can exploit them, in the future» (Somewhere in the Bible) «Knowledge is power, use it well (and often)» (Someone in the far future, ca. 40,000 AD) «Why do it with a random tool when you can do it with Splunk?» (Splunk Lead @V-TS)
  • 44. THANK YOU! Stefano Guidobaldi, Advanced Engineering – UniCredit Group ICT & Security Officer

Notes de l'éditeur

  1. Matt welcomes Unicredit [INTRODUCE DEMO PRESENTER] [Calll out that demo is using Splunk Cloud] [HAND OFF AV TO DEMO MACHINE FEED] Thank you for that outstanding demo. We just saw how Splunk used that same raw machine data to address a variety of use cases. So let’s walk through a bit of detail on how Splunk delivers Operational Intelligence, starting with the platforms – Splunk Enterprise and Splunk Cloud.