SlideShare une entreprise Scribd logo

Data models pivot with splunk break out session

Télécharger en tant que PPTX, PDF
Georg Knon
Georg Knon

Data models pivot with splunk break out session

Logiciels
1  sur  53
Copyright © 2014 Splunk Inc. DATA MODELS
During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. ©2013 Splunk Inc. All rights reserved. Legal Notices 2
Search is hard
AnalyticsBig Picture Build complex reports without the search language Provides more meaningful representation of underlying raw machine data Acceleration technology delivers up to 1000x faster analytics over Splunk 5 4 Pivot Data Model Analytics Store
Operational IntelligenceAcrossthe Enterprise IT professional Create and share data models Accelerate data models and custom searches with the analytics store Create reports with pivot Developer Analyst Leverage data models to abstract data Leverage pivot in custom apps Create reports using pivot based on data models created by IT Pivot Data Model Raw Data Analytics Store [10/11/12 18:57:04 UTC] 000000b0
Pivot is a query builder.
Demo
Data Models 101
Data set Source Source Source
Sourcetype Success Failure Warning
Data set Business division Source Source Business division Source Source
Common model Technology 1 Technology 2 Technology 3
Context
sourcetype=access_combined source = "/home/ssorkin/banner_access.log.2013.6.gz" | eval unique=(uid + useragent) | stats dc(unique) by os_name | rename dc(unique) as "Unique Visitors" os_name as "Operating System" search and filter | munge | report | clean-up Splunk Search Language
Hurdles • Simplesearcheseasy…Multi-stagemunging/reportingishard! • Needtounderstanddata’sstructuretoconstructsearch • Non-technicalusersmaynothavedatasourcedomainknowledge • Splunkadminsdonothaveend-usersearchcontext index=main source=*/banner_access* uri_path=/js/*/*/login/* guid=* useragent!=*KTXN* useragent!=*GomezAgent* clientip!=206.80.3.67 clientip!=198.144.207.62 clientip!=97.65.63.66 clientip!=175.45.37.78 clientip!=209.119.210.194 clientip!=212.36.37.138 clientip!=204.156.84.0/24 clientip!=216.221.226.0/24 clientip!=207.87.200.162 | rex field=uri_path "/js/(?<t>[^/]*)/(?<v>[^/]*)/login/(?<l>[^/]*)” | eval license = case(l LIKE "prod%" AND t="pro", "enterprise", l LIKE "trial%" AND t="pro", "trial", t="free", "free”) | rex field=v "^(?<vers>d.d)” | bin span=1d _time as day | stats values(vers) as vers min(day) as min_day min(eval(if(vers=="5.0", _time, null()))) as min_day_50 dc(day) as days values(license) as license by guid | eval type = if(match(vers,"4.*"), "upgrade", "not upgrade") + "/" + if(days > 1, "repeat", "not repeat")| search license=enterprise | eval _time = min_day_50| timechart count by type| streamstats sum(*) as *
Data Model Goals • Makeiteasytoshare/reusedomainknowledge • Admins/powerusersbuilddatamodels • Non-technicalusersinteractwithdataviapivotUI
DataModels101
What is a Data Model? Adatamodelisasearch-timemappingofdataontoahierarchicalstructure Encapsulatetheknowledgeneededtobuildasearch Pivotreportsarebuildontopofdatamodels Data-independent Screenshot here
A Data Model is a Collection of Objects Screenshot here
Objects Have Constraints and Attributes Screenshot here
Child Objects Inherit Constraints and Attributes Screenshot here
Child Objects Inherit Constraints and Attributes
Building Data Models
Three Root ObjectTypes Event – MapstoSplunkevents – Requiresconstraints andattributes
Three Root ObjectTypes Event – MapstoSplunkevents – Requiresconstraints andattributes Search – MapstoarbitrarySplunksearch(may includegenerating,transformingand reportingsearchcommands) – Requiressearchstringattributes • Transaction – MapstogroupsofSplunkeventsor groupsofSplunksearchresults – Requiresobjectstogroup,fields/ conditionstogroupby,andattributes
Three Root ObjectTypes Event – MapstoSplunkevents – Requiresconstraints andattributes Search – MapstoarbitrarySplunksearch(may includegenerating,transformingand reportingsearchcommands) Requiressearchstringattributes Transaction – MapstogroupsofSplunkeventsor groupsofSplunksearchresults – Requiresobjectstogroup,fields/ conditionstogroupby,andattributes
Object Attributes Auto-extracted–defaultandpre-defined fields Evalexpression–anewfieldbasedonan expressionthatyoudefine Lookup–leverageanexistinglookuptable Regularexpression–extractanewfield basedonregex GeoIP–addgeolocationfieldssuchas latitude,longitude,country,etc.
Object Attributes Setfieldtypes Configurevariousflags Note:Childobjectconfigurationcandifferfromparent
Demo Data Model Builder UI
Best Practices Use event objects as often as possible – Benefit from data model acceleration Resist the urge to use search objects instead of event objects!! – Event based searches can be optimized better Minimize object hierarchy depth when possible – Constraint based filtering is less efficientdeeper down the tree Event object with deepest tree (and most matching results) first – Model-wide acceleration only for first event object and its descendants
Warnings! Objectconstraintsandattributes cannotcontainpipesorsubsearches Atransactionobjectrequiresatleastoneeventorsearchobjectinthedatamodel Lookupsusedinattributesmustbegloballyvisible(oratleastvisibletotheapp usingthedatamodel) Noversioningondatamodels(andobjects)!
From Data Models to Reports
Usingthe UI Subhead Count of http_success events, split by useragent events fields
Under the Hood: Object SearchString Generation Syntax: <constraints search> | <my attribute definitions> Example: sourcetype=access_* OR sourcetype=iis* uri=* uri_path=* status=* clientip=* referer=* useragent=*
Under the Hood: Object SearchString Generation Syntax: <base search> | <my attribute definitions> Example: _time=* host=* source=* sourcetype=* uri=* status<600 clientip=* referer=* useragent=* (sourcetype=access_* OR source=*.log) | eval userid=clientip | stats first(_time) as earliest, last(_time) as latest, list(uri_path) as uri_list by userid | earliest=* latest=* uri_list=*
Under the Hood: Object SearchString Generation Syntax: <objects to group search> | transaction <group by fields> <group by params> | <my attribute definitions> Example: sourcetype=access_* uri=* uri_path=* status=* clientip=* referer=* useragent=* | transaction clientip useragent | eval landingpage=mvindex(uri_path,1) | eval exitpage=mvindex(uri_path,-1)
Under the Hood: Object SearchString Generation Syntax: <parent object search> | search <my constraints> | <my attribute definitions> Example: sourcetype=access_* uri=* uri_path=* status=* clientip=* referer=* useragent=* status=2* | <my attribute definitions>
Usingthe SplunkSearch Language | datamodel <modelname> <objectID> search Example: | datamodel WebIntelligence HTTP_Request search Behindthescenes: sourcetype=access_* OR sourcetype=iis* uri=* uri_path=* status=* clientip=* referer=* useragent=*
Under the hood: Pivot Search String Generation Example: (sourcetype=access_* OR sourcetype=iis*) status=2* uri=* uri_path=* status=* clientip=* referer=* useragent=* | stats count AS "Count of HTTP_Sucess" by ”useragent" | sort limit=0 "useragent" | fields - _span | fields "useragent" "Count of HTTP_Success" | fillnull "Count of HTTP_Success" | fields "useragent" *
Usingthe SplunkSearch Language | pivot <modelname> <objectID> [statsfns, rowsplit, colsplit, filters, …] Example: | pivot WebIntelligence HTTP_Request count(HTTP_Request) AS "Count of HTTP_Request" SPLITROW status AS "status" SORT 0 status Behindthescenes: sourcetype=access_* OR sourcetype=iis* uri=* uri_path=* status=* clientip=* referer=* useragent=* | stats count AS "Count of HTTP_Request" by "status" | sort limit=0 "status" | fields - _span | fields "status", "Count of HTTP_Request" | fillnull "Count of HTTP_Request" | fields "status" *
Warnings • | datamodel and| pivot aregeneratingcommands • Theymustbeatthebeginningofthesearchstring • UseobjectIDsNOTuser-visibleobjectnames
Demo Building a report from a data model
Managing Data Models
Data Model on Disk EachdatamodelisaseparateJSONfile Livesin<myapp>/local/data/models (or<myapp>/default/data/modelsforpre- installedmodels) Hasassociatedconfstanzas andmetadata
Editing Data Model JSON Atyourownrisk! ModelseditedviatheUIarevalidated Manuallyediteddatamodels:NOTSUPPORTED Exception:installinganewmodelbyaddingthefileto<myapp>/<local ORdefault>/data/modelsisprobablyokay
Deleting a Data Model UsetheUIforappropriatecleanup Potentialforbadstateifmanuallydeletingmodelondisk
InteractingWith a Data Model UsedatamodelbuilderandpivotUI–safestoption! UseRESTAPI–fordevelopers(seedocsfordetails) Use|datamodeland|pivotSplunksearchcommands
Permissions Datamodelshavepermissionsjustlike otherSplunkobjects EditpermissionsthroughtheUI
Data Model Acceleration Run a pivot report Poll: are there new accelerated models? Turn on acceleration via UI Setting written to conf file Kick off collection Acceleration Kick off ad-hoc acceleration and run search Run search using on-disk acceleration Admin or power user Backend magic Non-technical user No acceleration
Model-WideAcceleration Pivotsearch: | tstats count AS "Count of HTTP_Success" from datamodel="WebIntelligence" where (nodename="HTTP_Request") (nodename="HTTP_Request.HTTP_Success") prestats=true | stats count AS "Count of HTTP_Success” Only accelerates first event- based object and descendants Does not accelerate search and transaction-based objects
Ad-Hoc Object Acceleration Kickoffaccelerationonpivotpage(re)loadfornon-acceleratedmodelsand search/transactionobjects Amortizecostofad-hocaccelerationoverrepeatedpivotingon sameobject Pivotsearch: | tstats count AS "Count of HTTP_Success" from sid=1379116434.663 prestats=true | stats count AS "Count of HTTP_Success”
AccelerationDisclaimers Workswithsearch-headpooling–wecollectonindexers Cannoteditacceleratedmodels
Thank You

Recommandé

Power of SPL Breakout Session
Power of SPL Breakout SessionPower of SPL Breakout Session
Power of SPL Breakout SessionSplunk
 
Analytics with splunk - Advanced
Analytics with splunk - AdvancedAnalytics with splunk - Advanced
Analytics with splunk - Advancedjenny_splunk
 
Solr 6.0 Graph Query Overview
Solr 6.0 Graph Query OverviewSolr 6.0 Graph Query Overview
Solr 6.0 Graph Query OverviewKevin Watters
 
Forces and Threats in a Data Warehouse (and why metadata and architecture is ...
Forces and Threats in a Data Warehouse (and why metadata and architecture is ...Forces and Threats in a Data Warehouse (and why metadata and architecture is ...
Forces and Threats in a Data Warehouse (and why metadata and architecture is ...Stefan Urbanek
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Проектирование с учетом пользовательских требований
Проектирование с учетом пользовательских требованийПроектирование с учетом пользовательских требований
Проектирование с учетом пользовательских требованийCEE-SEC(R)
 
CS190.1x_SML_Certificate
CS190.1x_SML_CertificateCS190.1x_SML_Certificate
CS190.1x_SML_CertificateMohammad Yusuf Ghazi
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
 

Recommandé

Power of SPL Breakout Session
Power of SPL Breakout SessionPower of SPL Breakout Session
Power of SPL Breakout SessionSplunk
 
Analytics with splunk - Advanced
Analytics with splunk - AdvancedAnalytics with splunk - Advanced
Analytics with splunk - Advancedjenny_splunk
 
Solr 6.0 Graph Query Overview
Solr 6.0 Graph Query OverviewSolr 6.0 Graph Query Overview
Solr 6.0 Graph Query OverviewKevin Watters
 
Forces and Threats in a Data Warehouse (and why metadata and architecture is ...
Forces and Threats in a Data Warehouse (and why metadata and architecture is ...Forces and Threats in a Data Warehouse (and why metadata and architecture is ...
Forces and Threats in a Data Warehouse (and why metadata and architecture is ...Stefan Urbanek
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Проектирование с учетом пользовательских требований
Проектирование с учетом пользовательских требованийПроектирование с учетом пользовательских требований
Проектирование с учетом пользовательских требованийCEE-SEC(R)
 
CS190.1x_SML_Certificate
CS190.1x_SML_CertificateCS190.1x_SML_Certificate
CS190.1x_SML_CertificateMohammad Yusuf Ghazi
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
 
Interhyp - NOAH16 Berlin
Interhyp - NOAH16 BerlinInterhyp - NOAH16 Berlin
Interhyp - NOAH16 BerlinNOAH Advisors
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk
 
Testing Delegation Policy via Mutation Analysis
Testing Delegation Policy via Mutation AnalysisTesting Delegation Policy via Mutation Analysis
Testing Delegation Policy via Mutation AnalysisPhu H. Nguyen
 
Ай-трекинг в UX исследованиях
Ай-трекинг в UX исследованияхАй-трекинг в UX исследованиях
Ай-трекинг в UX исследованияхCEE-SEC(R)
 
Architecting your Splunk deployment
Architecting your Splunk deploymentArchitecting your Splunk deployment
Architecting your Splunk deploymentSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Разработка продукта, исходя из поставленной бизнес задачи
Разработка продукта, исходя из поставленной бизнес задачиРазработка продукта, исходя из поставленной бизнес задачи
Разработка продукта, исходя из поставленной бизнес задачиCEE-SEC(R)
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunk
 
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?CEE-SEC(R)
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
conf2015_BusinessPracticePreso_092215_post
conf2015_BusinessPracticePreso_092215_postconf2015_BusinessPracticePreso_092215_post
conf2015_BusinessPracticePreso_092215_postAnne-Marie "Punky" Chun
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer PresentationSplunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Hands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourHands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourSplunk
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringDaniel Koller
 
How to integrate Splunk with any data solution
How to integrate Splunk with any data solutionHow to integrate Splunk with any data solution
How to integrate Splunk with any data solutionJulian Hyde
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
 
Data Models Breakout Session
Data Models Breakout SessionData Models Breakout Session
Data Models Breakout SessionSplunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 

Contenu connexe

En vedette

Interhyp - NOAH16 Berlin
Interhyp - NOAH16 BerlinInterhyp - NOAH16 Berlin
Interhyp - NOAH16 BerlinNOAH Advisors
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk
 
Testing Delegation Policy via Mutation Analysis
Testing Delegation Policy via Mutation AnalysisTesting Delegation Policy via Mutation Analysis
Testing Delegation Policy via Mutation AnalysisPhu H. Nguyen
 
Ай-трекинг в UX исследованиях
Ай-трекинг в UX исследованияхАй-трекинг в UX исследованиях
Ай-трекинг в UX исследованияхCEE-SEC(R)
 
Architecting your Splunk deployment
Architecting your Splunk deploymentArchitecting your Splunk deployment
Architecting your Splunk deploymentSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Разработка продукта, исходя из поставленной бизнес задачи
Разработка продукта, исходя из поставленной бизнес задачиРазработка продукта, исходя из поставленной бизнес задачи
Разработка продукта, исходя из поставленной бизнес задачиCEE-SEC(R)
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunk
 
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?CEE-SEC(R)
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
conf2015_BusinessPracticePreso_092215_post
conf2015_BusinessPracticePreso_092215_postconf2015_BusinessPracticePreso_092215_post
conf2015_BusinessPracticePreso_092215_postAnne-Marie "Punky" Chun
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer PresentationSplunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Hands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourHands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourSplunk
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringDaniel Koller
 
How to integrate Splunk with any data solution
How to integrate Splunk with any data solutionHow to integrate Splunk with any data solution
How to integrate Splunk with any data solutionJulian Hyde
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
 

En vedette (20)

Interhyp - NOAH16 Berlin
Interhyp - NOAH16 BerlinInterhyp - NOAH16 Berlin
Interhyp - NOAH16 Berlin
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout SessionSplunk Enterprise for InfoSec Hands-On Breakout Session
Splunk Enterprise for InfoSec Hands-On Breakout Session
 
Testing Delegation Policy via Mutation Analysis
Testing Delegation Policy via Mutation AnalysisTesting Delegation Policy via Mutation Analysis
Testing Delegation Policy via Mutation Analysis
 
Ай-трекинг в UX исследованиях
Ай-трекинг в UX исследованияхАй-трекинг в UX исследованиях
Ай-трекинг в UX исследованиях
 
Architecting your Splunk deployment
Architecting your Splunk deploymentArchitecting your Splunk deployment
Architecting your Splunk deployment
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
 
Разработка продукта, исходя из поставленной бизнес задачи
Разработка продукта, исходя из поставленной бизнес задачиРазработка продукта, исходя из поставленной бизнес задачи
Разработка продукта, исходя из поставленной бизнес задачи
 
SplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunkLive! Milano 2016 - Splunk Plenary Session
SplunkLive! Milano 2016 - Splunk Plenary Session
 
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
Легкие мобильные приложения – альтернатива традиционной экосистемной модели?
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
conf2015_BusinessPracticePreso_092215_post
conf2015_BusinessPracticePreso_092215_postconf2015_BusinessPracticePreso_092215_post
conf2015_BusinessPracticePreso_092215_post
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
Hands-On Security - ES Guided Tour
Hands-On Security - ES Guided TourHands-On Security - ES Guided Tour
Hands-On Security - ES Guided Tour
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure Monitoring
 
How to integrate Splunk with any data solution
How to integrate Splunk with any data solutionHow to integrate Splunk with any data solution
How to integrate Splunk with any data solution
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
 

Similaire à Data models pivot with splunk break out session

Data Models Breakout Session
Data Models Breakout SessionData Models Breakout Session
Data Models Breakout SessionSplunk
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101Splunk
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunk
 
SplunkLive! Analytics with Splunk Enterprise - Part 2
SplunkLive! Analytics with Splunk Enterprise - Part 2SplunkLive! Analytics with Splunk Enterprise - Part 2
SplunkLive! Analytics with Splunk Enterprise - Part 2Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunk
 
SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1Splunk
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
 
How Can Analytics Improve Business?
How Can Analytics Improve Business?How Can Analytics Improve Business?
How Can Analytics Improve Business?Inside Analysis
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
 
SplunkLive! What's New in Splunk 6 Session
SplunkLive! What's New in Splunk 6 SessionSplunkLive! What's New in Splunk 6 Session
SplunkLive! What's New in Splunk 6 SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionSplunk
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesSplunk
 
Getting started with Splunk Breakout Session
Getting started with Splunk Breakout SessionGetting started with Splunk Breakout Session
Getting started with Splunk Breakout SessionSplunk
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionSplunk
 
(ATS6-APP01) Unleashing the Power of Your Data with Discoverant
(ATS6-APP01) Unleashing the Power of Your Data with Discoverant(ATS6-APP01) Unleashing the Power of Your Data with Discoverant
(ATS6-APP01) Unleashing the Power of Your Data with DiscoverantBIOVIA
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionSplunk
 

Similaire à Data models pivot with splunk break out session (20)

Data Models Breakout Session
Data Models Breakout SessionData Models Breakout Session
Data Models Breakout Session
 
SplunkLive! Data Models 101
SplunkLive! Data Models 101SplunkLive! Data Models 101
SplunkLive! Data Models 101
 
SplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk EnterpriseSplunkLive! Analytics with Splunk Enterprise
SplunkLive! Analytics with Splunk Enterprise
 
SplunkLive! Analytics with Splunk Enterprise - Part 2
SplunkLive! Analytics with Splunk Enterprise - Part 2SplunkLive! Analytics with Splunk Enterprise - Part 2
SplunkLive! Analytics with Splunk Enterprise - Part 2
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
 
SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search Dojo
 
How Can Analytics Improve Business?
How Can Analytics Improve Business?How Can Analytics Improve Business?
How Can Analytics Improve Business?
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
 
SplunkLive! What's New in Splunk 6 Session
SplunkLive! What's New in Splunk 6 SessionSplunkLive! What's New in Splunk 6 Session
SplunkLive! What's New in Splunk 6 Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk Enterprises
 
Getting started with Splunk Breakout Session
Getting started with Splunk Breakout SessionGetting started with Splunk Breakout Session
Getting started with Splunk Breakout Session
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
 
(ATS6-APP01) Unleashing the Power of Your Data with Discoverant
(ATS6-APP01) Unleashing the Power of Your Data with Discoverant(ATS6-APP01) Unleashing the Power of Your Data with Discoverant
(ATS6-APP01) Unleashing the Power of Your Data with Discoverant
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
 

Plus de Georg Knon

Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Georg Knon
 
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Georg Knon
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomGeorg Knon
 
SplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaSplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaGeorg Knon
 
SplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumSplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumGeorg Knon
 
Splunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementSplunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementGeorg Knon
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionGeorg Knon
 
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Georg Knon
 
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceSplunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceGeorg Knon
 
5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer SecurityGeorg Knon
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service IntelligenceGeorg Knon
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service IntelligenceGeorg Knon
 
Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Georg Knon
 
Webinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceWebinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceGeorg Knon
 
Splunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenSplunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenGeorg Knon
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysGeorg Knon
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Splunk und das Triage Tool THOR
Splunk und das Triage Tool THORSplunk und das Triage Tool THOR
Splunk und das Triage Tool THORGeorg Knon
 
Splunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentationSplunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentationGeorg Knon
 

Plus de Georg Knon (20)

Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
 
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
SplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaSplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case Helvetia
 
SplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumSplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case Adcubum
 
Splunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementSplunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application Management
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
 
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
 
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceSplunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
 
5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015
 
Webinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceWebinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligence
 
Splunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenSplunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit Informationen
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Splunk und das Triage Tool THOR
Splunk und das Triage Tool THORSplunk und das Triage Tool THOR
Splunk und das Triage Tool THOR
 
Splunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentationSplunk live! roma 2015 HBG Gaming presentation
Splunk live! roma 2015 HBG Gaming presentation
 

Dernier

DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Dernier (20)

DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Data models pivot with splunk break out session

  • 1. Copyright © 2014 Splunk Inc. DATA MODELS
  • 2. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. ©2013 Splunk Inc. All rights reserved. Legal Notices 2
  • 4. AnalyticsBig Picture Build complex reports without the search language Provides more meaningful representation of underlying raw machine data Acceleration technology delivers up to 1000x faster analytics over Splunk 5 4 Pivot Data Model Analytics Store
  • 5. Operational IntelligenceAcrossthe Enterprise IT professional Create and share data models Accelerate data models and custom searches with the analytics store Create reports with pivot Developer Analyst Leverage data models to abstract data Leverage pivot in custom apps Create reports using pivot based on data models created by IT Pivot Data Model Raw Data Analytics Store [10/11/12 18:57:04 UTC] 000000b0
  • 6. Pivot is a query builder.
  • 14. sourcetype=access_combined source = "/home/ssorkin/banner_access.log.2013.6.gz" | eval unique=(uid + useragent) | stats dc(unique) by os_name | rename dc(unique) as "Unique Visitors" os_name as "Operating System" search and filter | munge | report | clean-up Splunk Search Language
  • 15. Hurdles • Simplesearcheseasy…Multi-stagemunging/reportingishard! • Needtounderstanddata’sstructuretoconstructsearch • Non-technicalusersmaynothavedatasourcedomainknowledge • Splunkadminsdonothaveend-usersearchcontext index=main source=*/banner_access* uri_path=/js/*/*/login/* guid=* useragent!=*KTXN* useragent!=*GomezAgent* clientip!=206.80.3.67 clientip!=198.144.207.62 clientip!=97.65.63.66 clientip!=175.45.37.78 clientip!=209.119.210.194 clientip!=212.36.37.138 clientip!=204.156.84.0/24 clientip!=216.221.226.0/24 clientip!=207.87.200.162 | rex field=uri_path "/js/(?<t>[^/]*)/(?<v>[^/]*)/login/(?<l>[^/]*)” | eval license = case(l LIKE "prod%" AND t="pro", "enterprise", l LIKE "trial%" AND t="pro", "trial", t="free", "free”) | rex field=v "^(?<vers>d.d)” | bin span=1d _time as day | stats values(vers) as vers min(day) as min_day min(eval(if(vers=="5.0", _time, null()))) as min_day_50 dc(day) as days values(license) as license by guid | eval type = if(match(vers,"4.*"), "upgrade", "not upgrade") + "/" + if(days > 1, "repeat", "not repeat")| search license=enterprise | eval _time = min_day_50| timechart count by type| streamstats sum(*) as *
  • 16. Data Model Goals • Makeiteasytoshare/reusedomainknowledge • Admins/powerusersbuilddatamodels • Non-technicalusersinteractwithdataviapivotUI
  • 18. What is a Data Model? Adatamodelisasearch-timemappingofdataontoahierarchicalstructure Encapsulatetheknowledgeneededtobuildasearch Pivotreportsarebuildontopofdatamodels Data-independent Screenshot here
  • 19. A Data Model is a Collection of Objects Screenshot here
  • 20. Objects Have Constraints and Attributes Screenshot here
  • 21. Child Objects Inherit Constraints and Attributes Screenshot here
  • 22. Child Objects Inherit Constraints and Attributes
  • 24. Three Root ObjectTypes Event – MapstoSplunkevents – Requiresconstraints andattributes
  • 25. Three Root ObjectTypes Event – MapstoSplunkevents – Requiresconstraints andattributes Search – MapstoarbitrarySplunksearch(may includegenerating,transformingand reportingsearchcommands) – Requiressearchstringattributes • Transaction – MapstogroupsofSplunkeventsor groupsofSplunksearchresults – Requiresobjectstogroup,fields/ conditionstogroupby,andattributes
  • 26. Three Root ObjectTypes Event – MapstoSplunkevents – Requiresconstraints andattributes Search – MapstoarbitrarySplunksearch(may includegenerating,transformingand reportingsearchcommands) Requiressearchstringattributes Transaction – MapstogroupsofSplunkeventsor groupsofSplunksearchresults – Requiresobjectstogroup,fields/ conditionstogroupby,andattributes
  • 30. Best Practices Use event objects as often as possible – Benefit from data model acceleration Resist the urge to use search objects instead of event objects!! – Event based searches can be optimized better Minimize object hierarchy depth when possible – Constraint based filtering is less efficientdeeper down the tree Event object with deepest tree (and most matching results) first – Model-wide acceleration only for first event object and its descendants
  • 32. From Data Models to Reports
  • 33. Usingthe UI Subhead Count of http_success events, split by useragent events fields
  • 34. Under the Hood: Object SearchString Generation Syntax: <constraints search> | <my attribute definitions> Example: sourcetype=access_* OR sourcetype=iis* uri=* uri_path=* status=* clientip=* referer=* useragent=*
  • 35. Under the Hood: Object SearchString Generation Syntax: <base search> | <my attribute definitions> Example: _time=* host=* source=* sourcetype=* uri=* status<600 clientip=* referer=* useragent=* (sourcetype=access_* OR source=*.log) | eval userid=clientip | stats first(_time) as earliest, last(_time) as latest, list(uri_path) as uri_list by userid | earliest=* latest=* uri_list=*
  • 36. Under the Hood: Object SearchString Generation Syntax: <objects to group search> | transaction <group by fields> <group by params> | <my attribute definitions> Example: sourcetype=access_* uri=* uri_path=* status=* clientip=* referer=* useragent=* | transaction clientip useragent | eval landingpage=mvindex(uri_path,1) | eval exitpage=mvindex(uri_path,-1)
  • 37. Under the Hood: Object SearchString Generation Syntax: <parent object search> | search <my constraints> | <my attribute definitions> Example: sourcetype=access_* uri=* uri_path=* status=* clientip=* referer=* useragent=* status=2* | <my attribute definitions>
  • 38. Usingthe SplunkSearch Language | datamodel <modelname> <objectID> search Example: | datamodel WebIntelligence HTTP_Request search Behindthescenes: sourcetype=access_* OR sourcetype=iis* uri=* uri_path=* status=* clientip=* referer=* useragent=*
  • 39. Under the hood: Pivot Search String Generation Example: (sourcetype=access_* OR sourcetype=iis*) status=2* uri=* uri_path=* status=* clientip=* referer=* useragent=* | stats count AS "Count of HTTP_Sucess" by ”useragent" | sort limit=0 "useragent" | fields - _span | fields "useragent" "Count of HTTP_Success" | fillnull "Count of HTTP_Success" | fields "useragent" *
  • 40. Usingthe SplunkSearch Language | pivot <modelname> <objectID> [statsfns, rowsplit, colsplit, filters, …] Example: | pivot WebIntelligence HTTP_Request count(HTTP_Request) AS "Count of HTTP_Request" SPLITROW status AS "status" SORT 0 status Behindthescenes: sourcetype=access_* OR sourcetype=iis* uri=* uri_path=* status=* clientip=* referer=* useragent=* | stats count AS "Count of HTTP_Request" by "status" | sort limit=0 "status" | fields - _span | fields "status", "Count of HTTP_Request" | fillnull "Count of HTTP_Request" | fields "status" *
  • 41. Warnings • | datamodel and| pivot aregeneratingcommands • Theymustbeatthebeginningofthesearchstring • UseobjectIDsNOTuser-visibleobjectnames
  • 42. Demo Building a report from a data model
  • 44. Data Model on Disk EachdatamodelisaseparateJSONfile Livesin<myapp>/local/data/models (or<myapp>/default/data/modelsforpre- installedmodels) Hasassociatedconfstanzas andmetadata
  • 45. Editing Data Model JSON Atyourownrisk! ModelseditedviatheUIarevalidated Manuallyediteddatamodels:NOTSUPPORTED Exception:installinganewmodelbyaddingthefileto<myapp>/<local ORdefault>/data/modelsisprobablyokay
  • 46. Deleting a Data Model UsetheUIforappropriatecleanup Potentialforbadstateifmanuallydeletingmodelondisk
  • 47. InteractingWith a Data Model UsedatamodelbuilderandpivotUI–safestoption! UseRESTAPI–fordevelopers(seedocsfordetails) Use|datamodeland|pivotSplunksearchcommands
  • 49. Data Model Acceleration Run a pivot report Poll: are there new accelerated models? Turn on acceleration via UI Setting written to conf file Kick off collection Acceleration Kick off ad-hoc acceleration and run search Run search using on-disk acceleration Admin or power user Backend magic Non-technical user No acceleration
  • 50. Model-WideAcceleration Pivotsearch: | tstats count AS "Count of HTTP_Success" from datamodel="WebIntelligence" where (nodename="HTTP_Request") (nodename="HTTP_Request.HTTP_Success") prestats=true | stats count AS "Count of HTTP_Success” Only accelerates first event- based object and descendants Does not accelerate search and transaction-based objects

Notes de l'éditeur

  1. Welcome to SplunkLive [City]. Thank you for taking the time to attend today’s event.
  2. How can you leverage Splunk?
  3. Splunk 6 takes large-scale machine data analytics to the next level by introducing three breakthrough innovations: Pivot – opens up the power of Splunk search to non-technical users with an easy-to-use drag and drop interface to explore, manipulate and visualize data Data Model – defines meaningful relationships in underlying machine data and making the data more useful to broader base of non-technical users Analytics Store – patent pending technology that accelerates data models by delivering extremely high performance data retrieval for analytical operations, up to 1000x faster than Splunk 5 Let’s dig into each of these new features in more detail.
  4. How does the Analytics Store, Data Model and Pivot benefit users across the enterprise? Lets start with the IT Professional – this includes the Splunk Administrator or an advanced Splunk user that is familiar with SPL. Using Splunk 6 they can: Create data models Share data models with other users – delivering a consistent view of the data Accelerate data models using the Analytics Store Create reports using Pivot (although being power users, they may prefer using SPL directly!) Next we have the enterprise developer. Using Splunk 6 they can: Leverage data models built by IT, making searches more portable (using common Data Models ensures predictability of results) Leverage the Pivot interface in custom enterprise apps Finally, there are additional users that can now benefit – for example, the business or data analyst. Using Splunk 6 they can: Create reports, dashboards, charts and other visualizations using the Pivot interface and based on data models that provide an abstracted view of the raw data. Splunk 6 is not meant to replace existing BI and Business Analytics tools, but it does provide new visibility, insights and intelligence from operational data that can be used by business analysts to augment these tools. Data from Splunk software can also be leveraged directly using the Splunk API and SDKs and integrated into existing business analytics tools. For example, the recently announced Pentaho Business Analytics for Splunk® Enterprise (http://apps.splunk.com/app/1554), enables business users to utilize Pentaho to rapidly visualize and gain additional insights from Splunk’s machine data platform using existing in-house skills.
  5. How can you leverage Splunk?
  6. How can you leverage Splunk?
  7. How can you leverage Splunk?
  8. - The Splunk search language is very expressive. - Can perform a wide variety of tasks ranging from filtering to data munging and reporting - There are various search commands for complex transformations and statistics (e.g. correlation, prediction etc)
  9. What does the search do? Basically, first it normalizes the individual accesses, which should be representable as a model object. Next it aggregates by guid to create an "instance" object, which should be representable in a DM. It calculates a field on that instance object, "type". Then it builds a timechart. of those, using a special "_time" value. Low overhead to start but learning curve quickly gets steep Obtaining website usage metrics should not require understanding Apache vs IIS format Admins won’t know apriori what questions are being asked of the data…so they can’t provide canned dashboards for all scenarios Backup search for example:  eventtype=pageview | eval stage_2=if(searchmatch("uri=/download*"), _time, null()) | eval stage_1=if(searchmatch("uri=/product*"), _time, null()) | eval stage_3=if(searchmatch("uri=*download_track*"), _time, null()) | stats min(stage_*) as stage_*  by cookie | search stage_1=* | where isnull(stage_2) OR stage_2 >= stage_1 | where isnull(stage_3) OR stage_3 >= stage_2 | eval stage = case(isnull(stage_2), "stage_1", isnull(stage_3), "stage_2", 1==1, "stage_3") | stats count by stage | reverse | accum count as cumulative_count |  reverse | streamstats current=f max(cumulative_count) as stage_1_count last(cumulative_count) as prev_count
  10. What are the important “things” in your data? E.g. WebIntelligence might have HTTPAccess HTTPSuccess User Session How are they related? There’s more than one “right” way to define your objects
  11. Constraints filter down to a set of a data Attributes are the fields and knowledge associated with the object Both are inherited!
  12. A child object is a type of its parent object: e.g. An HTTP_Success object is a type of HTTP_Access Adding a child object is essentially a way of adding a filter on the parents A parent-child relationship makes it easy to do queries like “What percentage of my HTTP_Access events are HTTP_Success events?”
  13. How can you leverage Splunk?
  14. Constraints are essentially the search broken down into a hierarchy, attributes are the associated fields and knowledge
  15. Arbitrary searches that include transforming commands to define the dataset that they represent Fix example here? TODO
  16. Enable the creation of objects that represent transactions Use fields that have already been added to the model via event or search objects
  17. This is how we capture knowledge
  18. Required: Only events that contain this field will be returned in Pivot Optional: The field doesn't have to appear in every event Hidden: The field will not be displayed to Pivot users when they select the object in Pivot Use this for fields that are only being used to define another attribute, such as an eval expression Hidden & Required: Only events that contain this field will be returned, and the field will be hidden from use in Pivot
  19. Be careful about lookup permissions – must be available in the context where you want to use them
  20. How can you leverage Splunk?
  21. How can you leverage Splunk?
  22. Divanny will help make this slide MUCH prettier
  23. This could be more slides, more details
  24. This could be more slides, more details
  25. How can you leverage Splunk?