GAINING APPLICATION LIFECYCLE INTELLIGENCE
Applied Spring Track
Today we are facing an ever-increasing speed of product delivery. DevOps practices
like continuous integration and deployment increase the dependence of systems
like task tracking and source code repositories with build servers and test suites.
With data moving rapidly through these different tools, it becomes challenging to
maintain a grasp of the process, especially as the data is distributed and in a variety
of formats. But it is still critical to maintain full visibility of the product development
journey – from user stories to production data. By starting at the beginning of the
Product Development Lifecycle, you can track a problem in production all the way
back to the code that was checked into the build and the developer responsible for
the code.
In this session I'll demonstrate some of the ways in which Splunk software can be
used to collect and correlate data throughout the various stages of the lifecycle of
your code, to ultimately make you more efficient and make your code better.
From Auckland
Through enterprise Java background in many verticals , enterprise and non enterprise Java and other JVM langs
Make Apps , Cut code
Everything 100% open source use , reuse , whatever.
Collaborate
Community
answers.splunk.com for support is best
Based around Spring / JVM language based apps
In order to understand where splunk fits in…..
The data V’s , useful for booth babing duty.
Veracity
Some data is inherently uncertain, for example: sentiment and truthfulness in humans; GPS sensors bouncing among the skyscrapers of Manhattan; weather condi- tions; economic factors; and the future. When dealing with these types of data, no amount of data cleansing can correct for it. Yet despite uncertainty, the data still contains valuable information. The need to acknowledge and embrace this uncertainty is a hallmark of big data.
What is Splunk
Platform for collecting data from any source , in any format
Search over it , correlate , look for insights
Visualize it , build apps for your domain use case
Splunk’s flagship product is Splunk Enterprise. Splunk Enterprise is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data.
Splunk collects machine data securely and reliably from wherever it’s generated. It stores and indexes the data in real time in a centralized location and protects it with role-based access controls. You can even leverage other data stores. Splunk lets you search, monitor, report and analyze your real-time and historical data. Now you have the ability to quickly visualize and share your data, no matter how unstructured, large or diverse it may be.
Troubleshoot problems and investigate security incidents in minutes (not hours or days). Monitor your end-to-end infrastructure to avoid service degradation or outages. Gain real-time visibility and critical insights into customer experience, transactions and behavior. Use Splunk and make your data accessible, usable and valuable across the enterprise.
Splunk collects and indexes any machine data from virtually any source, format or location in real time. This includes data streaming from packaged and custom applications, app servers, web servers, databases, networks, virtual machines, telecoms equipment, OS’s, sensors, and much more. There’s no requirement to “understand” the data upfront. Just point Splunk at your data or deploy Splunk forwarders to reliably stream data from remote systems at scale. Splunk immediately starts collecting and indexing, so you can start searching and analyzing.
No more armies of consultants, or a DBA to make it work.
Unlike traditional structured data or multi-dimensional data– for example data stored in a traditional relational database for batch reporting – machine data is non-standard, highly diverse, dynamic and high volume. You will notice that machine data events are also typically time-stamped – it is time-series data.
Take the example of purchasing a product on your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data generated by the different systems supporting these different interactions.
Each of the underlying systems can generate millions of machine data events daily. Here we see small excerpts from just some of them.
When we look more closely at the data we see that it contains valuable information – customer id, order id, time waiting on hold, twitter id … what was tweeted.
What’s important is first of all the ability to actually see across all these disparate data sources, but then to correlate related events across disparate sources, to deliver meaningful insight.
If you can correlate and visualize related events across these disparate sources, you can build a picture of activity, behavior and experience. And what if you can do all of this in real-time? You can respond more quickly to events that matter.
You can extrapolate this example to a wide range of use cases – security and fraud, transaction monitoring and analysis, web analytics, IT operations and so on.
Developers building apps atop big data platforms
Important to understand the data domain
And finding ways to Act on the data
Splunk is an open and extensible platform at numerous different touchpoints for developers
http://blogs.splunk.com/2013/08/06/a-developers-smorgasbord/
Extensibility creates ecosystems
BUILD SPLUNK APPS
The Splunk Web Framework makes building a Splunk app looks and feels like building any modern web application.
The Simple Dashboard Editor makes it easy to BUILD interactive dashboards and user workflows as well as add custom styling, behavior and visualizations. Simple XML is ideal for fast, lightweight app customization and building. Simple XML development requires minimal coding knowledge and is well-suited for Splunk power users in IT to get fast visualization and analytics from their machine data. Simple XML also lets the developer “escape” to HTML with one click to do more powerful customization and integration with JavaScript.
Developers looking for more advanced functionality and capabilities can build Splunk apps from the ground up using popular, standards-based web technologies: JavaScript and Django. The Splunk Web Framework lets developers quickly create Splunk apps by using prebuilt components, styles, templates, and reusable samples as well as supporting the development of custom logic, interactions, components, and UI. Developers can choose to program their Splunk app using Simple XML, JavaScript or Django (or any combination thereof).
EXTEND AND INTEGRATE SPLUNK
Splunk Enterprise is a robust, fully-integrated platform that enables developers to INTEGRATE data and functionality from Splunk software into applications across the organization using Software Development Kits (SDKs) for Java, JavaScript, C#, Python, PHP and Ruby. These SDKs make it easier to code to the open REST API that sits on top of the Splunk Engine. With almost 200 endpoints, the REST API lets developers do programmatically what any end user can do in the UI and more. The Splunk SDKs include documentation, code samples, resources and tools to make it faster and more efficient to program against the Splunk REST API using constructs and syntax familiar to developers experienced with Java, Python, JavaScript, PHP, Ruby and C#. Developers can easily manage HTTP access, authentication and namespaces in just a few lines of code.
Developers can use the Splunk SDKs to:
- Run real-time searches and retrieve Splunk data from line-of-business systems like Customer Service applications
- Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards
- Build mobile applications with real-time KPI dashboards and alerts powered by Splunk
- Log directly to Splunk from remote devices and applications via TCP, UDP and HTTP
- Build customer-facing dashboards in your applications powered by user-specific data in Splunk
- Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk
- Programmatically extract data from Splunk for long-term data warehousing
Developers can EXTEND the power of Splunk software with programmatic control over search commands, data sources and data enrichment.
Splunk Enterprise offers search extensibility through:
- Custom Search Commands - developers can add a custom search script (in Python) to Splunk to create own search commands. To build a search that runs recursively, developers need to make calls directly to the REST API
- Scripted Lookups: developers can programmatically script lookups via Python.
- Scripted Alerts: can trigger a shell script or batch file (we provide guidance for Python and PERL).
- Search Macros: make chunks of a search reuseable in multiple places, including saved and ad hoc searches.
Splunk also provides developers with other mechanisms to extend the power of the platform.
- Data Models: allow developers to abstract away the search language syntax, making Splunk queries (and thus, functionality) more manageable and portable/shareable.
- Modular Inputs: allow developers to extend Splunk to programmatically manage custom data input functionality via REST.
Swarm / 4sq
Foursquare , personal Geo Tracking app
Foursquare REST input
Raw json
Trivial search : index=main sourcetype="4sq_checkins" | dedup id | stats count by venue.name | sort – count
More useful searches : Show 3 pre canned searches
Show haversine search command
Show geostats and create simple map on the fly in a dashboard
Show JS / HTML / CSS
With the increased speed of product delivery – from an annual cadence with packaged software to continuous deployment with modern cloud services – organizations are under increasing pressure to run a well-oiled, fault tolerant, rapid delivery pipeline in their product development lifecycle. DevOps practices like continuous integration, automated configuration and continuous deployment increase the dependence of systems like task tracking and source code repositories with build servers and test suites.
From video :
collaboration between dev / qa / ops
teams can struggle
lack of visibiltiy
complexity of processes and systems
time taken to resolve issues can escalate
Wouldn’t it be great if a single place to access data and correlate
you want to speed up time to deliver software to customer
track in near realtime with Splunk
devs can search data from production environments without needing access to them
What developers can gain…
Proative alerting , ie : heap memory
Developers can build intelligence into applications
Logs are not just for debugging
Stitch together business transactions
Splunk increases the speed and efficiency of application development and testing, reducing time to market and enabling DevOps agility with connected visibility across the lifecycle. By starting at the beginning of the Product Development Lifecycle, you can track a problem in production all the way back to the code that was checked into the build and the developer responsible for the code.
Using Splunk throughout the Product Development lifecycle allows the customers to be more agile and reduce time to market. Splunk enables continuous development and delivery of enterprise applications across the entire lifecycle, making the entire continuous delivery process seamless and frictionless for developers, testers, and operations personnel. Splunk deliver Application Lifecycle Intelligence – real time, mission critical visibility into every step, system and process involved in shipping new product to your customers.
Not a be all and end all.
Data Sources (relevant to Spring/JVM apps)
Talk about how to get logs in, UF and agentless
Any format
Logging is not just for debugging
Stitch transactions together
Try to use a UF if at all possible
Utility classes for formatting log events
Configurable in memory buffer to handle network outages
TCP and REST Appenders
SplunkLogEvent will log in best practive semantic format
What if you can’t use logging appenders etc…
Well , then you have to get down and dirty with your code !
Programmatically interact with Splnk
Extensive Spring support
Many other products will expose metrics via JMX.
Majority of useful data for monitoring will come from this layer
Open and easily extensible
Developers can simply create new MBeans
Vendor products(JBoss, Cassandra, Hadoop etc..) ship with thorough MBean coverage, not MIBs
Splunkcowboy.com for demo
As many config files as you want
Also MX4j connectivity options
Splunkcowboy demo
Show raw data and charts
Demo on splunk localhost
Rabbit web guest/guest
Correlate this OS data across your JVM and Application events ie: your JVM may have hung because of CPU starvation caused by some other process thrashing
Could even go lower if running virtual and get the VM/Hypervisor data
Created a wrapper script to dynamically get the PID of the Java process
Custom handlers for pre-processing and reformatting if you want