SpringOne2GX 2014 Splunk Presentation
•Télécharger en tant que PPTX, PDF•
3 j'aime•1,077 vues
GAINING APPLICATION LIFECYCLE INTELLIGENCE Applied Spring Track Today we are facing an ever-increasing speed of product delivery. DevOps practices like continuous integration and deployment increase the dependence of systems like task tracking and source code repositories with build servers and test suites. With data moving rapidly through these different tools, it becomes challenging to maintain a grasp of the process, especially as the data is distributed and in a variety of formats. But it is still critical to maintain full visibility of the product development journey – from user stories to production data. By starting at the beginning of the Product Development Lifecycle, you can track a problem in production all the way back to the code that was checked into the build and the developer responsible for the code. In this session I'll demonstrate some of the ways in which Splunk software can be used to collect and correlate data throughout the various stages of the lifecycle of your code, to ultimately make you more efficient and make your code better.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à SpringOne2GX 2014 Splunk Presentation
Similaire à SpringOne2GX 2014 Splunk Presentation (20)
Plus de Damien Dallimore
Plus de Damien Dallimore (9)
Dernier
Dernier (20)
SpringOne2GX 2014 Splunk Presentation
- 1. GAINING APPLICATION LIFECYCLE INTELLIGENCE WITH SPLUNK By Damien Dallimore , Dev Evangelist @ Splunk Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/
- 2. Who am I ? Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 2
- 3. From Middle Earth JVM background Make things Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 3
- 4. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 4
- 5. apps.splunk.com github.com/damiendallimore Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 5
- 6. Agenda Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 6
- 7. Overview of Splunk and build a simple app How Splunk can help in the Application Development Lifecycle Various ways to get data into Splunk and demos Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 7
- 8. Data Data Everywhere VELOCITY Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 8 VOLUME VARIETY VERACITY
- 9. How can Splunk help ? Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/
- 10. Spelunking Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 10
- 11. Platform for machine data Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 11 Developer Platform Splunk storage Other Big Data stores Data collection and indexing Report and analyze Custom dashboards Monitor and alert Ad hoc search
- 12. Any amount, any location, any source. Schema at read time, not write time Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search Platform for machine data 12 Splunk storage Other Big Data stores Data collection and indexing Data in any format No RDBMS Very Extensible
- 13. What Does Machine Data Look Like? Order Processing Middleware Error Care IVR Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 13 Sources Twitter
- 14. Machine Data Contains Critical Insights Order Processing Middleware Error Care IVR Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 14 Customer ID Order ID Customer’s Tweet Time Waiting On Hold Twitter ID Product ID Company’s Twitter ID Sources Twitter Order ID Customer ID Customer ID
- 15. Machine Data Contains Critical Insights Order Processing Middleware Error Care IVR Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 15 Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Sources Twitter Order ID Customer ID Twitter ID Customer ID Customer ID
- 16. How are we best going wrangle this data ? Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 16
- 17. Release the Developers Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 17
- 18. Very Extensible Platform for Developers Build Splunk Apps Extend and Integrate Splunk Simple XML JavaScript Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 18 REST API Django Web Framework Java JavaScript Python Ruby C# PHP Data Models Search Extensibility Modular Inputs SDKs
- 19. Lets build something simple Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 19
- 20. Simple Swarm App (ex Foursquare) Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 20 Get my actual checkin data in via REST Search over this data Visualize
- 21. Application Lifecycle Data Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 21
- 22. Application Development Challenges Lack of visibility across the product development lifecycle Build Unit Testing Code Pressure to increase velocity and agility with DevOps Limited insights into behavior and Check-in performance from application logs Integration Testing Deploy Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ Staging 22
- 23. Splunk for Application Lifecycle Intelligence FIND AND FIX ISSUES FASTER Quickly trace and identify errors anywhere in the codebase with real-time search and monitoring Instrument your app logs to gain application intelligence GAIN END-TO-END VISIBILITY ACROSS THE DEV TOOL CHAIN Break down dev tool silos with real-time insights from machine data Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ PUSH BETTER CODE USING ANALYTICS 23
- 24. Real-time dashboards show error rate in production and impact of Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ pushing new builds Developers can search and visualize web logs, Java logs— without production access Alerts notify developers as soon as a problem arises 24 Find and Fix Issues Faster
- 25. Push Better Code Using Analytics Gain end-to-end visibility to make informed decisions Analytics insights without the need for additional analytics tools Ask questions while exploring and collecting data void submitPurchase(purchaseId) { log.info("action=submitPurchaseSt art, purchaseId=%d", purchaseId) //these calls throw an exception on error submitToCreditCard(...) generateInvoice(...) generateFullfillmentOrder(...) log.info("action=submitPurchaseCo mpleted, purchaseId=%d", purchaseId) } 25 Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/
- 26. End-To-End Visibility Across The Dev Tool Chain Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 26 CI / Build Servers Project and Issue Tracking Code Repository QA / Testing Tools Deployment Servers
- 27. App Development Lifecycle Demo Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 27
- 28. Getting your data into Splunk Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 28
- 29. Log Data Log Files Splunk Logging Appenders Coding Splunk Java SDK Splunk Spring Integration Adaptors JMX Messaging JMS AMQP w/Rabbit Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 29
- 30. Log Data Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 30
- 31. Standard Log Files Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 31 Oct 21, 2013 4:42:15 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1153 ms Oct 21, 2013 4:42:15 PM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Application logs that are part of the product Developer logs for any code that was deployed Written to local disk or network storage
- 32. Structured and Unstructured Data Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 32 Ideally events are in a best practice semantic format key=value format , JSON You can perform index time and search time extractions in Splunk
- 33. Logging best practices Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 33 Clearly timestamp every event , human readable at beginning of line Log in text , binary needs decoding Categorize – Use INFO, WARN, ERROR, DEBUG, Event type etc... Log unique identifiers Log anything that can add value when aggregated, charted or further 2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar"
- 34. SplunkJavaLogging Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 34 Sometimes you can’t write to file Appenders for Java Util Logging , Log4J , Logback Simply add a logging appender to your logging configuration file
- 35. LogBack Appender Example Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 35
- 36. Code Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 36
- 37. Better Exception Logging Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 37
- 38. Easier to work with in Splunk Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 38
- 39. Coding Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 39
- 40. Splunk SDK for Java Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 40 Use the SDK from any JVM Language , Java / Groovy / Scala etc…. Send log events via REST , UDP or TCP directly to Splunk from your code Search over data in Splunk SDK available from dev.splunk.com
- 41. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 41
- 42. Spring Integration Adaptors Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 42 Inbound Adapter Used to execute Splunk searches and get data out Outbound Adapter Write data to Splunk via REST, TCP , UDP Write to a named index, submit a REST request, write to a data input bound to a server TCP port Get the code on Github
- 43. Inbound Adaptor Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 43
- 44. Outbound Adaptor Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 44
- 45. JMX Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 45
- 46. What is JMX Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 46 JMX = Java Management Extensions Monitor JVM via MBean attributes , operations and notifications JVM MBeans Vendor MBeans Custom Coded MBeans
- 47. Getting this data into Splunk Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 47 Runs on all supported Splunk platforms Works with all main JVM variants 100% Free and Open Source
- 48. Simple to Configure Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 48
- 49. Many Connectivity Options Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 49
- 50. Messaging Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 50
- 51. JMS Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 51 Not a messaging protocol , but a programming interface to many different underlying message providers WebsphereMQ , Tibco EMS , ActiveMQ , HornetQ , SonicMQ etc…
- 52. AMQP Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 52 Built with Rabbit Java Client Library AMQP 0.9.1, 0.9, 0.8
- 53. But wait , there’s more….. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 53
- 54. Poll data from any REST API Pull data directly off the wire Capture output from executing any commands Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 54
- 55. Closer look at capturing command output Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 55 Let’s see what the host Operating System can tell us : top External programs that provide additional JVM insights : jstat Index this data in Splunk and correlate
- 56. top Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 56
- 57. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 57
- 58. jstat Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 58
- 59. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 59
- 60. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 60
- 61. Splunk options galore Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 61 Splunk> Enterprise : Free to download and use. Index 500 MB/day. Splunk> Cloud : Premium, cloud hosted. Full Enterprise stack.100% uptime. Splunk> AMI : BYOL versions for Amazon AWS Cloud. Splunk> Sandbox : Spin up a cloud instance in minutes.Load in data. Hunk> : Splunk for data in Hadoop HDFS , MongoDB
- 62. More Info Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/ 62 Splunk Docs , Downloads , Vids : http://www.splunk.com Download Splunk Apps : http://apps.splunk.com Ask : http://answers.splunk.com Watch the App Dev / Devops Video : http://www.splunk.com/goto/appdev Splunk Developer Platform : http://dev.splunk.com Splunk on Github : https://github.com/splunk
- 63. Thankyou. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/
- 64. Questions ? @damiendallimore ddallimore@splunk.com Unless otherwise indicated, these slides are © 2013-2014 Pivotal Sof tware, Inc. and licensed under a Creat ive Commons At tribut ion-NonCommercial license: ht tp: / /creat ivecommons.org/ licenses/by-nc/3.0/
Notes de l'éditeur
- From Auckland Through enterprise Java background in many verticals , enterprise and non enterprise Java and other JVM langs Make Apps , Cut code
- Everything 100% open source use , reuse , whatever. Collaborate Community answers.splunk.com for support is best
- Based around Spring / JVM language based apps
- In order to understand where splunk fits in….. The data V’s , useful for booth babing duty. Veracity Some data is inherently uncertain, for example: sentiment and truthfulness in humans; GPS sensors bouncing among the skyscrapers of Manhattan; weather condi- tions; economic factors; and the future. When dealing with these types of data, no amount of data cleansing can correct for it. Yet despite uncertainty, the data still contains valuable information. The need to acknowledge and embrace this uncertainty is a hallmark of big data.
- What is Splunk
- Platform for collecting data from any source , in any format Search over it , correlate , look for insights Visualize it , build apps for your domain use case Splunk’s flagship product is Splunk Enterprise. Splunk Enterprise is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data. Splunk collects machine data securely and reliably from wherever it’s generated. It stores and indexes the data in real time in a centralized location and protects it with role-based access controls. You can even leverage other data stores. Splunk lets you search, monitor, report and analyze your real-time and historical data. Now you have the ability to quickly visualize and share your data, no matter how unstructured, large or diverse it may be. Troubleshoot problems and investigate security incidents in minutes (not hours or days). Monitor your end-to-end infrastructure to avoid service degradation or outages. Gain real-time visibility and critical insights into customer experience, transactions and behavior. Use Splunk and make your data accessible, usable and valuable across the enterprise.
- Splunk collects and indexes any machine data from virtually any source, format or location in real time. This includes data streaming from packaged and custom applications, app servers, web servers, databases, networks, virtual machines, telecoms equipment, OS’s, sensors, and much more. There’s no requirement to “understand” the data upfront. Just point Splunk at your data or deploy Splunk forwarders to reliably stream data from remote systems at scale. Splunk immediately starts collecting and indexing, so you can start searching and analyzing. No more armies of consultants, or a DBA to make it work.
- Unlike traditional structured data or multi-dimensional data– for example data stored in a traditional relational database for batch reporting – machine data is non-standard, highly diverse, dynamic and high volume. You will notice that machine data events are also typically time-stamped – it is time-series data. Take the example of purchasing a product on your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data generated by the different systems supporting these different interactions. Each of the underlying systems can generate millions of machine data events daily. Here we see small excerpts from just some of them.
- When we look more closely at the data we see that it contains valuable information – customer id, order id, time waiting on hold, twitter id … what was tweeted. What’s important is first of all the ability to actually see across all these disparate data sources, but then to correlate related events across disparate sources, to deliver meaningful insight.
- If you can correlate and visualize related events across these disparate sources, you can build a picture of activity, behavior and experience. And what if you can do all of this in real-time? You can respond more quickly to events that matter. You can extrapolate this example to a wide range of use cases – security and fraud, transaction monitoring and analysis, web analytics, IT operations and so on.
- Developers building apps atop big data platforms Important to understand the data domain And finding ways to Act on the data
- Splunk is an open and extensible platform at numerous different touchpoints for developers http://blogs.splunk.com/2013/08/06/a-developers-smorgasbord/ Extensibility creates ecosystems BUILD SPLUNK APPS The Splunk Web Framework makes building a Splunk app looks and feels like building any modern web application. The Simple Dashboard Editor makes it easy to BUILD interactive dashboards and user workflows as well as add custom styling, behavior and visualizations. Simple XML is ideal for fast, lightweight app customization and building. Simple XML development requires minimal coding knowledge and is well-suited for Splunk power users in IT to get fast visualization and analytics from their machine data. Simple XML also lets the developer “escape” to HTML with one click to do more powerful customization and integration with JavaScript. Developers looking for more advanced functionality and capabilities can build Splunk apps from the ground up using popular, standards-based web technologies: JavaScript and Django. The Splunk Web Framework lets developers quickly create Splunk apps by using prebuilt components, styles, templates, and reusable samples as well as supporting the development of custom logic, interactions, components, and UI. Developers can choose to program their Splunk app using Simple XML, JavaScript or Django (or any combination thereof). EXTEND AND INTEGRATE SPLUNK Splunk Enterprise is a robust, fully-integrated platform that enables developers to INTEGRATE data and functionality from Splunk software into applications across the organization using Software Development Kits (SDKs) for Java, JavaScript, C#, Python, PHP and Ruby. These SDKs make it easier to code to the open REST API that sits on top of the Splunk Engine. With almost 200 endpoints, the REST API lets developers do programmatically what any end user can do in the UI and more. The Splunk SDKs include documentation, code samples, resources and tools to make it faster and more efficient to program against the Splunk REST API using constructs and syntax familiar to developers experienced with Java, Python, JavaScript, PHP, Ruby and C#. Developers can easily manage HTTP access, authentication and namespaces in just a few lines of code. Developers can use the Splunk SDKs to: - Run real-time searches and retrieve Splunk data from line-of-business systems like Customer Service applications - Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards - Build mobile applications with real-time KPI dashboards and alerts powered by Splunk - Log directly to Splunk from remote devices and applications via TCP, UDP and HTTP - Build customer-facing dashboards in your applications powered by user-specific data in Splunk - Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk - Programmatically extract data from Splunk for long-term data warehousing Developers can EXTEND the power of Splunk software with programmatic control over search commands, data sources and data enrichment. Splunk Enterprise offers search extensibility through: - Custom Search Commands - developers can add a custom search script (in Python) to Splunk to create own search commands. To build a search that runs recursively, developers need to make calls directly to the REST API - Scripted Lookups: developers can programmatically script lookups via Python. - Scripted Alerts: can trigger a shell script or batch file (we provide guidance for Python and PERL). - Search Macros: make chunks of a search reuseable in multiple places, including saved and ad hoc searches. Splunk also provides developers with other mechanisms to extend the power of the platform. - Data Models: allow developers to abstract away the search language syntax, making Splunk queries (and thus, functionality) more manageable and portable/shareable. - Modular Inputs: allow developers to extend Splunk to programmatically manage custom data input functionality via REST.
- Swarm / 4sq
- Foursquare , personal Geo Tracking app Foursquare REST input Raw json Trivial search : index=main sourcetype="4sq_checkins" | dedup id | stats count by venue.name | sort – count More useful searches : Show 3 pre canned searches Show haversine search command Show geostats and create simple map on the fly in a dashboard Show JS / HTML / CSS
- With the increased speed of product delivery – from an annual cadence with packaged software to continuous deployment with modern cloud services – organizations are under increasing pressure to run a well-oiled, fault tolerant, rapid delivery pipeline in their product development lifecycle. DevOps practices like continuous integration, automated configuration and continuous deployment increase the dependence of systems like task tracking and source code repositories with build servers and test suites. From video : collaboration between dev / qa / ops teams can struggle lack of visibiltiy complexity of processes and systems time taken to resolve issues can escalate Wouldn’t it be great if a single place to access data and correlate you want to speed up time to deliver software to customer track in near realtime with Splunk devs can search data from production environments without needing access to them
- What developers can gain… Proative alerting , ie : heap memory
- Developers can build intelligence into applications Logs are not just for debugging Stitch together business transactions
- Splunk increases the speed and efficiency of application development and testing, reducing time to market and enabling DevOps agility with connected visibility across the lifecycle. By starting at the beginning of the Product Development Lifecycle, you can track a problem in production all the way back to the code that was checked into the build and the developer responsible for the code. Using Splunk throughout the Product Development lifecycle allows the customers to be more agile and reduce time to market. Splunk enables continuous development and delivery of enterprise applications across the entire lifecycle, making the entire continuous delivery process seamless and frictionless for developers, testers, and operations personnel. Splunk deliver Application Lifecycle Intelligence – real time, mission critical visibility into every step, system and process involved in shipping new product to your customers.
- Not a be all and end all. Data Sources (relevant to Spring/JVM apps)
- Talk about how to get logs in, UF and agentless Any format
- Logging is not just for debugging Stitch transactions together
- Try to use a UF if at all possible Utility classes for formatting log events Configurable in memory buffer to handle network outages
- TCP and REST Appenders
- SplunkLogEvent will log in best practive semantic format
- What if you can’t use logging appenders etc… Well , then you have to get down and dirty with your code ! Programmatically interact with Splnk
- Extensive Spring support Many other products will expose metrics via JMX. Majority of useful data for monitoring will come from this layer Open and easily extensible Developers can simply create new MBeans Vendor products(JBoss, Cassandra, Hadoop etc..) ship with thorough MBean coverage, not MIBs
- Splunkcowboy.com for demo
- As many config files as you want
- Also MX4j connectivity options Splunkcowboy demo Show raw data and charts
- Demo on splunk localhost Rabbit web guest/guest
- Correlate this OS data across your JVM and Application events ie: your JVM may have hung because of CPU starvation caused by some other process thrashing Could even go lower if running virtual and get the VM/Hypervisor data
- Created a wrapper script to dynamically get the PID of the Java process
- Custom handlers for pre-processing and reformatting if you want