Post on 16-Apr-2017
transcript
Copyright©2016SplunkInc.
GettingStartedwithSplunkEnterprise
KellyKitagawaSplunkSalesEngineerkkitagawa@splunk.com
BrucePennSplunkSr.SalesEngineerbpenn@splunk.com
2
Agenda1. Splunk Overview2. UsingSplunk(LiveDemonstration/Walkthrough)3. SplunkDeploymentArchitecture4. SplunkCommunities5. Q&A
3
Whatismachinedata?Challenges: Volume | Velocity | Variety | Variability
GPS,RFID,
Hypervisor,WebServers,
Email,Messaging,Clickstreams,Mobile,
Telephony,IVR,Databases,Sensors,Telematics,Storage,
Servers,SecurityDevices,Desktops3
Splunk’sMission:Making machinedataaccessible,usableandvaluabletoeveryone.
4
WhatDoesMachineDataLookLike?Sources
OrderProcessing
CareIVR
MiddlewareError
5
MachineDataContainsCriticalInsightsCustomerID OrderID
Customer’sTweet
TimeWaitingOnHold
TwitterID
ProductID
Company’sTwitterID
CustomerIDOrderID
CustomerID
Sources
OrderProcessing
CareIVR
MiddlewareError
6
SplunkUnlocksCriticalInsightsOrderID
Customer’sTweet
TimeWaitingOnHold
ProductID
Company’sTwitterID
OrderID
CustomerID
TwitterID
CustomerID
CustomerID
Sources
OrderProcessing
CareIVR
MiddlewareError
7
THEIndustryLeadingPlatformForMachineData
MachineData:AnyLocation,Type,Volume
OnlineServices Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
PackagedApplications
CustomApplicationsMessaging
TelecomsOnline
ShoppingCart
WebClickstreams
Databases
EnergyMeters
CallDetailRecords
SmartphonesandDevices
RFID
On-Premises
PrivateCloud
PublicCloud
PlatformSupport(Apps/API/SDKs)
EnterpriseScalability
UniversalIndexing
AnswerAnyQuestion
DeveloperPlatform
Reportand
analyze
Customdashboards
Monitorandalert
Adhocsearch
NobackenddatabaseSchema-on-the-flyNoneedtofilterdataFasttimetovalueAgilereportingandanalyticsReal-timearchitecture
8
TheSplunkPortfolio
PlatformforOperationalIntelligence
RichEcosystemofApps&Add-Ons
SplunkPremiumSolutions
MainframeData
RelationalDatabasesMobileForwarders Syslog/TCP IoT
DevicesNetworkWireData
Hadoop
PacketAnalysis(WireData)
- AppResponseTime- Detectunauthorizedaccess
MobileApplicationPerformanceManagement(APM)
- AppCrashes- UserExperience
PlaceSplunksearch&analyticsontopofHadoop/noSQL
cluster
Import&CorrelateexternalDBdata- 3rd partytools
- EnrichdataalreadyinSplunk
Installing&UsingSplunk
(LiveDemonstration&Walkthrough)
10
WhatWeAreGoingtoCoverInstalling&OnboardDataSearching
topraretimechartstatsiplocation
DashboardsAlerting
1.
2.
3.
4.
11
1. DownloadSplunkEnterprisehttps://www.splunk.com/en_us/download-21.html
– OrGoogle“Splunkdownload”->DownloadSplunkEnterprise
2. DownloadSplunkTutorialData– tutorialdata.ziphttp://docs.splunk.com/images/Tutorial/tutorialdata.zip
– OrGoogle“Splunktutorialdata”->Loadthetutorialdata
DownloadingSplunk Enterprise+TutorialData
12
StartSplunkfrombindirectoryLogintoSplunk – http://127.0.0.1:8000– username=adminpassword=changeme
Addthetutorialdata.zip intotoSplunk– ClickSettings– Click AddData– ClickUploadfilesfrommycomputer.– Draganddropyoursampledatazipfile.– ReviewandFinish.
GettingDataintoSplunk
Wewillimportsampleweb
ecommercestoreevents
Let’sgetourhandsdirty!
14
SearchesUsed• index=buttercupgames status=4*• index=buttercupgames status!=200|top limit=20status• index=buttercupgames status!=200|timechart count• index=buttercupgames status!=200|stats countbystatus|wherecount>700
• index=buttercupgames status!=200|stats countsparkline byuri_path
15
SearchesUsedCont’d
• index=buttercupgames status=200|iplocation clientip
|geostats countbyCity
• index=buttercupgames action=purchase|stats count
• index=buttercupgames action=purchase|timechart count
|predict countaspredictedCount
Tip: Usethe“|history”commandtoseeprevioussearchesused
Deployments&Architecture
17
SingleInstanceorDistributed?
Singleenvironment DistributedEnvironment
RecommendedSpecs:6X2CoreCPUs/12GBRAM/800+
IOPs
ASplunkinstallcanbeoneorallroles…
Forwarders
Indexer
Search Head
18
ScalestoHundredsofTBs/DayEnterprise-classScale,ResilienceandInteroperability
CollectmachinedatafromthousandssourcesviaSplunkforwarders
CompressandstoredataonSplunkIndexers
InitiatesearchesandvisualizeresultsviaSearchHeads
Forwarders
Indexer
Search Head
19
Scalability&HighAvailability
ForwardersloadbalanceacrossIndexers
Indexeddatacanbereplicatedacrosspeersanddifferentphysicalsites
SearchHeadscanbeclustered toeliminatesinglepointoffailureandhandlelargesearchloads
20
Over1,200Apps@http://splunkbase.splunk.com
20
21
TimetostartSPLUNKING!!!• Documentation
– http://www.splunk.com/base/Documentation• TechnicalSupport
– http://www.splunk.com/support• Videos
– http://www.splunk.com/videos• Education
– http://education.splunk.com• Community
– http://answers.splunk.com• SplunkBook
– http://splunkbook.com
WheredoIgoforhelp?
22
ThankYou!
Copyright©2015SplunkInc.
• 5,000+ITandBusinessProfessionals• 175+Sessions• 80+CustomerSpeakers
PLUSSplunk University• Threedays:Sept23-25,2017• GetSplunk CertifiedforFREE!• GetCPEcreditsforCISSP,CAP,SSCP
SEPT25-28,2017WalterE.WashingtonConventionCenterWashington,D.C.CONF.SPLUNK.COM
The8th AnnualSplunkWorldwideUsers’Conference