Quelles nouveautés avec la version 6.5 de Splunk Enterprise

Copyright © 2016 Splunk Inc.

Splunk Cloud and Splunk Enterprise 6.5

Overview

Disclaimer

2

During the course of this presentation, we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.

Splunk Cloud & Splunk Enterprise 6.5

3

Easier DataPrep & Analysis

Fast & simple analysisfor a wide range of users

Extended Platformand Management

Simplified managementand lower TCO

New Machine Learning Analytics

Predictive analytics forbusiness-critical events

New Developer Resources

Create and certify enterprise-ready Apps

3

Liberalized Licensing Terms

No metered enforcement -- Free dev/test licenses


4









4



Centralized view of all data objects prepared for viewing and analysis

• Data Models• Lookups• Table Datasets - New!

A home base for data prep and analysis

Datasets Page

5

Data Preparation & Analysis with Tables

6

Create, edit, analyze table views without using SPL

Benefits of Table Datasets

7

Splunk Specialist Occasional User

• Rapidly create rich data views • Empower independent analysis

by other users

• Analyze & explore in intuitive data view• Independently edit / add fields • Create reports and dashboard panels

Data prep and analysis – made simple

Enhanced Search Assistance

8

Improved search productivity

• Syntax coloring• Auto-complete• Auto-formatting

Better Report Tables

9

• Conditional formatting of table columns

• Number formatting

• Table summary statistics

Create digestible tables with rich insights

Dashboard Enhancements

10

• Preview dashboard before saving• Inline XML source editor• Versatile refresh controls

Build and share dashboards with ease


11









11



Machine Learning and Advanced Analytics at Splunk

12

Purpose-built, turnkey-key analytics dedicated to managing IT services and security

Packaged Machine Learning

Easy to use ML integrated intostandard day-to-day operations

Custom Machine Learning

Predictive analytics tailored for a customer’s specific environment

and target use cases

From platform to packaged premium solutions

Integrated & custom analytics for any use case

Splunk Machine Learning Toolkit

13

Assistants: Guide model building, testing & deployment for common objectives

Showcases: Interactive examples for typical IT, security, business, IoT use cases

SPL ML Commands: New commands to fit, test and operationalize models

Python for Scientific Computing Library: 300+ open source algorithms available for use

Build custom analytics for any use case

Machine Learning Customer Success

Network Incident DetectionService Degradation Detection Security / Fraud Prevention

Prioritize Website Issues and Predict Root Cause

Predict Gaming OutagesFraud Prevention

Machine Learning Consulting Services Analytics App built on ML Toolkit

Optimizing operations and business results

Cell Tower Incident DetectionOptimize Repair Operations

Entertainment Company

15


15









15



Storage TCO Reduction Options

16

Reduce TSIDX for historical data

Roll historical data into Hadoop

Keeps data within existing Splunk storage

Exports data but maintainssearch capability

Flexible options to reduce storage requirements up to 80%

Integrated Hadoop Features

17

Access, analysis and storage flexibility with data lake

Seamlessly search your Hadoop data within Splunk *

Amazon EMR on S3

Hadoop Clusters

Roll historical Splunk data into existing Hadoop distribution

Enrich data in Hadoop with Splunk search results

Import Hadoop data into Splunk

*Requires Splunk Analytics for Hadoop add-on license

• In-depth views integrated into Monitoring Console

• Includes checks for common issues with suggested actions

• Add custom Health Checks for your environment with an SPL search

System Health Check

18

Take proactive action to optimize Splunk operations

Indexer Cluster Rebalancing

19

Get immediate value from new indexers

• Immediately optimizes search & indexing loads

• Immediately balances storage loads

Simple controls to automatically rebalance

Before Rebalancing

After Rebalancing

New

Real-Time SPL Optimization

20

Automatically optimizes query performance

Filter results as early as possible lookup only on required data

eval on the minimum number of events possible

Process as much as possible in parallel on indexers

Automatically applies best practice techniquesto optimize execution speed of any query


21









21



New App Developer Resources

22

Package

Packaging Toolkit (Beta)

DevelopAdd-on Builder App

AppInspect Tool

Promote

Splunkbase app discovery experience

Making apps easier to develop, certify & manage

Certify

Splunk App Certification Process

Tools to Build Better Apps

23

Build certification-ready apps & add-ons

Add-on Builder• Auto-generate modular input script• Define knowledge extraction• Validate certification readiness

AppInspect• Run the same checks as App Certification team• Run 140+ static analysis checks• Integrate into existing build tools and processes

Packaging Toolkit (beta)

24

• Specifies app deployment requirements via an app manifest

• Pre-packages and validates dependencies

• Partitions app based on component deployment requirements

• Compatible with standard deployment tools and scripts

Assure clean and reliable app deployment

App package

Forwarder

Indexer

Search Head

App Component

App manifest

Splunk App Certification Process

25

• Typical process takes 2 weeks from submission

Streamlined process for faster time to market

Splunkbase App Discovery

26

User Experience improvements that make it easier to discover apps and add-ons

Curated content that highlights:• Certification status• Use case• Technology

Easily discover and adopt apps with confidence


27









27



New Licensing TermsFor Splunk Enterprise and Splunk Cloud Customers

Free Dev/Test UsageExplore new data sources

and use cases before moving to production

28

No Metered EnforcementExceeding license termsdoes not disrupt Splunk production operations

New license key available with 6.5 upgrade

Personalized license keys available to all customers

Available Now with 6.5! Available Nov 1, 2016

New Licensing TermsFor Splunk Enterprise 6.5 and Splunk Cloud Customers

No metered enforcement (Splunk Enterprise)– Exceeding daily license capacity will no longer disable Search– Licensing terms and conditions continue to apply

Free personal use dev/test software licenses– 50 GB single-server license valid for 6 months of non-production use– Multiple licenses and renewals allowed

29

Making it easier to get more from your data


30









• Integrated Hadoop data roll• Automated management• System health check

• Create custom analytics and models for any use case• Guided modeling experience

• Introducing new table views• Intuitive interface to build,

edit & analyze tables

• New app developer tools • Enhanced certification

process



Appendix

Machine Learning and Advanced Analytics at Splunk

32

Purpose-built, turnkey analytics dedicated to managing IT services and security

Integrated & custom analytics for any use case

Specialized security analytics• Behavior baselining & modeling• Anomaly detection (40+ models)

Packaged IT monitoring analytics• Anomaly detection• Adaptive thresholding

Integrated & custom analytics for any use • 20+ analytics commands & functions• Automatic cluster analysis @ search• Custom modeling workbench

From platform to packaged premium solutions

What’s New in ML Toolkit 2.0?

Modeling Capabilities

• Multi-algorithm support in Assistants

• 15+ new algorithms available OOTB since 1.0

• Cluster Numeric Events Assistant

• Scatterplot matrix viz

Scalability

• Distributed processing across indexers

• Scheduled fit

Usability

• Create Alerts within Toolkit

• Tooltips

• In-app tours

• Tutorials for each assistant

Making it easier to build and operationalize models

ML Toolkit Customer Use Cases

34

Speeding website problem resolution by automatically ranking actions for support engineers

Reducing customer service disruption with early identification of difficult-to-detect network incidents

Minimizing cell tower degradation and downtime with improved issue detection sensitivity

Improving cell tower uptime and reducing repair truck roles with anomaly detection and root cause analysis

Predicting and averting potential gaming outage conditions with finer-grained detection

Ensuring mobile device security by detecting anomalies in ID authentication

Preventing fraud by Identifying malicious accounts and suspicious activitiesEntertainment Company

DomainExpertise

(IT, Security, …)

Data Science

Expertise

Splunk Expertise

Custom Machine Learning – Success Formula

Identify use cases

Drive decisions

Set business/ops priorities

SPL

Data prep

Statistics / math background

Algorithm selection

Model building

Splunk ML Toolkitfacilitates and simplifiesvia examples & guidance

Operational success

Detect Network OutliersReduced downtime + increased service availability = better customer satisfaction

36

ML Use CaseMonitor noise rise for 20,000+ cell towers to increase service and device availability, reduce MTTR

Technical overview • A customized solution deployed in production based on outlier detection. • Leverage previous month data and voting algorithms

“The ability to model complex systems and alert on deviations is where IT and security operations are headed … Splunk Machine Learning has given us a head start...”

Reliable website updatesProactive website monitoring leads to reduced downtime

37

“Splunk ML helps us rapidly improve end-user experience by ranking issue severity which helps us determine root causes faster thus reducing MTTR and improving

SLA”

• Very frequent code and config updates (1000+ daily) can cause site issues• Find errors in server pools, then prioritize actions and predict root cause

• Custom outlier detection built using ML Toolkit Outlier assistant• Built by Splunk Architect with no Data Science background

ML Use Case

Technical overview

Integrated Hadoop Features

Unified exploration across Splunk and non-Splunk data

Roll historical Splunk data into existing Hadoop distribution

Enrich data in Hadoop with Splunk search results

Explore current and historical data

Import Hadoop data into Splunk

Hadoop Data Roll

Splunk Analytics for Hadoop

Hadoop Connect

38

Access, analysis and storage flexibility with data lake

Amazon EMR on S3

Hadoop Clusters

Hadoop Data Roll

39

Hadoop Clusters

Amazon EMR on S3

• Rolls historical data into existing Hadoop distribution

• Reduces storage up to 80%*

• Retains Splunk search capability with performance tradeoffs

• Integrated, zero-cost option of Splunk Enterprise

Leverage existing Hadoop datastore to reduce TCO* Achieved by reducing Splunk search optimization data

Warm

Cold

Comparing Storage TCO Reduction Options

40

Hot

• Removes some search optimization data• No search functionality loss• Limited performance tradeoff for typical

use cases

40-80% data footprint reduction

Reduce TSIDX for historical data Hadoop Data Roll

• Removes search optimization data• No search functionality loss, uses virtual index• Performance tradeoff• Shares data with Hadoop and Hadoop application

Hot

40-80% data footprint reduction

Warm

Cold

Splunkbase App Discovery

41

User Experience improvements that make it easier to discover apps and add-ons

Curated content that highlights:• Certification status• Use case• Technology

Simplify discovery and adoption of your app

Cold Cold Cold

Savings Example

Driving down data retention costs

Savings Over 1 Year

$1.6 M*

Savings over 5 Years$4.3 M*

Raw Ingest: 10TB / Day

Hot/Warm Retention: 2 Months

Cold Retention: 10 Months

* Assumes $1.25/GB Cold Storage Purchase Cost, 10% Maintenance Cost, 10% Annual Data Growth, 3 Year HW Refresh, No clustering

42

Hot

Cold

Warm

Cold Cold Cold Cold Cold

Warm Warm

Storage Optimization

Driving down data retention costs

How does it work?Certain Splunk performance optimization data (TSIDX) is removed – yielding a smaller footprint.

43

New Data Storage Controls• 40-80% reduction in data footprint

• No functionality loss

• Limited performance tradeoff for typical use cases

Cold Cold Cold

Hot

Cold

Warm

Cold Cold Cold Cold Cold

Warm Warm

Splunk Enterprise & Splunk Cloud 6.4

New Cloud Services Monitoring

New Visualizations& Enhanced Analytics

Platform Security and Management

Unlimited new ways to visualize your data

New mission-criticalfeatures

Expanded cloud operations intelligence

Storage TCOReduction

Reduces historical data storage TCO by 40%+

(Splunk Enterprise)

Get more from big data and pay less in storage costs

44

The Splunk Portfolio

Platform for Operational Intelligence

Rich Ecosystem ofApps & Add-Ons

Splunk PremiumSolutions

MainframeData

RelationalDatabasesMobileForwarders Syslog/TCP

IoTDevices

NetworkWire Data

Hadoop

Date post:	20-Mar-2017
Category:	Technology
Upload:	splunk
View:	74 times
Download:	3 times