+ All Categories
Home > Technology > Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Date post: 16-Jul-2015
Category:
Upload: splunk
View: 629 times
Download: 2 times
Share this document with a friend
Popular Tags:
21
Copyright © 2014 Splunk Inc. Octavio Di Sciullo Principal Support Engineer, Splunk Patrick Ogdin Product Manager, Splunk Splunk Monitoring – New NaEve Tools for Monitoring your Splunk Deployment
Transcript
Page 1: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Copyright  ©  2014  Splunk  Inc.  

Octavio  Di  Sciullo  Principal  Support  Engineer,  Splunk    

Patrick  Ogdin  Product  Manager,  Splunk  

Splunk  Monitoring  –  New  NaEve  Tools  for  Monitoring  your  Splunk  Deployment  

Page 2: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Disclaimer  

2  

During  the  course  of  this  presentaEon,  we  may  make  forward  looking  statements  regarding  future  events  or  the  expected  performance  of  the  company.  We  cauEon  you  that  such  statements  reflect  our  current  expectaEons  and  

esEmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,  

please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaEon  are  being  made  as  of  the  Eme  and  date  of  its  live  presentaEon.  If  reviewed  aRer  its  live  presentaEon,  this  presentaEon  may  not  contain  current  or  accurate  informaEon.  We  do  not  assume  any  obligaEon  to  update  any  forward  looking  statements  we  may  make.  In  addiEon,  any  informaEon  about  our  roadmap  outlines  our  general  product  direcEon  and  is  subject  to  change  at  any  Eme  without  noEce.  It  is  for  informaEonal  purposes  only  and  shall  not,  be  incorporated  into  any  contract  or  other  commitment.  Splunk  undertakes  no  obligaEon  either  to  develop  the  features  or  funcEonality  described  or  to  

include  any  such  feature  or  funcEonality  in  a  future  release.  

Page 3: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Agenda  !   History  of  Splunk  Monitoring  Tools  !   Underpinning  Technologies  !   Distributed  Management  Console  Architecture  !   Setup  Tasks  !   Indexing  Performance  Views  !   Search  AcEvity  Views  !   Resource  Usage  Views  !   PlaYorm  Alerts  !   Roadmap  

  3  

Page 4: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

2014  Goals  and  ObjecEves  

!   Introduce  the  Distributed  Management  Console  feature  for    Splunk  6.2  

!   Explain  importance  of  monitoring  your  Splunk  deployment,  especially  in  large,  distributed  environments  

!   ?  

4  

Page 5: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

History  of  Splunk  Monitoring  Tools  

5  

!   index=_internal  sourcetype=splunkd  –  Go  look  at  the  logs!  

!   Splunkbase  tools  !   Status  dashboards  !   Deployment  monitor  

–  License  usage  reporEng!  –  AlerEng,  summarizaEon  

!   S.o.S  –  Developed  by  Splunk  Support  for  Splunk  support  and  customers  –  PlaYorm  resource  uElizaEon  collecEon  with  technology  add-­‐ons  –  Topology  views  

Page 6: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Underpinning  Technologies  

6  

!   Resource  collecEon  framework  –  introspecEon_generator_addon  –  $SPLUNK_HOME/var/log/introspecEon  –  index=_introspecEon  

!   REST  Endpoints  –  /services/server/status/resource-­‐usage  

ê  Snapshots  of  CPU,  Memory,  Disk  –  /services/server/info  

ê  PlaYorm,  core  count,  server  role  

!   Server  roles  –  Derived  or  user  defined  

Page 7: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Distributed  Management  Console  Architecture  

7  

Search  Heads  

Indexers  

Universal  Forwarder  

Distributed  Search  

Management  

Data  

Monitoring    Console  Host  

Page 8: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Setup  Tasks  

8  

!   Prerequisites  –  Where  does  the  DMC  live?  –  Topology  definiEon  –  Forward  all  logs  from  all  components  back  to  the  indexing  Eer  –  All  components  must  be  search  peers  of  the  DMC  host  

!   Standalone  vs  distributed  mode  –  Server  roles  –  Custom  groups  

Page 9: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Instance  View  (Topology  List)  

9  

Page 10: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Design  Pamerns  

10  

!   Instances  and  machines  –  One  machine  can  have  several  instances  

!   Deployment  wide  –  Aggregate  staEsEcs  –  Uses  a  Count  of  Instances  banded  by  a  parEcular  measurement  

!   Snapshot  views  –  Endpoint  derived  

!   Historical  views  –  Indexer  derived  

Page 11: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Search  AcEvity  Views  

11  

Instance  

Page 12: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Search  AcEvity  Views  

12  

Deployment  Wide  

Page 13: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Indexing  Performance  Views  

13  

Deployment  Wide  

Page 14: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Indexing  Performance  Views  

14  

Instance  

Page 15: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Resource  Usage  Views  

15  

Instance  

Page 16: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Resource  Usage  Views  

16  

Deployment  Wide  

Page 17: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

KV  Store  

17  

Instance  

Page 18: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

KV  Store  

18  

Deployment  Wide  

Page 19: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

PlaYorm  Alerts  

19  

Page 20: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

PlaYorm  Alerts  Email  Examples  

20  

Page 21: Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

THANK  YOU  


Recommended