GLOBAL SPONSORS

SPLUNK & Dell EMC For Operational Intelligence

Dell EMC Forum Warsaw

PAWEŁ ALBERT | Advisory Systems Engineer

© Copyright 2017 Dell Inc.2

GPS,RFID,

Hypervisor,Web Servers,

Email, Messaging,Clickstreams, Mobile,

Telephony, IVR, Databases,Sensors, Telematics, Storage,

Servers, Security Devices, Desktops

Most Data Comes from Machines

What does machine data look like?Sources

Order Processing

Twitter

Care IVR

Middleware Error

What does machine data look like?Sources

Order Processing

Twitter

Care IVR

Middleware Error

Customer ID Order ID

Customer’s Tweet

Time Waiting On Hold

Twitter ID

Product ID

Company’s Twitter ID

Customer IDOrder ID

Customer ID

What does machine data look like?Sources

Order Processing

Twitter

Care IVR

Middleware Error

Customer ID Order ID

Customer’s Tweet

Time Waiting On Hold

Twitter ID

Product ID

Company’s Twitter ID

Customer IDOrder ID

Customer ID

© Copyright 2017 Dell Inc.6

Machine data is valuable

IT Operations

Security Analytics

Business Insight

© Copyright 2017 Dell Inc.7

Machine data has complexities

Large variety of sources & structure

Ability to analyze and make decisions

Managing the rapid growth of data

Building the right infrastructure

WEB & APPLICATION

SERVERS

OPERATING SYSTEMS

VIRTUALIZATION

SERVERS

NETWORKS

STORAGE

Data Driven Insights for Every Business

Collect Search Analyze

Index Untapped Data: Any Source, Type, Volume

Online Services Web

Services

ServersSecurity GPS

Location

StorageDesktops

Networks

Packaged Applications

CustomApplicationsMessaging

TelecomsOnline

Shopping Cart

Web Clickstreams

Databases

Energy Meters

Call Detail Records

Smartphones and Devices

RFID

On-Premises

Private Cloud

Public Cloud

Turning Machine Data Into Business Value

Ask Any Question

Application Delivery

Security, Compliance and Fraud

IT Operations

Business Analytics

Internet of Things and Industrial Data

© Copyright 2017 Dell Inc.11

Splunk Architecture

Send data from thousands of servers using any combination of Splunk Forwarders

Auto load-balanced forwarding to Splunk forwarders

Offload search load to Splunk Search Heads

Search HeadsQuery information across indexers and are

usually CPU and memory intensive.

IndexersWrite data to disk and are both CPU and

I/O intensive.

ForwardersCollect and forward data; usually

lightweight and not resource intensive.

http://docs.splunk.com/Documentation/Splunk/latest/Overview/AboutSplunkEnterprisedeployments

How is data stored and aged in Splunk

FROZEN

WARM COLDHOT

HOT – Newest buckets of data that are still open for write

WARM – Recent data but closed for writing (read only)

COLD – Oldest data, commonly on cheaper, slower storage

FROZEN – No longer searchable, commonly archived or deleted data

Optional TSIDX Reduction

OR

© Copyright 2017 Dell Inc.

© Copyright 2017 Dell Inc.13

Performance

✓ Ingest More Sources

✓ Need Faster Queries Results

✓ More Users

✓ Big Apps

Growth Happens – How do you keep up?

Capacity

✓ Store More indexes

✓ Longer Retention Periods

✓ Indexer Clustering

✓ Big Apps

The right infrastructure to optimize your

Splunk deployment

© Copyright 2017 Dell Inc.15

Splunk is now a business critical application:

✓ Demand for daily ingest rate is increasing rapidly

✓ Search performance must not suffer from scale

✓ Availability/Reliability is must have

✓ Big data infrastructure must align to enterprise strategy

✓ No rip and replace to achieve greater scale

Splunk Trends we are seeing…

Dell EMC provides a scalable and efficient enterprise solution for deploying Splunk.

© Copyright 2017 Dell Inc.

16

Why Dell EMC for SplunkOptimized infrastructure for big & fast data

Optimized Shared

Storage & Tiering

Jointly Validated

Solutions

Integrated

SupportTested

Configurations

Life Cycle

Management

Snapshots For Backups

Cost-Effective &

Flexible Scale-Out

Scale-Out Capacity & Compute Independently Or

As Converged PlatformFrozen

Cold

Warm

HotAll-Flash HCI, SAN or DAS

for Hot/Warm Buckets

Isilon

for Cold Buckets(keeps data accessible

and searchable for longer)OR

for Frozen/Archive

© Copyright 2017 Dell Inc.

VxBlock 540 / XtremIO

+ Isilon

VxRack Flex + Isilon VxRail + IsilonPowerEdge

+ Isilon

Splunk Validated Solutions

“Meets or EXCEEDS minimum hardware requirements”

© Copyright 2017 Dell Inc.

Start Small

● Single Use Case

● Single Department

● Less than 100GB/day per day

Dell PowerEdge Series

© Copyright 2017 Dell Inc.

Go BIG!!

● Multiple Use Cases

● Organization-wide deployment

● Premium Apps

● Infrastructure for Splunk

● > than 300GB/day per day

© Copyright 2017 Dell Inc.

Dell EMC has apps for Splunk too!

Gain insight into your Dell EMC

Storage Platforms• VMAX

• VNX

• XtremIO

• Isilon

Free app/add-ons for Dell EMC on Splunkbase

© Copyright 2017 Dell Inc.22

Let our Splunk Ninjas help you!

Trained by Splunk

Splunk Architecture Experts

Dell EMC Portfolio Experts

Religious about Best Practices

Available across the GLOBE!!!