Copyright © 2015 Splunk Inc.
Getting Started
2
Why Splunk?“Splunk takes machine data and makes it relevant for non-technical business users. ..Splunk provide[s] both the up-to-the-minute and long-term trending data business users need to make the decisions that impact revenue.”
“It's become a collaborative tool where everybody can gather around the same data and see the same big picture.” “I'm sometimes so amazed by what we can do with Splunk, I wonder if there's magic in there.”
Splunk selected by Symantec to help security intelligence operations.Symantec centralizes, monitors and analyzes security-related data in Splunk Enterprise to help investigate incidents and detect advanced threats. Symantec also uses Splunk software to ensure comprehensive compliance with Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standard (PCI DSS). www.datacenterknowledge.com
3
Splunk Company Overview
3
Company
• Global HQs:
San Francisco
London
Hong Kong
• 1,500 employees globally
• Annual Revenue for FY14: $450M (YoY +50%)
• NASDAQ: SPLK
Products
• Free trial to massive scale
• Splunk products: Splunk Enterprise
Splunk Cloud
Hunk
Splunk MINT
Premium Apps VMWARE
MS Exchange
PCI Comp and ES App
Customers
• 9,000+ customers
• Across 100+ countries
• Small to large organizations
• 80+ of the Fortune 100
• Largest license:
400+ Terabytes/day
4
Our Plan of Action
4
1.Big Data - setting the stage.
2.How does Splunk fit in the landscape?
3.What differentiates Splunk?
4.Components that make up Splunk?
5.Demo - How it works?
5
The Accelerating Pace of Data
Volume | Velocity | Variety | VariabilityGPS,
RFID,Hypervisor,
Web Servers,Email, Messaging,
Clickstreams, Mobile, Telephony, IVR, Databases,
Sensors, Telematics, Storage,Servers, Security Devices, Desktops
Machine data is the fastest growing, most complex, most valuable area of big data
5
6 6
Making machine data accessible,usable and valuable to everyone.
6
7
Big Data Landscape
Key/Value, Columnar or Other (semi-structured)
CassandraCouchDBMongoDB
NoSQL
7
Relational Database(highly structured)
SQL &MapReduce
RDBMS
Oracle,MySQL,
IBM DB2,Teradata
Teradata Aster DataSQL on Hadoop
Distributed File System(semi-structured)
Hadoop
HDFS Storage + MapReduce
Temporal, UnstructuredHeterogeneous
Real-Time Indexing
MapReduce
8
Big Data Landscape
Key/Value, Columnar or Other (semi-structured)
CassandraCouchDBMongoDB
NoSQL
8
Relational Database(highly structured)
SQL &MapReduce
RDBMS
Oracle,MySQL,
IBM DB2,Teradata
Teradata Aster DataSQL on Hadoop
Distributed File System(semi-structured)
Hadoop
HDFS Storage + MapReduce
Temporal, UnstructuredHeterogeneous
Real-Time Indexing
MapReduce
9
perf
shellAPI
Mounted File Systems\\hostname\mount
syslogTCP/UDP
Event Logs Performance
Active Directory
syslog hostsand network devices
Unix, Linux and Windows hosts
Local File MonitoringSplunk Forwarder
virtualhost
Windows
Scripted or Modular Inputsshell scripts
API subscriptions
Mainframes*nix
Wire DataSplunk App for Stream
Efficient Time Based Indexing
Splunk Differentiators
10
Splunk Differentiators
10
• Role Based Access Control• Define roles and assign users to them.• Integrate with LDAP or SSO.
• Multi-Tennant• Allows multiple users across the organization to securely leverage same
instance with multiple data types.• Align data access to policies in the organization
• Secure Data Transmission• Universal Forwarders provides easy, reliable, secure data collection
from remote sources.• SSL security, data compression, configurable throttling and buffering.
11
Splunk Components
11
Data Collection Layer - Universal Forwarders, syslog, API, TCP, Scripts, Wire, etc.
Data Indexing Layer – Indexer(s).
Data Presentation Layer– Search Head(s)
Universal Forwarder
13
1.
2.
3.
4.
How to Get Started
Download
Install
Forward Data
Search
Dat
abas
es
Net
wo
rks
Serv
ers
Vir
tual
M
ach
inesSmart
phones and
Devices
Cu
sto
mA
pp
licat
ion
s
Secu
rity
Web
Serv
er
Sen
sors
Four steps:
14
Demo – How it Works
14
1. Installing and Starting Splunk2. Ingesting Data3. Search Basics
• Search Bar• Time Picker• Extracted Fields
4. Alerting5. Statistics and Reporting6. Dynamic Field Extraction7. Command Language8. Splunk Applications
15
Demo
15
16
Education Resources
16
Splunk Education• www.splunk.com/education
Using Splunk, Searching and Reporting, Developing Apps, Administering Splunk, and more!
Books• Implementing Splunk: Big Data Essentials for Operational Intelligence• Splunk Essentials• Exploring Splunk• Splunk Operational Intelligence Cookbook
17
Supplemental Information
17
Download• www.splunk.com/download
Search Tutorial:• docs.splunk.com/Documentation/Splunk/latest/SearchTutorial
Tutorial Data:• docs.splunk.com/images/Tutorial/tutorialdata.zip
18
Things to Remember
18
1. Splunk is Free – Download and get started today2. Quick Time to Value3. Data Gold Mines – what informational fortune awaits?!4. Leverage the Splunk Community
• apps.splunk.com• answers.splunk.com• blogs.splunk.com
5. Happy Splunking
1919
The 6th Annual Splunk Worldwide Users’ Conference
• September 21-24, 2015
• The MGM Grand Hotel, Las Vegas
• 4000 IT & Business Professionals
• 2 Keynote Sessions
• 3 days of technical content– 165+ sessions
• 3 days of Splunk University– Sept 19-21, 2015– Get Splunk Certified for FREE! – Get CPE credits for CISSP, CAP, SSCP, etc.– Save thousands on Splunk education!
• 80 Customer Speakers
• 80 Splunk Speakers
• 35+ Apps in Splunk Apps Showcase
• 65 Technology Partners
• Ask The Experts and Security Experts, Birds of a Feather, Chalk Talks and a new & improved Partner Pavilion!
• Register at conf.splunk.com
Thank You