Splunk overview Russian
•Download as PPTX, PDF•
8 likes•1,645 views
Стандартная презентация Спланк на русском языке
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Splunk overview Russian
Similar to Splunk overview Russian (20)
Splunk overview Russian
- 1. Splunk обзор продукта Багиров Тимур, Менеджер по продукту, RRC
- 2. Компания (NASDAQ: SPLK) Business Model / Products Клиентов 7,900+ образована2004 Дата первого релиза2006 HQ San Francisco Лицензии на ПО Продукт в облаке SaaS 2/3 100 из Fortune 100 Самое крупное внедрение: Terabytes/день Splunk
- 3. Достигнутое признание на рынке Big Data Innovator 2014 SIEM Magic Quadrant LEADER 2012 Security Market Growth #1 Worldwide 2012 IT Operations Market Growth #3 Worldwide Best SIEM North America Best Enterprise Security Solution EMEA #1 Most Innovative#4
- 4. Ускоренный рост объема данных Объем | Скорость | Разнообразие | Изменчивость GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Глубокое изучение машинных данных является самой перспективной, самой сложной, самой ценной областью развития
- 5. На что похожи машинные данные? Sources Order Processing Twitter Care IVR Middleware Error
- 6. Машинные данные содержат критическую информацию Customer ID Order ID Customer’s Tweet Time Waiting On Hold Twitter ID Product ID Company’s Twitter ID Customer IDOrder ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
- 7. Данные от разных систем приобретают новую ценность Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
- 8. 9 Сделать машинные данные доступным, удобными и ценными для каждого. Mission
- 9. Лидирующая платформа для Машинных Данных Machine Data: Любое расположение, тип и объем Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Ответ на любой вопрос! Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search
- 10. Лидирующая платформа для Машинных Данных Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search Любой объем, тип и источник Schema- on-the-fly Universal indexing No back-end RDBMS No need to filter data Machine Data: Любое расположение, тип и объем Ответ на любой вопрос!
- 11. Превращает данные в операционные знания Reactive Поиск и расследование Мониторинг и оповещение Операционная прозрачность Proactive Бизнес информация в реальном времени
- 12. IT Operations Management Industrial Data / Internet of Things Операционная информация всех направлений Digital Intelligence Business Analytics Application Management LOB Owners/ Executives System Administrator Operations Teams Security Analysts IT Executives Application Developers Auditors Website/Business Analysts Customer Support Security and Compliance
- 13. Splunk предоставляет возможности всей организации 14 Бизнес Аналитика Контроль приложений Безопасность & Соответствие нормамУправление IT Интернет- маркетинг
- 14. Новые стандарты Операционной информации Engine Platform 1 2 3 2006- 2008 Tool 2009- 2011 2012-2013 4 4.1 4.2 4.3 5 6 “Google for the datacenter” “Engine for machine-generated data” “Platform for operational intelligence”
- 15. Splunk Enterprise 6 дает возможности для специалистов всех уровней Упрощенное управление Интуитивно понятный поиск и навигация Инструменты для разработки Мощная аналитика Pivot Data Models Integrated Maps HPAS New Home Screen Enhanced Search Cluster Mgmt Forwarder Mgmt Dashboard Editor Web Framework
- 16. 17 Мощный инструмент поиска и расследований Найдете и решите любые проблемы невероятно быстро.
- 17. Универсальное индексирование и хранение Поисковый движок в реальном времени Возможности ядра Search Language Stats/ Analytics Alerts DashboardsReports Дополнительные приложения Application Management IT Operations Management Security Business Analytics Compliance Контроль доступа User Interface APIs SDK … … Платформа Splunk Сбор данных из источников Корреляционный поиск по множеству источников Real-time Schema-less Massive Horizontal Scale Correlation High Performance Real-Time Monitoring Data Drilldown Historical Analytics User-developed Splunk-developed Community, Partners Role-based Web-based Наглядный вывод / Оповещение / Измерение / Связка Доступ к данным/ Создание решений / Внешние связи Создайте свое решение или скачайте
- 18. Какие возможности решений на базе Splunk Enterprise Platform? Power Mobile Apps Log Directly Extract Data Customer Dashboards Integrate BI Tools Integrate Platform Services Developer Platform
- 19. Мощная платформа для разработки собственных решений REST API Web Framework Web Framework Ruby C# PHP Data Models Search Extensibility Modular Inputs SDKsSimple XML JavaScript Django Developers Can Customize and Extend
- 20. Сила приложений Splunk Более 500 доступны на сайте Splunk REST API XenApp XenDeskto p Server, Storage, Network Server Virtualization Operating Systems Infrastructure Applications Mobile Applications Cloud Services Other Monitoring Ticketing/Help Desk Custom Biz Applications SDKs Web Framework
- 21. Log Files IT Configurations Messages Alerts Metrics Scripts TicketsChanges Сервера поиска Сервера индексирования Форвардеры IT Infrastructure API’s Централизация данных в сложных ИТ-средах 22
- 22. Полный цикл обработки ИТ данных И многое другое. . . Безопасность & Комплаенс Управление ИТ инфраструктурой и операциями Управление приложениями
- 23. Copyright © 2012 Splunk, Inc. 24 Splunk и Cisco: готовый инструмент аналитики
- 24. Cisco Security Suite Сбор, хранение и поиск Cisco ASA Cisco WSA Cisco ESA Cisco ISE Cisco Sourcefire Визуализация данных и аналитика •Общая информационная модель •Сетевая безопасность •Web безопасность •E-mail безопасность •Контроль идентификации •Гибкая настройка аналитики •Импорт данных их Mars и его замена •Создания собственного решения на базе •Корреляция Cisco-данных с прочими источниками •Бесплатен до 500Мб/сутки
- 26. Copyright © 2012 Splunk, Inc. 27 Splunk для структурированных и не структурированных данных
- 27. Используйте в аналитике данные из СУБД Enrich search results with additional business context Easily import data into Splunk for deeper analysis Integrate multiple DBs concurrently Simple set-up, non-invasive and secure Приложение DB Connect позволяет производить надежную, масштабируемую интеграцию Splunk с традиционными СУБД в реальном времени Microsoft SQL Server JDBC Database Lookup Database Query Connection Pooling Other Databases Oracle Database Java Bridge Server 28
- 28. Hadoop и другие системы NoSQL предлагают простой способ хранения, но нет возможности аналитики: тяжело отобразить, анализировать, визуализировать Высокие требования квалификации: требуются месяцы работы над созданием конкретных аналитических решений Негибкие подходы: необходимо предопределять или програмировать схемы заданий MapReduce Hadoop (MapReduce & HDFS) YARN DataFu H i v e Mahout Pig Sqoop Ряд Open Source решений для аналитики и визуализации Azkaban Трудно получить от исходных данных необходимую аналитику NoSQL Data Stores
- 29. Надежная, двухсторонняя интеграция с Hadoop 30 Import Browse Export Splunk Hadoop Connect Splunk Hadoop Connect HA Indexes and Storage Commodity Servers Hadoop (MapReduce & HDFS) Report and analyze Custom dashboards Monitor and alert Ad hoc search
- 30. Интегрированная аналитическая платформа для различных хранилищ Полнофункциональный, интегрированный продукт Быстрый способ аналитики для всех Работает с данными как они есть Explore Visualize Dashboards ShareAnalyze Hadoop Clusters NoSQL and Other Data Stores Hadoop Client Libraries Streaming Resource Libraries
- 31. 32 • Situational awareness dashboards give custom views of risk per domain, asset, or identity • Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities • Analysis centers provide indicators of unknown threats from traffic abnormalities • Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity • Statistical outlier detection tools aid anomaly detection • Unified Threat Intelligence from many sources • Data inputs provided for NetFlow, logs, RDBMS, APIs, & more Enterprise Security Suite
- 32. Заказчики определяют назначение для Splunk 33
- 33. Proactive Security Monitoring and Forensics Central view user activity, systems Proactive threat assessment Cisco CSIRT Security Investigation Interface Incident trending detection and response
- 34. Operational Intelligence Across the Business Single ‘pane of glass’ across enterprise cloud computing environment Improved troubleshooting by 96% Improved application performance Better experience across 100,000+ customers
- 35. Measuring User Experience on a Wide Scale Weblog Traffic Data 750 million Web User Clickstreams 12 million monthly visits queries per month Maintain high performance Protect content against malicious bots Track traffic sources for advertisers
- 36. Monitor cell towers Detect major catastrophes Analyzing Insights as They Occur Correlate CDRs with tariffs Real-time visibility Heaviest users and abusersIdentify lowest cost routes
- 37. Security Compliance IT Ops App Mgmnt Crossing IT Silos to Prevent Fraud We use Splunk to Fast, automated fraud identification and remediation make Etsy A safer place to conduct business “ “ + - Nick Galbreath Director of Engineering
- 38. Real-time visibility into operational infrastructure Machine Data from end-to-end Service Delivery Systems 90% reduced escalations 67% faster problem resolution Driving Superior Customer Service
- 39. Reducing Your Power Bills With Splunk Central view energy use Correlate multiple building systems McKenney’s Business Intelligence for Buildings Optimize facility and asset spend
- 40. Открытые ресурсы Splunk 41 Онлайн сообщество разработчиков Приложения разработанные Splunk Пользователи и партнеры выкладывают свои Splunk- приложения разного масштаба Живой форум с поддержкой специалистов Пользователи спрашивают и делятся лучшим опытом Помощь в построении поисковых запросов и внедрении Splunk Online developer portal Provides SDKs and open APIs Connects developers to Splunk’s data processing pipeline, storage technology and management facilities 3,000+ уникальных посетителей в неделю dev.splunk.com 500+ приложений с удобным поиском и полной документацией, бесплатные и платные 35,000+ вопросов и 43,000+ ответов от поддержки Splunk и участников коммунити
- 41. Education Healthcare Technology Energy and Utilities Manufacturing Telecommunications Cloud and Online Services Government Retail Financial Services and Insurance Media Travel and Leisure Доказано в 7,900+ заказчиках в 100 странах Over 2/3 the Fortune 100
- 42. Спасибо! DEMO и вопросы Багиров Тимур, RRC
Editor's Notes
- Splunk now has more than 1,000 employees worldwide, with headquarters in San Francisco and 14 offices around the world. Since first shipping its software in 2006, Splunk now has over 7,900 customers in 100 countries. These organizations are using Splunk software to improve service levels, reduce operations costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings. Please always refer to latest company data found here: http://www.splunk.com/company.
- Splunk now has more than 1,000 employees worldwide, with headquarters in San Francisco and 14 offices around the world. Since first shipping its software in 2006, Splunk now has over 7,900 customers in 100 countries. These organizations are using Splunk software to improve service levels, reduce operations costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings. Please always refer to latest company data found here: http://www.splunk.com/company.
- In addition to having amazing customers, as you’ll be able to evaluate for yourself in a bit, we’ve been fortunate enough to receive some great industry attention recently. Fast Company named Splunk amongst the most innovative companies in the world—joining the company of Nike, Square, Amazon. Democratized Big Data—make data accessible to folks across organizations without having to be a data scientist. We never wanted to be a SIEM, but since people were using us that way.
- Data is growing and embodies new characteristics not found in traditional structured data: Volume, Velocity, Variety, Variability/Veracity. Machine data is one of the fastest, growing, most complex and most valuable segments of big data. All the webservers, applications, network devices – all of the technology infrastructure running an enterprise or organization – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner. Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience.
- Unlike traditional structured data or multi-dimensional data– for example data stored in a traditional relational database for batch reporting – machine data is non-standard, highly diverse, dynamic and high volume. You will notice that machine data events are also typically time-stamped – it is time-series data. Take the example of purchasing a product on your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data generated by the different systems supporting these different interactions. Each of the underlying systems can generate millions of machine data events daily. Here we see small excerpts from just some of them.
- When we look more closely at the data we see that it contains valuable information – customer id, order id, time waiting on hold, twitter id … what was tweeted. What’s important is first of all the ability to actually see across all these disparate data sources, but then to correlate related events across disparate sources, to deliver meaningful insight.
- If you can correlate and visualize related events across these disparate sources, you can build a picture of activity, behavior and experience. And what if you can do all of this in real-time? You can respond more quickly to events that matter. For example, if an organizations captured the customers twitter ID in their customer profile this correlation would be possible. Where that didn’t exist, they could at least group by demographic with the tweets. You can extrapolate this example to a wide range of use cases – security and fraud, transaction monitoring and analysis, web analytics, IT operations and so on.
- Машина данные невероятно ценный ресурс, но редко организаций получить значение им нужно от него. Существующие анализа данных, управления и мониторинга решений просто не созданы для этого типа данных. Возьмите Information Management. Хранилища данных и реляционных систем управления базами данных на основе жестких схем и предназначена для структурированной, последовательной данных. Они обеспечивают исторического анализа, но не в реальном времени видимость. Enterprise Search предназначен для человека генерируемые данные, такие как документы и веб-страницы. Эти данные сильно отличаются от машинных данных, которая имеет на порядок больше по масштабам и разнообразию. ИТ-инструментов управления и информационной безопасности и управления событиями с другой стороны, являются разрозненные и предназначены для одного уровня организации. Они обеспечивают узкий взгляд на базовые данные и проводной для конкретных типов данных и источников. Или они контролируют всей системы, с серьезных пробелов в данных, которые они собирают. Они также не дают никаких историческом контексте. Тот факт находит лучшего способа, чтобы сеять, отбирать и понять огромное количество машинных данных может изменить то, как ИТ-организациям управлять, защищать и аудит ИТ. Она также может предоставить ценную информацию для бизнес-тенденций и поведения своих клиентов и услуг. Мы называем это получение оперативной информации.
- Splunk is the leading platform for machine data analytics with over 6,000 organizations using Splunk (as of 9/1/13) – for data volumes ranging from tens of GBs to tens of TBs to over 100 TBs of data PER DAY. Splunk software reliably collects and indexes all the streaming data from IT systems, technology devices and the Internet of Things in real-time - tens of thousands of sources in unpredictable formats and types. Splunk software is optimized for real-time, low latency and interactivity. Organizations use Splunk software and their data the following ways: 1. Find and fix problems dramatically faster 2. Automatically monitor to identify issues, problems and attacks 3. Gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions 4. Gain real-time insight from operational data to make better-informed business decisions This is described as Operational Intelligence: visibility, insights and intelligence from operational data. Splunk Cloud is only available in the U.S. and Canada.
- Here's how using Splunk and your machine data can drive significant benefits for your organization. Search and investigation. Using Splunk, organizations identify and resolve issues up to 70% faster and reduce costly escalations by up to 90%. Splunk is one place to find and fix problems, and investigate incidents across all your IT systems and infrastructure. Proactive monitoring. Monitor IT systems in real time to identify issues, problems and attacks before they impact your customers, services and revenue. Splunk keeps watch of specific patterns, trends and thresholds in your machine data so you don't have to. Trigger notifications in real-time via email or RSS, execute a script to take remedial actions, send an SNMP trap to your system management console or generate a service desk ticket. Operational visibility. See the whole picture, track performance and make better decisions. Visualize usage trends to better plan for capacity; spot SLA infractions, track how you are being measured by the business. Do all of this using your existing machine data without spending millions of dollars instrumenting your IT infrastructure. Real-time business insight. Make better-informed business decisions by understanding trends, patterns and gaining Operational Intelligence from your machine data. See the success of new online services by channel or demographic, reconcile 3rd-party service provider fees against actual use, find your heaviest users and heaviest abusers, and more. Because machine data captures every behavior, the possibilities are game changing. You'll find the lead times to get to this intelligence dramatically less than other solutions - measured in minutes/hours instead of months.
- Both IT and business professionals can analyze machine data to get real-time visibility and operational intelligence. With our data engine and our customers' machine data, organizations can meaningfully improve their performance in a wide range of areas e.g. meet service levels, reduce costs, mitigate security risks, maintain compliance and gain insights.
- We typically start our relationship with a customer by solving a problem in one of their departments, such as the IT Ops team, the Applications group, or perhaps a security use case. Because Splunk is able to ingest data from all layers of the IT stack, the data that we use to diagnose a broken transaction or application is also useful to IT Ops for better visibility into their servers and networks, or to the Security department for analyzing malicious attacks – like Advanced Persistent Threats. That same information can be combined with click-stream data from customer purchases on the web to gain real time insights into the customer experience. Splunk starts in one department, and then spreads across the enterprise to solve other use cases. The insights gained from a unified view of customer actions, security events, and the performance of IT infrastructure is what we call operational intelligence.
- Splunk Enterprise is the industry leading software for machine data analytics and has been driving innovation and setting the standard for Operational Intelligence since 2006. In the beginning, we were first to introduce the paradigm of ‘search’ to IT – to troubleshoot IT operations and application management issues much faster than ever before and to find the proverbial “needle in the haystack”. When asking customers, they often referred to it as “google for the datacenter”. As the product evolved, Splunk 4 - the engine for machine data - introduced enterprise-class features – dashboards and apps, real-time search and alerts, universal collection and indexing, enterprise controls and map-reduce for horizontal scalability on commodity servers. And then in 2012 we introduced Splunk 5 – this release represented the evolution of Splunk as an Enterprise Platform for Operational Intelligence. It introduced breakthrough innovations and platform features that included: A new reporting architecture and transparent summarization technology delivering dramatically faster reports A new high availability architecture delivering enterprise-class scale and resilience, even while scaling on commodity servers and storage A robust developer API and SDKs available in mainstream programming languages to enable enterprise developers to leverage Splunk software Big data ecosystem integrations that included Splunk Hadoop Connect, Splunk DB Connect and the Splunk App for HadoopOps And continuing our strategy of delivering you the Platform for Operational Intelligence we introduce you to Splunk 6 - The most advanced version of Splunk software ever. Splunk 6 delivers new and powerful analytics features designed for broader use: non-technical and technical users alike. Splunk 6 is our most advanced version of Splunk software ever – the industry-leading machine data platform. Powerful Analytics: Splunk Enterprise 6 takes large-scale machine data analytics to the next level by introducing three breakthrough innovations: Pivot – opens up the power of analytics to non-technical users with an easy-to-use drag and drop interface to explore, manipulate and visualize data Data Model – defines meaningful relationships in underlying machine data and makes this data more useful to a broader base of users, in particular non-technical users Analytics Store – patent-pending technology that accelerates data models by delivering extremely high performance data retrieval for analytical processing, up to 1000x faster than Splunk Enterprise 5 The new Pivot interface, combined with Data Models and Analytics Store makes it dramatically easier for non-technical users and technical users alike to analyze and visualize data in Splunk. Now more users than ever are empowered by Splunk software to get insights from their machine data. Intuitive User Experience: Splunk Enterprise 6 includes powerful productivity features for users with a more intuitive user experience: The new Home Experience – gives users instant access to the data, apps and content they care about The Enhanced Search Experience – brings search and reporting together – so users can author rich – dynamic reports - build visualizations – tables – and custom searches – faster than ever before Simplified Management We’ve made Splunk Enterprise 6 easier to deploy, configure and manage – even as customers expand their Splunk Enterprise deployments to the multi-terabyte scale Simplified Cluster Management – deliver easier management of mission-critical Splunk software deployments providing everything the Splunk admin needs to monitor high availability on a centralized dashboard Forwarder Management – support big data scale with easy configuration and management of thousands of forwarders across multiple geographies Rich Developer Environment And now Splunk Enterprise 6 provides a more powerful developer environment with the integrated Web Framework. Developers can build custom Splunk Apps, customize dashboards, or add advanced functionality - using standard web technologies, such as JavaScript and Django. Splunk 6 represents a significant milestone in our mission to make machine data accessible, usable and valuable by everyone. Find out more at www.splunk.com/6
- Splunk Enterprise 6 delivered our fastest, most powerful analytics platform – putting insights from machine data into the hands of people that need it – Operational Intelligence for Everyone. Lets review a few of the key features that we released with Splunk Enterprise 6. With the PIVOT interface we delivered the ability for any user to rapidly analyze and visualize machine data, using simple drag and drop. Pivot introduced users to a whole new way of interacting with and analyzing data without needing to master the search processing language (SPL). Pivot is powered by Data Models – and Data Models make the underlying machine data more useful by describing meaningful relationships in the data. Data Models are accelerated using the High Performance Analytics Store. The High Performance Analytics Store represented a breakthrough innovation from Splunk that dramatically accelerated analytical operations across massive data sets by up to 1000x. With Splunk Enterprise 6, the ability to analyze machine data is available to everyone that needs it and at the speed that they need it. Splunk Enterprise 6 also includes powerful productivity features. The Home screen provides instant access to the data, apps and content you care about and the Enhanced Search interface brings search and reporting together – so you can author rich – dynamic reports, build visualizations, tables and custom searches. We made Splunk Enterprise 6 easier to manage. For mission critical deployments, Cluster Management provided a centralized dashboard to monitor your high availability environment and Forwarder Management, a centralized interface to easily configure and manage tens of thousands of forwarders. And finally, with the new Web Framework, Splunk Enterprise 6 provided the ability to build custom integrations, customize dashboards or add advanced functionality - using standard web technologies you already know.
- First and foremost, Splunk lets you search all your machine data from one place in real time and AT SCALE. Imagine searching billions of events in seconds. This capability alone delivers productivity to those in IT who keeps things running. Splunk radically reduces “human latency”, by removing the need to escalate to multiple teams, to forage around production systems to find the cause of a specific problem. The “in the trenches” scenario we went through earlier literally gets flattened to a single authorized user, performing a couple of searches with Splunk. We hear from customers that because of Splunk, MTTI is reduced by as much as 70% and escalations to tier 2 and 3 personnel are reduced by up to 90%. Splunk’s search language is at once familiar, yet powerful. As well as common search commands, it also supports statistical commands, Boolean operators, correlations and more.
- Let’s start at the bottom of the stack and work your way up… 2. … 3. And what we have on the top is a set of Apps developed on the platform that meet particular user requirements. 4. One of them is Enterprise Security Suite – an App implementing SIEM functionality.
- What have developers been building using Splunk Enterprise? Examples include the following: Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel) Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case) Log directly to Splunk from remote devices (Bosch use cases) Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases) Programmatically extract data from Splunk for long-term data warehousing We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
- BUILD SPLUNK APPS The Splunk Web Framework makes building a Splunk app looks and feels like building any modern web application. The Simple Dashboard Editor makes it easy to BUILD interactive dashboards and user workflows as well as add custom styling, behavior and visualizations. Simple XML is ideal for fast, lightweight app customization and building. Simple XML development requires minimal coding knowledge and is well-suited for Splunk power users in IT to get fast visualization and analytics from their machine data. Simple XML also lets the developer “escape” to HTML with one click to do more powerful customization and integration with JavaScript. Developers looking for more advanced functionality and capabilities can build Splunk apps from the ground up using popular, standards-based web technologies: JavaScript and Django. The Splunk Web Framework lets developers quickly create Splunk apps by using prebuilt components, styles, templates, and reusable samples as well as supporting the development of custom logic, interactions, components, and UI. Developers can choose to program their Splunk app using Simple XML, JavaScript or Django (or any combination thereof). EXTEND AND INTEGRATE SPLUNK Splunk Enterprise is a robust, fully-integrated platform that enables developers to INTEGRATE data and functionality from Splunk software into applications across the organization using Software Development Kits (SDKs) for Java, JavaScript, C#, Python, PHP and Ruby. These SDKs make it easier to code to the open REST API that sits on top of the Splunk Engine. With almost 200 endpoints, the REST API lets developers do programmatically what any end user can do in the UI and more. The Splunk SDKs include documentation, code samples, resources and tools to make it faster and more efficient to program against the Splunk REST API using constructs and syntax familiar to developers experienced with Java, Python, JavaScript, PHP, Ruby and C#. Developers can easily manage HTTP access, authentication and namespaces in just a few lines of code. Developers can use the Splunk SDKs to: - Run real-time searches and retrieve Splunk data from line-of-business systems like Customer Service applications - Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards - Build mobile applications with real-time KPI dashboards and alerts powered by Splunk - Log directly to Splunk from remote devices and applications via TCP, UDP and HTTP - Build customer-facing dashboards in your applications powered by user-specific data in Splunk - Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk - Programmatically extract data from Splunk for long-term data warehousing Developers can EXTEND the power of Splunk software with programmatic control over search commands, data sources and data enrichment. Splunk Enterprise offers search extensibility through: - Custom Search Commands - developers can add a custom search script (in Python) to Splunk to create own search commands. To build a search that runs recursively, developers need to make calls directly to the REST API - Scripted Lookups: developers can programmatically script lookups via Python. - Scripted Alerts: can trigger a shell script or batch file (we provide guidance for Python and PERL). - Search Macros: make chunks of a search reuseable in multiple places, including saved and ad hoc searches. Splunk also provides developers with other mechanisms to extend the power of the platform. - Data Models: allow developers to abstract away the search language syntax, making Splunk queries (and thus, functionality) more manageable and portable/shareable. - Modular Inputs: allow developers to extend Splunk to programmatically manage custom data input functionality via REST.
- Here are just some of the new Splunk Apps that have been delivered over the past year. Their goal is to make it easier to use Splunk for specific technologies and use cases – prepackaging inputs, field extractions, searches and visualizations. Highlight a few apps. These apps along with 100’s of others have been developed not only by Splunk but by partners, customers and members of the Splunk community.
- Поиск главами теперь могут одни и те же приложения и пользовательских конфигураций, а также координировать планирование поиски. Это позволяет в течение одного логического пула поиск возглавляющий для обслуживания большого числа пользователей с минимальным временем простоя должно поиска голове становятся недоступными. Универсальный Экспедитор отправляет данные на Splunk? От удаленных систем Использует минимальные системные ресурсы, проста в установке и развертывании Обеспечивает безопасную, распределенной в режиме реального времени универсальный сбор данных для десятков тысяч конечных точек
- Splunk DB Connect delivers reliable, scalable, real-time integration between Splunk Enterprise and traditional relational databases. With Splunk DB Connect, structured data from relational databases can be easily integrated into Splunk Enterprise, driving deeper levels of operational intelligence and richer business analytics across the organization. Organizations can drive more meaningful insights for IT operations, security and business users. For example, IT operations teams can track performance, outage and usage by department, location and business entities. Security professionals can correlate machine data with critical assets and watch-lists for: incident investigations, real-time correlations and advanced threat detection using the award-winning Splunk Enterprise. Business users can analyze service levels and user experience by customer in real-time to make more informed decisions.
- Working with Hadoop distribution vendors or Apache downloads, customers have sorted out how to set up Hadoop Distributed File System (HDFS) clusters and transfer data into the cluster via Cloudera-developed Flume, Facebook-developed Scribe, Sqoop for data from relational databases, or other data transfer tools. Likewise, customer have stored out how to set up and store data in NoSQL customers. Where customers face significant hurdles is how to explore, analyze and visualize data in these data stores. There are well known and significant challenges deploying and getting value out of data in Hadoop: 20X amount of services relative to software – according to Gartner Getting any kind of analytics out of the data requires rare, specialized skillsets Do it yourself open source analytics consists of multiple projects and projects that need integration So how do you get value out of data that – as some of our customers put it – is TO BIG TO MOVE or “TBTM”? Example Open Source Projects: Mahout: Library of machine learning algorithms for Hadoop Sqoop: Data transport engine for integrating Hadoop with relational databases YARN: The next generation of MapReduce framework Pig: High-level data flow language for processing data stored in Hadoop DataFu: Library of User Defined Functions (UDFs) for Apache Pig Hive: Metadata repository with SQL-like interface and ODBC/JDBC drivers for connecting BI applications to Hadoop Azkaban: Job scheduler used at LinkedIn
- To address some of the challenges, we released Splunk Hadoop Connect in October last year. This enables bi-directional integration - users can browse and move data into Splunk and act on it. And since launch we’ve seen nearly 1,000 downloads! (as of June 2013).
- Hunk offers Full-featured Analytics in an Integrated Platform Explore, analyze and visualize data, create dashboards and share reports from one integrated platform. Hunk enables everyone in your organization to unlock the business value of data locked in Hadoop Hunk integrates the processes of data exploration, analysis and visualization into a single, fluid user experience designed to drive rapid insights from your big data in Hadoop. Enable powerful analytics for everyone with Splunk’s Data Models and the Pivot interface, first released in Splunk Enterprise 6. And Hunk works with what you have today Hunk works on Apache Hadoop and most major distributions, including those from Cloudera, Hortonworks, IBM, MapR and Pivotal, with support for both first-generation MapReduce and YARN (Yet Another Resource Negotiator, the technical acronym for 2nd generation MapReduce). Preview results and interactively search across one or more Hadoop clusters, including from different distribution vendors. Use the ODBC driver for saved searches with report acceleration to feed data from Hunk to third-party data visualization tools or business intelligence software. Streaming Resource Libraries enables developers to stream data from NoSQL and other data stores, such as Apache Accumulo, Apache Cassandra, Couchbase, MongoDB and Neo4j, for exploration, analysis and visualization in Hunk.
- Problem: Cisco is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Cisco’s internal CSIRT Security and Incident Response team found it too costly and time-consuming monitoring and tracking security incidents across 40K employee. They were struggling with dozens of consoles for disparate devices, tools and security systems with no easy way to correlate among the. Solution: They wanted a centralized view into user activities and in-scope systems. Benefit: Splunk helped by enabling proactive threat assessment, mitigation planning, incident trending with analysis, security architecture, incident detection and response.
- With more than 100,000 customers, salesforce.com is leading the shift to the social enterprise. Salesforce found that they had limited visibility and slow response to inbound customer calls. The support team relied on a legacy log mining system that took hours to run queries. With Splunk, Salesforce indexes more than 1TB per day across multiple datacenters from the entire cloud stack - including application servers, web servers and email servers. With Splunk Salesforce has decreased the time to troubleshoot support issues by more than 90%. They have now expanded their usage, including capacity planning, and the product managers for Chatter are analyzing customer patterns to improve the user experience.
- Big data drives high performance for Cars.com! As a website for car shoppers to find, learn about, and purchase vehicles, Cars.com earns fees on car sales along with revenue from banner advertising surrounding content on thousands of cars, trucks, SUVs, and vans from all major manufacturers. With a fast user interface, shoppers spend more time on the site and, thus, are more likely to buy vehicles and click on banner ads. Cars.com's application management team has three key goals for its website: maintaining high performance, protecting content, and tracking traffic sources for advertisers. Behind the scenes, bot and spider traffic is a persistent menace that degrades website performance. Some malicious bots also scrape content such as vehicle listings for use by spammers on fake sites to lure unsuspecting consumers into giving up personal details.
- Optimal call routes difficult to track or understand. Manual mediation of tariff information was a 3 month+ exercise – often without desired results. Lowest-cost routes: Splunk ingests TBs of CDR data and combines with tariff database to deliver an accurate view of intercarrier charges. Abuse: Monitoring data usage for anomalous patterns highlights terms of service abusers. E.g. a fixed price residential user running a business from their $40 eat-as-much-as-you-want tariff plan. Detect catastrophes: monitoring the various measures for call completion enables telecoms companies to detect for major catastrophes before news stations do. E.g. Answer Seize Ratio (traditional) and for IP networks, looking for bad Session Establishment Ratio. Whenever these figures fall drastically below the baseline, this is an important signal.
- Etsy is an e-commerce website focused on handmade or vintage items, as well as art and craft supplies. These items cover a wide range, including art, photography, clothing, jewelry, food, bath and beauty products, quilts, knick-knacks, and toys. Many sellers also sell craft supplies such as beads, wire and jewelry-making tools. Challenge: Needed faster way to identify fraud and account takeovers Enter Splunk: Fast, automated fraud identification and remediation Use Splunk for: Sample patterns of possible fraud Automatically lock accounts that appear to be compromised Weave Splunk data into customer service tools so CSRs can also see indicators of fraud Use Splunk for fraud, security, compliance, IT Ops, and app mgmt
- Gaining real-time visibility across your operational infrastructure is incredibly powerful. Vodafone operating companies for example use Splunk and by delivering visibility to their customer service team, were able to dramatically improve first call resolution times by reducing escalations by 90% and delivering nearly 70% faster problem resolution. A number of Vodafone operating companies use Splunk for end-to-end visibility of value-added services they offer over their 3G network. Consolidate logs from disparate systems into a single view, providing visibility across end-to-end service delivery from one place - time to problem resolution dropped by 67% Tier 1 support personnel can do iterative searches across all their IT data to investigate, identify, and fix the specific source of a problem – escalations reduced by 90 percent Role-based secure access to logs via Splunk ensures SOX compliance Vodafone has been a successful user of Splunk realizing significant material benefits. They have also moved to a proactive phase with Splunk, using it to monitor IT data such as threshold levels for specific systems, and fixing issues before they become visible to their customers.
- Problem: Cisco is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Cisco’s internal CSIRT Security and Incident Response team found it too costly and time-consuming monitoring and tracking security incidents across 40K employee. They were struggling with dozens of consoles for disparate devices, tools and security systems with no easy way to correlate among the. Solution: They wanted a centralized view into user activities and in-scope systems. Benefit: Splunk helped by enabling proactive threat assessment, mitigation planning, incident trending with analysis, security architecture, incident detection and response.
- Splunk invests heavily to support our community, both online and offline. The Spunk community is very pro-active in supporting Splunk and other users and partners. Splunkbase is the portal where our customers and partners publish their apps for use by the community. SplunkAnswers is our online community forum where customers help other customers and share best practices. Dev.splunk.com is our on-line developer portal where we publish our SDKs, APIs and provide support to our developer community. We are fortunate to have such an active and engaged customer community, and it is very much a part of our culture.
- More than 7,900 customers in 100 countries have purchased the enterprise license of Splunk. This includes a majority of the Fortune 100. Enterprises, service providers and government agencies in 90+ countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility. As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.