2. CIO Obstacle: Escalating IT Complexity
SERVERS STORAGE NETWORKING
VIRTUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
Identity
VPN
IP Phone
HR
Email
Finance
App Svr
DB
Web Svr SaaS/PaaS
IaaS
3. CIO Obstacle: Escalating IT Complexity
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTURE
APPLICATIONS
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
Identity
VPN
IP Phone
HR
Email
Finance
App Svr
DB
Web Svr SaaS/PaaS
IaaS
Complex, silo-based
technologies
Disconnected and outdated point
solutions
Over 70% of time spent on
maintaining, not innovating
5. From Days to Minutes With Splunk
“First
Responder”
2012-12-05 07:04:44 Id=Rd910EAJ City=New York Email.jdoe@gmail.com
product_id=product_i BD-
66.57.19.112 ..[05/Dec/2012 07:05:22:152]”GET /card.do?action=addtocart
&itemid=K9
[1208/12 02:39:03:209 UTC] 000000c6 ConnectionEve A J2CA00561:
ConnectionExeception:[IBM][CLI Driver] SQL1224N
Report and
analyze
Custom
dashboards
Monitor
and alert
Ad hoc
search
2012-12-05 07:04:44 Id=Rd910EAJ
City=New York Email.jdoe@gmail.com
product_id=product_i BD-
66.57.19.112 ..[05/Dec/2012
07:05:22:152]”GET
/card.do?action=addtocart
&itemid=K9
[1208/12 02:39:03:209 UTC]
000000c6 ConnectionEve A
J2CA00561:
ConnectionExeception:[IBM][CLI
Driver] SQL1224N
Outage
Occurs
6. “Splunk reduced our
escalations by 90% and our
problem resolution time by
67%.
“Escalations reduced by 90% and MTTR dropped by 67%”
Splunk at Service Desk: Vodafone
Paulo Carvalho
Director Operations
Theoldway:DisparateITsilos impactCustomerService
• Manuallyintensive,error-proneprocessesresultinconstantescalationsandlongdelays
• Expensive,home-growntoolsforlogcollectionandanalysisdon’tprovidethecompletepicture
• Disconnectedsystemscreatetroubleinmeetingsecurityandcompliancemandates
Thenewway:Providecomprehensivevisibility andcontrol
✓ Asingle Tier 1support person can now perform iterative searches across alltheir IT data to
investigate, identify, and fixthe problem – escalations reduced by90percent
✓ Splunk consolidates logs from disparate systems into asingle view, providing visibility across end-
to-end service delivery from one place -time to problem resolution dropped by67%
✓ Role-based secure access to logs viaSplunk ensures SOX compliance
✓ Monitor IT data and find issues before they become visible to customers
7. Splunk : The Better Approach For IT
7
Customer
Facing Data
Outside the
Datacenter
Applications
Web logs
Log4J, JMS, JMX
.NET events
Code and scripts
Networking
Configurations
syslog
SNMP
netflow
Databases
Configurations
Audit/query
logs
Tables
Schemas
Virtualization
& Cloud
Hypervisor
Guest OS, Apps
Cloud
Linux/Unix
Configurations
syslog
File system
ps, iostat, top
Windows
Registry
Event logs
File system
sysinternals
Logfiles Configs Messages Traps
Alerts
Metrics Scripts TicketsChanges
Click-stream data
Shopping cart data
Online transaction data
Manufacturing,
logistics…
CDRs & IPDRs
Power consumption
RFID data
GPS data
Powerful, end-to-end, real-time platform for Machine Data
8. Splunk : The Better Approach For IT
8
Customer
Facing Data
Outside the
Datacenter
Applications
Web logs
Log4J, JMS, JMX
.NET events
Code and scripts
Networking
Configurations
syslog
SNMP
netflow
Databases
Configurations
Audit/query
logs
Tables
Schemas
Virtualization
& Cloud
Hypervisor
Guest OS, Apps
Cloud
Linux/Unix
Configuration
s
syslog
File system
ps, iostat, top
Windows
Registry
Event logs
File system
sysinternals
Logfiles Configs Messages Traps
Alerts
Metrics Scripts TicketsChanges
Click-stream data
Shopping cart data
Online transaction data
Manufacturing,
logistics…
CDRs & IPDRs
Power consumption
RFID data
GPS data
Powerful, end-to-end, real-time platform for Machine Data
Noupfrontschema
Nocustomconnectors
NoRDBMS
•Any amount, any location, any source.
11. Reduce Costs: Consolidate tools, eliminate silos, find root cause faster!
Exchange
Admin
Linux/Win
Admin
Network Admin
Applications
Admin
Line of
Business User
Application
Support
VMware/Linux/
Win Admin
Security
Admin
Storage Admin IT
Management
Welcome to SplunkLive [City].
Thank you for taking the time to attend today’s event.
Company Background:
Vodafone Group Plc is the world's leading mobile telecommunications company, providing a wide range of services including voice and data communications. Paulo Carvalho works in Vodafone's DSSL group supports Vodafone live! Which includes popular mobile video, news, music and other services. Paulo is the Services Network Manager at Vodafone Portugal and is responsible for all services on top of GSM Network, MMS, SMS, Voice Mail, Unified Messaging, streaming, Mobile Portal, VAS Services, Prepaid Services.
Other Notes:
Vodafone uses Splunk for application troubleshooting and management of services they offer over their 3G network. The environment is complex, with many services being offered, running on many platforms and servers - Solaris, Redhat Linux and introducing virtualized environments. They also have a huge Java and J2EE infrastructure and often need to search quickly for errors or exceptions occurring within the last sixty minutes.
Vodafone has been a successful user of Splunk realizing significant material benefits. They have also moved to a proactive phase with Splunk, using it to monitor IT data such as threshold levels for specific systems, and fixing issues before they become visible to their customers.
So how does Splunk help? We offer a powerful, end-to-end, real-time platform for Machine Data. Splunk can collect data from any source, giving our customers real-time visibility and intelligence into what’s happening across the IT infrastructure – whether it’s physical, virtual or in the cloud.
Splunk’s highly capable platform for machine data can handle any machine generated data from any location and any source – without the need to transform the data to fit a schema, without the need for custom connectors-because unlike most other tools on the market, Splunk does not have a database backend. Splunk’s proprietary map-reduce based high speed index and retrieval system allows management of very large quantities of data at scale with just commodity x86 servers.
Welcome to SplunkLive [City].
Thank you for taking the time to attend today’s event.
Remember we said before, that Splunk is a “platform” for machine data? Splunk has evolved over the years from an engine for any kind of machine data to a robust platform, complete with a REST API, 6 different SDKs and numerous “apps” that sit on top of Splunk and provide out of the box value from your data. These “apps” are available on Splunkbase and they accelerate getting g data into Splunk and getting pre-built visualizations for that data. Note that these apps are not like connectors because they don’t lock away the data in a silo or restrict its usage to particular sets of views – the data is in Splunk and can be used side by side with any other data in Splun k. You can move dashboards and key indicators across apps or customize them in any way you want. Apps make it faster to get value out of your data and several key apps provide new visibility into areas that were formerly “black box” in the infrastructure – such as the virtualization apps.
We also recently introduced the 2 new offerings – one to collect wire data, with the Splunk App for Stream (stemming from the acquisition of Cloudmeter) and MINT (Mobile Intelligence) that stems from our acquisition of Bugsense. The Splunk App for Stream enables the capture of real-time streaming wire data, which is the data transmitted between applications over the network. It enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business.
And Splunk MINT helps you gain visibility into mobile app performance and quality, so you can deliver better mobile apps
Splunk MINT helps you combine and correlate mobile app data with other data in Splunk so you can pinpoint problems faster and analyze user experience/behavior across mobile, desktop and web channels.
The main value from the apps is providing context for data from silos and making it available inside Splunk for correlation with other data from other silos.
In addition to prebuilt apps, customers can also build their own.
What have developers been building using Splunk Enterprise? Examples include the following:
Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case)
Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)
Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)
Log directly to Splunk from remote devices (Bosch use cases)
Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)
Programmatically extract data from Splunk for long-term data warehousing
We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
Welcome to SplunkLive [City].
Thank you for taking the time to attend today’s event.
That brings us to Splunk IT Service Intelligence – a packaged solution that enables real-time visibility into services driven by machine data.
Splunk ITSI speeds and simplifies service monitoring and analytics and enables IT to make better, smarter and informed business decisions.
This solution allows you to gain a deep understanding of your services. With Splunk ITSI, you have real-time views into the health of your services, and can use advanced analytics to find patterns, detect anomalies and trends to proactively monitor and address issues.
As a result you have improved service visibility, reduced resolution times, and a transformative approach to monitoring and analytics driven by machine-data.