2. Компания
(NASDAQ: SPLK)
Business Model /
Products
Клиентов
7,900+
образована2004
Дата первого
релиза2006
HQ San Francisco
Лицензии на ПО
Продукт в
облаке
SaaS
2/3
100
из
Fortune 100
Самое крупное
внедрение:
Terabytes/день
Splunk
3. Достигнутое признание на рынке
Big Data
Innovator
2014 SIEM Magic Quadrant
LEADER
2012 Security Market Growth
#1 Worldwide
2012 IT Operations Market Growth
#3 Worldwide
Best SIEM North America
Best Enterprise
Security Solution EMEA
#1
Most
Innovative#4
4. Ускоренный рост объема данных
Объем | Скорость | Разнообразие | Изменчивость
GPS,
RFID,
Hypervisor,
Web Servers,
Email, Messaging,
Clickstreams, Mobile,
Telephony, IVR, Databases,
Sensors, Telematics, Storage,
Servers, Security Devices, Desktops
Глубокое изучение машинных
данных является самой
перспективной, самой сложной,
самой ценной областью развития
5. На что похожи машинные данные?
Sources
Order Processing
Twitter
Care IVR
Middleware
Error
6. Машинные данные содержат критическую информацию
Customer ID Order ID
Customer’s Tweet
Time Waiting On Hold
Twitter ID
Product ID
Company’s Twitter ID
Customer IDOrder ID
Customer ID
Sources
Order Processing
Twitter
Care IVR
Middleware
Error
7. Данные от разных систем приобретают новую ценность
Order ID
Customer’s Tweet
Time Waiting On Hold
Product ID
Company’s Twitter ID
Order ID
Customer ID
Twitter ID
Customer ID
Customer ID
Sources
Order Processing
Twitter
Care IVR
Middleware
Error
9. Лидирующая платформа для Машинных Данных
Machine Data: Любое расположение, тип и объем
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
On-
Premises
Private
Cloud
Public
Cloud
Platform Support (Apps / API / SDKs)
Enterprise Scalability
Universal Indexing
Ответ на любой вопрос!
Developer
Platform
Report and
analyze
Custom
dashboards
Monitor
and alert
Ad hoc
search
10. Лидирующая платформа для Машинных Данных
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
On-
Premises
Private
Cloud
Public
Cloud
Platform Support (Apps / API / SDKs)
Enterprise Scalability
Universal Indexing
Developer
Platform
Report and
analyze
Custom
dashboards
Monitor
and alert
Ad hoc
search
Любой объем, тип и источник
Schema-
on-the-fly
Universal
indexing
No
back-end
RDBMS
No need
to filter
data
Machine Data: Любое расположение, тип и объем Ответ на любой вопрос!
11. Превращает данные в операционные знания
Reactive
Поиск
и
расследование
Мониторинг
и
оповещение
Операционная
прозрачность
Proactive
Бизнес
информация
в реальном
времени
12. IT Operations Management Industrial Data / Internet of Things
Операционная информация всех направлений
Digital Intelligence
Business Analytics
Application Management
LOB Owners/
Executives
System
Administrator
Operations
Teams
Security
Analysts
IT
Executives
Application
Developers
Auditors
Website/Business
Analysts
Customer
Support
Security and Compliance
13. Splunk предоставляет возможности всей организации
14
Бизнес
Аналитика
Контроль
приложений
Безопасность
&
Соответствие нормамУправление
IT
Интернет-
маркетинг
14. Новые стандарты Операционной информации
Engine
Platform
1 2 3
2006-
2008
Tool
2009-
2011
2012-2013
4 4.1 4.2 4.3
5 6
“Google for the datacenter”
“Engine for machine-generated data”
“Platform for operational intelligence”
15. Splunk Enterprise 6 дает возможности
для специалистов всех уровней
Упрощенное
управление
Интуитивно
понятный поиск и
навигация
Инструменты для
разработки
Мощная
аналитика
Pivot
Data Models
Integrated Maps
HPAS
New Home Screen
Enhanced Search
Cluster Mgmt
Forwarder Mgmt
Dashboard Editor
Web Framework
17. Универсальное
индексирование и хранение
Поисковый движок в реальном
времени
Возможности ядра
Search
Language
Stats/
Analytics
Alerts DashboardsReports
Дополнительные приложения
Application
Management
IT Operations
Management
Security
Business
Analytics
Compliance
Контроль доступа
User Interface APIs SDK
… …
Платформа Splunk
Сбор данных из
источников
Корреляционный
поиск по
множеству
источников Real-time
Schema-less
Massive Horizontal Scale
Correlation
High Performance
Real-Time Monitoring
Data Drilldown
Historical Analytics
User-developed
Splunk-developed
Community, Partners
Role-based
Web-based
Наглядный вывод /
Оповещение /
Измерение / Связка
Доступ к данным/
Создание решений /
Внешние связи
Создайте свое решение
или скачайте
18. Какие возможности решений на базе
Splunk Enterprise Platform?
Power
Mobile
Apps
Log
Directly
Extract
Data
Customer
Dashboards
Integrate
BI Tools
Integrate
Platform
Services
Developer Platform
19. Мощная платформа для разработки собственных решений
REST API
Web Framework
Web
Framework
Ruby
C#
PHP
Data Models
Search Extensibility
Modular Inputs
SDKsSimple XML
JavaScript
Django
Developers Can Customize and Extend
20. Сила приложений Splunk
Более 500 доступны на сайте Splunk
REST API
XenApp
XenDeskto
p
Server, Storage,
Network
Server
Virtualization
Operating
Systems
Infrastructure
Applications
Mobile
Applications
Cloud Services
Other Monitoring
Ticketing/Help
Desk
Custom Biz
Applications
SDKs
Web Framework
21. Log Files IT
Configurations
Messages Alerts Metrics Scripts TicketsChanges
Сервера поиска
Сервера
индексирования
Форвардеры
IT Infrastructure
API’s
Централизация данных в сложных ИТ-средах
22
22. Полный цикл обработки ИТ данных
И многое другое. .
.
Безопасность &
Комплаенс
Управление ИТ
инфраструктурой и
операциями
Управление
приложениями
24. Cisco Security Suite
Сбор, хранение и поиск
Cisco ASA
Cisco WSA
Cisco ESA
Cisco ISE
Cisco Sourcefire
Визуализация данных и аналитика
•Общая информационная модель
•Сетевая безопасность
•Web безопасность
•E-mail безопасность
•Контроль идентификации
•Гибкая настройка аналитики
•Импорт данных их Mars и его замена
•Создания собственного решения на базе
•Корреляция Cisco-данных с прочими источниками
•Бесплатен до 500Мб/сутки
27. Используйте в аналитике данные из СУБД
Enrich search results with additional
business context
Easily import data into Splunk for deeper
analysis
Integrate multiple DBs concurrently
Simple set-up, non-invasive and secure
Приложение DB Connect позволяет
производить надежную,
масштабируемую интеграцию Splunk с
традиционными СУБД в реальном
времени
Microsoft SQL
Server
JDBC
Database
Lookup
Database
Query
Connection
Pooling
Other
Databases
Oracle
Database
Java Bridge Server
28
28. Hadoop и другие системы NoSQL
предлагают простой способ хранения,
но нет возможности аналитики:
тяжело отобразить, анализировать,
визуализировать
Высокие требования квалификации:
требуются месяцы работы над
созданием конкретных аналитических
решений
Негибкие подходы: необходимо
предопределять или програмировать
схемы заданий MapReduce
Hadoop
(MapReduce
& HDFS)
YARN
DataFu
H
i
v
e
Mahout Pig
Sqoop
Ряд Open Source решений для
аналитики и визуализации
Azkaban
Трудно получить от исходных данных
необходимую аналитику
NoSQL
Data
Stores
29. Надежная, двухсторонняя интеграция с Hadoop
30
Import
Browse
Export
Splunk Hadoop Connect
Splunk
Hadoop
Connect
HA Indexes
and Storage
Commodity
Servers
Hadoop
(MapReduce
& HDFS)
Report and
analyze
Custom
dashboards
Monitor
and alert
Ad hoc
search
30. Интегрированная аналитическая платформа для
различных хранилищ
Полнофункциональный,
интегрированный
продукт
Быстрый способ
аналитики для всех
Работает с данными как
они есть
Explore Visualize Dashboards ShareAnalyze
Hadoop Clusters NoSQL and Other Data Stores
Hadoop Client Libraries Streaming Resource Libraries
31. 32
• Situational awareness dashboards give custom
views of risk per domain, asset, or identity
• Incident Review provide analysis workflows that
reveal the priority of the incident, incident context,
and impact on assets and identities
• Analysis centers provide indicators of unknown
threats from traffic abnormalities
• Correlation tools enable monitoring for new
attackers by correlating new domain registration
with web activity
• Statistical outlier detection tools aid anomaly
detection
• Unified Threat Intelligence from many sources
• Data inputs provided for NetFlow, logs, RDBMS,
APIs, & more
Enterprise Security Suite
33. Proactive Security Monitoring
and Forensics
Central view
user activity, systems
Proactive
threat assessment
Cisco CSIRT Security Investigation Interface
Incident
trending detection
and response
34. Operational Intelligence
Across the Business
Single
‘pane of glass’
across enterprise
cloud computing
environment
Improved
troubleshooting by 96%
Improved
application performance
Better experience
across 100,000+ customers
35. Measuring User Experience
on a Wide Scale
Weblog
Traffic Data
750 million
Web User
Clickstreams
12 million
monthly visits queries per month
Maintain
high performance
Protect
content against malicious bots
Track
traffic sources for advertisers
37. Security
Compliance
IT Ops
App Mgmnt
Crossing IT Silos to Prevent Fraud
We use
Splunk to
Fast, automated
fraud identification
and remediation
make Etsy
A safer place
to conduct
business
“
“
+
- Nick Galbreath
Director of Engineering
38. Real-time visibility into operational infrastructure
Machine Data
from end-to-end
Service Delivery
Systems
90% reduced
escalations
67% faster
problem
resolution
Driving Superior Customer Service
39. Reducing Your Power Bills With
Splunk
Central view
energy use
Correlate
multiple building systems
McKenney’s Business Intelligence for Buildings
Optimize
facility and asset
spend
40. Открытые ресурсы Splunk
41
Онлайн сообщество
разработчиков
Приложения разработанные
Splunk
Пользователи и партнеры
выкладывают свои Splunk-
приложения разного масштаба
Живой форум с поддержкой
специалистов
Пользователи спрашивают и
делятся лучшим опытом
Помощь в построении поисковых
запросов и внедрении Splunk
Online developer portal
Provides SDKs and open APIs
Connects developers to Splunk’s data
processing pipeline, storage
technology and management
facilities
3,000+ уникальных
посетителей в неделю
dev.splunk.com
500+ приложений с
удобным поиском и
полной документацией,
бесплатные и платные
35,000+ вопросов и
43,000+ ответов
от поддержки Splunk
и участников коммунити
Splunk now has more than 1,000 employees worldwide, with headquarters in San Francisco and 14 offices around the world.
Since first shipping its software in 2006, Splunk now has over 7,900 customers in 100 countries. These organizations are using Splunk software to improve service levels, reduce operations costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings.
Please always refer to latest company data found here: http://www.splunk.com/company.
Splunk now has more than 1,000 employees worldwide, with headquarters in San Francisco and 14 offices around the world.
Since first shipping its software in 2006, Splunk now has over 7,900 customers in 100 countries. These organizations are using Splunk software to improve service levels, reduce operations costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings.
Please always refer to latest company data found here: http://www.splunk.com/company.
In addition to having amazing customers, as you’ll be able to evaluate for yourself in a bit, we’ve been fortunate enough to receive some great industry attention recently.
Fast Company named Splunk amongst the most innovative companies in the world—joining the company of Nike, Square, Amazon.
Democratized Big Data—make data accessible to folks across organizations without having to be a data scientist.
We never wanted to be a SIEM, but since people were using us that way.
Data is growing and embodies new characteristics not found in traditional structured data: Volume, Velocity, Variety, Variability/Veracity.
Machine data is one of the fastest, growing, most complex and most valuable segments of big data.
All the webservers, applications, network devices – all of the technology infrastructure running an enterprise or organization – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner.
Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience.
Unlike traditional structured data or multi-dimensional data– for example data stored in a traditional relational database for batch reporting – machine data is non-standard, highly diverse, dynamic and high volume. You will notice that machine data events are also typically time-stamped – it is time-series data.
Take the example of purchasing a product on your tablet or smartphone: the purchase transaction fails, you call the call center and then tweet about your experience. All these events are captured - as they occur - in the machine data generated by the different systems supporting these different interactions.
Each of the underlying systems can generate millions of machine data events daily. Here we see small excerpts from just some of them.
When we look more closely at the data we see that it contains valuable information – customer id, order id, time waiting on hold, twitter id … what was tweeted.
What’s important is first of all the ability to actually see across all these disparate data sources, but then to correlate related events across disparate sources, to deliver meaningful insight.
If you can correlate and visualize related events across these disparate sources, you can build a picture of activity, behavior and experience. And what if you can do all of this in real-time? You can respond more quickly to events that matter.
For example, if an organizations captured the customers twitter ID in their customer profile this correlation would be possible. Where that didn’t exist, they could at least group by demographic with the tweets.
You can extrapolate this example to a wide range of use cases – security and fraud, transaction monitoring and analysis, web analytics, IT operations and so on.
Машина данные невероятно ценный ресурс, но редко организаций получить значение им нужно от него. Существующие анализа данных, управления и мониторинга решений просто не созданы для этого типа данных.Возьмите Information Management. Хранилища данных и реляционных систем управления базами данных на основе жестких схем и предназначена для структурированной, последовательной данных. Они обеспечивают исторического анализа, но не в реальном времени видимость. Enterprise Search предназначен для человека генерируемые данные, такие как документы и веб-страницы. Эти данные сильно отличаются от машинных данных, которая имеет на порядок больше по масштабам и разнообразию.ИТ-инструментов управления и информационной безопасности и управления событиями с другой стороны, являются разрозненные и предназначены для одного уровня организации. Они обеспечивают узкий взгляд на базовые данные и проводной для конкретных типов данных и источников. Или они контролируют всей системы, с серьезных пробелов в данных, которые они собирают. Они также не дают никаких историческом контексте.Тот факт находит лучшего способа, чтобы сеять, отбирать и понять огромное количество машинных данных может изменить то, как ИТ-организациям управлять, защищать и аудит ИТ. Она также может предоставить ценную информацию для бизнес-тенденций и поведения своих клиентов и услуг.Мы называем это получение оперативной информации.
Splunk is the leading platform for machine data analytics with over 6,000 organizations using Splunk (as of 9/1/13) – for data volumes ranging from tens of GBs to tens of TBs to over 100 TBs of data PER DAY.
Splunk software reliably collects and indexes all the streaming data from IT systems, technology devices and the Internet of Things in real-time - tens of thousands of sources in unpredictable formats and types. Splunk software is optimized for real-time, low latency and interactivity.
Organizations use Splunk software and their data the following ways:
1. Find and fix problems dramatically faster
2. Automatically monitor to identify issues, problems and attacks
3. Gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions
4. Gain real-time insight from operational data to make better-informed business decisions
This is described as Operational Intelligence: visibility, insights and intelligence from operational data.
Splunk Cloud is only available in the U.S. and Canada.
Here's how using Splunk and your machine data can drive significant benefits for your organization.
Search and investigation. Using Splunk, organizations identify and resolve issues up to 70% faster and reduce costly escalations by up to 90%. Splunk is one place to find and fix problems, and investigate incidents across all your IT systems and infrastructure.
Proactive monitoring. Monitor IT systems in real time to identify issues, problems and attacks before they impact your customers, services and revenue. Splunk keeps watch of specific patterns, trends and thresholds in your machine data so you don't have to. Trigger notifications in real-time via email or RSS, execute a script to take remedial actions, send an SNMP trap to your system management console or generate a service desk ticket.
Operational visibility. See the whole picture, track performance and make better decisions. Visualize usage trends to better plan for capacity; spot SLA infractions, track how you are being measured by the business. Do all of this using your existing machine data without spending millions of dollars instrumenting your IT infrastructure.
Real-time business insight. Make better-informed business decisions by understanding trends, patterns and gaining Operational Intelligence from your machine data. See the success of new online services by channel or demographic, reconcile 3rd-party service provider fees against actual use, find your heaviest users and heaviest abusers, and more. Because machine data captures every behavior, the possibilities are game changing. You'll find the lead times to get to this intelligence dramatically less than other solutions - measured in minutes/hours instead of months.
Both IT and business professionals can analyze machine data to get real-time visibility and operational intelligence.
With our data engine and our customers' machine data, organizations can meaningfully improve their performance in a wide range of areas e.g. meet service levels, reduce costs, mitigate security risks, maintain compliance and gain insights.
We typically start our relationship with a customer by solving a problem in one of their departments, such as the IT Ops team, the Applications group, or perhaps a security use case.
Because Splunk is able to ingest data from all layers of the IT stack, the data that we use to diagnose a broken transaction or application is also useful to IT Ops for better visibility into their servers and networks, or to the Security department for analyzing malicious attacks – like Advanced Persistent Threats.
That same information can be combined with click-stream data from customer purchases on the web to gain real time insights into the customer experience.
Splunk starts in one department, and then spreads across the enterprise to solve other use cases. The insights gained from a unified view of customer actions, security events, and the performance of IT infrastructure is what we call operational intelligence.
Splunk Enterprise is the industry leading software for machine data analytics and has been driving innovation and setting the standard for Operational Intelligence since 2006.
In the beginning, we were first to introduce the paradigm of ‘search’ to IT – to troubleshoot IT operations and application management issues much faster than ever before and to find the proverbial “needle in the haystack”. When asking customers, they often referred to it as “google for the datacenter”.
As the product evolved, Splunk 4 - the engine for machine data - introduced enterprise-class features – dashboards and apps, real-time search and alerts, universal collection and indexing, enterprise controls and map-reduce for horizontal scalability on commodity servers.
And then in 2012 we introduced Splunk 5 – this release represented the evolution of Splunk as an Enterprise Platform for Operational Intelligence. It introduced breakthrough innovations and platform features that included:
A new reporting architecture and transparent summarization technology delivering dramatically faster reports
A new high availability architecture delivering enterprise-class scale and resilience, even while scaling on commodity servers and storage
A robust developer API and SDKs available in mainstream programming languages to enable enterprise developers to leverage Splunk software
Big data ecosystem integrations that included Splunk Hadoop Connect, Splunk DB Connect and the Splunk App for HadoopOps
And continuing our strategy of delivering you the Platform for Operational Intelligence we introduce you to Splunk 6 - The most advanced version of Splunk software ever.
Splunk 6 delivers new and powerful analytics features designed for broader use: non-technical and technical users alike. Splunk 6 is our most advanced version of Splunk software ever – the industry-leading machine data platform.
Powerful Analytics:
Splunk Enterprise 6 takes large-scale machine data analytics to the next level by introducing three breakthrough innovations:
Pivot – opens up the power of analytics to non-technical users with an easy-to-use drag and drop interface to explore, manipulate and visualize data
Data Model – defines meaningful relationships in underlying machine data and makes this data more useful to a broader base of users, in particular non-technical users
Analytics Store – patent-pending technology that accelerates data models by delivering extremely high performance data retrieval for analytical processing, up to 1000x faster than Splunk Enterprise 5
The new Pivot interface, combined with Data Models and Analytics Store makes it dramatically easier for non-technical users and technical users alike to analyze and visualize data in Splunk. Now more users than ever are empowered by Splunk software to get insights from their machine data.
Intuitive User Experience:
Splunk Enterprise 6 includes powerful productivity features for users with a more intuitive user experience:
The new Home Experience – gives users instant access to the data, apps and content they care about
The Enhanced Search Experience – brings search and reporting together – so users can author rich – dynamic reports - build visualizations – tables – and custom searches – faster than ever before
Simplified Management
We’ve made Splunk Enterprise 6 easier to deploy, configure and manage – even as customers expand their Splunk Enterprise deployments to the multi-terabyte scale
Simplified Cluster Management – deliver easier management of mission-critical Splunk software deployments providing everything the Splunk admin needs to monitor high availability on a centralized dashboard
Forwarder Management – support big data scale with easy configuration and management of thousands of forwarders across multiple geographies
Rich Developer Environment
And now Splunk Enterprise 6 provides a more powerful developer environment with the integrated Web Framework. Developers can build custom Splunk Apps, customize dashboards, or add advanced functionality - using standard web technologies, such as JavaScript and Django.
Splunk 6 represents a significant milestone in our mission to make machine data accessible, usable and valuable by everyone.
Find out more at www.splunk.com/6
Splunk Enterprise 6 delivered our fastest, most powerful analytics platform – putting insights from machine data into the hands of people that need it – Operational Intelligence for Everyone.
Lets review a few of the key features that we released with Splunk Enterprise 6.
With the PIVOT interface we delivered the ability for any user to rapidly analyze and visualize machine data, using simple drag and drop. Pivot introduced users to a whole new way of interacting with and analyzing data without needing to master the search processing language (SPL).
Pivot is powered by Data Models – and Data Models make the underlying machine data more useful by describing meaningful relationships in the data.
Data Models are accelerated using the High Performance Analytics Store. The High Performance Analytics Store represented a breakthrough innovation from Splunk that dramatically accelerated analytical operations across massive data sets by up to 1000x.
With Splunk Enterprise 6, the ability to analyze machine data is available to everyone that needs it and at the speed that they need it.
Splunk Enterprise 6 also includes powerful productivity features.
The Home screen provides instant access to the data, apps and content you care about and the Enhanced Search interface brings search and reporting together – so you can author rich – dynamic reports, build visualizations, tables and custom searches.
We made Splunk Enterprise 6 easier to manage.
For mission critical deployments, Cluster Management provided a centralized dashboard to monitor your high availability environment and Forwarder Management, a centralized interface to easily configure and manage tens of thousands of forwarders.
And finally, with the new Web Framework, Splunk Enterprise 6 provided the ability to build custom integrations, customize dashboards or add advanced functionality - using standard web technologies you already know.
First and foremost, Splunk lets you search all your machine data from one place in real time and AT SCALE.
Imagine searching billions of events in seconds. This capability alone delivers productivity to those in IT who keeps things running.
Splunk radically reduces “human latency”, by removing the need to escalate to multiple teams, to forage around production systems to find the cause of a specific problem. The “in the trenches” scenario we went through earlier literally gets flattened to a single authorized user, performing a couple of searches with Splunk. We hear from customers that because of Splunk, MTTI is reduced by as much as 70% and escalations to tier 2 and 3 personnel are reduced by up to 90%.
Splunk’s search language is at once familiar, yet powerful. As well as common search commands, it also supports statistical commands, Boolean operators, correlations and more.
Let’s start at the bottom of the stack and work your way up…
2. …
3. And what we have on the top is a set of Apps developed on the platform that meet particular user requirements.
4. One of them is Enterprise Security Suite – an App implementing SIEM functionality.
What have developers been building using Splunk Enterprise? Examples include the following:
Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case)
Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)
Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)
Log directly to Splunk from remote devices (Bosch use cases)
Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)
Programmatically extract data from Splunk for long-term data warehousing
We hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
BUILD SPLUNK APPS
The Splunk Web Framework makes building a Splunk app looks and feels like building any modern web application.
The Simple Dashboard Editor makes it easy to BUILD interactive dashboards and user workflows as well as add custom styling, behavior and visualizations. Simple XML is ideal for fast, lightweight app customization and building. Simple XML development requires minimal coding knowledge and is well-suited for Splunk power users in IT to get fast visualization and analytics from their machine data. Simple XML also lets the developer “escape” to HTML with one click to do more powerful customization and integration with JavaScript.
Developers looking for more advanced functionality and capabilities can build Splunk apps from the ground up using popular, standards-based web technologies: JavaScript and Django. The Splunk Web Framework lets developers quickly create Splunk apps by using prebuilt components, styles, templates, and reusable samples as well as supporting the development of custom logic, interactions, components, and UI. Developers can choose to program their Splunk app using Simple XML, JavaScript or Django (or any combination thereof).
EXTEND AND INTEGRATE SPLUNK
Splunk Enterprise is a robust, fully-integrated platform that enables developers to INTEGRATE data and functionality from Splunk software into applications across the organization using Software Development Kits (SDKs) for Java, JavaScript, C#, Python, PHP and Ruby. These SDKs make it easier to code to the open REST API that sits on top of the Splunk Engine. With almost 200 endpoints, the REST API lets developers do programmatically what any end user can do in the UI and more. The Splunk SDKs include documentation, code samples, resources and tools to make it faster and more efficient to program against the Splunk REST API using constructs and syntax familiar to developers experienced with Java, Python, JavaScript, PHP, Ruby and C#. Developers can easily manage HTTP access, authentication and namespaces in just a few lines of code.
Developers can use the Splunk SDKs to:
- Run real-time searches and retrieve Splunk data from line-of-business systems like Customer Service applications
- Integrate data and visualizations (charts, tables) from Splunk into BI tools and reporting dashboards
- Build mobile applications with real-time KPI dashboards and alerts powered by Splunk
- Log directly to Splunk from remote devices and applications via TCP, UDP and HTTP
- Build customer-facing dashboards in your applications powered by user-specific data in Splunk
- Manage a Splunk instance, including adding and removing users as well as creating data inputs from an application outside of Splunk
- Programmatically extract data from Splunk for long-term data warehousing
Developers can EXTEND the power of Splunk software with programmatic control over search commands, data sources and data enrichment.
Splunk Enterprise offers search extensibility through:
- Custom Search Commands - developers can add a custom search script (in Python) to Splunk to create own search commands. To build a search that runs recursively, developers need to make calls directly to the REST API
- Scripted Lookups: developers can programmatically script lookups via Python.
- Scripted Alerts: can trigger a shell script or batch file (we provide guidance for Python and PERL).
- Search Macros: make chunks of a search reuseable in multiple places, including saved and ad hoc searches.
Splunk also provides developers with other mechanisms to extend the power of the platform.
- Data Models: allow developers to abstract away the search language syntax, making Splunk queries (and thus, functionality) more manageable and portable/shareable.
- Modular Inputs: allow developers to extend Splunk to programmatically manage custom data input functionality via REST.
Here are just some of the new Splunk Apps that have been delivered over the past year.
Their goal is to make it easier to use Splunk for specific technologies and use cases – prepackaging inputs, field extractions, searches and visualizations.
Highlight a few apps.
These apps along with 100’s of others have been developed not only by Splunk but by partners, customers and members of the Splunk community.
Поиск главами теперь могут одни и те же приложения и пользовательских конфигураций, а также координировать планирование поиски.
Это позволяет в течение одного логического пула поиск возглавляющий для обслуживания большого числа пользователей с минимальным временем простоя должно поиска голове становятся недоступными.
Универсальный Экспедитор отправляет данные на Splunk? От удаленных систем
Использует минимальные системные ресурсы, проста в установке и развертывании
Обеспечивает безопасную, распределенной в режиме реального времени универсальный сбор данных для десятков тысяч конечных точек
Splunk DB Connect delivers reliable, scalable, real-time integration between Splunk Enterprise and traditional relational databases. With Splunk DB Connect, structured data from relational databases can be easily integrated into Splunk Enterprise, driving deeper levels of operational intelligence and richer business analytics across the organization.
Organizations can drive more meaningful insights for IT operations, security and business users. For example, IT operations teams can track performance, outage and usage by department, location and business entities. Security professionals can correlate machine data with critical assets and watch-lists for: incident investigations, real-time correlations and advanced threat detection using the award-winning Splunk Enterprise. Business users can analyze service levels and user experience by customer in real-time to make more informed decisions.
Working with Hadoop distribution vendors or Apache downloads, customers have sorted out how to set up Hadoop Distributed File System (HDFS) clusters and transfer data into the cluster via Cloudera-developed Flume, Facebook-developed Scribe, Sqoop for data from relational databases, or other data transfer tools. Likewise, customer have stored out how to set up and store data in NoSQL customers. Where customers face significant hurdles is how to explore, analyze and visualize data in these data stores.
There are well known and significant challenges deploying and getting value out of data in Hadoop:
20X amount of services relative to software – according to Gartner
Getting any kind of analytics out of the data requires rare, specialized skillsets
Do it yourself open source analytics consists of multiple projects and projects that need integration
So how do you get value out of data that – as some of our customers put it – is TO BIG TO MOVE or “TBTM”?
Example Open Source Projects:
Mahout: Library of machine learning algorithms for Hadoop
Sqoop: Data transport engine for integrating Hadoop with relational databases
YARN: The next generation of MapReduce framework
Pig: High-level data flow language for processing data stored in Hadoop
DataFu: Library of User Defined Functions (UDFs) for Apache Pig
Hive: Metadata repository with SQL-like interface and ODBC/JDBC drivers for connecting BI applications to Hadoop
Azkaban: Job scheduler used at LinkedIn
To address some of the challenges, we released Splunk Hadoop Connect in October last year. This enables bi-directional integration - users can browse and move data into Splunk and act on it. And since launch we’ve seen nearly 1,000 downloads! (as of June 2013).
Hunk offers Full-featured Analytics in an Integrated Platform
Explore, analyze and visualize data, create dashboards and share reports from one integrated platform.
Hunk enables everyone in your organization to unlock the business value of data locked in Hadoop
Hunk integrates the processes of data exploration, analysis and visualization into a single, fluid user experience designed to drive rapid insights from your big data in Hadoop. Enable powerful analytics for everyone with Splunk’s Data Models and the Pivot interface, first released in Splunk Enterprise 6.
And Hunk works with what you have today
Hunk works on Apache Hadoop and most major distributions, including those from Cloudera, Hortonworks, IBM, MapR and Pivotal, with support for both first-generation MapReduce and YARN (Yet Another Resource Negotiator, the technical acronym for 2nd generation MapReduce). Preview results and interactively search across one or more Hadoop clusters, including from different distribution vendors. Use the ODBC driver for saved searches with report acceleration to feed data from Hunk to third-party data visualization tools or business intelligence software. Streaming Resource Libraries enables developers to stream data from NoSQL and other data stores, such as Apache Accumulo, Apache Cassandra, Couchbase, MongoDB and Neo4j, for exploration, analysis and visualization in Hunk.
Problem: Cisco is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Cisco’s internal CSIRT Security and Incident Response team found it too costly and time-consuming monitoring and tracking security incidents across 40K employee. They were struggling with dozens of consoles for disparate devices, tools and security systems with no easy way to correlate among the.
Solution: They wanted a centralized view into user activities and in-scope systems.
Benefit: Splunk helped by enabling proactive threat assessment, mitigation planning, incident trending with analysis, security architecture, incident detection and response.
With more than 100,000 customers, salesforce.com is leading the shift to the social enterprise.
Salesforce found that they had limited visibility and slow response to inbound customer calls. The support team relied on a legacy log mining system that took hours to run queries.
With Splunk, Salesforce indexes more than 1TB per day across multiple datacenters from the entire cloud stack - including application servers, web servers and email servers.
With Splunk Salesforce has decreased the time to troubleshoot support issues by more than 90%.
They have now expanded their usage, including capacity planning, and the product managers for Chatter are analyzing customer patterns to improve the user experience.
Big data drives high performance for Cars.com!
As a website for car shoppers to find, learn about, and purchase vehicles, Cars.com earns fees on car sales along with revenue from banner advertising surrounding content on thousands of cars, trucks, SUVs, and vans from all major manufacturers. With a fast user interface, shoppers spend more time on the site and, thus, are more likely to buy vehicles and click on banner ads.
Cars.com's application management team has three key goals for its website: maintaining high performance, protecting content, and tracking traffic sources for advertisers. Behind the scenes, bot and spider traffic is a persistent menace that degrades website performance. Some malicious bots also scrape content such as vehicle listings for use by spammers on fake sites to lure unsuspecting consumers into giving up personal details.
Optimal call routes difficult to track or understand. Manual mediation of tariff information was a 3 month+ exercise – often without desired results.
Lowest-cost routes: Splunk ingests TBs of CDR data and combines with tariff database to deliver an accurate view of intercarrier charges.
Abuse: Monitoring data usage for anomalous patterns highlights terms of service abusers. E.g. a fixed price residential user running a business from their $40 eat-as-much-as-you-want tariff plan.
Detect catastrophes: monitoring the various measures for call completion enables telecoms companies to detect for major catastrophes before news stations do. E.g. Answer Seize Ratio (traditional) and for IP networks, looking for bad Session Establishment Ratio. Whenever these figures fall drastically below the baseline, this is an important signal.
Etsy is an e-commerce website focused on handmade or vintage items, as well as art and craft supplies. These items cover a wide range, including art, photography, clothing, jewelry, food, bath and beauty products, quilts, knick-knacks, and toys. Many sellers also sell craft supplies such as beads, wire and jewelry-making tools.
Challenge: Needed faster way to identify fraud and account takeovers
Enter Splunk: Fast, automated fraud identification and remediation
Use Splunk for:
Sample patterns of possible fraud
Automatically lock accounts that appear to be compromised
Weave Splunk data into customer service tools so CSRs can also see indicators of fraud
Use Splunk for fraud, security, compliance, IT Ops, and app mgmt
Gaining real-time visibility across your operational infrastructure is incredibly powerful. Vodafone operating companies for example use Splunk and by delivering visibility to their customer service team, were able to dramatically improve first call resolution times by reducing escalations by 90% and delivering nearly 70% faster problem resolution.
A number of Vodafone operating companies use Splunk for end-to-end visibility of value-added services they offer over their 3G network.
Consolidate logs from disparate systems into a single view, providing visibility across end-to-end service delivery from one place - time to problem resolution dropped by 67%
Tier 1 support personnel can do iterative searches across all their IT data to investigate, identify, and fix the specific source of a problem – escalations reduced by 90 percent
Role-based secure access to logs via Splunk ensures SOX compliance
Vodafone has been a successful user of Splunk realizing significant material benefits. They have also moved to a proactive phase with Splunk, using it to monitor IT data such as threshold levels for specific systems, and fixing issues before they become visible to their customers.
Problem: Cisco is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Cisco’s internal CSIRT Security and Incident Response team found it too costly and time-consuming monitoring and tracking security incidents across 40K employee. They were struggling with dozens of consoles for disparate devices, tools and security systems with no easy way to correlate among the.
Solution: They wanted a centralized view into user activities and in-scope systems.
Benefit: Splunk helped by enabling proactive threat assessment, mitigation planning, incident trending with analysis, security architecture, incident detection and response.
Splunk invests heavily to support our community, both online and offline. The Spunk community is very pro-active in supporting Splunk and other users and partners.
Splunkbase is the portal where our customers and partners publish their apps for use by the community.
SplunkAnswers is our online community forum where customers help other customers and share best practices.
Dev.splunk.com is our on-line developer portal where we publish our SDKs, APIs and provide support to our developer community.
We are fortunate to have such an active and engaged customer community, and it is very much a part of our culture.
More than 7,900 customers in 100 countries have purchased the enterprise license of Splunk. This includes a majority of the Fortune 100.
Enterprises, service providers and government agencies in 90+ countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks and drive new levels of operational visibility.
As they gain new visibility into their real-time and historical machine data, Splunk’s customers are finding answers and solving the most challenging issues facing IT and the business.