Copyright	©	2016	Splunk	Inc.
Getting	Started	with	
Splunk	Enterprise
Kelly	Kitagawa
Splunk	Sales	Engineer
kkitagawa@splunk...
2
Agenda
1. Splunk Overview
2. Using	Splunk	(Live	Demonstration/Walkthrough)
3. Splunk	Deployment	Architecture
4. Splunk	C...
3
What	is	machine	data?
Challenges: Volume | Velocity | Variety | Variability
GPS,
RFID,
Hypervisor,
Web	Servers,
Email,	M...
4
What	Does	Machine	Data	Look	Like?
Sources
Order	Processing
Twitter
Care	IVR
Middleware	
Error
5
Machine	Data	Contains	Critical	Insights
Customer	ID Order	ID
Customer’s	Tweet	
Time	Waiting	On	Hold
Twitter	ID
Product	I...
6
Splunk	Unlocks	Critical	Insights
Order	ID
Customer’s	Tweet	
Time	Waiting	On	Hold
Product	ID
Company’s	Twitter	ID
Order	I...
7
THE	Industry	Leading	Platform	For	Machine	Data
Machine	Data:	Any	Location,	Type,	Volume
Online	
Services Web	
Services
S...
8
The	Splunk	Portfolio
Platform	for	Operational	Intelligence
Rich	Ecosystem	of
Apps	&	Add-Ons
Splunk	Premium
Solutions
Mai...
Installing	&	Using	
Splunk	
(Live	Demonstration	&	
Walkthrough)
10
What	We	Are	Going	to	Cover
Installing	&	Onboard	Data
Searching
top
rare
timechart
stats
iplocation
Dashboards	
Alerting...
11
1. Download	Splunk	Enterprise		
https://www.splunk.com/en_us/download-21.html
– Or	Google	“Splunk	download”	->	Download...
12
Start	Splunk	from	bin	directory	
Log	into	Splunk – http://127.0.0.1:8000
– username=admin	password=changeme
Add	the	tut...
Let’s	get	our	hands	dirty!
14
Searches	Used
• index=buttercupgames status=4*
• index=buttercupgames status!=200	|	top limit=20	status
• index=butterc...
15
Searches	Used	Cont’d
• index=buttercupgames status=200	|	iplocation clientip
|	geostats count	by	City
• index=buttercup...
Deployments	&	
Architecture
17
Single	Instance	or	Distributed?
Single	environment Distributed	Environment
Recommended	Specs:
6X2	Core	CPUs/12GB	RAM/80...
18
Scales	to	Hundreds	of	TBs/Day
Enterprise-class	Scale,	Resilience	and	Interoperability
Collect	machine	data	from	thousan...
19
Scalability	&	High	Availability
Forwarders	load	balance	across	
Indexers
Indexed	data	can	be	replicated	across	
peers	a...
20
Over	1,200	Apps	@	http://splunkbase.splunk.com
2
21
Time	to	start	SPLUNKING!!!
• Documentation
– http://www.splunk.com/base/Documentation
• Technical	Support	
– http://www...
2
Thank	You!
Copyright	©	2015	Splunk	Inc.
• 5,000+	IT	and	Business	Professionals
• 175+	Sessions	
• 80+	Customer	Speakers
PLUS	Splunk U...
Nächste SlideShare
Wird geladen in …5
×

Getting Started with Splunk Hands-on

195 Aufrufe

Veröffentlicht am

Getting Started with Splunk Hands-on

Veröffentlicht in: Technologie
0 Kommentare
1 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

Keine Downloads
Aufrufe
Aufrufe insgesamt
195
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
1
Aktionen
Geteilt
0
Downloads
19
Kommentare
0
Gefällt mir
1
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

Getting Started with Splunk Hands-on

  1. 1. Copyright © 2016 Splunk Inc. Getting Started with Splunk Enterprise Kelly Kitagawa Splunk Sales Engineer kkitagawa@splunk.com Bruce Penn Splunk Sr. Sales Engineer bpenn@splunk.com
  2. 2. 2 Agenda 1. Splunk Overview 2. Using Splunk (Live Demonstration/Walkthrough) 3. Splunk Deployment Architecture 4. Splunk Communities 5. Q&A
  3. 3. 3 What is machine data? Challenges: Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops 3 Splunk’s Mission: Making machine data accessible, usable and valuable to everyone.
  4. 4. 4 What Does Machine Data Look Like? Sources Order Processing Twitter Care IVR Middleware Error
  5. 5. 5 Machine Data Contains Critical Insights Customer ID Order ID Customer’s Tweet Time Waiting On Hold Twitter ID Product ID Company’s Twitter ID Customer ID Order ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
  6. 6. 6 Splunk Unlocks Critical Insights Order ID Customer’s Tweet Time Waiting On Hold Product ID Company’s Twitter ID Order ID Customer ID Twitter ID Customer ID Customer ID Sources Order Processing Twitter Care IVR Middleware Error
  7. 7. 7 THE Industry Leading Platform For Machine Data Machine Data: Any Location, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Answer Any Question Developer Platform Report and analyze Custom dashboards Monitor and alert Ad hoc search No backend database Schema-on-the-fly No need to filter data Fast time to value Agile reporting and analytics Real-time architecture
  8. 8. 8 The Splunk Portfolio Platform for Operational Intelligence Rich Ecosystem of Apps & Add-Ons Splunk Premium Solutions Mainframe Data Relational Databases MobileForwarders Syslog/TCP IoT Devices Network Wire Data Hadoop Packet Analysis (Wire Data) - App Response Time - Detect unauthorized access Mobile Application Performance Management (APM) - App Crashes - User Experience Place Splunk search & analytics on top of Hadoop/noSQL cluster Import & Correlate external DB data - 3rd party tools - Enrich data already in Splunk
  9. 9. Installing & Using Splunk (Live Demonstration & Walkthrough)
  10. 10. 10 What We Are Going to Cover Installing & Onboard Data Searching top rare timechart stats iplocation Dashboards Alerting 1. 2. 3. 4.
  11. 11. 11 1. Download Splunk Enterprise https://www.splunk.com/en_us/download-21.html – Or Google “Splunk download” -> Download Splunk Enterprise 2. Download Splunk Tutorial Data – tutorialdata.zip http://docs.splunk.com/images/Tutorial/tutorialdata.zip – Or Google “Splunk tutorial data” -> Load the tutorial data Downloading Splunk Enterprise + Tutorial Data
  12. 12. 12 Start Splunk from bin directory Log into Splunk – http://127.0.0.1:8000 – username=admin password=changeme Add the tutorialdata.zip into to Splunk – Click Settings – Click Add Data – Click Upload files from my computer. – Drag and drop your sample data zip file. – Review and Finish. Getting Data into Splunk We will import sample web ecommerce store events
  13. 13. Let’s get our hands dirty!
  14. 14. 14 Searches Used • index=buttercupgames status=4* • index=buttercupgames status!=200 | top limit=20 status • index=buttercupgames status !=200 | timechart count • index=buttercupgames status!=200 | stats count by status | where count > 700 • index=buttercupgames status!=200 | stats count sparkline by uri_path
  15. 15. 15 Searches Used Cont’d • index=buttercupgames status=200 | iplocation clientip | geostats count by City • index=buttercupgames action=purchase | stats count • index=buttercupgames action=purchase | timechart count | predict count as predictedCount Tip: Use the “| history” command to see previous searches used
  16. 16. Deployments & Architecture
  17. 17. 17 Single Instance or Distributed? Single environment Distributed Environment Recommended Specs: 6X2 Core CPUs/12GB RAM/800+ IOPs A Splunk install can be one or all roles… Forwarders Indexer Search Head
  18. 18. 18 Scales to Hundreds of TBs/Day Enterprise-class Scale, Resilience and Interoperability Collect machine data from thousands sources via Splunk forwarders Compress and store data on Splunk Indexers Initiate searches and visualize results via Search Heads Forwarders Indexer Search Head
  19. 19. 19 Scalability & High Availability Forwarders load balance across Indexers Indexed data can be replicated across peers and different physical sites Search Heads can be clustered to eliminate single point of failure and handle large search loads
  20. 20. 20 Over 1,200 Apps @ http://splunkbase.splunk.com 2
  21. 21. 21 Time to start SPLUNKING!!! • Documentation – http://www.splunk.com/base/Documentation • Technical Support – http://www.splunk.com/support • Videos – http://www.splunk.com/videos • Education – http://education.splunk.com • Community – http://answers.splunk.com • Splunk Book – http://splunkbook.com Where do I go for help?
  22. 22. 2 Thank You!
  23. 23. Copyright © 2015 Splunk Inc. • 5,000+ IT and Business Professionals • 175+ Sessions • 80+ Customer Speakers PLUS Splunk University • Three days: Sept 23-25, 2017 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM The 8th Annual Splunk Worldwide Users’ Conference

×