SlideShare ist ein Scribd-Unternehmen logo

Splunk app for stream

C
csching
1 von 23
Downloaden Sie, um offline zu lesen
Copyright  ©  2014  Splunk  Inc.   Splunk  App  for  Stream   August  12,  2014  
Agenda   •  Capture  101   •  Stream  Forwarder  Architecture   •  App  for  Stream  Architecture   •  Deployment  Architectures   2  
What  is  Wire  Data?   "   Machine  Data   "   Poly-­‐Structured   "   Record  of  the  CommunicaIon   between  Hosts   3   tcpdump  -­‐qns  0  -­‐A  -­‐r  blah.pcap          20:57:47.368107  IP  205.188.159.57.25  >  67.23.28.65.42385:  tcp  480                  0x0000:    4500  0214  834c  4000  3306  f649  cdbc  9f39    E....L@.3..I...9                  0x0010:    4317  1c41  0019  a591  50fe  18ca  9da0  4681    C..A....P.....F.                  0x0020:    8018  05a8  848f  0000  0101  080a  ffd4  9bb0    ................                  0x0030:    2e43  6bb9  3232  302d  726c  792d  6461  3033    .Ck.220-­‐rly-­‐da03                  0x0040:    2e6d  782e  616f  6c2e  636f  6d20  4553  4d54    .mx.aol.com.ESMT                  0x0050:    5020  6d61  696c  5f72  656c  6179  5f69  6e2d    P.mail_relay_in-­‐                  0x0060:    6461  3033  2e34  3b20  5468  752c  2030  3920    da03.4;.Thu,.09.                  0x0070:    4a75  6c20  3230  3039  2031  363a  3537  3a34    Jul.2009.16:57:4                  0x0080:    3720  2d30  3430  300d  0a32  3230  2d41  6d65    7.-­‐0400..220-­‐Ame                  0x0090:    7269  6361  204f  6e6c  696e  6520  2841  4f4c    rica.Online.(AOL                  0x00a0:    2920  616e  6420  6974  7320  6166  6669  6c69    ).and.its.affili                  0x00b0:    6174  6564  2063  6f6d  7061  6e69  6573  2064    ated.companies.d  
OSI  (conceptual)  Model   App  for  Stream:  collects  4  -­‐  7  layers   4  
5   Supported  Protocols  In  Splunk  App  for  Stream  v6.0   •  UDP   •  TCP   •  HTTP   •  IMAP   •  MySQL  (login/ cmd/query)   •  Oracle(TNS)   •  PostgresSQL   •  Sybase/SQL  Server   (TDS)     •  FTP   •  SMB   •  NFS   •  POP3   •  SMTP   •  LDAP/AD   •  SIP   •  DNS   •  DNCP   •  Radius   Linux  32-­‐bit/64-­‐bit  and  Mac  OSX  64-­‐Bit   Linux  only  
Why  Wire  Data?     6   •  Wire  data  compliments  Log  data   •  Wire  Data  can  contain  IT  and  business  informaIon  not   found  in  Log  data  and  vice  versa   •  Wire  Data  can  be  passively  gathered  without  any  impact  to   producIon  workloads  without  tagging,  embedded  code,  or   addiIonal  agents     •  Wire  Data  does  not  require  semanIc  logging  by  customer   or  byte-­‐code  instrumentaIon   •  Wire  Data  can  be  gathered  across  many  protocols  (SSH,   FTP,  SMTP,  IMAP/MAPI,  TDS,  MQTT,  etc.)   •  Can  be  A  LOT  of  data!   A"ribute   Log  Data   Network  Data   WIRE  DATA  /    LOG  DATA  FOR  HTTP  WEB  TRAFFIC  
What  is  available  from  the  Wire?   7   Performance  Metrics   Round  Trip  Time   Client  Request  Time   Server  Reply  Time   Server  Send  Time   Total  Time  Taken   Base  HTML  Load  Time   Page  Content  Load  Time   Total  Page  Load  Time   ApplicaGon  Data   POST  Content   AJAX  Data   SecIon   Sub-­‐SecIon   Page  Title   Session  Cookie   Proxied  IP  Address   Error  Message   Business  Data   Product  ID   Customer  ID   Shopping  Cart  ID   Cart  Items   Cart  Values   Discounts   Order  ID   Abandoned?  
Example  Customer  Use  Case   "   Customer  FrustraIon   –  DBA’s  refuse  to  provide  visibility  to  Log  events  (i.e.  SQL  Queries)  or  DB  performance   !  No  Splunk  Forwarder  on  SQL  hosts   –  Need  bemer  visibility  into  HTTP  traffic  for  security  purposes   !  Logs  from  Web  Servers  contains  some  but  not  all  data   "   SoluIon   –  Use  App  for  Stream  to  grab  data  off  the  wire   !   Out  of  Band  collecIon  to  get  SQL  performance  using  Stream  from  the  ApplicaIon  side   !  “Use  Splunk  as  an  IDS  to  see  strange  things  on  the  wire”   8  
TURN  WIRE  DATA   INTO  OPERATIONAL  INTELLIGENCE   CLOUD ON-PREMISES Splunk App for Stream (FREE)  
Copyright  ©  2014  Splunk  Inc.   Stream  Forwarder  
What  is  “Splunk  Stream  Add-­‐on?”   "   Technology  Add-­‐on  or  TA  (Splunk_TA_stream)   "   Provides  a  new  Data  Input  called  “Wire  Data”   –  passively  captures  traffic  using  a  modular  input   –  C++  executable  called  “Stream  Forwarder”  (streamfwd)   "   Captures  applicaIon  layer  (level  7)  amributes  for:   –  UDP,  TCP,  DHCP,  DNS,  FTP,  HTTP,  IMAP,  LDAP,  MySQL,  NFS,   POP3,  PostgreSQL,  SIP,  SMB,  SMTP,  TDS,  TNS,  and  more   "   AutomaIcally  decrypts  SSL/TLS  traffic  using  RSA  keys   11  
Stream  Forwarder  Architecture   12   Protocol   Decoder   Events  DecrypGon   Request/ Response   Network   Interface   (eth1)   Standard  Out   (To  Splunk  Forwarder)   Packets   Flows   Request/ Response   Request/ Response   Protocol   Decoder   Events  DecrypGon   Standard  Out   (To  Splunk  Forwarder)   Protocol   Decoder   Events  DecrypGon   Standard  Out   (To  Splunk  Forwarder)   Network   Interface   (ethN)   Packets   …   Threads  
Relevant  Moving  Parts   "   All  Plasorm  (Linux  x86,  Linux  x64,  Darwin)  binaries  shipped  with  TA   " inputs.conf   –  [streamfwd://streamfwd]            splunk_stream_app_locaIon  =  hmp://localhost:8000/en-­‐us/                      custom/splunk_app_stream/            disabled  =  0   " Config  held  in  memory  on  Streamfwd   " Splunk_TA_stream/default/streamfwd.xml   –  Which  interfaces  to  listen  on   13  
Copyright  ©  2014  Splunk  Inc.   Splunk  App  for  Stream  
What  is  “Splunk  App  for  Stream?”   "   Includes  a  new  Splunk  Stream  Add-­‐on  (TA)   –  AutomaIcally  installs  the  TA  locally  (disabled)   –  Makes  it  easy  to  deploy  TA  using  Deployment  Server   "   Manages  configuraIon  for  all  Stream  TA’s   "   Provides  REST  API  for  configuraIon   "   Includes  New  Dashboards   "   Supported  Plasorms:  Linux  32/64bit  &  Mac  OSX  64bit   15  
Stream  Amributes  are  configurable   16  
AggregaIon     “Many  to  One”   17   Key  amributes   make  aggregaIon   buckets  unique   Sum  amributes   summarize  numeric   metrics   I  want  one  event   every  60  secs     Capture  Data  for     Specific  Events   •  Buckets  always  include  a  “count”  amribute  for  #  of  events  it  represents   •  Buckets  are  flushed  on  a  configurable  interval  of  Ime  
Stream  Filters   "   Filters  allow  you  to  only  capture  data  for  specific  events   "   Example:  HTTP  with  status=404  (File  Not  Found)   18  
Simple  Deployment  Supports  Fast  Time  to  Value   19   Respond  quickly  to  incidents  by  rapidly  deploying   data  collecIon  directly  from  the  interface   Scale-­‐out  deployment  across  enterprise  networks   with  centralized  configuraIon  and  management  
Performance  and   Deployment   RecommendaIons  
Architecture  Deployment  OpIon  1   Dedicated  Server   21   End  Users   SPAN  or  TAP   Firewall   Splunk   Indexers   Search  head   Linux  Forwarder   Splunk_TA_Stream   Servers   Internet  
Architecture    Deployment  OpIon  2   Run  on  Servers   22   End  Users   Firewall   Splunk   Indexers   Search  head   Physical  or  Virtual  Servers   Universal  Forwarder   Splunk_TA_stream   Internet   Physical  Datacenter,   Public  or  Private  Cloud  
Summary   23   Enhanced  OperaGonal   Intelligence   Efficient,  Cloud-­‐ready     Wire  Data  CollecGon   Simple  Deployment   Supports  Fast  Time  to   Value   Explore,  analyze  and   visualize  real-­‐Ime  wire     data  for  OperaIonal   Intelligence   Instantly  access  wire  data   across  infrastructures  with  a   simple  so}ware  soluIon;     manage  wire  data  volumes     with  fine-­‐grained  filtering   Enable  rapid  deployment   and  reduced  complexity     with  interface-­‐driven  install   and  configuraIon   Splunk  Stream  Delivers  Wire  Data  AnalyIcs  

Empfohlen

Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DayZivaro Inc
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 

Empfohlen

Splunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk App for Stream for Enhanced Operational Intelligence from Wire Data
Splunk App for Stream for Enhanced Operational Intelligence from Wire DataSplunk
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for StreamSplunk
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxDamien Dallimore
 
Splunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DaySplunk Enterprise 6.3 - Splunk Tech Day
Splunk Enterprise 6.3 - Splunk Tech DayZivaro Inc
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Taking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureTaking Splunk to the Next Level - Architecture
Taking Splunk to the Next Level - ArchitectureSplunk
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunk
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoDamien Dallimore
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Mohamad Hassan
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics DayZivaro Inc
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with SplunkSplunk
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Kevin Mao
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into SplunkSplunk
 
Scalable Real-time analytics using Druid
Scalable Real-time analytics using DruidScalable Real-time analytics using Druid
Scalable Real-time analytics using DruidDataWorks Summit/Hadoop Summit
 
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...DataWorks Summit
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Analysis of Major Trends in Big Data Analytics
Analysis of Major Trends in Big Data AnalyticsAnalysis of Major Trends in Big Data Analytics
Analysis of Major Trends in Big Data AnalyticsDataWorks Summit/Hadoop Summit
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonBecky Burwell
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnShannon Cuthbertson
 
Automated Analytics at Scale
Automated Analytics at ScaleAutomated Analytics at Scale
Automated Analytics at ScaleDataWorks Summit/Hadoop Summit
 
Benefits of an Agile Data Fabric for Business Intelligence
Benefits of an Agile Data Fabric for Business IntelligenceBenefits of an Agile Data Fabric for Business Intelligence
Benefits of an Agile Data Fabric for Business IntelligenceDataWorks Summit/Hadoop Summit
 
Saving the elephant—now, not later
Saving the elephant—now, not laterSaving the elephant—now, not later
Saving the elephant—now, not laterDataWorks Summit
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseShannon Cuthbertson
 
Large scale anomaly detection in cyber-security
Large scale anomaly detection in cyber-securityLarge scale anomaly detection in cyber-security
Large scale anomaly detection in cyber-securityDataWorks Summit
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 

Weitere ähnliche Inhalte

Was ist angesagt?

SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunk
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoDamien Dallimore
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Mohamad Hassan
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics DayZivaro Inc
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with SplunkSplunk
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Kevin Mao
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into SplunkSplunk
 
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...DataWorks Summit
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeDataWorks Summit
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonBecky Burwell
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnShannon Cuthbertson
 
Benefits of an Agile Data Fabric for Business Intelligence
Benefits of an Agile Data Fabric for Business IntelligenceBenefits of an Agile Data Fabric for Business Intelligence
Benefits of an Agile Data Fabric for Business IntelligenceDataWorks Summit/Hadoop Summit
 
Saving the elephant—now, not later
Saving the elephant—now, not laterSaving the elephant—now, not later
Saving the elephant—now, not laterDataWorks Summit
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseShannon Cuthbertson
 

Was ist angesagt? (20)

SplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk EnterpriseSplunkLive! Getting Started with Splunk Enterprise
SplunkLive! Getting Started with Splunk Enterprise
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT Rodeo
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017
 
SplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunkSummit 2015 - A Quick Guide to Search Optimization
SplunkSummit 2015 - A Quick Guide to Search Optimization
 
Denver Big Data Analytics Day
Denver Big Data Analytics DayDenver Big Data Analytics Day
Denver Big Data Analytics Day
 
Getting Started with Splunk
Getting Started with SplunkGetting Started with Splunk
Getting Started with Splunk
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into Splunk
 
Scalable Real-time analytics using Druid
Scalable Real-time analytics using DruidScalable Real-time analytics using Druid
Scalable Real-time analytics using Druid
 
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
Bringing it All Together: Apache Metron (Incubating) as a Case Study of a Mod...
 
Analyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-timeAnalyzing 1.2 Million Network Packets per Second in Real-time
Analyzing 1.2 Million Network Packets per Second in Real-time
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Analysis of Major Trends in Big Data Analytics
Analysis of Major Trends in Big Data AnalyticsAnalysis of Major Trends in Big Data Analytics
Analysis of Major Trends in Big Data Analytics
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Automated Analytics at Scale
Automated Analytics at ScaleAutomated Analytics at Scale
Automated Analytics at Scale
 
Benefits of an Agile Data Fabric for Business Intelligence
Benefits of an Agile Data Fabric for Business IntelligenceBenefits of an Agile Data Fabric for Business Intelligence
Benefits of an Agile Data Fabric for Business Intelligence
 
Saving the elephant—now, not later
Saving the elephant—now, not laterSaving the elephant—now, not later
Saving the elephant—now, not later
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

Andere mochten auch

Large scale anomaly detection in cyber-security
Large scale anomaly detection in cyber-securityLarge scale anomaly detection in cyber-security
Large scale anomaly detection in cyber-securityDataWorks Summit
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataJames Sirota
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
SplunkLive! Hamburg / München Advanced Session
SplunkLive! Hamburg / München Advanced SessionSplunkLive! Hamburg / München Advanced Session
SplunkLive! Hamburg / München Advanced SessionGeorg Knon
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Splunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical CollegeSplunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical CollegeSplunk
 
Splunk live! São Paulo 2014 - Edenred-Ticket
Splunk live! São Paulo 2014 - Edenred-TicketSplunk live! São Paulo 2014 - Edenred-Ticket
Splunk live! São Paulo 2014 - Edenred-TicketSplunk
 
Vtex - Splunk live! 2014 São Paulo
Vtex - Splunk live! 2014 São Paulo Vtex - Splunk live! 2014 São Paulo
Vtex - Splunk live! 2014 São Paulo Splunk
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTSplunk
 
Splunk live produban
Splunk live produbanSplunk live produban
Splunk live produbanSplunk
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunk
 
QlikTalk: QlikView in Legal
QlikTalk: QlikView in LegalQlikTalk: QlikView in Legal
QlikTalk: QlikView in LegalHelena Caligari
 
Data Management as a Strategic Initiative for Government
Data Management as a Strategic Initiative for GovernmentData Management as a Strategic Initiative for Government
Data Management as a Strategic Initiative for GovernmentSAS Institute India Pvt. Ltd
 
TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...
TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...
TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...SAS Institute India Pvt. Ltd
 
Business Discovery and QlikView 11
Business Discovery and QlikView 11Business Discovery and QlikView 11
Business Discovery and QlikView 11Helena Caligari
 

Andere mochten auch (20)

Large scale anomaly detection in cyber-security
Large scale anomaly detection in cyber-securityLarge scale anomaly detection in cyber-security
Large scale anomaly detection in cyber-security
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
SplunkLive! Hamburg / München Advanced Session
SplunkLive! Hamburg / München Advanced SessionSplunkLive! Hamburg / München Advanced Session
SplunkLive! Hamburg / München Advanced Session
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
 
Splunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical CollegeSplunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical College
 
Splunk live! São Paulo 2014 - Edenred-Ticket
Splunk live! São Paulo 2014 - Edenred-TicketSplunk live! São Paulo 2014 - Edenred-Ticket
Splunk live! São Paulo 2014 - Edenred-Ticket
 
Vtex - Splunk live! 2014 São Paulo
Vtex - Splunk live! 2014 São Paulo Vtex - Splunk live! 2014 São Paulo
Vtex - Splunk live! 2014 São Paulo
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
 
Splunk live produban
Splunk live produbanSplunk live produban
Splunk live produban
 
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental ExchangeSplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
SplunkLive! Atlanta Customer Presentation – Intercontinental Exchange
 
QlikTalk: QlikView in Legal
QlikTalk: QlikView in LegalQlikTalk: QlikView in Legal
QlikTalk: QlikView in Legal
 
Data Management as a Strategic Initiative for Government
Data Management as a Strategic Initiative for GovernmentData Management as a Strategic Initiative for Government
Data Management as a Strategic Initiative for Government
 
TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...
TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...
TATA Teleservices - SAS Forum India: Enhancing Marketing Performance to drive...
 
Customer Management - A Practioners Perspective
Customer Management - A Practioners PerspectiveCustomer Management - A Practioners Perspective
Customer Management - A Practioners Perspective
 
Business Discovery and QlikView 11
Business Discovery and QlikView 11Business Discovery and QlikView 11
Business Discovery and QlikView 11
 
Splunk mint 소개
Splunk mint 소개Splunk mint 소개
Splunk mint 소개
 
Business analytics !!
Business analytics !!Business analytics !!
Business analytics !!
 
Risk Management
Risk ManagementRisk Management
Risk Management
 

Ähnlich wie Splunk app for stream

Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
Splunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk TrafficSplunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk TrafficSplunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetryCisco Canada
 
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration) SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration) Surendar S
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Canada
 
The Never Landing Stream with HTAP and Streaming
The Never Landing Stream with HTAP and StreamingThe Never Landing Stream with HTAP and Streaming
The Never Landing Stream with HTAP and StreamingTimothy Spann
 
Nagios Conference 2007 | Nagios in very large Environments by Werner Neunteufl
Nagios Conference 2007 | Nagios in very large Environments by Werner NeunteuflNagios Conference 2007 | Nagios in very large Environments by Werner Neunteufl
Nagios Conference 2007 | Nagios in very large Environments by Werner NeunteuflNETWAYS
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
 
Introduction to apache kafka, confluent and why they matter
Introduction to apache kafka, confluent and why they matterIntroduction to apache kafka, confluent and why they matter
Introduction to apache kafka, confluent and why they matterPaolo Castagna
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Crypt tech technical-presales
Crypt tech technical-presalesCrypt tech technical-presales
Crypt tech technical-presalesMustafa Kuğu
 
PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT
PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT
PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT PROIDEA
 
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Puppet
 
StrongLoop Overview
StrongLoop OverviewStrongLoop Overview
StrongLoop OverviewShubhra Kar
 

Ähnlich wie Splunk app for stream (20)

Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Splunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk TrafficSplunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk Traffic
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Splunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAPSplunk Conf2010: Corporate Express presents Splunk with SAP
Splunk Conf2010: Corporate Express presents Splunk with SAP
 
Model driven telemetry
Model driven telemetryModel driven telemetry
Model driven telemetry
 
Io t data streaming
Io t data streamingIo t data streaming
Io t data streaming
 
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration) SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
SnapLogic- iPaaS (Elastic Integration Cloud and Data Integration)
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
 
The Never Landing Stream with HTAP and Streaming
The Never Landing Stream with HTAP and StreamingThe Never Landing Stream with HTAP and Streaming
The Never Landing Stream with HTAP and Streaming
 
SDN and metrics from the SDOs
SDN and metrics from the SDOsSDN and metrics from the SDOs
SDN and metrics from the SDOs
 
Nagios Conference 2007 | Nagios in very large Environments by Werner Neunteufl
Nagios Conference 2007 | Nagios in very large Environments by Werner NeunteuflNagios Conference 2007 | Nagios in very large Environments by Werner Neunteufl
Nagios Conference 2007 | Nagios in very large Environments by Werner Neunteufl
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Introduction to apache kafka, confluent and why they matter
Introduction to apache kafka, confluent and why they matterIntroduction to apache kafka, confluent and why they matter
Introduction to apache kafka, confluent and why they matter
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data Analytics
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Crypt tech technical-presales
Crypt tech technical-presalesCrypt tech technical-presales
Crypt tech technical-presales
 
PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT
PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT
PLNOG 8: Kazimierz Jantas - Innowacyjne rozwiązania dla IT
 
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
 
StrongLoop Overview
StrongLoop OverviewStrongLoop Overview
StrongLoop Overview
 

Splunk app for stream

  • 1. Copyright  ©  2014  Splunk  Inc.   Splunk  App  for  Stream   August  12,  2014  
  • 2. Agenda   •  Capture  101   •  Stream  Forwarder  Architecture   •  App  for  Stream  Architecture   •  Deployment  Architectures   2  
  • 3. What  is  Wire  Data?   "   Machine  Data   "   Poly-­‐Structured   "   Record  of  the  CommunicaIon   between  Hosts   3   tcpdump  -­‐qns  0  -­‐A  -­‐r  blah.pcap          20:57:47.368107  IP  205.188.159.57.25  >  67.23.28.65.42385:  tcp  480                  0x0000:    4500  0214  834c  4000  3306  f649  cdbc  9f39    E....L@.3..I...9                  0x0010:    4317  1c41  0019  a591  50fe  18ca  9da0  4681    C..A....P.....F.                  0x0020:    8018  05a8  848f  0000  0101  080a  ffd4  9bb0    ................                  0x0030:    2e43  6bb9  3232  302d  726c  792d  6461  3033    .Ck.220-­‐rly-­‐da03                  0x0040:    2e6d  782e  616f  6c2e  636f  6d20  4553  4d54    .mx.aol.com.ESMT                  0x0050:    5020  6d61  696c  5f72  656c  6179  5f69  6e2d    P.mail_relay_in-­‐                  0x0060:    6461  3033  2e34  3b20  5468  752c  2030  3920    da03.4;.Thu,.09.                  0x0070:    4a75  6c20  3230  3039  2031  363a  3537  3a34    Jul.2009.16:57:4                  0x0080:    3720  2d30  3430  300d  0a32  3230  2d41  6d65    7.-­‐0400..220-­‐Ame                  0x0090:    7269  6361  204f  6e6c  696e  6520  2841  4f4c    rica.Online.(AOL                  0x00a0:    2920  616e  6420  6974  7320  6166  6669  6c69    ).and.its.affili                  0x00b0:    6174  6564  2063  6f6d  7061  6e69  6573  2064    ated.companies.d  
  • 4. OSI  (conceptual)  Model   App  for  Stream:  collects  4  -­‐  7  layers   4  
  • 5. 5   Supported  Protocols  In  Splunk  App  for  Stream  v6.0   •  UDP   •  TCP   •  HTTP   •  IMAP   •  MySQL  (login/ cmd/query)   •  Oracle(TNS)   •  PostgresSQL   •  Sybase/SQL  Server   (TDS)     •  FTP   •  SMB   •  NFS   •  POP3   •  SMTP   •  LDAP/AD   •  SIP   •  DNS   •  DNCP   •  Radius   Linux  32-­‐bit/64-­‐bit  and  Mac  OSX  64-­‐Bit   Linux  only  
  • 6. Why  Wire  Data?     6   •  Wire  data  compliments  Log  data   •  Wire  Data  can  contain  IT  and  business  informaIon  not   found  in  Log  data  and  vice  versa   •  Wire  Data  can  be  passively  gathered  without  any  impact  to   producIon  workloads  without  tagging,  embedded  code,  or   addiIonal  agents     •  Wire  Data  does  not  require  semanIc  logging  by  customer   or  byte-­‐code  instrumentaIon   •  Wire  Data  can  be  gathered  across  many  protocols  (SSH,   FTP,  SMTP,  IMAP/MAPI,  TDS,  MQTT,  etc.)   •  Can  be  A  LOT  of  data!   A"ribute   Log  Data   Network  Data   WIRE  DATA  /    LOG  DATA  FOR  HTTP  WEB  TRAFFIC  
  • 7. What  is  available  from  the  Wire?   7   Performance  Metrics   Round  Trip  Time   Client  Request  Time   Server  Reply  Time   Server  Send  Time   Total  Time  Taken   Base  HTML  Load  Time   Page  Content  Load  Time   Total  Page  Load  Time   ApplicaGon  Data   POST  Content   AJAX  Data   SecIon   Sub-­‐SecIon   Page  Title   Session  Cookie   Proxied  IP  Address   Error  Message   Business  Data   Product  ID   Customer  ID   Shopping  Cart  ID   Cart  Items   Cart  Values   Discounts   Order  ID   Abandoned?  
  • 8. Example  Customer  Use  Case   "   Customer  FrustraIon   –  DBA’s  refuse  to  provide  visibility  to  Log  events  (i.e.  SQL  Queries)  or  DB  performance   !  No  Splunk  Forwarder  on  SQL  hosts   –  Need  bemer  visibility  into  HTTP  traffic  for  security  purposes   !  Logs  from  Web  Servers  contains  some  but  not  all  data   "   SoluIon   –  Use  App  for  Stream  to  grab  data  off  the  wire   !   Out  of  Band  collecIon  to  get  SQL  performance  using  Stream  from  the  ApplicaIon  side   !  “Use  Splunk  as  an  IDS  to  see  strange  things  on  the  wire”   8  
  • 9. TURN  WIRE  DATA   INTO  OPERATIONAL  INTELLIGENCE   CLOUD ON-PREMISES Splunk App for Stream (FREE)  
  • 10. Copyright  ©  2014  Splunk  Inc.   Stream  Forwarder  
  • 11. What  is  “Splunk  Stream  Add-­‐on?”   "   Technology  Add-­‐on  or  TA  (Splunk_TA_stream)   "   Provides  a  new  Data  Input  called  “Wire  Data”   –  passively  captures  traffic  using  a  modular  input   –  C++  executable  called  “Stream  Forwarder”  (streamfwd)   "   Captures  applicaIon  layer  (level  7)  amributes  for:   –  UDP,  TCP,  DHCP,  DNS,  FTP,  HTTP,  IMAP,  LDAP,  MySQL,  NFS,   POP3,  PostgreSQL,  SIP,  SMB,  SMTP,  TDS,  TNS,  and  more   "   AutomaIcally  decrypts  SSL/TLS  traffic  using  RSA  keys   11  
  • 12. Stream  Forwarder  Architecture   12   Protocol   Decoder   Events  DecrypGon   Request/ Response   Network   Interface   (eth1)   Standard  Out   (To  Splunk  Forwarder)   Packets   Flows   Request/ Response   Request/ Response   Protocol   Decoder   Events  DecrypGon   Standard  Out   (To  Splunk  Forwarder)   Protocol   Decoder   Events  DecrypGon   Standard  Out   (To  Splunk  Forwarder)   Network   Interface   (ethN)   Packets   …   Threads  
  • 13. Relevant  Moving  Parts   "   All  Plasorm  (Linux  x86,  Linux  x64,  Darwin)  binaries  shipped  with  TA   " inputs.conf   –  [streamfwd://streamfwd]            splunk_stream_app_locaIon  =  hmp://localhost:8000/en-­‐us/                      custom/splunk_app_stream/            disabled  =  0   " Config  held  in  memory  on  Streamfwd   " Splunk_TA_stream/default/streamfwd.xml   –  Which  interfaces  to  listen  on   13  
  • 14. Copyright  ©  2014  Splunk  Inc.   Splunk  App  for  Stream  
  • 15. What  is  “Splunk  App  for  Stream?”   "   Includes  a  new  Splunk  Stream  Add-­‐on  (TA)   –  AutomaIcally  installs  the  TA  locally  (disabled)   –  Makes  it  easy  to  deploy  TA  using  Deployment  Server   "   Manages  configuraIon  for  all  Stream  TA’s   "   Provides  REST  API  for  configuraIon   "   Includes  New  Dashboards   "   Supported  Plasorms:  Linux  32/64bit  &  Mac  OSX  64bit   15  
  • 16. Stream  Amributes  are  configurable   16  
  • 17. AggregaIon     “Many  to  One”   17   Key  amributes   make  aggregaIon   buckets  unique   Sum  amributes   summarize  numeric   metrics   I  want  one  event   every  60  secs     Capture  Data  for     Specific  Events   •  Buckets  always  include  a  “count”  amribute  for  #  of  events  it  represents   •  Buckets  are  flushed  on  a  configurable  interval  of  Ime  
  • 18. Stream  Filters   "   Filters  allow  you  to  only  capture  data  for  specific  events   "   Example:  HTTP  with  status=404  (File  Not  Found)   18  
  • 19. Simple  Deployment  Supports  Fast  Time  to  Value   19   Respond  quickly  to  incidents  by  rapidly  deploying   data  collecIon  directly  from  the  interface   Scale-­‐out  deployment  across  enterprise  networks   with  centralized  configuraIon  and  management  
  • 20. Performance  and   Deployment   RecommendaIons  
  • 21. Architecture  Deployment  OpIon  1   Dedicated  Server   21   End  Users   SPAN  or  TAP   Firewall   Splunk   Indexers   Search  head   Linux  Forwarder   Splunk_TA_Stream   Servers   Internet  
  • 22. Architecture    Deployment  OpIon  2   Run  on  Servers   22   End  Users   Firewall   Splunk   Indexers   Search  head   Physical  or  Virtual  Servers   Universal  Forwarder   Splunk_TA_stream   Internet   Physical  Datacenter,   Public  or  Private  Cloud  
  • 23. Summary   23   Enhanced  OperaGonal   Intelligence   Efficient,  Cloud-­‐ready     Wire  Data  CollecGon   Simple  Deployment   Supports  Fast  Time  to   Value   Explore,  analyze  and   visualize  real-­‐Ime  wire     data  for  OperaIonal   Intelligence   Instantly  access  wire  data   across  infrastructures  with  a   simple  so}ware  soluIon;     manage  wire  data  volumes     with  fine-­‐grained  filtering   Enable  rapid  deployment   and  reduced  complexity     with  interface-­‐driven  install   and  configuraIon   Splunk  Stream  Delivers  Wire  Data  AnalyIcs