2. Company Update
Company (NASDAQ: SPLK)
Founded 2004, first software release in 2006
HQ: San Francisco
Business Model / Products
On-premise, in the cloud and SaaS
5,200+ Customers
63 of the Fortune 100
Largest license: 100 Terabytes per day
#1 Big Data Innovator*
#1 Big Data Vendor (pure play)**
* Fast Company's Most Innovative Companies Issue (March 2013)
** Forbes/Wikibon (Feb 2013)
3. Increasing enterprise growth
Expand use of information and analytics
Delivering operational results
Improving enterprise efficiency
Improving, governance, compliance,
risk and security
Top CIO Business & Technology Priorities
4. Big Data Comes from Machines
Volume | Velocity | Variety | Variability
GPS,
RFID,
Hypervisor,
Web Servers,
Email, Messaging
Clickstreams, Mobile,
Telephony, IVR, Databases,
Sensors, Telematics, Storage,
Servers, Security Devices, Desktops
Machine-generated data is one of the
fastest growing, most complex
and most valuable segments of big data
5. What Does Machine Data Look Like?
Sources
Twitter
Care IVR
Middleware
Error
Order Processing
7. Splunk: the Platform for Machine Data
Real-time Business Insights
Operational Visibility
Proactive Monitoring
Search and Investigation
Machine Data Operational Intelligence
Splunk Index
11. Splunk App for Amazon EC2
Billing in Real-time
Cost at Amazon EC2
…by Project …Predictive
12. Business Analytics – Who is on our Website?
Enterprise
Eval
Partners
Community
Web Site Visits by Geo By Customer Type
Names
Redacted
Visits by Named Customer
13. Splunk for Developers: From Tool to Platform
Integrate with
Your IT
Infrastructure
Build Real-time
Big Data Apps
on Splunk
Accelerate
Dev & Test
Application
Intelligence
14. Enabling Exceptional Customer Service
Custom CSR app built using JavaScript SDK
enables CSRs to inspect customer DVR health in
real-time
Proactive maintenance leads to lower support
costs for Comcast and higher customer
satisfaction and reduced churn
“Splunk lets us find and fix
issues on a customer’s DVR
before anyone makes a phone
call.”
Travis Parchman
Operations
15. Powering Customer-facing Apps
“The Splunk Python SDK gives our
developers the familiar environment
they need to build apps on Splunk to
provides metrics and comparables for
our entire customer base.”
MSP providing network monitoring and security
management
Using the Python SDK to build custom dashboards
for customers powered by data from Splunk
BillMatthews
CTO
18. Splunk App for Enterprise Security
Security
Operations
Center
Security
Analysts
Security
Managers and
Execs
Security
Auditors
Pre-built security correlation rules, reports, and
dashboards
Incident investigation and management framework
The first big data solution for both known and unknown threat management
19. Splunk App for PCI Compliance 2.0
Continuous real-time
monitoring of PCI
Compliance posture
State of PCI
Compliance over time
Instant visibility on
compliance status.
Drilldown to detailed
views
Support for all PCI
requirements
Security
prioritizatio
n of in-scope
assets
22. Delivering Real-time Business Insights
Measure customer attention to
specific areas of content
Analyze click trough's and how
they navigate to CJ mall
Track and analyze mobile
shopping customers in real-time
23. Enrich Machine Data with Business Context
Understanding customer
usage
Client
Name, Country, Em
ail
Feed ID
SQL SQL SQL
Boardreader API used at scale by business
customers to pull social media data
In hours deployed Splunk for real-time
analytics on API performance and usage
Helped cut overall costs by eliminating
need for a data warehouse
31. App Dev &
App Mgmt.
Security &
Compliance
Developer Platform (REST API, SDKs)
IT
Ops.
2. Expand
32. App Dev &
App Mgmt.
Security &
Compliance
Web
Intelligence
Business
Analytics
Industrial
Data
IT
Ops.
Developer Platform (REST API, SDKs)
3. Leverage Splunk across the Enterprise
33. Distributed Search
Auto Load Balancing
Search Heads
Building 8
Operations
Planning
ITOC
eCommerce
Operations
HQ
Executive
dashboards
San Jose
Developer
16 Syslog Relays
San Jose
CHEF
UF
Mirrored Indexers
HF
HF
H
F vpc
tunn
el
U
F
Universal Forwarders
SHP
1x DMZ Server
Deployment Servers
20x JMX
Clusters
14x BlueCoats
Job ServersMonitor
Servers
3x Central Servers 8x Central Servers
snare
NetscalerVPN
Splunk Enterprise-wide Deployment Example
• Serves multiple roles from
IT to executives
• Multi-terabyte per day
highly available production
deployment
34. Easy to Get Started
Download and install in minutes
3. Start Splunking1. Download 2. Eat your Machine Data
Splunk $186 million Turns machine data into valuable insightsSplunk now has more than 600 employees worldwide, with headquarters in San Francisco and 14 offices around the world.Since first shipping its software in 2006, Splunk now has over 4,400 customers in 80+ countries. These organizations are using Splunk software to improve service levels, reduce operations costs, mitigate security risks, enable compliance, enhance DevOps collaboration and create new product and service offerings. Please always refer to latest company data found here: http://www.splunk.com/company.
Let’s examine for a second, one of the fastest growing, most complex and most valuable segments of big data – machine data. All the webservers, applications, network devices – all of the technology infrastructure running your enterprise – generates massive streams of data, in an array of unpredictable formats that are difficult to process and analyze by traditional methods or in a timely manner. Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience.For Splunk the last two Vs are very important. Variety of data + Variability of data (change in format. For example, new fields are added to the log file)
Why is this “machine data” valuable? Because it contains a trace - a categorical record - of user behavior, cyber-security risks, application behavior, service levels, fraudulent activity and customer experience.Order Processing = Order of a productMiddleware Error = WebLogic Application Server errorCare IVR = Telephone call to complain about the errorTwitter = Comments on the bad experienceThis information is very hard and time consuming effort to parse the data for a database consumption. The reason it is very hard to normalize this data is because of the last two Vs = Variety of data + Variability of data (change in format. For example, new fields are added to the log file)
Example of a Customer ID that Splunk can correlate between the:Order Processing -> Application Server Error -> Customer calling to complain about the issue -> Twitter record that the customer gave up on waiting
Splunk is the platform for machine data.Optimized for real-time, low latency and interactivitySplunk is the platform for machine data.It reliably collects and indexes all the streaming data from IT systems and technology devices in real-time - tens of thousands of sources in unpredictable formats and types.The Splunk platform indexes the data, making it available for searching, monitoring, analysis and visualizations.It enables you to interact with your data. Gain operational intelligence from your data.1. Find and fix problems dramatically faster2. Automatically monitor to identify issues, problems and attacks3. Gain end-to-end visibility to track and deliver on IT KPIs and make better-informed IT decisions4. Gain real-time insight from operational data to make better-informed business decisions
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
What have developers been building using Splunk Enterprise? Examples include the following:Run searches and retrieve Splunk data from existing Customer Service/Call Center applications (Comcast use case) Integrate Splunk data into existing BI tools and dashboard (Tableau, MS Excel)Build mobile applications with KPI dashboards and alerts powered by Splunk (Otto Group use case)Log directly to Splunk from remote devices (Bosch use cases)Build customer-facing dashboards powered by user-specific data in Splunk (Socialize, Hurricane Labs use cases)Programmatically extract data from Splunk for long-term data warehousingWe hope this is just the beginning. We hope to open up a whole new world of enterprise apps.
DescriptionAWS EC2 Instances and Billing Data CollectorSplunk App for AWS allows you to collect reserved/un-reserved instances data and Billing data from which in-depth analysis of usage patterns and spending becomes available for Amazon EC2 environment. This analysis not only helps to optimized usage of Amazon EC2 environment but also gives baseline calculations and month-over-month comparison of spendingSpecifically with this app you customers of EC2 can compare the number and type of reserved (discounted) instances to their actual use. Machines that may have erroneously been set up without aligning to one of these reserved instances. Savings of up to 35% on each dollar spent without reservations are immediately accessible.Customer Testimonial:From: Nathanial Smalley [Nathanial.Smalley@apollogrp.edu]Sent: Wednesday, March 20, 2013 7:09 AMTo: David Wray; Doug HarrCc: Pete Ehlke; Scott Cochran; Steve Pilon; Aaron AdamsSubject: FW: Splunk for AWS appreciation EMAIL Gentlemen, I wanted to take a moment of your time to express appreciation for the recent work NileshKhetia has helped our team with. Apollo Group was looking to find a way to better understand our AWS environment and we happened to find the “Splunk for AWS App”, which Nilesh built and supports. During our testing and installation we had several questions and engaged with Nilesh. Throughout the installation, testing, and production implementation of the Splunk for AWS app, Nilesh was available and always responsive to the questions we had had. Nilesh even went so far as to customize a number of the scripted inputs for our specific requirements. Due to the implementation of this Splunk App, we have been able to do a comprehensive reconciliation of unused AWS instances, understand our costs (helping us recognize where cost savings are available) and provide all of this in very usable formats which speak both to our operational teams as well as our executives. Once again we appreciate all of the work and dedication from Nilesh to ensure our implementation of the Splunk for AWS app was successful here at Apollo Group. Thanks so much for your time! Very Respectfully, Nate Nathanial Smalley, CISSPPrincipal Systems Engineer, ITS ToolsApollo Group Inc.4325 S. 30th St. |Suite 200 |Phoenix, AZ 85040Office: (602) 557-6202| Cell : (719)466-0991| Email: nathanial.smalley@apollogrp.edu
Thismanagement view shows a Google Maps visualization of realtime web traffic from the webserver logs enriched with GeoIP dataThese graphs are generated by enriching the webserver logs with SalesForce.com data. Note the pie chart to the right is showing of those customers and prospects on our web site during the window shown, which of those individuals are enterprise customers? Community members? Partners? The final view below shows visitors by name – this is done by taking the visitors login information and doing a database lookup to determine the name of that customer. We also have telephone logs which show who is on the phone with Splunk displaying named contact.
There are a whole host of ways Developerscan leverage Splunk to maximize enterprise technology investments.Accelerate Dev & Test: Use Splunk Enterprise out of the box. Splunk increases the speed and efficiency of application development, testing and provides proactive monitoring and analytics for applications in production.Integrate with IT Infrastructure: Integrate Splunk data with other enterprise applications, using SDKs on top of our REST API. Build real-time data applications: Build applications that take the value of Splunk beyond IT. IT early-warning systems, security and fraud protection, clickstream analysis & other revenue enhancing analytics.
Splunk Use Case: Comcast has many different Splunk use cases. Comcast’s X1 Platform Device Manager CSR app uses the Java SDK to issue (one-shot) queries (complex, with multiple sub-queries) to find errors of the last 60 minutes (needs to be realtime – submits the query syntax live). Looking for DVR attempts/failures, Baud attempts/failures, etc. Proactive investigation of customer DVRs - reps need to see if customers are actually using their DVR (I.e. Don't want to reboot a box if customers are watching TV). The goal is to fix the error before anyone makes a phone call (saving on support operations costs and increasing customer satisfaction).Before Splunk, DVR box daemon's were batch polled once a day, which was much less effective identifying errors, leading to higher call volume and lower sat. Business Value: Lower support costs& increased customer satisfactionAbout Comcast:Comcast Corporation (Nasdaq: CMCSA, CMCSK) (www.comcast.com) is one of the world’s leading media, entertainment and communications companies. Comcast is principally involved in the operation of cable systems through Comcast Cable and in the development, production and distribution of entertainment, news, sports and other content for global audiences through NBCUniversal. Comcast Cable is one of the nation’s largest video, high-speed Internet and phone providers to residential and business customers. Comcast is the majority owner and manager of NBCUniversal, which owns and operates entertainment and news cable networks, the NBC and Telemundo broadcast networks, local television station groups, television production operations, a major motion picture company and theme parks.
Ohio-based Security MSP Hurricane Labs delivers real-time security intelligence to customers using the Splunk SDK for Python. Hurricane Labs deliver’s relevant security-related data from Splunk to their customers via custom dashboards embedded in their website.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
Saudi – Attack happened on a holy day when all engineers and security folks were off. Erased all data off of all affected systems and replaced with video of burning American flagInternet of things – the author points out that cars talk to smartphones that talk to refrigerators that connect to corporate networks and that designers are not thinking about security holesPower grid attack -- Terrorists who gained access to any one of a number of key facilities, either through Internet-delivered malware designed to destroy control systems or through a saboteur on the inside, could black out large regions of the nation for weeks or months, the report from the National Research Council said.South Carolina -- exposure of the personal data of nearly 4 million individual filers and 700,000 businesses in the SC Department of Revenue. They had zero visibility into the attack. Led to the resignation of the head of the department of revenue.
Our new Splunk App for PCI Compliance is now generally available. Compliance is a growing concern for the business and PCI is the most interesting because it’s not a law. Accepting credit card data is a key service to customers and the businesses typically prioritize PCI compliance. The app supports continuous monitoring of PCI posture – this means no end-of-quarter fire drills before an audit.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
CJ O is the no. 1 home shopping channel in South Korea.TV shoppingInternet shopping – CJmallMobile shopping – Mobile CJmallCatalog shoppingSocial market – O’Clock
Community search engine Boardreader uses Splunk software to monitor its web crawlers and other essential business systems. In addition to generating large amounts of machine data on a daily basis, Boardreader maintains SQL databases to store business data and lookup tables such as country names, languages, production metrics and status, event and error codes. With Splunk DB Connect, Boardreader can run internal reports on usage trends and enhance the queries and reports with data from their SQL databases. Boardreader says Splunk DB Connect enabled it to replace its data warehouse.Boardreader offer two main services:Website – can be used anonymously or using a login for access and use certain features or functions, such as receiving email alerts, or certain services, usersneed to register and create an account.APIs – used by business customers to to run queries and load their analytical systems with critical social media data. 100s of requests per second.Before Splunk:Their existing reporting was broken. Too much data (and growing).Visibility was at best “a day behind”.“Online services, require real-time analytics”.Finding Splunk:In minutes: Downloaded Splunk and blasted it with packets. And it didn’t even break a sweat.In hours: Showed our CEO a dashboard – when he saw the graphics building in real-time and knew the data volumes behind it, he wanted it.In days: Entire Splunk deployment up and running and generating reports and dashboards.Now have processed and analyzed billions of events in Splunk.In terms of their environment:As well as data from 1000s of servers, they are bringing together business and IT data from 3 Microsoft SQL Server & MySQL databases (15-20 eventually possible) for real-time monitoring and some real-time business analytics.Standout factor of Splunk: Real-time. They are basically replacing a data warehouse.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
Customers start by using Splunk Enterprise to address one specific solution area. Then they leverage it and their machine data to solve other pressing problems over time.Consequently, Splunk Enterprise has many critical uses across IT and the business: Application Management: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure.Development: accelerate development and test cycles; support advanced development methodologies like agile, continuous; integrate enterprise applications with SDKs and a robust API; build enterprise applications that leverage Splunk software.Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; report on SLAs/track SLAs of service providers.Security and Compliance: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; statistical analysis for advance pattern detection and threat defense.Web and Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of new product features on back-end services.
Splunk Enterprise is simple to deploy, scales from a single server deployment to global large-scale operations and delivers fast payback. Download Splunk Enterprise for free, install it in 5 minutes on your laptop or on any commodity server, point it at any machine data and start using it. Splunk software is often deployed for the first time while under fire. A serious service outage or security incident in progress is stressful, but with Splunk Enterprise, you can complete your investigation in a few minutes versus hours or days.