Splunk Spark Integration

•

3 gefällt mir•4,798 views

Gang Tao

An introduction of Splunk and the possible solutions to do an integration.

Daten & Analysen

About Me
• Software Engineer with 15+ Years experience
• Now architect working on Data acquisition and
Cloud App
• Used to be working on BI, ERP and other
Enterprise application development
• Like data science and open source

Splunk'Company'Overview'
3"
Company''
•  Global"HQs:""
!  San"Francisco"
!  London""
!  Hong"Kong"
•  1,800+"employees"globally"
•  Annual"Revenue:"
$450.9M"(YoY"+49%)"
•  NASDAQ:"SPLK"
Products'
•  Free"trial"to"massive"scale"
•  Splunk"products:""
!  Splunk"Enterprise"
!  Splunk"Cloud"
!  Hunk"
!  Splunk"Light"
!  Splunk"MINT"
!  Premium"SoluWons"
Customers''
•  10,000+"customers"
•  Across"100"countries"
•  Small"to"large"
organizaWons"
•  More"than"80"of"the"
Fortune"100"
•  Largest"license:""
!  400+"Terabytes/day"

Splunk'–'a'Data'Pla-orm'
Mainframe)
Data)
VMware)
Pla0orm)for)Machine)Data)
Exchange) PCI)Security)
Rela=onal)
Databases)
Mobile)Forwarders)
Syslog)/))
TCP)/)Other)
Sensors)&)
Control)Systems)
Wire))
Data)
Mobile)Intel)
Splunk'Premium'Apps' Rich'Ecosystem'of'Apps'
MINT'
)
Splunk － a Machine Data Platform

Splunk Technical Stack
Presenting
Processing
Store
Acquisition

Splunk Deployment Architecture
Indexer 
store
data,
transform
row
data
into

events
and
searches
the
indexed

data
in
response
to
search

requests.

Search
Head 
directs
search
requests
to
a
set
of

indexers,
merges
the
results
and

presents
them
to
the
user

Forwarder 
get
data
into
indexers

SQL of Machine Data - SPL
SPL
–
Splunk
Processing
Language

SQL

*nix
Pipe

Google
Search

Extensibility - Splunk App
h0p://apps.splunk.com/

Enterprise
Security

ITSI

DB
Connect

Technology
Add-‐ons

Why Integration?
• Splunk to Spark
• Data Ingestion
• Unstructure/Semi
Structure data Indexing
• Data processing with
Splunk search
• Data Presenting
• Spark to Splunk
• Powerful computing
capability
• Machine Learning
• Open Source community

Solution C
Indexer
Virtual Indexer (Spark)
SPL
Enhanced
Search Command
Spark
Driver
(SPL Parser)
Spark
Worker
Spark
Worker
Spark
Worker

Challenges
• Avoid big data movement
• keep good user experience
• Adapt to SPL concept

Empfohlen

Apache Camel IntroductionClaus Ibsen

Best Practices for Enabling Speculative Execution on Large Scale PlatformsDatabricks

Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!

Deep Dive Into ElasticsearchKnoldus Inc.

Elasticsearch IntroductionRoopendra Vishwakarma

Elasticsearch presentation 1Maruf Hassan

Apache Spark Core—Deep Dive—Proper OptimizationDatabricks

Introduction to Elasticsearch with basics of LuceneRahul Jain

Empfohlen

Apache Camel IntroductionClaus Ibsen

Best Practices for Enabling Speculative Execution on Large Scale PlatformsDatabricks

Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!

Deep Dive Into ElasticsearchKnoldus Inc.

Elasticsearch IntroductionRoopendra Vishwakarma

Elasticsearch presentation 1Maruf Hassan

Apache Spark Core—Deep Dive—Proper OptimizationDatabricks

Introduction to Elasticsearch with basics of LuceneRahul Jain

Lucene Introductionotisg

Elastic Stack IntroductionVikram Shinde

ElasticSearchVolodymyr Kraietskyi

SplunkLive! Presentation - Data Onboarding with SplunkSplunk

Best Practice of Compression/Decompression Codes in Apache Spark with Sophia...Databricks

Elastic search overviewABC Talks

Spark Shuffle Deep Dive (Explained In Depth) - How Shuffle Works in SparkBo Yang

ElasticSearch Basic IntroductionMayur Rathod

Splunk 6.4 Administration.pdfnitinscribd

Introduction to elasticsearchpmanvi

Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk

Introduction to Spark InternalsPietro Michiardi

2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...Andrew Lamb

ElasticsearchDivij Sehgal

Serverless Kafka and Spark in a Multi-Cloud Lakehouse ArchitectureKai Wähner

Apache Spark PDFNaresh Rupareliya

Improving Apache Spark for Dynamic Allocation and Spot InstancesDatabricks

Apache Kafka and KSQL in Action: Let's Build a Streaming Data Pipeline!confluent

Amazon S3 Best Practice and Tuning for Hadoop/Spark in the CloudNoritaka Sekiyama

Programming in Spark using PySpark Mostafa

Splunk @ AdobeSplunk

Splunk for Industrial Data and the Internet of Thingsaliciasyc

Weitere ähnliche Inhalte

Was ist angesagt?

Lucene Introductionotisg

Elastic Stack IntroductionVikram Shinde

ElasticSearchVolodymyr Kraietskyi

SplunkLive! Presentation - Data Onboarding with SplunkSplunk

Best Practice of Compression/Decompression Codes in Apache Spark with Sophia...Databricks

Elastic search overviewABC Talks

Spark Shuffle Deep Dive (Explained In Depth) - How Shuffle Works in SparkBo Yang

ElasticSearch Basic IntroductionMayur Rathod

Splunk 6.4 Administration.pdfnitinscribd

Introduction to elasticsearchpmanvi

Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk

Introduction to Spark InternalsPietro Michiardi

2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...Andrew Lamb

ElasticsearchDivij Sehgal

Serverless Kafka and Spark in a Multi-Cloud Lakehouse ArchitectureKai Wähner

Apache Spark PDFNaresh Rupareliya

Improving Apache Spark for Dynamic Allocation and Spot InstancesDatabricks

Apache Kafka and KSQL in Action: Let's Build a Streaming Data Pipeline!confluent

Amazon S3 Best Practice and Tuning for Hadoop/Spark in the CloudNoritaka Sekiyama

Programming in Spark using PySpark Mostafa

Was ist angesagt? (20)

Lucene Introduction

Elastic Stack Introduction

ElasticSearch

SplunkLive! Presentation - Data Onboarding with Splunk

Best Practice of Compression/Decompression Codes in Apache Spark with Sophia...

Elastic search overview

Spark Shuffle Deep Dive (Explained In Depth) - How Shuffle Works in Spark

ElasticSearch Basic Introduction

Splunk 6.4 Administration.pdf

Introduction to elasticsearch

Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...

Introduction to Spark Internals

2022-06-23 Apache Arrow and DataFusion_ Changing the Game for implementing Da...

Elasticsearch

Serverless Kafka and Spark in a Multi-Cloud Lakehouse Architecture

Apache Spark PDF

Improving Apache Spark for Dynamic Allocation and Spot Instances

Apache Kafka and KSQL in Action: Let's Build a Streaming Data Pipeline!

Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud

Programming in Spark using PySpark

Ähnlich wie Splunk Spark Integration

Splunk @ AdobeSplunk

Splunk for Industrial Data and the Internet of Thingsaliciasyc

Splunk - Splunk for Industrial Data and the Internet of ThingsAruj Thirawat

Building a Lightweight Discovery Interface for Chinese Patents, Presented by ...Lucidworks (Archived)

Getting Started with Splunk EnterpriseSplunk

Getting Started with Splunk Breakout SessionSplunk

Turn Data Into Actionable Insights - StampedeCon 2016StampedeCon

6.4 whats newSplunk

Splunk in Nordstrom: IT OperationsTimur Bagirov

Searching Chinese Patents Presentation at Enterprise Data WorldOpenSource Connections

OpenStack - What is it and why you should know about it!OpenStack

A6 big data_in_the_cloudDr. Wilfred Lin (Ph.D.)

Getting Started with Splunk EnterpriseSplunk

Getting Started with Splunk EnterpriseShannon Cuthbertson

Exploiting SharePoint 2013 for improved “Findability” of People and ContentAIIM International

Turning search upside down with powerful open source search softwareCharlie Hull

SplunkLive! Stockholm 2015 - StatnettSplunk

Spark Summit EU: IBM Keynotesparktc

Analytical Innovation: How to Build the Next Generation Data PlatformVMware Tanzu

SplunkLive! Austin Customer Presentation - BaylorSplunk

Ähnlich wie Splunk Spark Integration (20)

Splunk @ Adobe

Splunk for Industrial Data and the Internet of Things

Splunk - Splunk for Industrial Data and the Internet of Things

Building a Lightweight Discovery Interface for Chinese Patents, Presented by ...

Getting Started with Splunk Enterprise

Getting Started with Splunk Breakout Session

Turn Data Into Actionable Insights - StampedeCon 2016

6.4 whats new

Splunk in Nordstrom: IT Operations

Searching Chinese Patents Presentation at Enterprise Data World

OpenStack - What is it and why you should know about it!

A6 big data_in_the_cloud

Getting Started with Splunk Enterprise

Exploiting SharePoint 2013 for improved “Findability” of People and Content

Turning search upside down with powerful open source search software

SplunkLive! Stockholm 2015 - Statnett

Spark Summit EU: IBM Keynote

Analytical Innovation: How to Build the Next Generation Data Platform

SplunkLive! Austin Customer Presentation - Baylor

Mehr von Gang Tao

Scale machine learning deploymentGang Tao

Critical thinkingGang Tao

Cloud monitoringGang Tao

Big Data Computing ArchitectureGang Tao

RegressionGang Tao

Bayesian ClassificationGang Tao

Quality attributes in software architectureGang Tao

Great bychoiceGang Tao

Data Science IntroductionGang Tao

Now you see itGang Tao

Mehr von Gang Tao (10)

Scale machine learning deployment

Critical thinking

Cloud monitoring

Big Data Computing Architecture

Regression

Bayesian Classification

Quality attributes in software architecture

Great bychoice

Data Science Introduction

Now you see it

Kürzlich hochgeladen

Heart Disease Classification Report: A Data Analysis ProjectBoston Institute of Analytics

LLMs, LMMs, their Improvement Suggestions and the Path towards AGIThomas Poetter

Semantic Shed - Squashing and Squeezing.pptxMike Bennett

Business Analytics using Microsoft Excelysmaelreyes

Multiple time frame trading analysis -brianshannon.pdfchwongval

ASML's Taxonomy Adventure by Daniel Cantervoginip

Learn How Data Science Changes Our WorldEduminds Learning

FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024Susanna-Assunta Sansone

IMA MSN - Medical Students Network (2).pptxdolaknnilon

毕业文凭制作#回国入职#diploma#degree美国加州州立大学北岭分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#de...ttt fff

Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...Boston Institute of Analytics

Real-Time AI Streaming - AI Max PrincetonTimothy Spann

Student Profile Sample report on improving academic performance by uniting gr...Seán Kennedy

Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster

毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss

原版1:1定制南十字星大学毕业证（SCU毕业证）#文凭成绩单#真实留信学历认证永久存档208367051

Top 5 Best Data Analytics Courses In Queensdataanalyticsqueen03

办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La

Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...ssuserf63bd7

科罗拉多大学波尔得分校毕业证学位证成绩单-可办理e4aez8ss

Kürzlich hochgeladen (20)

Heart Disease Classification Report: A Data Analysis Project

LLMs, LMMs, their Improvement Suggestions and the Path towards AGI

Semantic Shed - Squashing and Squeezing.pptx

Business Analytics using Microsoft Excel

Multiple time frame trading analysis -brianshannon.pdf

ASML's Taxonomy Adventure by Daniel Canter

Learn How Data Science Changes Our World

FAIR, FAIRsharing, FAIR Cookbook and ELIXIR - Sansone SA - Boston 2024

IMA MSN - Medical Students Network (2).pptx

毕业文凭制作#回国入职#diploma#degree美国加州州立大学北岭分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#de...

Decoding the Heart: Student Presentation on Heart Attack Prediction with Data...

Real-Time AI Streaming - AI Max Princeton

Student Profile Sample report on improving academic performance by uniting gr...

Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024

毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree

原版1:1定制南十字星大学毕业证（SCU毕业证）#文凭成绩单#真实留信学历认证永久存档

Top 5 Best Data Analytics Courses In Queens

办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一

Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...

科罗拉多大学波尔得分校毕业证学位证成绩单-可办理

Splunk Spark Integration

1. Splunk Spark Integration Gang Tao

2. About Me • Software Engineer with 15+ Years experience • Now architect working on Data acquisition and Cloud App • Used to be working on BI, ERP and other Enterprise application development • Like data science and open source

3. Splunk'Company'Overview' 3" Company'' •  Global"HQs:"" !  San"Francisco" !  London"" !  Hong"Kong" •  1,800+"employees"globally" •  Annual"Revenue:" $450.9M"(YoY"+49%)" •  NASDAQ:"SPLK" Products' •  Free"trial"to"massive"scale" •  Splunk"products:"" !  Splunk"Enterprise" !  Splunk"Cloud" !  Hunk" !  Splunk"Light" !  Splunk"MINT" !  Premium"SoluWons" Customers'' •  10,000+"customers" •  Across"100"countries" •  Small"to"large" organizaWons" •  More"than"80"of"the" Fortune"100" •  Largest"license:"" !  400+"Terabytes/day"

4. Splunk'–'a'Data'Pla-orm' Mainframe) Data) VMware) Pla0orm)for)Machine)Data) Exchange) PCI)Security) Rela=onal) Databases) Mobile)Forwarders) Syslog)/)) TCP)/)Other) Sensors)&) Control)Systems) Wire)) Data) Mobile)Intel) Splunk'Premium'Apps' Rich'Ecosystem'of'Apps' MINT' ) Splunk － a Machine Data Platform

5. Demo

6. Splunk Technical Stack Presenting Processing Store Acquisition

7. Splunk Deployment Architecture Indexer  store data, transform row data into events and searches the indexed data in response to search requests. Search Head  directs search requests to a set of indexers, merges the results and presents them to the user Forwarder  get data into indexers

8. Splunk VS Open Source

9. Splunk VS Open Source

10. SQL of Machine Data - SPL SPL – Splunk Processing Language SQL *nix Pipe Google Search

11. Extensibility - Splunk App h0p://apps.splunk.com/ Enterprise Security ITSI DB Connect Technology Add-‐ons

12. Why Integration? • Splunk to Spark • Data Ingestion • Unstructure/Semi Structure data Indexing • Data processing with Splunk search • Data Presenting • Spark to Splunk • Powerful computing capability • Machine Learning • Open Source community

13. Solution A

14. Solution B

15. Solution C Indexer Virtual Indexer (Spark) SPL Enhanced Search Command Spark Driver (SPL Parser) Spark Worker Spark Worker Spark Worker

16. Challenges • Avoid big data movement • keep good user experience • Adapt to SPL concept