Getting Started with Splunk Hands-on

Preview:

Click to see full reader

Citation preview

Copyright©2016SplunkInc.

GettingStartedwithSplunkEnterprise

KellyKitagawaSplunkSalesEngineerkkitagawa@splunk.com

BrucePennSplunkSr.SalesEngineerbpenn@splunk.com

2

Agenda1. Splunk Overview2. UsingSplunk(LiveDemonstration/Walkthrough)3. SplunkDeploymentArchitecture4. SplunkCommunities5. Q&A

3

Whatismachinedata?Challenges: Volume | Velocity | Variety | Variability

GPS,RFID,

Hypervisor,WebServers,

Email,Messaging,Clickstreams,Mobile,

Telephony,IVR,Databases,Sensors,Telematics,Storage,

Servers,SecurityDevices,Desktops3

Splunk’sMission:Making machinedataaccessible,usableandvaluabletoeveryone.

4

WhatDoesMachineDataLookLike?Sources

OrderProcessing

Twitter

CareIVR

MiddlewareError

5

MachineDataContainsCriticalInsightsCustomerID OrderID

Customer’sTweet

TimeWaitingOnHold

TwitterID

ProductID

Company’sTwitterID

CustomerIDOrderID

CustomerID

Sources

OrderProcessing

Twitter

CareIVR

MiddlewareError

6

SplunkUnlocksCriticalInsightsOrderID

Customer’sTweet

TimeWaitingOnHold

ProductID

Company’sTwitterID

OrderID

CustomerID

TwitterID

CustomerID

CustomerID

Sources

OrderProcessing

Twitter

CareIVR

MiddlewareError

7

THEIndustryLeadingPlatformForMachineData

MachineData:AnyLocation,Type,Volume

OnlineServices Web

Services

ServersSecurity GPS

Location

StorageDesktops

Networks

PackagedApplications

CustomApplicationsMessaging

TelecomsOnline

ShoppingCart

WebClickstreams

Databases

EnergyMeters

CallDetailRecords

SmartphonesandDevices

RFID

On-Premises

PrivateCloud

PublicCloud

PlatformSupport(Apps/API/SDKs)

EnterpriseScalability

UniversalIndexing

AnswerAnyQuestion

DeveloperPlatform

Reportand

analyze

Customdashboards

Monitorandalert

Adhocsearch

NobackenddatabaseSchema-on-the-flyNoneedtofilterdataFasttimetovalueAgilereportingandanalyticsReal-timearchitecture

8

TheSplunkPortfolio

PlatformforOperationalIntelligence

RichEcosystemofApps&Add-Ons

SplunkPremiumSolutions

MainframeData

RelationalDatabasesMobileForwarders Syslog/TCP IoT

DevicesNetworkWireData

Hadoop

PacketAnalysis(WireData)

- AppResponseTime- Detectunauthorizedaccess

MobileApplicationPerformanceManagement(APM)

- AppCrashes- UserExperience

PlaceSplunksearch&analyticsontopofHadoop/noSQL

cluster

Import&CorrelateexternalDBdata- 3rd partytools

- EnrichdataalreadyinSplunk

Installing&UsingSplunk

(LiveDemonstration&Walkthrough)

10

WhatWeAreGoingtoCoverInstalling&OnboardDataSearching

topraretimechartstatsiplocation

DashboardsAlerting

1.

2.

3.

4.

11

1. DownloadSplunkEnterprisehttps://www.splunk.com/en_us/download-21.html

– OrGoogle“Splunkdownload”->DownloadSplunkEnterprise

2. DownloadSplunkTutorialData– tutorialdata.ziphttp://docs.splunk.com/images/Tutorial/tutorialdata.zip

– OrGoogle“Splunktutorialdata”->Loadthetutorialdata

DownloadingSplunk Enterprise+TutorialData

12

StartSplunkfrombindirectoryLogintoSplunk – http://127.0.0.1:8000– username=adminpassword=changeme

Addthetutorialdata.zip intotoSplunk– ClickSettings– Click AddData– ClickUploadfilesfrommycomputer.– Draganddropyoursampledatazipfile.– ReviewandFinish.

GettingDataintoSplunk

Wewillimportsampleweb

ecommercestoreevents

Let’sgetourhandsdirty!

14

SearchesUsed• index=buttercupgames status=4*• index=buttercupgames status!=200|top limit=20status• index=buttercupgames status!=200|timechart count• index=buttercupgames status!=200|stats countbystatus|wherecount>700

• index=buttercupgames status!=200|stats countsparkline byuri_path

15

SearchesUsedCont’d

• index=buttercupgames status=200|iplocation clientip

|geostats countbyCity

• index=buttercupgames action=purchase|stats count

• index=buttercupgames action=purchase|timechart count

|predict countaspredictedCount

Tip: Usethe“|history”commandtoseeprevioussearchesused

Deployments&Architecture

17

SingleInstanceorDistributed?

Singleenvironment DistributedEnvironment

RecommendedSpecs:6X2CoreCPUs/12GBRAM/800+

IOPs

ASplunkinstallcanbeoneorallroles…

Forwarders

Indexer

Search Head

18

ScalestoHundredsofTBs/DayEnterprise-classScale,ResilienceandInteroperability

CollectmachinedatafromthousandssourcesviaSplunkforwarders

CompressandstoredataonSplunkIndexers

InitiatesearchesandvisualizeresultsviaSearchHeads

Forwarders

Indexer

Search Head

19

Scalability&HighAvailability

ForwardersloadbalanceacrossIndexers

Indexeddatacanbereplicatedacrosspeersanddifferentphysicalsites

SearchHeadscanbeclustered toeliminatesinglepointoffailureandhandlelargesearchloads

20

Over1,200Apps@http://splunkbase.splunk.com

20

21

TimetostartSPLUNKING!!!• Documentation

– http://www.splunk.com/base/Documentation• TechnicalSupport

– http://www.splunk.com/support• Videos

– http://www.splunk.com/videos• Education

– http://education.splunk.com• Community

– http://answers.splunk.com• SplunkBook

– http://splunkbook.com

WheredoIgoforhelp?

22

ThankYou!

Copyright©2015SplunkInc.

• 5,000+ITandBusinessProfessionals• 175+Sessions• 80+CustomerSpeakers

PLUSSplunk University• Threedays:Sept23-25,2017• GetSplunk CertifiedforFREE!• GetCPEcreditsforCISSP,CAP,SSCP

SEPT25-28,2017WalterE.WashingtonConventionCenterWashington,D.C.CONF.SPLUNK.COM

The8th AnnualSplunkWorldwideUsers’Conference

Recommended

Getting Started with Instructional Design a Hands-on Approach
Documents
Referent / Redner Benjamin Tiggemann · 2015-07-08 · Splunk for Exchange Splunk for Enterprise Security* Splunk for Vmware Splunk for PCI Compliance* Splunk for Windows Splunk for
Documents
SplunkingYour Mobile Apps - .conf19 | Splunk · Introducing Splunk for Mobile Intelligence (Splunk MINT) Deploying Splunk MINT – Intro to SDKs – Getting Started Using Splunk MINT
Documents
Splunk-Live,Korea, - Bluewins.combluewins.com/.../2014/11/SplunkLiveKorea-Splunk-Hands-On-v1.0.0.pdf · 2.,스플렁크,설치하기, 다운로드, • , • IëQù J vé Î 6 h F¨
Documents
Splunk For IT Operational Intelligenceuploads.integrity360.com/1425903243-Splunk-for-IT-Operations.pdf · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper
Documents
Getting Started with Splunk Hands-on
Technology
Services Director v18.3 Splunk Deployment Guide...Getting Started Guide. Instructions for the installation and initial configuration of Splunk are not included. Refer to the relevant
Documents
Splunk For IT Operational Intelligence · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper V –Splunk App for Microsoft Exchange –Splunk App for Active
Documents
About Intellipaat€¦ · 19. Getting Started with Parsing 20. Using Pivot 21. Common Information Model (CIM) Add-On Splunk Administration 1. Overview of Splunk 2. Splunk Installation
Documents
Behind the Magnifying Glass€¦ · jchampagne@splunk.com Started with Splunk in the fall of 2014 Member of the Splunk Architecture Council Former Splunk customer in the Financial
Documents
It all started with us holding hands
Art & Photos
Splunk Enterprise for InfoSec Hands-On
Technology
Chapter 1: Splunk Getting Started - packtpub.com · Splunk Report: SnameS The scheduled report 'SnameS' has run sesrcr„ Learn Cancel Save Link to Report Search String C) Attach
Documents
Security Hands-on @ Pavilion - .conf20 | Splunk · Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly Feagans | Sales Engineering September
Documents
Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created
Documents
Threat Hunting with Splunk Hands-on
Technology
Getting Started With Splunk MINT
Documents
Hands-On Workshop: Getting Started Using S32 Design Studio
Documents
Big Data Lab 5 Using Splunk Software...Part 2: Getting started with Splunk Enterprise Navigating Splunk Web This topic discusses navigating the different views in Splunk Web. About
Documents
Agency Chargeback Models to Enable Enterprise Splunk ......Workshops: Get Splunk Hands -on Experience Attend a Splunk Workshop Upcoming Schedule December 1: Introduction to Splunk
Documents