Copyright©2016SplunkInc.

GettingStartedwithSplunkEnterprise

KellyKitagawaSplunkSalesEngineerkkitagawa@splunk.com

BrucePennSplunkSr.SalesEngineerbpenn@splunk.com

2

Agenda1. Splunk Overview2. UsingSplunk(LiveDemonstration/Walkthrough)3. SplunkDeploymentArchitecture4. SplunkCommunities5. Q&A

3

Whatismachinedata?Challenges: Volume | Velocity | Variety | Variability

GPS,RFID,

Hypervisor,WebServers,

Email,Messaging,Clickstreams,Mobile,

Telephony,IVR,Databases,Sensors,Telematics,Storage,

Servers,SecurityDevices,Desktops3

Splunk’sMission:Making machinedataaccessible,usableandvaluabletoeveryone.

4

WhatDoesMachineDataLookLike?Sources

OrderProcessing

Twitter

CareIVR

MiddlewareError

5

MachineDataContainsCriticalInsightsCustomerID OrderID

Customer’sTweet

TimeWaitingOnHold

TwitterID

ProductID

Company’sTwitterID

CustomerIDOrderID

CustomerID

Sources

OrderProcessing

Twitter

CareIVR

MiddlewareError

6

SplunkUnlocksCriticalInsightsOrderID

Customer’sTweet

TimeWaitingOnHold

ProductID

Company’sTwitterID

OrderID

CustomerID

TwitterID

CustomerID

CustomerID

Sources

OrderProcessing

Twitter

CareIVR

MiddlewareError

7

THEIndustryLeadingPlatformForMachineData

MachineData:AnyLocation,Type,Volume

OnlineServices Web

Services

ServersSecurity GPS

Location

StorageDesktops

Networks

PackagedApplications

CustomApplicationsMessaging

TelecomsOnline

ShoppingCart

WebClickstreams

Databases

EnergyMeters

CallDetailRecords

SmartphonesandDevices

RFID

On-Premises

PrivateCloud

PublicCloud

PlatformSupport(Apps/API/SDKs)

EnterpriseScalability

UniversalIndexing

AnswerAnyQuestion

DeveloperPlatform

Reportand

analyze

Customdashboards

Monitorandalert

Adhocsearch

NobackenddatabaseSchema-on-the-flyNoneedtofilterdataFasttimetovalueAgilereportingandanalyticsReal-timearchitecture

8

TheSplunkPortfolio

PlatformforOperationalIntelligence

RichEcosystemofApps&Add-Ons

SplunkPremiumSolutions

MainframeData

RelationalDatabasesMobileForwarders Syslog/TCP IoT

DevicesNetworkWireData

Hadoop

PacketAnalysis(WireData)

- AppResponseTime- Detectunauthorizedaccess

MobileApplicationPerformanceManagement(APM)

- AppCrashes- UserExperience

PlaceSplunksearch&analyticsontopofHadoop/noSQL

cluster

Import&CorrelateexternalDBdata- 3rd partytools

- EnrichdataalreadyinSplunk

Installing&UsingSplunk

(LiveDemonstration&Walkthrough)

10

WhatWeAreGoingtoCoverInstalling&OnboardDataSearching

topraretimechartstatsiplocation

DashboardsAlerting

1.

2.

3.

4.

11

1. DownloadSplunkEnterprisehttps://www.splunk.com/en_us/download-21.html

– OrGoogle“Splunkdownload”->DownloadSplunkEnterprise

2. DownloadSplunkTutorialData– tutorialdata.ziphttp://docs.splunk.com/images/Tutorial/tutorialdata.zip

– OrGoogle“Splunktutorialdata”->Loadthetutorialdata

DownloadingSplunk Enterprise+TutorialData

12

StartSplunkfrombindirectoryLogintoSplunk – http://127.0.0.1:8000– username=adminpassword=changeme

Addthetutorialdata.zip intotoSplunk– ClickSettings– Click AddData– ClickUploadfilesfrommycomputer.– Draganddropyoursampledatazipfile.– ReviewandFinish.

GettingDataintoSplunk

Wewillimportsampleweb

ecommercestoreevents

Let’sgetourhandsdirty!

14

SearchesUsed• index=buttercupgames status=4*• index=buttercupgames status!=200|top limit=20status• index=buttercupgames status!=200|timechart count• index=buttercupgames status!=200|stats countbystatus|wherecount>700

• index=buttercupgames status!=200|stats countsparkline byuri_path

15

SearchesUsedCont’d

• index=buttercupgames status=200|iplocation clientip

|geostats countbyCity

• index=buttercupgames action=purchase|stats count

• index=buttercupgames action=purchase|timechart count

|predict countaspredictedCount

Tip: Usethe“|history”commandtoseeprevioussearchesused

Deployments&Architecture

17

SingleInstanceorDistributed?

Singleenvironment DistributedEnvironment

RecommendedSpecs:6X2CoreCPUs/12GBRAM/800+

IOPs

ASplunkinstallcanbeoneorallroles…

Forwarders

Indexer

Search Head

18

ScalestoHundredsofTBs/DayEnterprise-classScale,ResilienceandInteroperability

CollectmachinedatafromthousandssourcesviaSplunkforwarders

CompressandstoredataonSplunkIndexers

InitiatesearchesandvisualizeresultsviaSearchHeads

Forwarders

Indexer

Search Head

19

Scalability&HighAvailability

ForwardersloadbalanceacrossIndexers

Indexeddatacanbereplicatedacrosspeersanddifferentphysicalsites

SearchHeadscanbeclustered toeliminatesinglepointoffailureandhandlelargesearchloads

20

Over1,200Apps@http://splunkbase.splunk.com

20

21

TimetostartSPLUNKING!!!• Documentation

– http://www.splunk.com/base/Documentation• TechnicalSupport

– http://www.splunk.com/support• Videos

– http://www.splunk.com/videos• Education

– http://education.splunk.com• Community

– http://answers.splunk.com• SplunkBook

– http://splunkbook.com

WheredoIgoforhelp?

22

ThankYou!

Copyright©2015SplunkInc.

• 5,000+ITandBusinessProfessionals• 175+Sessions• 80+CustomerSpeakers

PLUSSplunk University• Threedays:Sept23-25,2017• GetSplunk CertifiedforFREE!• GetCPEcreditsforCISSP,CAP,SSCP

SEPT25-28,2017WalterE.WashingtonConventionCenterWashington,D.C.CONF.SPLUNK.COM

The8th AnnualSplunkWorldwideUsers’Conference