Search | Discover | Analyze

© 2013 LucidWorks, All Rights Reserved

Introducing the LucidWorks App for Splunk Enterprise

Will HayesChief of Products, LucidWorksDecember 18, 2013

2

• Prior to LW, spent 8 years at Splunk, employee #9ish (held various roles Engineering, Business Development, Solutions)

• 15 years developing data driven apps and solutions

• Proud Search Snob!

Today’s Presenter

Chief of Products at LucidWorks

@iamwillhayes

3

• About LucidWorks

• LucidWorks for Splunk Enterprise Deployment Architecture

• LucidWorks for Splunk Enterprise Overview

• Example Use Cases

• Demo

Agenda

LucidWorks App for Splunk Enterprise

4

Our Mission

Enable Smarter Data Driven Applications Through the Power of Search

5

Techniques such as relevancy, recommendations, result ranking and personalization greatly enhance enterprise and consumer applications:– Consumer Websites– Knowledge Management– Cyber Security– Fraud Detection– Governance and Compliance

Data Driven Applications

Data Driven Applications deliver contextually relevant information when it’s needed

6

• Founded in 2007 to be the go-to-company for Lucene/Solr expertise• 300+ customers (many Fortune 500)• 30% of the Apache Lucene/Solr committers contributing over 50%

of dev• Creators of industry’s first enterprise grade search product built on

Lucene/Solr

Who is LucidWorks?

Commercializing and Extending Industry Leading Open Source Search

100’s of Billionsof documents

searched

4,000+Enterprise

applications

200%Growth in

recurring revenue

7

What is LucidWorks Search?

Most comprehensive enterprise search built on an Open Core

+

+High-Performance Indexing | Powerful, Accurate & Efficient Search AlgorithmsRanked & Field searchingFlexible faceting, highlighting, joins and result groupingPluggable ranking models

Advanced Full-Text Search CapabilitiesOptimized for High Volume Web TrafficStandards Based Open Interfaces - XML, JSON and HTTPComprehensive HTML Administration InterfacesServer statistics exposed over JMX for monitoringLinearly scalable

Entity ExtractionUser Interface for customizationConnectors & CrawlersCluster installerBusiness RulesRelevancy WorkbenchTime to Value

LuceneAll built on Java

8

60k - 100k downloads per month

Over 300,000 production deployments

What is Lucene/Solr

is a library that delivers robust full-text indexing for

unstructured data

provides a search server exposing a variety of features and APIs:

• Distributed shared architecture with real time replication

• Most advanced querying capability for both structured and unstructured data

9

The Solr Data Store provides:– Distributed shared architecture with real time replication

– Schemaless support and incremental field updates

– Schema updates without re-indexing

– Most advanced querying capability for both structured and unstructured data

Fully Indexed and Searchable NoSQL Store

The Search First NoSQL store

10

Reference Architecture

SystemManagem

ent

Installation

Administration

Monitoring

Configuration Mgt.

Service Management

Data Management

ZooKeeperMapRSearch

IndexesSearch Logs

Big Data File System

› Analytics› Classification/Machine Learning› Natural Language Processing› Key Workflows (bulk loading, log analysis, common

metrics)

Search – Discovery – Analytics EngineContentAcquisitio

n

Enterprise Repository

Social Media

MongoDB

Databases

HDFS

Cloud

Push

Uniform REST API

11

What is Splunk?

The Platform for Operational Intelligence

12

Reference Architecture

The best of both worlds

LucidWorks App for Splunk Enterprise Search logs collected from lws server

Perf counters Collected using REST

Reports generated leveraging data from Splunk + LucidWorks/Solr

13

The LucidWorks App for Splunk Enterprise

Multidimensional Data Analytics and Document Search for Splunk

Solr MonitorMonitor the health, availability and resource utilization Solr deployments with pre-defined data inputs, dashboards and reports.

Search AnalyticsPerform user behavior and search usage analysis with pre-built search analytics reports and field extractions.

NoSQL Data Joins and Document Search

Splunk’s lookup facility, enrich your Splunk reports with data of any structure using Solr’s fully indexed and searchable NoSQL-datastore.

Multi-Dimensional Data AnalysisJoin Splunk data with multiple

unstructured data sources stored in Solr at search time for developing powerful

data driven applications.

14

Solr Monitor

15

Solr Monitor

16

Solr Monitor

17

Solr Monitor

18

User Behavior - Search Analytics

19

Corporate Compliance – Multidimensional Analysis

Web Access Logs in Splunk show search

Correlation and Enrichment Powered by LucidWorks

20

Document Search - E-mail Messages and Attachments

21

Demo

Demo!

22

• Visit the Solr Marketplace: – lucidworks.com/marketplace

• Request a detailed demo:– Eric.mitchell@lucidworks.com– 650-353-4057 x171

Take the Next Step

@LucidWorks LucidWorks.com/facebook