splunk> overview - magellan-net.de · splunk 3.0 announces first service provider: bt 350...
TRANSCRIPT
![Page 1: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/1.jpg)
Splunk> Overview Michele Besecke [email protected]
![Page 2: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/2.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Agenda
Wer ist Splunk?
Warum Splunk?
Was ist Splunk?
Architektur & Integration Universal Indexing erklärt
2
![Page 3: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/3.jpg)
Wer ist Splunk?
![Page 4: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/4.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Unternehmensdaten
4
Gründung 2004
Firmensitz San Francisco, CA
Mitarbeiter 430++ (Nov. ‘2011)
Niederlassungen Nordamerika, EMEA, APAC
Kunden 3.200++
Anwender 100.000 in 78 Ländern
![Page 5: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/5.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Meilensteine
5
2005 2006 2007 2008 2009 2010 2011 2012 . . . .
Splunk 3.0
Announces first
service provider: BT
350 customers
150.000 downloads
Beta Release
20.000 downloads
Splunk 4.0
1.000+ customers
350.000+ downloads
Splunk 4.2 /4.3 Beta
Realtime Altering
3.000+ customers
800.000+ downloads
Splunk 1.0 / 2.0
First OEM: CISCO
150 customers
75.000 downloads
Splunk SDK / Apps
APAC/ EMEA
Expension
900 customers
300.000 downloads
Splunk 4.1
Realtime Monitoring
2.000 customers
600.000 downloads
![Page 6: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/6.jpg)
Warum Splunk?
![Page 7: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/7.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk’s Mission
Sammeln, Indexieren und nutzen Ihre Maschinen
erzeugten IT-Daten,
zur Indentifizierung von Problemen, Risiken und
Chancen
um bessere Entscheidungen für IT und Business
zu treffen
![Page 8: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/8.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
einheitliche Anforderung – unterschiedliche Lösungen…
8
Applikations Databases Machines Network/Devices Client/Desktop Web
App Management DB Management Systems Management Network Management Analytics
Unterschiedlichste Monitoring- und Analysewerkzeuge
![Page 9: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/9.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
…eine Lösung die Ihre Daten korreliert…
9
Applikations Databases Machines Network/Devices Client/Desktop Web
App Management DB Management Systems Management Network Management Analytics
![Page 10: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/10.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
• Web logs • Log4J, JMS, JMX • .NET events • Code and scripts
• Configurations • syslog • SNMP • netflow
• Configurations • Audit/query logs • Tables • Schemas
• Hypervisor • Guest OS, Apps • Cloud
• Configurations • syslog • File system • ps, iostat, top
• Registry • Event logs • File system • sysinternals
Logfiles Configs Messages Traps Alerts
Metrics Scripts Tickets Changes
Linux/Unix Windows Networking Databases Applications Virtualization
& Cloud
• Click-stream data • Shopping cart data • Online transaction
data
Customer Facing Data
Outside the Datacenter
• Manufacturing, logistics…
• CDRs & IPDRs • Power consumption • RFID data • GPS data
Kein Schema keine Adapter keine Datenbank
Splunk: Engine for Machine Data
![Page 11: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/11.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
zentrale Sammlung aller relevanten Daten
11
![Page 12: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/12.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk: Operational Intelligence
12
![Page 13: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/13.jpg)
Was ist Splunk?
![Page 14: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/14.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk Summary
14
Einzelsystem für Maschinendaten Analyse – Ein Security-Information-Management System, das:
Alle ASCII Daten sammelt
Skaliert bis zu Terabytes von Daten pro Tag
Alertings basierend auf Echtzeit- und historischen Daten
– Unterstützt Security-Event-Management mit Korrelation der Daten:
Korrelieren Informationen zwischen / über Datentypen hinweg (Splunk Common Information Model - CIM)
![Page 15: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/15.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk Summary (2)
15
Einzelsystem für Maschinendaten Analyse – Suchen können nach einem Zeitplan ausgeführt werden, präsentieren Sie
die Ergebnisse in Reports und/ oder Dashboards
– Unterstuetzt rollen-basierte Zugriffskontrolle (nach Daten, Suchen und Dashboard’s)
– On-demand content from Splunkbase.com
![Page 16: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/16.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Unsere Kunden in D.A.CH - Auszug
16
![Page 17: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/17.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Was ist Splunk nun genau?
“Google” für Ihre relevanten Daten
Splunk bietet Transparenz & Erkenntnisse über alle betrieblichen Prozessen (IT+Business) hinweg in Echtzeit
17
Software –Download und Installation in 5 Min.
Splunk liefert in Ihrer gesamten (IT-)Infrastruktur für vielfältige Zwecke einen signifikanten Mehrwert
![Page 18: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/18.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Zentralisiert Daten aus allen Systemen
18
Indexing/Search Server
Splunk Forwarders
Universal Forwarder sendet Daten in Splunk
von entfernten Systemen
Verbraucht minimale Systemressourcen
(1%-2%)
Liefert sichere, verteilte, und universelle Daten
von tausenden Endpunkten
![Page 19: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/19.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Skaliert auf TB’ pro Tag und tausende Anwender
19
Automatisiertes Load-Balancing skaliert Indexierung linear
Verteilte Suchen und MapReduce skalieren Suchen und Berichte linear
![Page 20: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/20.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Early Binding vs. No Binding
20
RDBMS Pars
e
Tran
sfo
rm
SQL
Logformate ändern sich
Informationen können verloren gehen
Hoher Managementaufwand
Early Binding:
X
![Page 21: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/21.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Early Binding vs. No Binding
21
Dateisystem Pars
e
Ind
ex
Logformate ändern sich
Informationen gehen nicht verloren
Geringer Managementaufwand
No Binding:
![Page 22: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/22.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Splunk – bewehrter Ablauf
Jeder mit einem Zeitstempel versehen ASCII-Text
Mit Hilfe der ‘beyond Boolean’ Suchsprache
Verwenden Sie Meta-Daten, um organisatorische Daten für Event
Kontext hinzuzufügen
Kombinieren Sie Anwendungs-Performance-Daten und Security-
Daten zur Risikominderung
Individuelle Suchen und anpassbare Dashboards und
Metriken für die kontinuierliche Überwachung
Monitoring der Daten in Echtzeit / operative Suchen und Alerts
![Page 23: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/23.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Integration von Anwendern und Rollen Integriert Authentifizierung mit LDAP und Active Directory.
23
Problem Investigation Problem Investigation Problem Investigation
Save Searches
Share Searches
LDAP, AD Anwender und Gruppen
Splunk Flexible Rollen
Manage Users
Manage Indexes
Fähigkeiten & Filter
NOT tag=PCI
App=ERP …
Teilen Sie LDAP & AD Gruppen flexiblen Splunk Rollen zu. Geben Sie Suchen als Filter an
![Page 24: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/24.jpg)
Architektur und Integration
![Page 25: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/25.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Eine Splunk Installation kann eine oder alle Funktionen abbilden…
Splunk – Vier primäre Funktionen
Indexing und Search Services (Indexer)
Lokales & verteiltes Management (Deployment Server)
Datensammlung und Weiterleitung (Forwarder)
Search und Reporting (Search Head)
![Page 26: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/26.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Horizontale Skalierbarkeit Lastverteilte Suchen und Indexierung für gewaltige Skalierungen
27
Forwarder Auto Load Balancing
Verteilte Suchen
![Page 27: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/27.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Datenredundanz Klonen der Daten in multiple Indexer um Single Point Fehler zu eliminieren.
28
Klonen der Daten
Weiterleitung an Data Repository
Aktiv Standby
![Page 28: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/28.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
High Availability
29
Kombiniert Lastverteilung und Klonen um HA in jeder Splunk Schicht sicher zu stellen.
Klonen der Daten & Lastverteilung
Verteilte Suchen Verteilte Suchen
Klon-Gruppe 2 : Kompletter Datensatz
Shared Storage
Klon-Gruppe 1 : Kompletter Datensatz
![Page 29: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/29.jpg)
Universal Indexing Explained
![Page 30: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/30.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Inside Universal Indexing
31
…ermöglicht akkurate Suchen und Trends über sämtliche Daten
Automatisierte Ereignisabgrenzung
Automatisierte Erkennung der Zeitstempel
![Page 31: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/31.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Inside Universal Indexing
32
...ermöglicht Bollean Suchen auf jedem Ausdruck im Originalereignis
Segmentierung & und genaue Indexierung jedes Ausdrucks
![Page 32: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/32.jpg)
Copyright © 2011, Splunk Inc. Listen to your data.
Extraktion von Wissen zur Suchzeit
33
Anwenderdefinierte Felder
Autamtisiert erkannte Felder
…ermöglichen statistische und präzise Suchen innerhalb jeden Feldes
![Page 33: Splunk> Overview - magellan-net.de · Splunk 3.0 Announces first service provider: BT 350 customers 150.000 downloads Beta Release 20.000 downloads Splunk 4.0 Realtime 3.000+ customers](https://reader030.vdocuments.pub/reader030/viewer/2022040418/5d677d1a88c993d5408ba66a/html5/thumbnails/33.jpg)
Live Demo