high-performance splunk on emc scale-out storage, cisco usc and vmware
Post on 20-Nov-2014
421 Views
Preview:
DESCRIPTION
TRANSCRIPT
High-performance Splunk onEMC Scale-Out Storage,Cisco USC and VMware
Jonas Roslandjonas.rosland@emc.com@virtualswede
Solutions Architect, EMC Office of the CTO
Co-sponsored by Intel®
Cisco Confidential 2© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
What is Splunk?
Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Engine for Collecting, Indexing, Analyzing, and Visualizing: Machine Data Logs Application Queues Records (Billing, Call Detail, Events) Click Streams Performance Metrics Packet Data
What is Splunk?
Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Better understanding of your environment to drive decisions
Search and Visualization Tools analyze data(Question Focused Data Set)
Automated Reporting
Why use Splunk?
Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Splunk indexers receive data from various sources
Those indexes are then searchable
For increased performance and scalability multiple Indexers can be deployed
A Search Head searches through all servers for specific data in an index
Clients connect to a Search Head for searching
How do you leverage Splunk?
Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Why Cisco together with EMC and VMware for Splunk?
Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Indexes are divided into different pieces: Hot – Newly indexed data, open for writing, searchable Warm – Data rolled from hot, searchable Cold – Data rolled from warm, searchable Frozen – Data rolled from cold, unsearchable, usually deleted or
archived Thawed – Restored Frozen data, searchable
Splunk handles ILM well
Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Indexes are divided into different storage solutions: Hot & Warm – Put on Cisco UCS servers with EMC ScaleIO, seen as
”Hot Edge” in 3rd platform, usually up to 10 – 100 TB. Cold, Frozen & Thawed – Put on EMC Isilon, seen as ”Cold Core”, for
longer keeping of data, up to PBs or EBs, up to you!
Customers will benefit from Splunk’s ILM
Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Example deployment of Splunk with Cisco UCS, EMC ScaleIO and Isilon
Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
As indexes are divided into different storage solutions, so are the performance and cost tiers
Scale-out storage architectures gives more control over the collected data without sacrificing the simplicity of Splunk
SPOF in Splunk are minimized as storage is spread over multiple nodes instead of standard DAS deployments
Storage teams can be given control over Splunk storage, server/Splunk admins need not to worry anymore (also called going home at 5PM)
Customer benefits of this solution
Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Splunk is usually deployed on bare metal servers
Customers can benefit from consolidating these into virtual servers
Customers just need to make sure that they set the virtual hardware to be properly sized for their Splunk environment
With VMware, we also remove a large Splunk SPOF which is the bare metal server itself
Benefits of using VMware for Splunk
Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Whitepaper: https://community.emc.com/docs/DOC-34096
Performance metrics: http://purevirtual.eu/2014/01/28/splunk-on-vmware-and-emc-scaleio
-a-quick-index-performance-test/
Documentation available!
Questions and/or comments?
Send them to:
Jonas Roslandjonas.rosland@emc.com@virtualswede
Thank you.
Co-sponsored by Intel®
top related