splunklive auckland - operational intelligence
TRANSCRIPT
Copyright © 2015 Splunk Inc.
Delivering New Visibility and AnalyCcs for IT OperaCons Naman Joshi – Snr Sales Engineer
Copyright © 2015 Splunk Inc.
Agenda
• IntroducCon
• Splunk for IT OperaCons
• App Showcase & Demo
• Splunk for Service Intelligence & Demo
2
Copyright © 2015 Splunk Inc.
Who Am I
• Naman Joshi – Senior Sales Engineer @ Splunk
• Have sat where you all are siOng now!
• Used to be a customer at an Investment Bank in Sydney
• Built a Splunk As A Service offering
• Here to show you the Power of Splunk!
3
Copyright © 2015 Splunk Inc.
CIO Obstacle: EscalaCng IT Complexity
4
SERVERS STORAGE NETWORKING
VIRTUALIZATION
INFRASTRUCTURE APPLICATIONS
PACKAGED APPLICATIONS
CUSTOM APPLICATIONS
IdenCty
VPN
IP Phone
HR
Finance
App Svr
DB
Web Svr SaaS/PaaS
IaaS
Copyright © 2015 Splunk Inc.
CIO Obstacle: EscalaCng IT Complexity
5
SERVERS STORAGE NETWORKING
VITUALIZATION
INFRASTRUCTURE APPLICATIONS
PACKAGED APPLICATIONS
CUSTOM APPLICATIONS
IdenCty
VPN
IP Phone
HR
Finance
App Svr
DB
Web Svr SaaS/PaaS
IaaS
Complex, silo-‐based technologies
Disconnected and outdated point soluCons
Over 70% of Cme spent on maintaining, not innovaCng
Copyright © 2015 Splunk Inc. 6
Copyright © 2015 Splunk Inc.
Splunk : The Befer Approach For IT
7
Customer Facing Data
Outside the Datacenter
Applica7ons Web logs Log4J, JMS, JMX .NET events Code and scripts
Networking ConfiguraCons syslog SNMP neilow
Databases ConfiguraCons Audit/query logs
Tables Schemas
Virtualiza7on & Cloud Hypervisor Guest OS, Apps Cloud
Linux/Unix ConfiguraCons syslog File system ps, iostat, top
Windows Registry Event logs File system sysinternals
Logfiles Configs Messages Traps Alerts
Metrics Scripts Tickets Changes
Click-‐stream data Shopping cart data Online transacCon data
Manufacturing, logisCcs…
CDRs & IPDRs Power consumpCon RFID data GPS data
Powerful, end-‐to-‐end, real-‐Cme plaiorm for Machine Data
Copyright © 2015 Splunk Inc.
Splunk : The Befer Approach For IT
8
Customer Facing Data
Outside the Datacenter
Applica7ons Web logs Log4J, JMS, JMX .NET events Code and scripts
Networking ConfiguraCons syslog SNMP neilow
Databases ConfiguraCons Audit/query logs
Tables Schemas
Virtualiza7on & Cloud Hypervisor Guest OS, Apps Cloud
Linux/Unix ConfiguraCons syslog File system ps, iostat, top
Windows Registry Event logs File system sysinternals
Logfiles Configs Messages Traps Alerts
Metrics Scripts Tickets Changes
Click-‐stream data Shopping cart data Online transacCon data
Manufacturing, logisCcs…
CDRs & IPDRs Power consumpCon RFID data GPS data
Powerful, end-‐to-‐end, real-‐Cme plaiorm for Machine Data
No upfront schema No custom connectors No RDBMS
• Any amount, any locaCon, any source.
Copyright © 2015 Splunk Inc.
Ingests Data From Heterogeneous Data Sources Agent and Agent-‐less Approach for Flexibility
perf
shell code
Mounted File Systems \\hostname\mount
syslog TCP/UDP
Event Logs Performance
Ac7ve Directory
syslog hosts and network devices
Unix, Linux and Windows hosts
Custom apps and scripted API connec7ons
Local File Monitoring log filesconfig files
dumps and trace files
Windows Inputs Event Logs
performance counters registry monitoring
Ac@ve Directory monitoring
virtual host
Windows
Scripted Inputs shell scripts custom parsers batch loading
Agent-‐less Data Input Splunk Forwarder
Mainframes *nix
Copyright © 2015 Splunk Inc.
Splunk Enables the Connected Datacenter
10
SERVER, STORAGE, NETWORKING
VIRTUALIZATION
INFRASTRUCTURE APPLICATIONS
PACKAGED APPLICATIONS
CUSTOM APPLICATIONS
CLOUD SERVICES
Opera7onal Visibility Gain operaConal visibility to make befer-‐informed IT decisions.
Proac7ve Monitoring Monitor infrastructure to idenCfy issues, problems and afacks before they impact your customers and services.
Search and Inves7ga7on Find and fix problems across the organizaCon using machine data.
Business Insights Gain real-‐Cme insight from your machine data to make befer-‐informed business decisions.
Copyright © 2015 Splunk Inc.
Splunk DifferenCators
11
Capture, retain, correlate and analyze ALL data Reduced MTTR
From proacCve monitoring to correlaCon and operaConal analyCcs Improved user experience
Index data once for mulCple uses: capacity planning, help desk support, security, troubleshooCng, audit, SLA reporCng, change tracking
Reduced costs
Scale to handle the largest, most complex datacenters Greater
producCvity
Universal Machine Data PlaPorm
Fast Time-‐to-‐value
Scales from Desktop to Enterprise
Real-‐7me Architecture
Copyright © 2015 Splunk Inc. 12
Copyright © 2015 Splunk Inc.
DramaCc Results, Rapid ROI
13
200% ROI Usage Analy7cs
200% ROI BeVer Customer Experience
90% reduc7on in 7me to track deliveries
MTTR (-‐70%) Tools Consolida7on
Copyright © 2015 Splunk Inc.
Increasing Enterprise Growth
Delivering Business SoluCons
AnalyCcs and Business
Intelligence
Improve Customer Experience
Splunk Delivers on Top CIO PrioriCes
“Splunk is at the heart of CloudShare’s business. We use Splunk to get visibility into customer behavior and drive business growth“
Elad GoPrid, Director of IT Amit Sehgal, Performance and Scalability Engineer
“Splunk lets us quickly correlate and debug performance issues so we can track our criCcal SLAs in pre-‐producCon and double our velocity”
“Splunk delivered execuCve dashboards showing acCvaCons by minute, by channel, by market, by device type in hours, not weeks or months” Ty Prinkki, Senior OperaCons Manager
“Splunk tracks any interference with customer experience on our website and proacCvely finds under performing components” Jon Abend
14
Copyright © 2015 Splunk Inc.
Splunk Apps Accelerate Insight
Copyright © 2015 Splunk Inc.
Splunk : Plaiorm For IT OperaConal Intelligence
16
Plug-‐Ins, Templates and Apps Accelerate Value From Machine Data
No rigid schemas– Add in data from any other source.
API SDKs UI
Server, Storage, Network
Server Virtualization
Operating Systems
Custom Applications
Business Applications
Cloud Services
App Performance Monitoring Ticketing/ and Other
Web Intelligence
Mobile Applications
Stream
Copyright © 2015 Splunk Inc.
Apps Provide Deep Insights By Role Find and resolve problems fast in individual technology areas
Exchange Admin
Service Health Performance
Message tracking
VMware/Win/Linux Admin
Infrastructure Health Performance
Anomalies/Outliers
Storage Admin
Infrastructure Health Performance
Anomalies/Outliers
17
Copyright © 2015 Splunk Inc.
End to End CorrelaCon With Splunk Enterprise Reduce Costs: Consolidate tools, eliminate silos, find root cause faster!
Exchange Admin
Linux/Win Admin Network Admin ApplicaCons
Admin Line of
Business User
ApplicaCon Support
VMware/Linux/ Win Admin
Security Admin Storage Admin IT
Management
18
Copyright © 2015 Splunk Inc.
Powerful Cross-‐Tier OperaConal AnalyCcs Harness IT data for business decision-‐making
Data driven decisions across the enterprise
Forecas7ng and planning
Root cause analysis
Proac7ve aler7ng
User/Usage analy7cs
Change monitoring
Security and forensics
19
Copyright © 2015 Splunk Inc.
Splunk For Infrastructure & Business ApplicaCons
Keep the Business Running
Increase Produc7vity
Access to Intelligence
Proac7vely monitor the one service that all other systems ac7vely depend on
Analyze, report & monitor via simple dashboards and decrease troubleshoo7ng 7me
Get detailed informa7on on irregular ac7vates affec7ng security policies or SLA
20
Copyright © 2015 Splunk Inc.
Splunk For VirtualizaCon & Storage
Proactive Monitoring
Operational Analytics
End-to-End Visibility
Real-‐7me ac7onable insights into problem spots and health issues
Real-‐7me & historical insights into performance, security, capacity, forecas7ng and change tracking
Scalable Big Data solu7on for holis7c visibility across all technology 7ers
21
Copyright © 2015 Splunk Inc.
Splunk For OperaCng Systems
Proactive Monitoring
Operational Analytics
End-to-End Visibility
Get instant insight into infrastructure health
OS Metrics for Performance, Capacity & Resource Alloca7on Analyses
Scale And Correlate Across All Tiers Of Your Technology Stack
22
Copyright © 2015 Splunk Inc.
Splunk Stream Delivers Wire Data AnalyCcs
23
Enhance Opera7onal Intelligence
Efficient, Cloud-‐ready Wire Data Collec7on
Simple Deployment Supports Fast Time to
Value Explore, analyze and
visualize real-‐Cme wire data for OperaConal
Intelligence
Instantly access wire data across infrastructures with a simple sorware soluCon; manage wire data volumes with fine-‐grained filtering
Enable rapid deployment and reduced complexity
with interface-‐driven install and configuraCon
Copyright © 2015 Splunk Inc.
App Showcase
Copyright © 2015 Splunk Inc.
The Splunk Developer Plaiorm
Gain Application Intelligence
Increase the speed and efficiency of applica7on development and tes7ng lifecycle
Integrate and Extend Splunk
Extend Splunk into other applica7ons using the SDKs, programma7c control over search commands and data inges7on
Build Splunk Apps Build Splunk apps with flexible UI, custom dashboard and data visualiza7ons, using the Splunk Web Framework
25
Copyright © 2015 Splunk Inc.
Customer Successes
Copyright © 2015 Splunk Inc.
BeVer Customer Decisions
Analyze success of campaigns & promoCons
Refine campaigns based on behavior
Device & Promo7on Trends
Devices used to place orders
Targeted campaigns in real Cme
Real-‐7me Revenue Insights
Online sales data from 10,000 stores
Visualise key metrics in real Cme
REAL-‐TIME MARKETING INTELLIGENCE
Copyright © 2015 Splunk Inc.
• Faster Troubleshoo7ng – 43% Reduc7on in Severity 1 & 2
• Health Status of En7re Applica7on Infrastructure
• Real-‐7me Visibility Across 1,200+ Applica7ons
• CIO Dashboards on KPIs and Trends by Store
Why Home Depot uses Splunk for App and IT Management
28
Copyright © 2015 Splunk Inc. 29
• Real-‐Cme alerCng and transacCon tracing • Dashboards: Development to the CTO highlighCng KPIs, outages, transacCon response Cmes
• Capacity planning, compliance, trending and forecasCng
“Splunk paid for itself in less than a month. Tracing transacCons takes 10
minutes instead of hours.”
Jus7n Hardeman Performance & Scalability Engineer
Applica7ons Intelligence
Copyright © 2015 Splunk Inc. 30
When to market What to market
Monitor & model customer behaviour
Business, MarkeCng & IT dashboards
Prevent lost revenue via machine data insight
OPERATIONAL INTELLIGENCE AT A BILLION POUND ONLINE STORE
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence
What We Hear From Our Customers!
32
“My CIO is demanding we look at IT from a business service perspecCve.”
“Splunk is great for break-‐fix, but I need to show we’re meeCng SLAs.”
“I need everyone to be able to see the same thing at the same Cme.”
“I just want to throw data at Splunk and have it find problems for me.”
“Show me what my data can do for me!”
Copyright © 2015 Splunk Inc.
Why Another Splunk SoluCon?
33
Data-‐centric approach is needed
Service context maximizes Splunk value
Integrated soluCon accelerates customer successes
Data-‐driven service insights for root-‐cause isolaCon and improved service operaCons
INTRODUCING
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence
35
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence 1. Deploy flexible and scalable solu7on in days, not months
36
Any IT data (metrics and events) from anywhere
Quick to install, immediate value and on-‐the-‐fly customizaCon
Flexible deployment opCons (on-‐premises, Cloud and hybrid)
Scale and robustness of the Splunk plaiorm
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence 2. Transform IT monitoring with data-‐driven analy7cs
37
Dynamically adapCng KPIs for dynamic thresholds
Machine learning to baseline normal operaCons
DetecCon of anomalous behavior to drive meaningful acCons
CorrelaCon searches to create meaningful “alerts” off KPIs
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence 3. Redefine the role of IT (as a strategic business partner) with service awareness
38
Data-‐driven insights – ask any quesCon, any Cme
Flexible and powerful framework to map data into services
Easy definiCon of KPIs to easily measure what mafers most
Drill downs for in-‐depth invesCgaCon and resoluCon
Demo
Copyright © 2015 Splunk Inc.
Achieve Service Visibility Faster Service Analyzer High-‐level view of services and composite health scores
Glass Tables Personalized visualizaCons of your services
Deep Dives Organized view of performance indicators across silos
Mul7 KPI Alerts CorrelaCon rules to generate notable events
Notable Events Easy-‐to-‐understand report on results of correlaCon searches
Anomaly Detec7on and Adap7ve Thresholds Machine learning to baseline normal operaCons and idenCfy anomalous behavior
40
Copyright © 2015 Splunk Inc.
Gaps With Current Monitoring Approaches
41
Can’t access the data that mafers
MulCple products lack deep integraCon
Complex and customized tools require significant experCse and Cme
IT organiza7ons con7nue to struggle with aligning opera7ons with business
FRAGMENTED INSIGHTS
SLOW AND REACTIVE
INEFFICIENT AND UNSCALABLE
Copyright © 2015 Splunk Inc.
What Makes Splunk ITSI Different!
42
Search-‐Based KPIs • Easy to write, manage and change both services and KPIs
• Reflects business and technology prioriCes
• Benefit: Rapidly generate and change KPIs to align service health with business
• Fiserv – 1000s in just weeks
Full Fidelity Service Health
• Adaptable and flexible definiCons of service health
• One soluCon to go seamlessly from service reports to root cause, including raw data
• Remains adaptable and yet sCll maintains complete historical context
Universal Data Plaiorm
• Data driven: All IT data including events, metrics and logs
• Schema on-‐the-‐Fly • Ask any quesCon of the data
• Fast Cme to value • Data fidelity
Copyright © 2015 Splunk Inc.
Case Studies
Copyright © 2015 Splunk Inc. 44
Unified insights: data integraCons from other tools
11,000 to 100s
Reduced incident Cckets
Aler7ng on service KPI’s instead of
server performance
Usage baselines to idenCfy anomalies
Splunk IT Service Intelligence at
Copyright © 2015 Splunk Inc. 45
Server-‐based to Services-‐based monitoring
Top-‐down and deep-‐dive service insights
200+ services and 1500+ KPIs monitored
Flexible creaCon and modificaCon of services and KPIs
Aler7ng on service KPIs instead of
server performance
Real-‐Cme, holisCc and proacCve “client” view
Splunk IT Service Intelligence at
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence at
46
Replaced home-‐grown tools
Real-‐7me service insights to LOBs
Reduced 7me to resolu7on
Copyright © 2015 Splunk Inc.
Splunk IT Service Intelligence Data-‐driven service monitoring and analyCcs
47
SPLUNK IT SERVICE INTELLIGENCE
Time-‐Series Index
Plaiorm for Machine Data
Dynamic Service Models
Schema-‐on-‐Read Data Model Common Informa7on Model
At-‐a-‐Glance Problem Analysis
Early Warning on DeviaCons
Simplified Incident Workflows
Copyright © 2015 Splunk Inc.
Strategic, business-‐centric
view of IT
Accelerated value for IT
Data-‐centric approach to
service mapping
Splunk IT Service Intelligence
48
Copyright © 2015 Splunk Inc.
Thank You