Splunk Presentation

(1)

(2)

“Two-thirds of all IT spending is just

to sustain the business, not to grow

or transform the business”

Source: Gartner, IT Metrics: IT Spending and Staffing Report, 2010

(3)

Energy Manufacturing Shipping RFID Web Services Developers App Support Telecoms Networking Desktops Servers Security Data Warehouse Storage Messaging Shopping Basket Clickstream GPS/Cellular Virtual Physical Cloud Online Services

Machine Data Is Pervasive

(4)

Machine Data Is Pervasive

4

Additional Sources

Core IT

Customer-facing IT

Machine data volumes, sources and types exploding

80-95% of an organization’s data is unstructured

If stored, in silos throughout the organization

New technologies adding to data explosion

(mobile devices, sensors, GPS, virtualization, cloud)

Market trends makes this data valuable to the business

Contains a categorical record of activity and behavior

(5)

What It’s Like In The Trenches

Service Desk Application Support Systems Administrator Application Developer Application Developer Database Administrator

Log call. The console says everything is

green.

Java monitoring tools don’t show

anything either. Call the developer. Stop working on new code to troubleshoot. Need production logs!

Stop what they’re doing to identify and gather production logs for developer. Manual investigation establishes not application problem. DBA analyzes audit logs which

points to bad query.

(6)

And When The Business Needs Intelligence...

6

I need a new

report

We’ll need to

change the

schema for that

I need to see it in

real time

Our system is

batch. We’ll need a

new system

What’s the trend

over the last year?

Sorry. We only keep

7 days of

(7)

Collect, index and harness your machine data

to identify problems, patterns, risks and

opportunities and drive better decisions

for IT and the business.

(8)

So What is Splunk, Exactly?

•

_{Splunk is the engine for machine data}

•

_{Provides visibility, reporting and search across}

all your IT systems and infrastructure

8

It’s software – download and install it in 5

minutes

(9)

Splunk: The Engine for Machine Data

No predefined schema, no custom connectors, no RDBMS, no need to filter/forward.

Web logs

Log4J, JMS, JMX .NET events

Code and scripts

Configurations syslog SNMP netflow Configurations Audit/query logs Tables Schemas Hypervisor

Guest OS, Apps Cloud Configurations syslog File system ps, iostat, top Registry Event logs File system sysinternals

Logfiles Configs Messages Traps Alerts

Metrics Scripts Changes Tickets

Linux/Unix

Windows Virtualization Applications Databases Networking & Cloud

Click-stream data Shopping cart data Online transaction data Customer Facing Data Outside the Datacenter Manufacturing, logistics… CDRs & IPDRs Power consumption RFID data GPS data

(10)

Delivering Operational Intelligence

Three Primary Capabilities

Single Data Store _{Single UI} _{Across Use Cases}

• _{Data drilldown} • _{“Needle in a haystack”} • _{Root cause} analysis/troubleshooting • _{Incident investigations} • _{Live dashboards} • _{Event correlation}

• _{Monitoring and alerting} • _{Performance issues}

• _{Transaction levels} • _{SLA tracking}

• _{Baseline and thresholds} • _Trending

• _{Operational insights} • _{Historical patterns} • _{Compliance reports}

(11)

Splunk is a Powerful Search Engine for IT

Find and fix problems dramatically faster across your organization.

(12)

In The Trenches With Splunk

12

Troubleshoot problems in minutes not hours or days.

Search on IP address shows related Web session and User ID

Search at same time reveals database error and permission failure

Search on permission changes shows change without ticket number

Service Desk

“192.168.169.100”

Last 60 minutes

192.168.169.100

* AND failure OR error

Last 2 minutes

failure OR error

Search Your Entire IT Infrastructure

Last 1 minute

User ID=“John” AND permission_change

Trouble Ticket

(13)

Splunk Proactively Monitors for Incidents

Email

SNMP

Trouble

ticket

RSS

Automatically monitor all your infrastructure in real-time to identify issues, problems

and attacks before they impact your customers and services.

(14)

Splunk Delivers Operational Visibility

14

Gain end-to-end visibility to track and deliver on IT KPIs

and make better-informed IT decisions.

(15)

Splunk Provides New Insights for Business

(16)

New Levels of Visibility for IT and the Business

(17)

Scales Across the Datacenter

Auto load-balanced forwarding to as many Splunk Indexers as you need to index terabytes/day Offload search load to Splunk Search Heads

(18)

Easy to Get Started

18

(19)

Completely Flexible

Immediate Results

Splunk: The Engine for Machine Data

Any Data

•

_{Any format of data, from any}

source

•

_{Full access to 100% of data}

for months/years

•

_{Cradle-to-grave data}

management

•

_{Supports any analysis, reporting}

or monitoring across IT silos

•

_{Highly flexible dashboards}

present any view for any user

•

_{Adapts to}

change—schema-on-the-fly design supports new or

unexpected data

•

_{Free download, installs in}

minutes

•

_{Can get started small and grow}

over time—from laptop to

datacenters

•

_{Initial benefits realized in hours}

or days

(20)

macys

.com

20

“

For the first time in six

years, macys.com

experienced no downtime

during peak holiday

shopping – despite a 50%

increase in traffic.

”

Delivered the IT team end-to-end visibility across entire technology stack Enabled 100% up-time for two straight seasons during a 50% increase in transactions

Supplied role-specific, dashboards to 100+ users across IT

Camille Bali

Senior Analyst,

(21)

salesforce.com

“

We have taken application

performance troubleshooting

for 87,000 customers to the

next level.

”

“

The fact that we had a data

treasure chest was not obvious

till Splunk came in to the

picture.

”

Narayan Bharadwaj

Director, Product Management

Now offering new services: reporting on customer email campaigns

Provided business analytics around usage of social platform services and apps on Force.com

(22)

Cricket Communications

22

“

Splunk lets us build

dashboards to compare and

correlate whatever we want—

nothing else lets us do that.

”

“

I built a business analytics

dashboard for my manager in

5 minutes and he was sold.

”

Roberto Quezada

IT Operations Analyst

Correlated F5, firewalls and malware for complete security posture Informed capacity planning

Delivered executive dashboards look at activations by minute, by channel, by market

(23)

Vodafone

“

Splunk reduced our

escalations by 90% and

our problem resolution

time by 67%.

”

Delivered rapid application troubleshooting and quality management of higher margin 3G services

Enabled rapid error search across Java & J2EE infrastructure

Provided service desk with required information quickly and improved

Paulo Carvalho

(24)

Cisco

24

“

Splunk allows us to quickly

consolidate and correlate

disparate log sources,

enabling previously

impractical monitoring and

response scenarios.

”

Enabled proactive threat assessment, mitigation planning,

incident trending with analysis, security architecture, incident detection and response

Delivered a centralized view into user activities and in-scope systems

Dave Schwartzburg

Computer Security Incident Response Team

(25)

Edmunds.com

Root cause analysis and troubleshooting

Long-term trending for IT and business

Identifying new customer behaviors

“

Our Splunk dashboards

provide both real-time and

historical trending data we

use to make the decisions

that impact revenue.

”

John Martin

Senior Director,

(26)

Splunk ROI – Fast, Compelling, Diverse

26

Increase revenue

Increase uptime

Increase productivity

Reduce costs

Reduce fraud/abuse

Protect the business

Macys.com proactively monitor website, e-commerce and

application infrastructure. Eliminated downtime during peak periods, avoiding revenue loss of $300,000/incident

TransUnion decreased average downtime per incident by 90%,

saving millions of dollars per year in extra revenue.

HealthTrans used to take 7-8 hours to trace a transaction.

Now it takes 5 minutes.

Large mutual fund is using Splunk for compliance review.

Through greater efficiency, Splunk paid for itself in 60 days.

Large telecoms company eliminate service abusers. ROI

gained on fraud detection in the first month paid for Splunk

Top five US wireless carrier optimizes call routing, saving

(27)

Splunking Across Industries

Developer Framework

App Mgmt Web & Business Analytics Compliance Security IT Ops

Federal

Education

Financial Services

Telecoms

Customer Segments

Solution Segments

(28)

A Growing Family of Apps

28

Security

(29)

Education

Healthcare

Energy and Utilities

Manufacturing Cloud and Online Services

Government

Financial Services and Insurance

Media

(30)