Splunk 5 Overview Analyst v1.0

Editor's Notes

• #3: At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. Machine data is one of the fastest growing, most complex and most valuable areas of big data. It consists of the data generated by technology infrastructure – for example applications, websites, servers and network devices in the datacenter. The log files, the clickstreams, the alerts, etc.It’s difficult to collect and make use of – it inhibits the qualities of volume, velocity, variety and variability.Machine data is valuable because it contains a trace of all activity and behavior – of customers, users, transactions, applications, security threats, and more.This overarching mission is what drives our product priorities.
• #4: Splunk makes it easy to collect any machine data from virtually any source.The Splunk product is optimized for real-time, low latency and interactive operation.Machine data is collected and indexed and made available for search/query, monitoring for statistical patterns and thresholds, rapidly building charts and graphs to analyze data, packaging together custom dashboards and enabling developers to make use of Splunk in building apps.The new levels of visibility, insight and intelligence users get by searching, monitoring, reporting, analyzing and visualizing their data is called operational intelligence.
• #8: Splunk 1, 2 and 3 introduced applying the ‘search’ paradigm to troubleshoot IT operations and application management issues muchfaster than before. To find the proverbial needle in the haystack. Splunk was a tremendous ‘IT Search’ tool. When asking customers, they often referred to it like “google for the datacenter”.Splunk 4 introduced enterprise-class features – dashboards and apps, real-time search and alerts, universal collection and indexing, enterprise controls and map-reduce for horizontal scalability on commodity servers. And you could use Splunk on iOS devices (iPhones, iPads) and non-Flash browsers. Splunk evolved from an IT Search tool to an “engine for machine-generated data”.Splunk 5 represents the evolution of Splunk as an “enterprise platform for operational intelligence”.
• #9: The Splunk 5 release represents Splunk evolving to a platform, encompassing breakthrough innovations and platform features. Key focus areas for Splunk 5 include addressing: How do deliver much faster reporting?How to build-in resilience even as you scale Splunk on commodity hardware and storageCreating a better platform for big data apps.
• #10: To address these key focus areas and requirements, Splunk 5 delivers:A new reporting architecture and technology that delivers dramatically faster reportsA new high availability architecture that delivers enterprise-class scale and resilience, even as you scale on commodity servers and storageA robust API and SDKs for popular programming languages, plus big data ecosystem integrations
• #11: We wanted to deliver blazingly fast reports and make it simple. Without an intermediate DBA-managed layer, building data marts.Accelerating search for reporting over large datasets is now as easy as clicking a checkbox and setting a time range. Summaries are stored on the indexers rather than the search head to allow map reduce parallelism for any search that uses reporting and/or streaming commands. You can enable report acceleration for an eligible search when you save it or add it to a dashboard in the Splunk Web UI. You can also enable report acceleration for an eligible search in Manager > Searches and Reports.Advanced Splunk users may have taken advantage of summary indexing. This was difficult to set up often needing training and summaries were managed at the search head minimizing reuse. We listened to you and created a more scalable, powerful technology with an easy button!Other benefits:Summaries are stored on the indexers, not on search headsMap-reducible summary generation provides unmatched parallelismSummaries can be reused across searches without manual interventionEasy to manage summaries through a single UI
• #13: It's really powerful when you can click on any chart or table and get directly to the raw events. Going from the what? To the why?Dynamic drilldowns let you go one step further.Create custom drilldown behavior for any simple XML table or chart. Specify custom drilldown behavior on a per-field basis. Click through to another dashboard, form, view, or external website – carrying forward any relevant context.Build in intelligent workflows into your dashboards to deliver a more intuitive experience for users.
• #15: You can now create PDF files from your simple XML dashboards, views, searches, or reports on any OS running on an Intel-compatible platform. All PDF features in Splunk Web work without the need to install the PDF Report Server app. Non-UI PDF reporting functionality also uses Integrated PDF generation.Unlimited table sizesSmart pagination and layoutSupported on x86 32-bit and 64-bit platformsSimple XML dashboards and reports, no Advanced XML
• #17: The insights from your data are mission-critical. With Splunk 5 we wanted to deliver a highly available system, with enterprise-grade data resiliency, even as you scale on commodity storage. And we wanted to maintain Splunk’s robust, real-time and ease of use features.Splunk indexers can now be grouped together to replicate each other’s data, maintaining multiple copies of all data – preventing data loss and delivering highly available data for Splunk search. Using index replication, if one or more indexers fail, incoming data continues to get indexed and indexed data continues to be searchable.By spreading data across multiple indexers, searches can read from many indexers in parallel, improving parallelism of operations and performance. All as you scale on commodity servers and storage. And without a SAN.
• #20: Splunk supports 3 main types of data input: files, streaming over UDP and TCP and scripted inputs.Scripted inputs can be complex and require administrators and developers to know the inner workings of Splunk. Platforms need a certain level of configurability or ease of configurability for administrators. Doing this properly requires leveraging Splunk’s ability to install, configure, manage new data inputs as Apps. We see this as a minimum requirement for a platform like this to operate.Modular Inputs allow you to .Examples include inputs for Amazon S2, Twitter, FTP based inputs, custom scripts for your own databases and own types of data stores, modular inputs for noSQL data stores, etc.Enable any data inputs installed by a Splunk App, making them easier to manage and deploy. Inputs appear automatically on the Splunk Manager > Data Inputs page and are accessible from REST API endpoints for advanced management. Improved modularity means we can ship new data input types outside of the Splunk enterprise release schedule.
• #21: Platforms need to provide better interoperability. And for Hadoop users, we are providing just that. To help address common challenges deploying and running Hadoop. Splunk Hadoop Connect enables Hadoop users to leverage Splunk to reliably collect massive volumes of machine data. Analyze data in real-time, create visualizations, custom dashboards and protect data with secure role-based access. Then reliably deliver data to Hadoop for ongoing batch analytics. You can also index data stored in Hadoop because once in Splunk, your data’s available for rapid visualization, reporting, analysis and sharing.The Splunk App for HadoopOpsextends what Splunk already does well - troubleshoot and monitor your Hadoop infrastructure. And because it's Splunk it doesn't stop with the Hadoop components, it includes everything. End-to-end. So you get a more complete view of your environment
• #22: We have experienced a tremendous community building around the Splunk developer platform.Over 1,000+ unique visitors to our developer portal.Open source application packs and code on Github.
• #23: There are a whole host of ways they can leverage Splunk to maximize enterprise technology investments.Specifically, developers use Splunk in 3 ways:Accelerate Dev & Test: this is using Splunk out of the box. Splunk increases the speed and efficiency of application development, testing and provides proactive monitoring and analytics for applications in production.Integrate with IT Infrastructure: We know that you have a many applications and systems and we want to make it easy for you to integrate Splunk across the enterprise. We are delivering SDKs on top of our REST API to help you integrate Splunk data with other applications. Build real-time data applications: We are providing a familiar and intuitive experience for developers to build applications that take the value of Splunk beyond IT. IT early-warning systems, security and fraud protection, clickstream analysis & other revenue enhancing analytics. A great example is Hurricane Labs, a managed service provider that’s using the Python SDK to deliver security intelligence to their end customer in a custom-built application.
• #25: JavaScript, Java and Python SDKs being integrated into core Splunk, starting with JavaScript.The REST API is fully versioned, so you can integrate with Splunk in either XML or JSON formats. And have the assurance of a particular endpoint behavior.With Splunk 5 you can add all new kinds of visualizations and customizability to your Splunk Apps or other in-house Apps.
• #27: We’ve made key investments in Splunk 5 that deliver: Powerful and intuitive user interfaceEnterprise-class performance and scaleImproved modularity, interoperability and extensibilityGetting value from machine data is now faster, more resilient and accessible to the developer community.Splunk 5 is available now. For more information, check out the ‘what’s new’ section of the documentation. OR download it today from our website.
• #29: What can we specifically do lead this discussion? Where should we invest in order to provide our customers with an advantage?