Splunk @ Amazon Startup - Austin, TX - 9/11/2008

The IT Search CompanyMichael Wilde, Director, SplunkPowered Associates

ninja

Imagine using the Internet without a search engine

The IT Search Company


Now imagine trying to find information buried in terabytes of data inside your data center


Splunk lets you search your entire IT infrastructure from one place in real time


Why Search?


Our IT infrastructures are too complex, dynamic, service oriented, virtualized and

mission critical. Existing management approaches haven’t kept up.


Search is scalable, versatile and keeps up with change. It turns

the data you already have into actionable information.


>Last 60 minutes

Search your IT infrastructure

OperationsTroubleshoot problems


>J2EE exception Last 60 minutes



SecurityInvestigate attacks


>


Last 24 hours

fail* password sshd



ComplianceReporting and Controls


>


file modify | chart by sourceLast 7 days



ComplianceReporting and Controls

Business IntelligenceAnalyze transactions


>


transaction fields=useridLast 7 days

• Time search with interactive results

• Keyword search with quoted strings, wild cards, booleans and nesting

• Targeted field search

- Host, sources, events

- Custom fields

• Summary and statistical search

• Transaction search

• Right click integration with other applications


Search

http://www.splunk.com/article/2122






• Save any search and run it on a schedule to create an alert

• Alerts can trigger notifications and/or actions based on the search results

• Notifications can be sent via email, SMS, RSS or SNMP and integrated with other management consoles

• Actions can trigger scripts to perform activities like restarting a server


Alert








Report• One click reports from search results

• Any field can be used to plot series

• Flexible chart outputs and formats

• Interactive charts provide one click drill down

• Select multiple fields to plot several series together







• Save knowledge to share with other users and groups- Searches- Alerts- Reports- Dashboards- Types, Tags, Actions

• Package knowledge as an application and share with other installations


Share








Visualize• Connect visualization apps to the

Splunk API

• Feed business intelligence and reporting applications with IT data using the Splunk API

• Create dynamic visualizations of data with using one of the Splunk SDKs- Flash- Python- C, C++- Java- .Net

Challenges solved with cloud computing


Running a Developers Camp

• First Splunk Developers Camp (August 4, 2008)

• 65 onsite, 298 watching live via Splunk.TV

• Give dev’s a place to work they can self administer, but how?


DevCamp - the Fabulatr

• Users don’t need AWS accounts

• Easy starting/stopping of EC2 instances

• Emails the instructions & SSH key

• Free, Open SourceKord Campbell, Chief Evangelist


DevCamp - the Fabulatr

Get it @Google Code

http://code.google.com/p/fabulatr/







Sales Engineering


Sales Engineering

• Proofs of Concept (customer testing)

• Joint work with support

• A place to play

• Splunk Live Demos


Splunk Loves


Splunk Loves

•EC2 - running instances


Splunk Loves


•S3 - storing images


Splunk Loves



•EBS - wicked laaarge disk storage & snapshotting


Splunk Loves




• Rightscale


Splunk Loves




• Rightscale

• Rightscale


Splunk Loves




• Rightscale

• Rightscale

•Rightscale


powered


Resources for You

download.splunk.com

rightscale.com

EC2 Fabulatr code.google.com/p/fabulatr


Questions

Splunk @ Amazon Startup - Austin, TX - 9/11/2008

Business

Transcript of Splunk @ Amazon Startup - Austin, TX - 9/11/2008