Support your digital transformation journey with Splunk & Dell … · 2019-12-06 · Splunk...
Transcript of Support your digital transformation journey with Splunk & Dell … · 2019-12-06 · Splunk...
GLOBAL SPONSORS
Support Your Digital Transformation Journey With Splunk For Operational Intelligence
Badr Hamdy
Senior Systems Engineer
badr_hamdy
© Copyright 2017 Dell Inc. 2
Agenda
What is machine generated data and why is it important?
Why Splunk for machine generated data
Splunk architecture and deployment considerations
Dell EMC for Splunk
Deploying Splunk on Dell EMC
1
2
3
4
5
© Copyright 2017 Dell Inc. 3
GPS, RFID,
Hypervisor, Web Servers,
Email, Messaging, Clickstreams, Mobile,
Telephony, IVR, Databases, Sensors, Telematics, Storage,
Servers, Security Devices, Desktops
Most Data Comes from Machines
Machine-generated data is one of
the fastest growing, most complex
and most valuable segments of big
data
What does machine data look like? Sources
Order Processing
Care IVR
Middleware Error
What does machine data look like? Sources
Order Processing
Care IVR
Middleware Error
Customer ID Order ID
Customer’s Tweet
Time Waiting On Hold
Twitter ID
Product ID
Company’s Twitter ID
Customer ID Order ID
Customer ID
What does machine data look like? Sources
Order Processing
Care IVR
Middleware Error
Customer ID Order ID
Customer’s Tweet
Time Waiting On Hold
Twitter ID
Product ID
Company’s Twitter ID
Customer ID Order ID
Customer ID
© Copyright 2017 Dell Inc. 7
Machine data is valuable
IT Operations
Security Analytics
Business Insight
© Copyright 2017 Dell Inc. 8
Machine data has complexities
Large variety of sources & structure
Ability to analyze and make decisions
Managing the rapid growth of data
Building the right infrastructure
Data Driven Insights for Every Business
Collect Search Analyze
Index Untapped Data: Any Source, Type, Volume
Online Services Web
Services
Servers Security GPS
Location
Storage Desktops
Networks
Packaged Applications
Custom Applications Messaging
Telecoms Online
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
On- Premises
Private Cloud
Public Cloud
Turning Machine Data Into Business Value
Ask Any Question
Application Delivery
Security, Compliance and Fraud
IT Operations
Business Analytics
Internet of Things and Industrial Data
© Copyright 2017 Dell Inc. 11
Start anywhere with Splunk
CIO
End User
Computing
Infrastructure
and
Operations
Security
Architecture
Application
Development
Mobile Apps
Web Ops /
Ecommerce
Cloud
Computing Fraud
Compliance
Services and
Customer
Support
Business and
SaaS App
Management
Server,
Storage,
Network
Sales and
Marketing
Product and
Engineering
Finance, HR,
Legal
Business
© Copyright 2017 Dell Inc. 12
Splunk Architecture
Send data from thousands of servers using any combination of Splunk Forwarders
Auto load-balanced forwarding to Splunk forwarders
Offload search load to Splunk Search Heads
Search Heads Query information across indexers and are
usually CPU and memory intensive.
Indexers Write data to disk and are both CPU and
I/O intensive.
Forwarders Collect and forward data; usually
lightweight and not resource intensive.
http://docs.splunk.com/Documentation/Splunk/latest/Overview/AboutSplunkEnterprisedeployments
How is data stored and aged in Splunk
FROZEN
WARM COLD HOT
HOT – Newest buckets of data that are still open for write
WARM – Recent data but closed for writing (read only)
COLD – Oldest data, commonly on cheaper, slower storage
FROZEN – No longer searchable, commonly archived or deleted data
Optional TSIDX Reduction
OR
© Copyright 2017 Dell Inc.
© Copyright 2017 Dell Inc. 14
Performance
Ingest More Sources
Need Faster Queries Results
More Users
Big Apps
Growth Happens – How do you keep up?
Capacity
Store More indexes
Longer Retention Periods
Indexer Clustering
Big Apps
© Copyright 2017 Dell Inc. 15
Splunk is now a business critical application:
Demand for daily ingest rate is increasing rapidly
Search performance must not suffer from scale
Availability/Reliability is must have
Big data infrastructure must align to enterprise strategy
No rip and replace to achieve greater scale
Splunk Trends we are seeing…
Dell EMC provides a scalable and efficient enterprise solution for deploying Splunk.
The right infrastructure to optimize your
Splunk deployment
© Copyright 2017 Dell Inc.
17
Why Dell EMC for Splunk Optimized infrastructure for big & fast data
Optimized Shared
Storage & Tiering
Jointly Validated
Solutions
Integrated
Support Tested
Configurations
Life Cycle
Management
Snapshots For Backups
Cost-Effective &
Flexible Scale-Out
Scale-Out Capacity & Compute Independently Or
As Converged Platform Frozen
Cold
Warm
Hot All-Flash HCI, SAN or DAS
for Hot/Warm Buckets
Isilon
for Cold Buckets (keeps data accessible
and searchable for longer) OR
for Frozen/Archive
© Copyright 2017 Dell Inc.
VxBlock 540 / XtremIO
+ Isilon
VxRack Flex + Isilon VxRail + Isilon PowerEdge
+ Isilon
Splunk Validated Solutions
“Meets or EXCEEDS minimum hardware requirements”
© Copyright 2017 Dell Inc.
Start Small
● Single Use Case
● Single Department
● Less than 100GB/day per day
Dell PowerEdge Series
© Copyright 2017 Dell Inc.
Go BIG!!
● Multiple Use Cases
● Organization-wide deployment
● Premium Apps
● Infrastructure for Splunk
● > than 300GB/day per day
© Copyright 2017 Dell Inc.
Dell EMC has apps for Splunk too!
Gain insight into your Dell EMC
Storage Platforms • VMAX
• VNX
• XtremIO
• Isilon
Free app/add-ons for Dell EMC on Splunkbase
© Copyright 2017 Dell Inc. 22
Let our Splunk Ninjas help you!
Trained by Splunk
Splunk Architecture Experts
Dell EMC Portfolio Experts
Religious about Best Practices
Available across the GLOBE!!!
© Copyright 2017 Dell Inc.
Call to Action
If you have Dell EMC and Splunk, deploy the apps!
If your Splunk environment is growing or needs a new
infrastructure platform for whatever reason, call your Dell EMC
rep and ask them to bring you a Ninja!
New to Splunk? Give Splunk a try for FREE!
https://www.splunk.com/en_us/download.html