SpringOne2GX 2014 Splunk Presentation

Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under aCreative Commons Attribution-NonCommercial l icense: http://creativecommons.org/licenses/by-nc/3.0/Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under aCreative Commons Attribution-NonCommercial l icense: http://creativecommons.org/licenses/by-nc/3.0/

GAINING APPLICATION LIFECYCLE INTELLIGENCE WITH SPLUNK

By Damien Dallimore , Dev Evangelist @ Splunk

Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under aCreative Commons Attribution-NonCommercial l icense: http://creativecommons.org/licenses/by-nc/3.0/ 2

Who am I ?


From Middle Earth

Make things

JVM background


apps.splunk.com

github.com/damiendallimore


Agenda


Overview of Splunk and build a simple app

How Splunk can help in the Application Development Lifecycle

Various ways to get data into Splunk and demos

Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under aCreative Commons Attribution-NonCommercial l icense: http://creativecommons.org/licenses/by-nc/3.0/

Data Data Everywhere

8

VOLUME

VARIETYVERACITY

VELOCITY


How can Splunk help ?


Spelunking

10


Platform for machine data

11

Splunk storage Other Big Data stores

DeveloperPlatform

Data collectionand indexing

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search


DeveloperPlatform

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search

Platform for machine data

12

Splunk storage Other Big Data stores

Data collection

and indexing

Any amount, any location, any source.Schema at read time, not write time

Data in any formatNo RDBMS

Very Extensible


What Does Machine Data Look Like?

13

Sources

Twitter

Care IVR

Middleware Error

Order Processing


Machine Data Contains Critical Insights

14

Customer ID Order ID

Customer’s Tweet

Time Waiting On Hold

Twitter ID

Product ID

Company’s Twitter ID

Sources

Twitter

Care IVR

Middleware Error

Order Processing

Customer IDOrder ID

Customer ID


Machine Data Contains Critical Insights

15

Order ID

Customer’s Tweet

Time Waiting On Hold

Product ID

Company’s Twitter ID

Sources

Twitter

Care IVR

Middleware Error

Order Processing

Order ID

Customer ID

Twitter ID

Customer ID

Customer ID


How are we best going wrangle this

data ?


Release the Developers

17


Very Extensible Platform for Developers

18

REST API

Build Splunk Apps Extend and Integrate Splunk

Simple XML

JavaScript

Django

Web Framework

JavaJavaScriptPython

RubyC#PHP

Data Models

Search Extensibility

Modular Inputs

SDKs


Lets build something simple


Simple Swarm App (ex Foursquare)

Get my actual checkin data in via REST

Search over this data

Visualize


Application Lifecycle Data


BuildUnit Testing

Code

Check-inIntegration

Testing Deploy

Staging

22

Application Development Challenges

Lack of visibility across the product development lifecycle

Pressure to increase velocity and agility with DevOps

Limited insights into behavior and performance from application logs


Quickly trace and identify errors anywhere in the codebase with real-time search and monitoring

Instrument your app logs to gain application intelligence

Break down dev tool silos with real-time insights from machine data

GAIN END-TO-END VISIBILITY ACROSS THE DEV TOOL CHAIN

FIND AND FIX ISSUES FASTER

PUSH BETTER CODE USING ANALYTICS

Splunk for Application Lifecycle Intelligence

23


Real-time dashboards show error rate in production and impact of

pushing new builds

Developers can search and visualize web logs, Java logs—

without production access

Alerts notify developers as soon as a problem arises

24

Find and Fix Issues Faster


Gain end-to-end visibility to make informed decisions

Analytics insights without the need for additional analytics tools

Ask questions while exploring and collecting data

void submitPurchase(purchaseId) {

log.info("action=submitPurchaseStart, purchaseId=%d", purchaseId)//these calls throw an exception on error submitToCreditCard(...) generateInvoice(...) generateFullfillmentOrder(...) log.info("action=submitPurchaseCompleted, purchaseId=%d", purchaseId) }

25

Push Better Code Using Analytics


End-To-End Visibility Across The Dev Tool Chain

26

CI / Build Servers

Project and Issue Tracking

Code Repository

QA / Testing Tools

Deployment Servers


App Development Lifecycle Demo


Getting your data into Splunk


Log DataLog Files

Splunk Logging Appenders

CodingSplunk Java SDK

Splunk Spring Integration Adaptors

JMX

MessagingJMS

AMQP w/Rabbit


Log Data


Standard Log Files

Oct 21, 2013 4:42:15 PM org.apache.catalina.startup.Catalina loadINFO: Initialization processed in 1153 msOct 21, 2013 4:42:15 PM org.apache.catalina.core.StandardService startInternalINFO: Starting service Catalina

Application logs that are part of the product

Developer logs for any code that was deployed

Written to local disk or network storage


Structured and Unstructured Data

Ideally events are in a best practice semantic format

key=value format , JSON

You can perform index time and search time extractions in Splunk


Logging best practices

Clearly timestamp every event , human readable at beginning of line

Log in text , binary needs decoding

Categorize – Use INFO, WARN, ERROR, DEBUG, Event type etc...

Log unique identifiers

Log anything that can add value when aggregated, charted or further

2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar"


SplunkJavaLogging

Sometimes you can’t write to file

Appenders for Java Util Logging , Log4J , Logback

Simply add a logging appender to your logging configuration file


LogBack Appender Example


Code


Better Exception Logging


Easier to work with in Splunk


Coding


Splunk SDK for Java

Use the SDK from any JVM Language , Java / Groovy / Scala etc….

Send log events via REST , UDP or TCP directly to Splunk from your code

Search over data in Splunk

SDK available from dev.splunk.com


Spring Integration Adaptors

Inbound AdapterUsed to execute Splunk searches and get data out

Outbound AdapterWrite data to Splunk via REST, TCP , UDPWrite to a named index, submit a REST request, write to a data input bound to a server TCP port

Get the code on Github


Inbound Adaptor


Outbound Adaptor

Demo


JMX


What is JMX

JMX = Java Management Extensions

Monitor JVM via MBean attributes , operations and notifications

JVM MBeans

Vendor MBeans

Custom Coded MBeans


Getting this data into Splunk

Runs on all supported Splunk platforms

Works with all main JVM variants

100% Free and Open Source


Simple to Configure


Many Connectivity Options

Demo


Messaging


JMS

Not a messaging protocol , but a programming interface to many different underlying message providers

WebsphereMQ , Tibco EMS , ActiveMQ , HornetQ , SonicMQ etc…

Demo


AMQP

Built with Rabbit Java Client Library

AMQP 0.9.1, 0.9, 0.8

Demo


But wait , there’s more…..


Poll data from any REST API

Pull data directly off the wire

Capture output from executing any commands


Closer look at capturing command output

Let’s see what the host Operating System can tell us : top

External programs that provide additional JVM insights : jstat

Index this data in Splunk and correlate


top


jstat


Splunk options galore

Splunk> Enterprise : Free to download and use. Index 500 MB/day.

Splunk> Cloud : Premium, cloud hosted. Full Enterprise stack.100% uptime.

Splunk> AMI : BYOL versions for Amazon AWS Cloud.

Splunk> Sandbox : Spin up a cloud instance in minutes.Load in data.

Hunk> : Splunk for data in Hadoop HDFS , MongoDB

10 GB Free


More Info

Splunk Docs , Downloads , Vids : http://www.splunk.com

Download Splunk Apps : http://apps.splunk.com

Ask : http://answers.splunk.com

Watch the App Dev / Devops Video : http://www.splunk.com/goto/appdev

Splunk Developer Platform : http://dev.splunk.com

Splunk on Github : https://github.com/splunk

http://www.splunk.com/

http://apps.splunk.com/



http://www.splunk.com/goto/appdev






http://dev.splunk.com/

https://github.com/splunk

https://github.com/splunk


Thankyou.


Questions ?@damiendallimore

[email protected]

SpringOne2GX 2014 Splunk Presentation

Software

Transcript of SpringOne2GX 2014 Splunk Presentation