GLOBAL SPONSORS

Support Your Digital Transformation Journey With Splunk For Operational Intelligence

Badr Hamdy

Senior Systems Engineer

badr_hamdy

© Copyright 2017 Dell Inc. 2

Agenda

What is machine generated data and why is it important?

Why Splunk for machine generated data

Splunk architecture and deployment considerations

Dell EMC for Splunk

Deploying Splunk on Dell EMC

1

2

3

4

5

© Copyright 2017 Dell Inc. 3

GPS, RFID,

Hypervisor, Web Servers,

Email, Messaging, Clickstreams, Mobile,

Telephony, IVR, Databases, Sensors, Telematics, Storage,

Servers, Security Devices, Desktops

Most Data Comes from Machines

Machine-generated data is one of

the fastest growing, most complex

and most valuable segments of big

data

What does machine data look like? Sources

Order Processing

Twitter

Care IVR

Middleware Error

What does machine data look like? Sources

Order Processing

Twitter

Care IVR

Middleware Error

Customer ID Order ID

Customer’s Tweet

Time Waiting On Hold

Twitter ID

Product ID

Company’s Twitter ID

Customer ID Order ID

Customer ID

What does machine data look like? Sources

Order Processing

Twitter

Care IVR

Middleware Error

Customer ID Order ID

Customer’s Tweet

Time Waiting On Hold

Twitter ID

Product ID

Company’s Twitter ID

Customer ID Order ID

Customer ID

© Copyright 2017 Dell Inc. 7

Machine data is valuable

IT Operations

Security Analytics

Business Insight

© Copyright 2017 Dell Inc. 8

Machine data has complexities

Large variety of sources & structure

Ability to analyze and make decisions

Managing the rapid growth of data

Building the right infrastructure

Data Driven Insights for Every Business

Collect Search Analyze

Index Untapped Data: Any Source, Type, Volume

Online Services Web

Services

Servers Security GPS

Location

Storage Desktops

Networks

Packaged Applications

Custom Applications Messaging

Telecoms Online

Shopping Cart

Web Clickstreams

Databases

Energy Meters

Call Detail Records

Smartphones and Devices

RFID

On- Premises

Private Cloud

Public Cloud

Turning Machine Data Into Business Value

Ask Any Question

Application Delivery

Security, Compliance and Fraud

IT Operations

Business Analytics

Internet of Things and Industrial Data

© Copyright 2017 Dell Inc. 11

Start anywhere with Splunk

CIO

End User

Computing

Infrastructure

and

Operations

Security

Architecture

Application

Development

Mobile Apps

Web Ops /

Ecommerce

Cloud

Computing Fraud

Compliance

Services and

Customer

Support

Business and

SaaS App

Management

Server,

Storage,

Network

Sales and

Marketing

Product and

Engineering

Finance, HR,

Legal

Business

© Copyright 2017 Dell Inc. 12

Splunk Architecture

Send data from thousands of servers using any combination of Splunk Forwarders

Auto load-balanced forwarding to Splunk forwarders

Offload search load to Splunk Search Heads

Search Heads Query information across indexers and are

usually CPU and memory intensive.

Indexers Write data to disk and are both CPU and

I/O intensive.

Forwarders Collect and forward data; usually

lightweight and not resource intensive.

http://docs.splunk.com/Documentation/Splunk/latest/Overview/AboutSplunkEnterprisedeployments

How is data stored and aged in Splunk

FROZEN

WARM COLD HOT

HOT – Newest buckets of data that are still open for write

WARM – Recent data but closed for writing (read only)

COLD – Oldest data, commonly on cheaper, slower storage

FROZEN – No longer searchable, commonly archived or deleted data

Optional TSIDX Reduction

OR

© Copyright 2017 Dell Inc.

© Copyright 2017 Dell Inc. 14

Performance

Ingest More Sources

Need Faster Queries Results

More Users

Big Apps

Growth Happens – How do you keep up?

Capacity

Store More indexes

Longer Retention Periods

Indexer Clustering

Big Apps

© Copyright 2017 Dell Inc. 15

Splunk is now a business critical application:

Demand for daily ingest rate is increasing rapidly

Search performance must not suffer from scale

Availability/Reliability is must have

Big data infrastructure must align to enterprise strategy

No rip and replace to achieve greater scale

Splunk Trends we are seeing…

Dell EMC provides a scalable and efficient enterprise solution for deploying Splunk.

The right infrastructure to optimize your

Splunk deployment

© Copyright 2017 Dell Inc.

17

Why Dell EMC for Splunk Optimized infrastructure for big & fast data

Optimized Shared

Storage & Tiering

Jointly Validated

Solutions

Integrated

Support Tested

Configurations

Life Cycle

Management

Snapshots For Backups

Cost-Effective &

Flexible Scale-Out

Scale-Out Capacity & Compute Independently Or

As Converged Platform Frozen

Cold

Warm

Hot All-Flash HCI, SAN or DAS

for Hot/Warm Buckets

Isilon

for Cold Buckets (keeps data accessible

and searchable for longer) OR

for Frozen/Archive

© Copyright 2017 Dell Inc.

VxBlock 540 / XtremIO

+ Isilon

VxRack Flex + Isilon VxRail + Isilon PowerEdge

+ Isilon

Splunk Validated Solutions

“Meets or EXCEEDS minimum hardware requirements”

© Copyright 2017 Dell Inc.

Start Small

● Single Use Case

● Single Department

● Less than 100GB/day per day

Dell PowerEdge Series

© Copyright 2017 Dell Inc.

Go BIG!!

● Multiple Use Cases

● Organization-wide deployment

● Premium Apps

● Infrastructure for Splunk

● > than 300GB/day per day

© Copyright 2017 Dell Inc.

Dell EMC has apps for Splunk too!

Gain insight into your Dell EMC

Storage Platforms • VMAX

• VNX

• XtremIO

• Isilon

Free app/add-ons for Dell EMC on Splunkbase

© Copyright 2017 Dell Inc. 22

Let our Splunk Ninjas help you!

Trained by Splunk

Splunk Architecture Experts

Dell EMC Portfolio Experts

Religious about Best Practices

Available across the GLOBE!!!

© Copyright 2017 Dell Inc.

Call to Action

If you have Dell EMC and Splunk, deploy the apps!

If your Splunk environment is growing or needs a new

infrastructure platform for whatever reason, call your Dell EMC

rep and ask them to bring you a Ninja!

New to Splunk? Give Splunk a try for FREE!

https://www.splunk.com/en_us/download.html