Post on 11-Mar-2020
GLOBAL SPONSORS
SPLUNK & Dell EMC For Operational Intelligence
Dell EMC Forum Warsaw
PAWEŁ ALBERT | Advisory Systems Engineer
© Copyright 2017 Dell Inc.2
GPS,RFID,
Hypervisor,Web Servers,
Email, Messaging,Clickstreams, Mobile,
Telephony, IVR, Databases,Sensors, Telematics, Storage,
Servers, Security Devices, Desktops
Most Data Comes from Machines
What does machine data look like?Sources
Order Processing
Care IVR
Middleware Error
Customer ID Order ID
Customer’s Tweet
Time Waiting On Hold
Twitter ID
Product ID
Company’s Twitter ID
Customer IDOrder ID
Customer ID
What does machine data look like?Sources
Order Processing
Care IVR
Middleware Error
Customer ID Order ID
Customer’s Tweet
Time Waiting On Hold
Twitter ID
Product ID
Company’s Twitter ID
Customer IDOrder ID
Customer ID
© Copyright 2017 Dell Inc.6
Machine data is valuable
IT Operations
Security Analytics
Business Insight
© Copyright 2017 Dell Inc.7
Machine data has complexities
Large variety of sources & structure
Ability to analyze and make decisions
Managing the rapid growth of data
Building the right infrastructure
WEB & APPLICATION
SERVERS
OPERATING SYSTEMS
VIRTUALIZATION
SERVERS
NETWORKS
STORAGE
Index Untapped Data: Any Source, Type, Volume
Online Services Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
Packaged Applications
CustomApplicationsMessaging
TelecomsOnline
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
On-Premises
Private Cloud
Public Cloud
Turning Machine Data Into Business Value
Ask Any Question
Application Delivery
Security, Compliance and Fraud
IT Operations
Business Analytics
Internet of Things and Industrial Data
© Copyright 2017 Dell Inc.11
Splunk Architecture
Send data from thousands of servers using any combination of Splunk Forwarders
Auto load-balanced forwarding to Splunk forwarders
Offload search load to Splunk Search Heads
Search HeadsQuery information across indexers and are
usually CPU and memory intensive.
IndexersWrite data to disk and are both CPU and
I/O intensive.
ForwardersCollect and forward data; usually
lightweight and not resource intensive.
http://docs.splunk.com/Documentation/Splunk/latest/Overview/AboutSplunkEnterprisedeployments
How is data stored and aged in Splunk
FROZEN
WARM COLDHOT
HOT – Newest buckets of data that are still open for write
WARM – Recent data but closed for writing (read only)
COLD – Oldest data, commonly on cheaper, slower storage
FROZEN – No longer searchable, commonly archived or deleted data
Optional TSIDX Reduction
OR
© Copyright 2017 Dell Inc.
© Copyright 2017 Dell Inc.13
Performance
✓ Ingest More Sources
✓ Need Faster Queries Results
✓ More Users
✓ Big Apps
Growth Happens – How do you keep up?
Capacity
✓ Store More indexes
✓ Longer Retention Periods
✓ Indexer Clustering
✓ Big Apps
© Copyright 2017 Dell Inc.15
Splunk is now a business critical application:
✓ Demand for daily ingest rate is increasing rapidly
✓ Search performance must not suffer from scale
✓ Availability/Reliability is must have
✓ Big data infrastructure must align to enterprise strategy
✓ No rip and replace to achieve greater scale
Splunk Trends we are seeing…
Dell EMC provides a scalable and efficient enterprise solution for deploying Splunk.
© Copyright 2017 Dell Inc.
16
Why Dell EMC for SplunkOptimized infrastructure for big & fast data
Optimized Shared
Storage & Tiering
Jointly Validated
Solutions
Integrated
SupportTested
Configurations
Life Cycle
Management
Snapshots For Backups
Cost-Effective &
Flexible Scale-Out
Scale-Out Capacity & Compute Independently Or
As Converged PlatformFrozen
Cold
Warm
HotAll-Flash HCI, SAN or DAS
for Hot/Warm Buckets
Isilon
for Cold Buckets(keeps data accessible
and searchable for longer)OR
for Frozen/Archive
© Copyright 2017 Dell Inc.
VxBlock 540 / XtremIO
+ Isilon
VxRack Flex + Isilon VxRail + IsilonPowerEdge
+ Isilon
Splunk Validated Solutions
“Meets or EXCEEDS minimum hardware requirements”
© Copyright 2017 Dell Inc.
Start Small
● Single Use Case
● Single Department
● Less than 100GB/day per day
Dell PowerEdge Series
© Copyright 2017 Dell Inc.
Go BIG!!
● Multiple Use Cases
● Organization-wide deployment
● Premium Apps
● Infrastructure for Splunk
● > than 300GB/day per day
© Copyright 2017 Dell Inc.
Dell EMC has apps for Splunk too!
Gain insight into your Dell EMC
Storage Platforms• VMAX
• VNX
• XtremIO
• Isilon
Free app/add-ons for Dell EMC on Splunkbase
© Copyright 2017 Dell Inc.22
Let our Splunk Ninjas help you!
Trained by Splunk
Splunk Architecture Experts
Dell EMC Portfolio Experts
Religious about Best Practices
Available across the GLOBE!!!