SplunkLive! Zürich 2016 - Splunk Enterprise 6.4
-
Upload
splunk -
Category
Technology
-
view
267 -
download
3
Transcript of SplunkLive! Zürich 2016 - Splunk Enterprise 6.4
Copyright©2015SplunkInc.
SplunkEnterprise6.4Wasist neu?UdoGötzenCISSP,SeniorSalesEngineer
IndustryLeadingPlatformForMachineDataMachineData:AnyLocation,Type,Volume
OnlineServices Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
PackagedApplications
CustomApplicationsMessaging
TelecomsOnlineShoppingCart
WebClickstreams
Databases
EnergyMeters
CallDetailRecords
SmartphonesandDevices
RFID
On-Premises
PrivateCloud
PublicCloud
PlatformSupport(Apps/API/SDKs)
EnterpriseScalability
UniversalIndexing
AnswerAnyQuestion
DeveloperPlatform
Reportand
analyze
Customdashboards
Monitorandalert
Adhocsearch
IndustryLeadingPlatformForMachineDataMachineData:AnyLocation,Type,Volume
OnlineServices Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
PackagedApplications
CustomApplicationsMessaging
TelecomsOnlineShoppingCart
WebClickstreams
Databases
EnergyMeters
CallDetailRecords
SmartphonesandDevices
RFID
On-Premises
PrivateCloud
PublicCloud
PlatformSupport(Apps/API/SDKs)
EnterpriseScalability
UniversalIndexing
AnswerAnyQuestion
DeveloperPlatform
Reportand
analyze
Customdashboards
Monitorandalert
AdhocsearchAnyamount,anylocation,anysource
Schema-on-the-fly
Universalindexing
Noback-endRDBMS
Noneedtofilterdata
3
TurnMachineDataintoOperationalIntelligenceINDEXANYMACHINEDATA:ANYSOURCE,TYPE,VOLUME
OnlineServices Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
PackagedApplications
CustomApplicationsMessaging
TelecomsOnlineShoppingCart
WebClickstreams
Databases
EnergyMeters
CallDetailRecords
SmartphonesandDevices
RFID
On-Premises
PrivateCloud
PublicCloud
GAINREAL-TIMEVISIBILITY
ApplicationDelivery
SecurityandCompliance
InfrastructureMonitoring
BusinessAnalytics
InternetofThings
4
SettingtheStandardforOperationalIntelligence
Engine Platform123
2006-2008
Tool
2009-2011 2012-2016
44.14.24.35x6x
“Googleforthedatacenter”
“Engineformachine-generateddata”
“PlatformforOperationalIntelligence”
5
TurningMachineDataIntoOperationalIntelligence
Reactive
Searchand
Investigate
ProactiveMonitoringandAlerting
OperationalVisibility
ProactiveReal-timeBusinessInsight
7
PlatformforOperationalIntelligence
RichEcosystemofApps&Add-Ons
SplunkPremiumSolutions
MainframeData
RelationalDatabasesMobileForwarders Syslog/TCP IoT
DevicesNetworkWireData
Hadoop
TheSplunkPortfolio
SplunkEnterprise6.4What’snew?
SplunkEnterprise&SplunkCloud6.4
NewCloudServicesMonitoring
NewVisualizations&EnhancedAnalytics
9
PlatformSecurityand Management
Unlimitednewwaystovisualizeyourdata
Newmission-criticalfeatures
Expanded cloudoperations intelligence
StorageTCOReduction
Reduceshistorical datastorageTCOby40%+
(SplunkEnterprise)
Getmorefrombigdataandpaylessinstoragecosts
SplunkEnterprise&SplunkCloud6.4
NewCloudServicesMonitoring
NewVisualizations&EnhancedAnalytics
10
PlatformSecurityand Management
Unlimitednewwaystovisualizeyourdata
Newmission-criticalfeatures
Expanded cloudoperations intelligence
StorageTCOReduction
Reduceshistorical datastorageTCOby40%+
(SplunkEnterprise)
CustomVisualizations
Unlimitednewwaystovisualizeyourdata
15newinteractivevisualizationsusefulforIT,security,IoT,businessanalysis
OpenframeworktocreateorcustomizeanyvisualVisualssharedviaSplunkbase library
Availableforanyuse:search,dashboards,reports…
11
NewCustomVisualizations
12
Treemap
SankeyDiagram
Punchcard CalendarHeatMap
ParallelCoordinates
BulletGraphLocationTracker
HorseshoeMeter
MachineLearningCharts
Timeline
HorizonChart
MultipleusecasesacrossIT,security,IoT,andbusinessanalytics
EventSampling
• Powerful searchoption providesunbiasedsampleresults
• Usefultoquicklydeterminedatasetcharacteristics
• Speedslarge-scaledatainvestigationanddiscovery
13
Optimizes queryperformance forbigdataanalysis
PredictCommandEnhancements
• Time-seriesforecasting• Newalgorithms:• Supportbivariatetimeseries
withcovariance• Predictmultipleseriesindependently• Predictmissingvalueswithinseries
• 80-100Xperformance improvement
14
ForecastTrendsandPredictMissingValues
SplunkEnterprise&SplunkCloud6.4
NewCloudServicesMonitoring
NewVisualizations&EnhancedAnalytics
15
PlatformSecurityand Management
Unlimitednewwaystovisualizeyourdata
Newmission-criticalfeatures
Expanded cloudoperations intelligence
StorageTCOReduction
Reduceshistorical datastorageTCOby40%+
(SplunkEnterprise)
SplunkEnterprise:StorageTCOReduction
16
LeanStorageforHistoricalData
• Removescertainsearchperformanceoptimizations(TSIDX)toreducedatafootprint40-80%
• Optimizesthecostvs performanceofhistoricaldataanalysis
• Retainslargedatasetscost-effectivelyforregulatorycompliance,securityinvestigationsandbusinessops
40- 80%TCOreductionforhistoricaldatastorage
Newstorageoption withgranularcontrols
HistoricalDataStorage
ColdColdCold
Cold Cold Cold Cold Cold Cold
Historicaldataretainedonline,possiblyusinglower-coststorage
Hot
Warm Warm Warm
Real-timeandrecentdata,typicallyusinghigh-speedstorage
17
ColdColdCold
StorageOptimization
Hot
Warm
Drivingdowndataretentioncosts
Warm
Cold Cold Cold Cold Cold Cold
Warm
NewDataStorageControls• 40-80%reductionindatafootprint• Nofunctionalityloss• Limitedperformancetradeofffor
typicalusecases
Howdoesitwork?CertainSplunk performanceoptimizationdata(TSIDX)isremoved– yielding asmallerfootprint.
18
ColdColdCold
SavingsExample
Hot
Warm
Drivingdowndataretentioncosts
Warm
Cold Cold Cold Cold Cold Cold
Warm
SavingsOver1Year$1.6M*
Savingsover5Years$4.3M*
RawIngest:10TB/Day
Hot/WarmRetention:2Months
ColdRetention:10Months
*Assumes$1.25/GBCold StoragePurchaseCost,10%MaintenanceCost,10%AnnualDataGrowth,3YearHWRefresh,Noclustering
19
SplunkEnterprise&SplunkCloud6.4
NewCloudServicesMonitoring
NewVisualizations&EnhancedAnalytics
20
PlatformSecurityand Management
Unlimitednewwaystovisualizeyourdata
Newmission-criticalfeatures
Expanded cloudoperations intelligence
StorageTCOReduction
Reduceshistorical datastorageTCOby40%+
(SplunkEnterprise)
Management&PlatformEnhancementsManagement– DistributedManagementConsole
ê Newmonitoringviewsforscheduler,EventCollector, systemI/Operformance
– DelegatedAdminRoles
HTTPEventCollector– Unrestricteddataforpayloads– Dataindexingacknowledgement
SAMLIdentityProviderSupport– Okta,AzureAD,ADFS
SAMLSupportü OKTAü AzureADü ADFSü PingFederate
HTTPEventCollector
21
SplunkEnterprise&SplunkCloud6.4
NewCloudServicesMonitoring
22
PlatformSecurityand Management
Unlimitednewwaystovisualizeyourdata
Newmission-criticalfeatures
Expanded cloudoperations intelligence
StorageTCOReduction
Reduceshistorical datastorageTCOby40%+
(SplunkEnterprise)
NewVisualizations&EnhancedAnalytics
CloudServicesMonitoring
23
Newandenhancedappstomonitorcriticalcloudservices
• URLresponsetimes• Cachinglayeranalysis• Networkperformance
• Errorlogtracking• Userprofiling• Request/response perf.
AnalyzetheoperationsandsecurityofyourAWSservices
• AWSELB• AWSCloudFront• Newsecurityfeatures
• CloudTrail,Config• CloudWatch,S3• VPCFlowLogs,Billing
AWS
Monitor theperformance,availability,andsecurityofyourAkamaiservice
MonitorServiceNow incident,change,andeventprocesses
• Support forlatest“Geneva”release
Akamai
ServiceNow
SplunkEnterprise&SplunkCloud6.4
NewCloudServicesMonitoring
NewVisualizations&EnhancedAnalytics
24
PlatformSecurityand Management
Unlimited newwaystovisualizeyourdata
Newmission-criticalfeatures
Expanded cloudoperations intelligence
StorageTCOReduction
Reduceshistorical datastorageTCOby40%+
• New/enhancedmonitoringcapabilitiesforAWS,AkamaiandServiceNow
• Newpre-builtvisualizations• Opencommunitylibrary• Datasampling&prediction
• Expandedmanagementcapabilities• Newusersecurityoptions
• SplunkEnterprisereducesHWstoragecostup to80%foronlinehistoricaldata
Getmorefrombigdataandpaylessinstoragecosts
Appendix
Additional6.4Features
26
Feature ShortDescription
Ultra-drilldownandHighlighting
Whenperforming ultra-drilldownfield=valueortagfiltering,theUIhighlightstheappropriatetagsorfield=valuepairswithineventexpansionsandeventdetailswhereapplicable. Newultra-drilldownactionsalsoaddedfortags.
UIcontrolforGlobalDefaultTimeRangeAdministratorscannowdefineadefaulttimerangevalueforallsearchpagesbyusingaUIcontrolinSplunkWeb.
InstantFeedbackAllformattingoptionsinvisualizationsarereflectedautomaticallyinthevisualizations.Thisgivesusersmuchmoreconfidencethattheirchoicesarematchingtheirintentions.
DashboardXMLEditorEnhancedXMLeditexperiencethatincludesbetterscreenoptimization,inlinevalidation,aswellaslivepreviewbeforesaving.
IndexerClusterEnhancements Optiontoforcerollspecifichotbuckets.Abilitytoquarantineabadsearchpeer.
SearchHeadClusterEnhancements User/Role/PasswordReplication.
AlertLoggingAbilitytocreateacustomlogeventthatissentbacktotheSplunkplatformforindexing,searching,andreporting.
ForwardersupportforLinuxForPower ForwardersupportedonLinuxforPowerontheLittleEndianarchitecture.
SplunkEnterprise&SplunkCloud6.3
AdvancedAnalysis&Visualization
BreakthroughPerformance&Scale
HighVolumeEventCollection
27
Enterprise-ScalePlatform
SupportsDevOpsandIoTdataanalysisatscale
Simplifies analysisoflargedatasets
DeliversEnterpriseplatform requirements
DoublesperformanceandlowersTCO
• 2XSearch&IndexingSpeed• 20-50%IncreasedCapacity• 20%+ReducedTCO
• AnomalyDetection• GeospatialMapping• Single-ValueDisplay
• HTTPEventCollector• DeveloperAPI&SDKs• 3rd PartyIntegrations
• ExpandedManagement• CustomAlertActions• DataIntegrityControl
Meetingtheneedsofthemostdemanding organizations