Register here to be invited to future Software Defined Meetups Rundown You can then drag and drop relevant searches onto the diagram.This week we discuss the potential digital transformation of the Dollar and Snowflake’s Strategy. This is just a static image, which could be anything from a Visio network diagram to a photograph of a whiteboard. To start with Glass Tables, you upload a diagram that represents what you want to monitor. Splunk’s IT Service Intelligence product is designed to make service monitoring easier. Jonathan Cervelli on Splunk IT Service Intelligence and Glass Tables Specific details were not covered in the keynote. Like products offered by their partners, Splunk UBA relies on machine data and machine learning to detect changes in user behavior. This is useful in a variety of scenarios including legal reporting requirements, training, and simply helping allowing analyst remember what he was doing. This records every search that the security analyst makes so that others can see how he or she conducted the investigation.
Once the relevant data is collected, each event appears on a timeline with links back to the dashboards where the event can be further analyzed.Ī related feature is the Investigate Journal. With Investigator Timeline, all of the events that you do find interesting across any dashboard can be tagged with an investigation name. Normally security analysts have to manually copy event information into notebooks or spreadsheets. The first feature Monzy discussed it the Investigator Timeline. Monzy Merza on Splunk Enterprise Security 4.0 Essentially a map-reduce job that not only spans multiple servers, but also multiple data centers and data formats. So rather than doing that, Splunk is developing distributed search engines that queries the data where it lives. One of the reasons that ETL jobs exist is that moving all of the data into one place is really expensive in terms of time and network utilization. Splunk’s Business Analytics division sees their role as replacing traditional ETL jobs and reports that run on a weekly or monthly basis with real time dashboards and reports. On the business analytics side, the goal is to move companies away from “running their business on month old data”. Beyond running on multiple AWS availability zones, Splunk promises to actively monitor each users instance to proactively address issues. However, Splunk Cloud is going beyond that to promise a 100% uptime SLA. Splunk Cloud runs on top of Amazon AWS, so it has the same theoretical uptime guarantees. They currently have hundreds of customers on this option, some of whom push several terabytes of data per day into their servers. Nate reports a 75% decrease in storage size when running in this mode.Īnother big push this year is hosted offering known as Splunk Cloud.
SPLUNK CONF ARCHIVE
With Hunk 6.3 you can now archive your older data into Hadoop but still query it using the same tools you used with data indexed in Splunk Enterprise. But cold archives are traditionally hard to work with, so data is often stored on the hot servers, bogging everything thing. When working with big data, archiving has to be part of the picture. Nate claims that the HTTP Event Collector can scale to millions of events per second. This allows events to be pushed directly into Splunk without the need for intermediaries. With this release, Splunk offers a HTTP Event Collector. But of course that requires something to actually collect and log the events that make up the data. In the past, Splunk was designed to read from arbitrary data sources. With the new version, the baseline recommendation for the same amount of data is down to eight indexers. In terms of hardware utilization, version 6.2 required 20 indexers to handle 2TB of data per day. Cisco also reported a 6X improvement on searches over 6.2 on the same hardware.
According to Cisco, indexing on Splunk Enterprise 6.3 is more 4 times faster when running on the Cisco UCS platform. The intelligent scheduler considers factors such as data size and server load to estimate when the search should be run. Rather than saying when a search should be run, the user instead says when they want the search to be completed. The scheduling agent as has also been improved. Ad hock searches are now roughly twice as fast. Performance has improved significantly over the previous version, 6.2. Splunk itself is a ten-year-old company with 10,000 customers, up from 1,000 customers in 2010.
Reasonably happy with their ability to process data, they want to ensure that developers, IT staff, and normal people have a way to actually use all of the data their company is collecting. This is a shift from their original focus: indexing arbitrary big data sources. Splunk opened their big data conference with an emphasis on “making machine data accessible, usable, and valuable to everyone”.