View
643
Download
2
Category
Tags:
Preview:
Citation preview
Copyright © 2014 Splunk Inc.
Octavio Di Sciullo Principal Support Engineer, Splunk
Patrick Ogdin Product Manager, Splunk
Splunk Monitoring – New NaEve Tools for Monitoring your Splunk Deployment
Disclaimer
2
During the course of this presentaEon, we may make forward looking statements regarding future events or the expected performance of the company. We cauEon you that such statements reflect our current expectaEons and
esEmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements,
please review our filings with the SEC. The forward-‐looking statements made in the this presentaEon are being made as of the Eme and date of its live presentaEon. If reviewed aRer its live presentaEon, this presentaEon may not contain current or accurate informaEon. We do not assume any obligaEon to update any forward looking statements we may make. In addiEon, any informaEon about our roadmap outlines our general product direcEon and is subject to change at any Eme without noEce. It is for informaEonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaEon either to develop the features or funcEonality described or to
include any such feature or funcEonality in a future release.
Agenda ! History of Splunk Monitoring Tools ! Underpinning Technologies ! Distributed Management Console Architecture ! Setup Tasks ! Indexing Performance Views ! Search AcEvity Views ! Resource Usage Views ! PlaYorm Alerts ! Roadmap
3
2014 Goals and ObjecEves
! Introduce the Distributed Management Console feature for Splunk 6.2
! Explain importance of monitoring your Splunk deployment, especially in large, distributed environments
! ?
4
History of Splunk Monitoring Tools
5
! index=_internal sourcetype=splunkd – Go look at the logs!
! Splunkbase tools ! Status dashboards ! Deployment monitor
– License usage reporEng! – AlerEng, summarizaEon
! S.o.S – Developed by Splunk Support for Splunk support and customers – PlaYorm resource uElizaEon collecEon with technology add-‐ons – Topology views
Underpinning Technologies
6
! Resource collecEon framework – introspecEon_generator_addon – $SPLUNK_HOME/var/log/introspecEon – index=_introspecEon
! REST Endpoints – /services/server/status/resource-‐usage
ê Snapshots of CPU, Memory, Disk – /services/server/info
ê PlaYorm, core count, server role
! Server roles – Derived or user defined
Distributed Management Console Architecture
7
Search Heads
Indexers
Universal Forwarder
Distributed Search
Management
Data
Monitoring Console Host
Setup Tasks
8
! Prerequisites – Where does the DMC live? – Topology definiEon – Forward all logs from all components back to the indexing Eer – All components must be search peers of the DMC host
! Standalone vs distributed mode – Server roles – Custom groups
Instance View (Topology List)
9
Design Pamerns
10
! Instances and machines – One machine can have several instances
! Deployment wide – Aggregate staEsEcs – Uses a Count of Instances banded by a parEcular measurement
! Snapshot views – Endpoint derived
! Historical views – Indexer derived
Search AcEvity Views
11
Instance
Search AcEvity Views
12
Deployment Wide
Indexing Performance Views
13
Deployment Wide
Indexing Performance Views
14
Instance
Resource Usage Views
15
Instance
Resource Usage Views
16
Deployment Wide
KV Store
17
Instance
KV Store
18
Deployment Wide
PlaYorm Alerts
19
PlaYorm Alerts Email Examples
20
THANK YOU
Recommended