Embed Size (px)
Citation preview
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Splunk Advanced ArchitecturesThomas PrzelomiecSenior Sales [email protected]
October 2018
© 2018 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2018 Splunk Inc. All rights reserved.
Forward-Looking Statements
THIS SLIDE IS REQUIRED FOR ALL 3 PARTY PRESENTATIONS.
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
What to expect in this session
▶ This is not a best practices session• FN1151 - The Hitchhiker's Guide to Splunk Validated Architectures • Unique solutions employed by large enterprises• Strive for minimum complexity• Creativity as a necessity
▶ You should only be doing this sort of stuff if you rarely cut cases for support▶ Hold questions until the end, I’ll leave time
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Agenda
▶ Infrastructure• Data Pipelines – sending data to Splunk• Architectures – production diagrams
Management – how to configure and manage your environment• Processes• Artifact creation• Data onboarding• Organization
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Data Pipelines – components to unique architectures
▶ Heavies▶ Syslog▶ Kafka▶ AWS S3
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Splunk Heavy Forwarders
▶ Uses• Preprocessing• Data collection apps• An intermediary to 3rd party systems
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Syslog
▶ Data Pipeline• Network devices• Appliances
▶ Uses• Filtering Data• Add structure to ingest• Enrich pre-ingest
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Kafka
▶ Data Pipeline• Log Data• Streaming data• Metrics
▶ When to use• Multiple services that need the same data
sets• You’ve already got it• Part of your strategy
link to kafka presentation(update)
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
AWS s3
▶ Data Lake• You’ve got a cloud first strategy• S3 is an easy solution for data storage
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Architectures
▶ All Splunk▶ Splunk in AWS▶ Splunk as 3rd party pipeline▶ Splunk in GCP and AWS
© 2018 SPLUNK INC.
Architecture #1All Splunk All the Time
© 2018 SPLUNK INC.
Architecture #2Splunk in your own AWS – clean up the image indexer cluster outlines, center them
© 2018 SPLUNK INC.
Architecture #3Splunk Cloud
© 2018 SPLUNK INC.
Architecture #4Splunk Between GCP and AWS
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Wrap up
▶ Use the minimum complexity needed to meet your requirements
▶ There’s lot’s of different data pipelines that can be used
▶ Splunk is flexibile and can be used in all kinds of different big data strategies
© 2018 SPLUNK INC.
Don't forget to rate this session in the .conf18 mobile app
Thank You
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Cool Stuff
▶ Chef/Puppet• scalability
▶ Git• Search iteration• Source code control
▶ HEC• Kafka• AWS
This is where the subtitle goes
© 2018 SPLUNK INC.© 2018 SPLUNK INC.
Other Cool Stuff
▶ Kubernetes▶ Docker ▶ Search cluster• Ad hoc• Scheduled• ES
This is where the subtitle goes
