© 2 0 2 0 S P L U N K I N C .

© 2 0 2 0 S P L U N K I N C .

Splunk Cloud 1.0.1Tips, tricks and best practices to help you embark on your cloud journey

Georgios GlymidakisSenior Professional Services Consultant | Splunk

Rory BlakePrincipal Architect - IT Markets - Global Services | Splunk

During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein.

In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release.

Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved

Forward-LookingStatements

© 2 0 2 0 S P L U N K I N C .

Georgios Glymidakis | Splunk

Who We Are

Rory Blake | Splunk

© 2 0 2 0 S P L U N K I N C .

Georgios GlymidakisSenior Professional Services Consultant

4 Years Professional Services

© 2 0 2 0 S P L U N K I N C .

Rory Blake

• Based In UK• Delivering Splunk Professional Services Since 2011• Trained Several Hundred Consultants and Partners• Delivered Splunk Projects in 16 Countries• Background in Software Development & Financial services

Principal Architect – Global Services - Observability & IT Ops

© 2 0 2 0 S P L U N K I N C .

Agenda 1) Welcome To Splunk Cloud –Let’s see what you get2) Getting Data In – How to design your data

forwarding layer

3) Splunk Apps – Make the most out of your data

4) Splunk Training – Upskill to maximise your investment

5) Support and Professional Services – Always here to help

6) Additional Resources

© 2 0 2 0 S P L U N K I N C .

Welcome to Splunk Cloud

© 2 0 2 0 S P L U N K I N C .

Welcome To SplunkCloud

• Splunk Cloud is Splunk Enterprise in the Cloud– All the data analytics power minus the infrastructure overheads and costs

• Service Level Commitment – 100% availability• Data Segregation for Splunk Cloud• Data Encryption At-Rest• Industry certified• Data forwarding layer critical – needs to be optimal

© 2 0 2 0 S P L U N K I N C .

Welcome to SplunkCloudWho Does What?

Managing a Splunk deployment involves 12 on-going admin tasks, 8 of whichare conducted by

Splunk for a Cloud based deployment

~80% reduction in management tasks

Responsibility SplunkCloud

Admin Tasks:One-time Setup

Purchase/rent HW SplunkRack and stack, cable, network all HW SplunkInstall Splunk SplunkInstall OS SplunkConfigure Splunk (create users, load apps, configure) SplunkConfigure indexes SplunkSetup HA/clustering SplunkSetup disaster and recovery SplunkConfigure forwarders JointOnboard data JointIntegrate with LDAP/AD Joint

Admin Tasks:Ongoing

Scale up HW SplunkInstall Splunk patches / upgrades SplunkInstall OS patches / upgrades SplunkMonitor deployment / health checks SplunkManage forwarders CustomerCreate users / roles CustomerManage indexes CustomerOnboard additional data CustomerLoad search head only apps Both*Load distributed apps Both*Load premium apps SplunkExport data Splunk

User Tasks Search, alerts, reports, dashboards Customer

© 2 0 2 0 S P L U N K I N C .

Getting Data In

© 2 0 2 0 S P L U N K I N C .

Getting Data InUniversal, Heavy and Intermediate Forwarders

Desktops

Laptops

Servers

Universal Forwarder

Splunk CloudHeavy

ForwarderDatabases

Scripted Inputs/APIs

UF HF

IntermediateForwarder

SSL SSL

SSL

Splunk Deployment

Server

© 2 0 2 0 S P L U N K I N C .

Getting Data InForwarding Configuration Just For You

© 2 0 2 0 S P L U N K I N C .

Getting Data InSyslog Servers Or SC4S

Splunk Cloud IndexersNetwork Devices

SyslogServers

Universal Forwarder

OR

HTTP Load Balancer

Splunk Connect For Syslog

© 2 0 2 0 S P L U N K I N C .

Getting Data InInputs Data Manager (IDM)

Cloud Services

Splunk Cloud IndexersInputs Data Manager

© 2 0 2 0 S P L U N K I N C .

Getting Data InHTTP Event Collector (HEC)

AWS Lambda

Splunk HEC Splunk Cloud Indexers

© 2 0 2 0 S P L U N K I N C .

Splunk Apps

© 2 0 2 0 S P L U N K I N C .

App Installation

Direct App Install Splunkbaseor

Custom Apps

Premium Apps&

Non-Direct Install

App Browser Private App Upload Support Ticket

Get In!

© 2 0 2 0 S P L U N K I N C .

Cloud VettingAppInspect

AppInspect Passed Incompatible

© 2 0 2 0 S P L U N K I N C .

Training

Required RecommendedSplunk Fundamentals 1 (Free) Splunk Fundamentals 3

Splunk Fundamentals 2 Advanced Search & Reporting

Creating Dashboards

Splunk Cloud Administration CourseAdministrator training for Splunk Cloud Management:

• Users• Data Inputs• Forwarder Configuration• Data Management

• User Accounts• Basic Monitoring• Problem Isolation

Become A Splunk Ninja

© 2 0 2 0 S P L U N K I N C .

SupportSOS

• Accessibility Issues• Usability Issues• General Questions

© 2 0 2 0 S P L U N K I N C .

Success PlansSupport & Services. What you need. When you need it

© 2 0 2 0 S P L U N K I N C .

Professional Services OfferingsServices. What you need. When you need it

© 2 0 2 0 S P L U N K I N C .

Additional ResourcesI Want Moarrr!

Resource Link

Cloud Migration Assessment App for Splunk https://splunkbase.splunk.com/app/4974/

App Inspect Tutorial https://dev.splunk.com/enterprise/tutorials/quickstart/yourfirstappinspect/

Splunk Essentials for Cloud and Enterprise 8.0 https://splunkbase.splunk.com/app/4748/

Splunk Cloud Documentation https://docs.splunk.com/Documentation/SplunkCloud

Splunk Answers https://community.splunk.com/t5/Splunk-Cloud/bd-p/core-splunk-cloud

Splunk Lantern Knowledgebase https://lantern.splunk.com/hc/en-us

https://splunkbase.splunk.com/app/4974/https://dev.splunk.com/enterprise/tutorials/quickstart/yourfirstappinspect/https://splunkbase.splunk.com/app/4748/https://docs.splunk.com/Documentation/SplunkCloudhttps://community.splunk.com/t5/Splunk-Cloud/bd-p/core-splunk-cloudhttps://lantern.splunk.com/hc/en-us

© 2 0 2 0 S P L U N K I N C .

1. Splunk Cloud – The power of Splunk minus the management and infrastructure

2. Data forwarding layer is critical for success

3. Design and manage your on-premise components

4. Utilise Splunkbase Apps – Learn about App Vetting

5. Get trained to maximise value

6. Splunk Docs, Community and Lantern are great sources of information

7. Splunk Support and PS is always close to help

Summary

SESSION SURVEYPlease provide feedback via the

© 2 0 2 0 S P L U N K I N C .

Splunk Cloud 1.0.1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Welcome To SplunkCloudWelcome to SplunkCloudSlide Number 10Getting Data InGetting Data InGetting Data InGetting Data InGetting Data InSlide Number 16App InstallationCloud VettingSlide Number 19SupportSuccess PlansProfessional Services OfferingsAdditional ResourcesSlide Number 24Slide Number 25