Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

  • View
    604

  • Download
    2

Embed Size (px)

Transcript

  • Copyright 2014 Splunk Inc.

    Octavio Di Sciullo Principal Support Engineer, Splunk

    Patrick Ogdin Product Manager, Splunk

    Splunk Monitoring New NaEve Tools for Monitoring your Splunk Deployment

  • Disclaimer

    2

    During the course of this presentaEon, we may make forward looking statements regarding future events or the expected performance of the company. We cauEon you that such statements reect our current expectaEons and

    esEmates based on factors currently known to us and that actual events or results could dier materially. For important factors that may cause actual results to dier from those contained in our forward-looking statements,

    please review our lings with the SEC. The forward-looking statements made in the this presentaEon are being made as of the Eme and date of its live presentaEon. If reviewed aRer its live presentaEon, this presentaEon may not contain current or accurate informaEon. We do not assume any obligaEon to update any forward looking statements we may make. In addiEon, any informaEon about our roadmap outlines our general product direcEon and is subject to change at any Eme without noEce. It is for informaEonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaEon either to develop the features or funcEonality described or to

    include any such feature or funcEonality in a future release.

  • Agenda ! History of Splunk Monitoring Tools ! Underpinning Technologies ! Distributed Management Console Architecture ! Setup Tasks ! Indexing Performance Views ! Search AcEvity Views ! Resource Usage Views ! PlaYorm Alerts ! Roadmap

    3

  • 2014 Goals and ObjecEves

    ! Introduce the Distributed Management Console feature for Splunk 6.2

    ! Explain importance of monitoring your Splunk deployment, especially in large, distributed environments

    ! ?

    4

  • History of Splunk Monitoring Tools

    5

    ! index=_internal sourcetype=splunkd Go look at the logs!

    ! Splunkbase tools ! Status dashboards ! Deployment monitor

    License usage reporEng! AlerEng, summarizaEon

    ! S.o.S Developed by Splunk Support for Splunk support and customers PlaYorm resource uElizaEon collecEon with technology add-ons Topology views

  • Underpinning Technologies

    6

    ! Resource collecEon framework introspecEon_generator_addon $SPLUNK_HOME/var/log/introspecEon index=_introspecEon

    ! REST Endpoints /services/server/status/resource-usage

    Snapshots of CPU, Memory, Disk /services/server/info

    PlaYorm, core count, server role ! Server roles

    Derived or user dened

  • Distributed Management Console Architecture

    7

    Search Heads

    Indexers

    Universal Forwarder

    Distributed Search

    Management

    Data

    Monitoring Console Host

  • Setup Tasks

    8

    ! Prerequisites Where does the DMC live? Topology deniEon Forward all logs from all components back to the indexing Eer All components must be search peers of the DMC host

    ! Standalone vs distributed mode Server roles Custom groups

  • Instance View (Topology List)

    9

  • Design Pamerns

    10

    ! Instances and machines One machine can have several instances

    ! Deployment wide Aggregate staEsEcs Uses a Count of Instances banded by a parEcular measurement

    ! Snapshot views Endpoint derived

    ! Historical views Indexer derived

  • Search AcEvity Views

    11

    Instance

  • Search AcEvity Views

    12

    Deployment Wide

  • Indexing Performance Views

    13

    Deployment Wide

  • Indexing Performance Views

    14

    Instance

  • Resource Usage Views

    15

    Instance

  • Resource Usage Views

    16

    Deployment Wide

  • KV Store

    17

    Instance

  • KV Store

    18

    Deployment Wide

  • PlaYorm Alerts

    19

  • PlaYorm Alerts Email Examples

    20

  • THANK YOU