Transcription
Who is Karsten? CTO, Netic A/S Masters, CS from AalborgUniversity In operations for 25 years Splunk Deployment ArchitectAgenda: Netica NoSQL database with benefits :)SplunkKarstenThygesenUse Cases in FMKkarthy@netic.dkQ&Atirsdag den 18. juni 13
Netic A/S Netic– Founded in2002– Private funded– HQ in Aalborg– 20 employees– Multipledatacenterstirsdag den 18. juni 13 Business Areas– Hosting– Operations– Consultancy,Infrastructure– SWDevelopment– Splunk References– FællesMedicinkort– National ServicePlatform– Sundhedsdatanet-tet– vaccinationsregistret– Nemhandelregistret– Debitorregistret
Splunk Engine for Machine DataCommon Uses and MaturityBusiness AnalyticsWeb IntelligenceSecurity & ComplianceOur SolutionIT OperationsAny log filesBusinessConnectorsSchemasValueCustom applicationsInsightsWeb serversDatabases LimitsUser clickstreamOperationServiceSocial figsProactiveProactiveTelecoms devices IdentificationMonitorinStorage devicesgJun1211:38:19serverNetwork devicesSearch sshd[13375]: error: PAMReactiveSecurity devices authentication errorInvestigatFirewalls, IDSeuser karthyDatabasessrcip 62.116.207.26Web servicesJun 12 11:38:21 serverSystem metricssshd[13375]: error: PAMGPSauthentication errorDNS, DHCPuser karthyAAA logssrcip 129.42.38.1Proxy serversDifferentiateScriptsSensorsSchema Fast timeUniversalRealTimeon the fly to ValueMachine DataArchitectureplatformAgile Reporting Scales from Desktop Passionate andand Analyticsto EnterpriseVibrant communityApp ManagementSplunk ITApp DevelopmentCollect and IndexDeveloper Framework3tirsdag den 18. juni 13
Splunk Apps Let You Do 'Mail'400 Apps toring'Citrix'NetScaler'AS/400'3'iSeries' bile'DEVELOPER FRAMEWORK4tirsdag den 18. juni 13
Splunk for Exchange5tirsdag den 18. juni 13
Active Directory6tirsdag den 18. juni 13
Splunk for Cisco7tirsdag den 18. juni 13
Splunk for VMWare8tirsdag den 18. juni 13
Custom Apps9tirsdag den 18. juni 13
Massive Linear Scalability to Tens ofMasterserverOffload search load to Splunk SearchHeadsDeployserverAuto load-balanced forwarding to as many Splunk Indexers as you need toindex terabytes/daySend data from 1000s of servers using combination of SplunkForwarders, syslog, WMI, message queues, or other remote protocols10tirsdag den 18. juni 13
FMK - Fælles Medicin Kort(Common Medicine card) Record of danish citizens medicin usage Nominated “digitaliseringsprisen” in2011 Total of 130 servers in two datacenters One of the first “real” systems to useNoSQL (Riak) Developed by Trifork, Operations byNetic11tirsdag den 18. juni 13
FMK Use Cases Usage statistics– Group by usertype,location, EPJsystem, time ofday/week.– Pinpoint bad userexperience– SLA reporting Performance– Avg/95-percentileresponsetime bycall type, by client,by anything12tirsdag den 18. juni 13
FMK Use Cases Riak statistics– Siblings– Object Sizes– Responsetimes– Read/Write ratio– Compact frequency– Replication– Traffic/Trends13tirsdag den 18. juni 13
FMK Use Cases OperationalInsight– Wallview byoperations improved “gutsfeeling” Reduce incident Discover problemsearly– Wallview bydevelopers Instant feedback ofchanges Tight monitoring ofnew releases(deployments) Seriously reducetime to understandand fix problems– Wallview by Owner14tirsdag den 18. juni 13
FMK Use Cases Changes Culture– To describe an observed problem, wecommunicate Splunk searches– Development very close to operation butcomplies to segregation of duties– Better understanding both ways– More focus on enhanced logging and sessiontracing– Almost all reporting is dashboards in Splunk15tirsdag den 18. juni 13
karthy@netic.dk16tirsdag den 18. juni 13
FISMA'Monitoring' Citrix'NetScaler' Splunk'Mobile' 400 Apps and growing tirsdag den 18. juni 13. Splunk for Exchange 5 tirsdag den 18. juni 13. Active Directory 6 tirsdag den 18. juni 13. Splunk for Cisco 7 tirsdag den 18. juni 13. Splunk for VMWare 8 tirsdag den 18. juni 13. Custom Apps 9
