Gaining Application Lifecycle Intelligence

Creative Commons Attribution-NonCommercial l icense: http://creativecommons.org/licenses/by-nc/3.0/

GAINING APPLICATION LIFECYCLE

INTELLIGENCE WITH SPLUNK

By Damien Dallimore , Dev Evangelist @ Splunk

Who am I ?

Creative Commons Attribution-NonCommercial l icense: http://creativecommons.org/licenses/by-nc/3.0/3

From Middle Earth

Make things

JVM background

apps.splunk.com

github.com/damiendallimore

Agenda

Overview of Splunk and build a simple app

How Splunk can help in the Application Development Lifecycle

Various ways to get data into Splunk and demos

Data Data Everywhere

VOLUME

VARIETY

VERACITY

VELOCITY

How can Splunk help ?

Spelunking

Platform for machine data

Splunk storage Other Big Data stores

DeveloperPlatform

Data collection

and indexing

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search

DeveloperPlatform

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search

Platform for machine data

Splunk storage Other Big Data stores

collection

and indexing

Any amount, any location, any source.Schema at read time, not write time

Data in any format

No RDBMS

Very Extensible

What Does Machine Data Look Like?

Sources

Twitter

Care IVR

Middleware Error

Order Processing

Machine Data Contains Critical Insights

Customer ID Order ID

Customer’s Tweet

Time Waiting On Hold

Twitter ID

Product ID

Company’s Twitter ID

Sources

Twitter

Care IVR

Middleware Error

Order Processing

Customer IDOrder ID

Customer ID

Machine Data Contains Critical Insights

Order ID

Customer’s Tweet

Time Waiting On Hold

Product ID

Company’s Twitter ID

Sources

Twitter

Care IVR

Middleware Error

Order Processing

Order ID

Customer ID

Twitter ID

Customer ID

How are we best

going wrangle this

data ?

Release the Developers

Very Extensible Platform for Developers

REST API

Build Splunk Apps Extend and Integrate Splunk

Simple XML

JavaScript

Django

FrameworkJava

JavaScript

Python

Data Models

Search

Extensibility

Modular Inputs

Lets build something simple

Simple Swarm App (ex Foursquare)

Get my actual checkin data in via REST

Search over this data

Visualize

Application Lifecycle Data

BuildUnit Testing

Check-inIntegration

Testing Deploy

Staging

Application Development Challenges

Lack of visibility across the product

development lifecycle

Pressure to increase velocity and

agility with DevOps

Limited insights into behavior and

performance from application logs

Quickly trace and identify errors anywhere

in the codebase with real-time search

and monitoring

Instrument your app logs to gain application intelligence

Break down dev tool silos with real-time

insights from machine data

GAIN END-TO-END VISIBILITY

ACROSS THE DEV TOOL CHAIN

FIND AND FIX

ISSUES FASTER

PUSH BETTER

CODE USING

ANALYTICS

Splunk for Application Lifecycle Intelligence

Real-time dashboards show error

rate in production and impact of

pushing new builds

Developers can search and

visualize web logs, Java logs—

without production access

Alerts notify developers as soon as

a problem arises

Find and Fix Issues Faster

Gain end-to-end visibility to make

informed decisions

Analytics insights without the need

for additional analytics tools

Ask questions while exploring and

collecting data

void submitPurchase(purchaseId){

log.info("action=submitPurchaseSt

art, purchaseId=%d", purchaseId)

//these calls throw an exception on error

submitToCreditCard(...)

generateInvoice(...)

generateFullfillmentOrder(...)

log.info("action=submitPurchaseCo

mpleted, purchaseId=%d", purchaseId)

Push Better Code Using Analytics

End-To-End Visibility Across The Dev Tool Chain

CI / Build

Servers

Project and

Issue Tracking

Repository

QA / Testing

ToolsDeployment

Servers

App Development Lifecycle Demo

Getting your data into Splunk

Log DataLog Files

Splunk Logging Appenders

CodingSplunk Java SDK

Splunk Spring Integration Adaptors

MessagingJMS

AMQP w/Rabbit

Log Data

Standard Log Files

Oct 21, 2013 4:42:15 PM org.apache.catalina.startup.Catalina load

INFO: Initialization processed in 1153 ms

Oct 21, 2013 4:42:15 PM org.apache.catalina.core.StandardService startInternal

INFO: Starting service Catalina

Application logs that are part of the product

Developer logs for any code that was deployed

Written to local disk or network storage

Structured and Unstructured Data

Ideally events are in a best practice semantic format

key=value format , JSON

You can perform index time and search time extractions in Splunk

Logging best practices

Clearly timestamp every event , human readable at beginning of line

Log in text , binary needs decoding

Categorize – Use INFO, WARN, ERROR, DEBUG, Event type etc...

Log unique identifiers

Log anything that can add value when aggregated, charted or further

2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar"

SplunkJavaLogging

Sometimes you can’t write to file

Appenders for Java Util Logging , Log4J , Logback

Simply add a logging appender to your logging configuration

LogBack Appender Example

Better Exception Logging

Easier to work with in Splunk

Coding

Splunk SDK for Java

Use the SDK from any JVM Language , Java / Groovy / Scala etc….

Send log events via REST , UDP or TCP directly to Splunk from your

Search over data in Splunk

SDK available from dev.splunk.com

Spring Integration Adaptors

Inbound Adapter

Used to execute Splunk searches and get data out

Outbound Adapter

Write data to Splunk via REST, TCP , UDP

Write to a named index, submit a REST request, write to a data input bound

to a server TCP port

Get the code on Github

Inbound Adaptor

Outbound Adaptor

What is JMX

JMX = Java Management Extensions

Monitor JVM via MBean attributes , operations and

notifications

JVM MBeans

Vendor MBeans

Custom Coded MBeans

Getting this data into Splunk

Runs on all supported Splunk platforms

Works with all main JVM variants

100% Free and Open Source

Simple to Configure

Many Connectivity Options

Messaging

Not a messaging protocol , but a programming interface to many

different underlying message providers

WebsphereMQ , Tibco EMS , ActiveMQ , HornetQ , SonicMQ etc…

Built with Rabbit Java Client Library

AMQP 0.9.1, 0.9, 0.8

But wait , there’s more…..

Poll data from any REST API

Pull data directly off the wire

Capture output from executing any commands

Closer look at capturing command output

Let’s see what the host Operating System can tell us : top

External programs that provide additional JVM insights : jstat

Index this data in Splunk and correlate

Splunk options galore

Splunk> Enterprise : Free to download and use. Index 500 MB/day.

Splunk> Cloud : Premium, cloud hosted. Full Enterprise stack.100% uptime.

Splunk> AMI : BYOL versions for Amazon AWS Cloud.

Splunk> Sandbox : Spin up a cloud instance in minutes.Load in data.

Hunk> : Splunk for data in Hadoop HDFS , MongoDB

More Info

Splunk Docs , Downloads , Vids : http://www.splunk.com

Download Splunk Apps : http://apps.splunk.com

Ask : http://answers.splunk.com

Watch the App Dev / Devops Video : http://www.splunk.com/goto/appdev

Splunk Developer Platform : http://dev.splunk.com

Splunk on Github : https://github.com/splunk

Thankyou.

Questions ?@damiendallimore

ddallimore@splunk.com

Gaining Application Lifecycle Intelligence

pivotal software

machine data look like

extensible platform

overview of splunkand

splunkand demos

formatno rdbmsvery extensible

splunkby damien dallimore

simple apphow splunkcan

Software

3D Data Capture Across the Asset Lifecycle - SPAR...

Software Lifecycle Software Lifecycle Basics Lifecycle...

HP Application Lifecycle Intelligence

ADVANCING ARTIFICIAL INTELLIGENCE · artificial...

Harnessing the Network of Banking Intelligence Shortening...

Ê SITUATIONAL AWARENESS - ThreatConnect...GAINING...

yber Intelligence Tradecraft ertification - Treadstone71 ·...

Best Practices for Gaining Intelligence on Your Customers in...

BrandsLab Market Intelligence Session 2 | The Lifecycle of a...

CYBER SECURITY INTELLIGENCE LIFECYCLE (CSIL) · CYBER...

Operations Performance Management · • Strategy library.....

Thrive in the Digital Era with AI Lifecycle Synergies ·...

HP Application Lifecycle Intelligence User Guide.… ·...

STRATEGIC INTELLIGENCE AND · To assist researchers in...

Business intelligence Open source solutions - CELGE ·...

Gaining Land and Gaining Ground? The Popular Agrarian ...