-
© 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C .
Splunk Cloud 1.0.1Tips, tricks and best practices to help you
embark on your cloud journey
Georgios GlymidakisSenior Professional Services Consultant |
Splunk
Rory BlakePrincipal Architect - IT Markets - Global Services |
Splunk
-
During the course of this presentation, we may make
forward‐looking statements regarding future events or plans of the
company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us
and that actual events or results may differ materially. The
forward-looking statements made in the this presentation are being
made as of the time and date of its live presentation. If reviewed
after its live presentation, it may not contain current or accurate
information. We do not assume any obligation to update any
forward‐looking statements made herein.
In addition, any information about our roadmap outlines our
general product direction and is subject to change at any time
without notice. It is for informational purposes only, and shall
not be incorporated into any contract or other commitment. Splunk
undertakes no obligation either to develop the features or
functionalities described or to include any such feature or
functionality in a future release.
Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into
Doing are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names,
product names or trademarks belong to their respective owners. ©
2020 Splunk Inc. All rights reserved
Forward-LookingStatements
-
© 2 0 2 0 S P L U N K I N C .
Georgios Glymidakis | Splunk
Who We Are
Rory Blake | Splunk
-
© 2 0 2 0 S P L U N K I N C .
Georgios GlymidakisSenior Professional Services Consultant
4 Years Professional Services
-
© 2 0 2 0 S P L U N K I N C .
Rory Blake
• Based In UK• Delivering Splunk Professional Services Since
2011• Trained Several Hundred Consultants and Partners• Delivered
Splunk Projects in 16 Countries• Background in Software Development
& Financial services
Principal Architect – Global Services - Observability & IT
Ops
-
© 2 0 2 0 S P L U N K I N C .
Agenda 1) Welcome To Splunk Cloud –Let’s see what you get2)
Getting Data In – How to design your data
forwarding layer
3) Splunk Apps – Make the most out of your data
4) Splunk Training – Upskill to maximise your investment
5) Support and Professional Services – Always here to help
6) Additional Resources
-
© 2 0 2 0 S P L U N K I N C .
Welcome to Splunk Cloud
-
© 2 0 2 0 S P L U N K I N C .
Welcome To SplunkCloud
• Splunk Cloud is Splunk Enterprise in the Cloud– All the data
analytics power minus the infrastructure overheads and costs
• Service Level Commitment – 100% availability• Data Segregation
for Splunk Cloud• Data Encryption At-Rest• Industry certified• Data
forwarding layer critical – needs to be optimal
-
© 2 0 2 0 S P L U N K I N C .
Welcome to SplunkCloudWho Does What?
Managing a Splunk deployment involves 12 on-going admin tasks, 8
of whichare conducted by
Splunk for a Cloud based deployment
~80% reduction in management tasks
Responsibility SplunkCloud
Admin Tasks:One-time Setup
Purchase/rent HW SplunkRack and stack, cable, network all HW
SplunkInstall Splunk SplunkInstall OS SplunkConfigure Splunk
(create users, load apps, configure) SplunkConfigure indexes
SplunkSetup HA/clustering SplunkSetup disaster and recovery
SplunkConfigure forwarders JointOnboard data JointIntegrate with
LDAP/AD Joint
Admin Tasks:Ongoing
Scale up HW SplunkInstall Splunk patches / upgrades
SplunkInstall OS patches / upgrades SplunkMonitor deployment /
health checks SplunkManage forwarders CustomerCreate users / roles
CustomerManage indexes CustomerOnboard additional data CustomerLoad
search head only apps Both*Load distributed apps Both*Load premium
apps SplunkExport data Splunk
User Tasks Search, alerts, reports, dashboards Customer
-
© 2 0 2 0 S P L U N K I N C .
Getting Data In
-
© 2 0 2 0 S P L U N K I N C .
Getting Data InUniversal, Heavy and Intermediate Forwarders
Desktops
Laptops
Servers
Universal Forwarder
Splunk CloudHeavy
ForwarderDatabases
Scripted Inputs/APIs
UF HF
IntermediateForwarder
SSL SSL
SSL
Splunk Deployment
Server
-
© 2 0 2 0 S P L U N K I N C .
Getting Data InForwarding Configuration Just For You
-
© 2 0 2 0 S P L U N K I N C .
Getting Data InSyslog Servers Or SC4S
Splunk Cloud IndexersNetwork Devices
SyslogServers
Universal Forwarder
OR
HTTP Load Balancer
Splunk Connect For Syslog
-
© 2 0 2 0 S P L U N K I N C .
Getting Data InInputs Data Manager (IDM)
Cloud Services
Splunk Cloud IndexersInputs Data Manager
-
© 2 0 2 0 S P L U N K I N C .
Getting Data InHTTP Event Collector (HEC)
AWS Lambda
Splunk HEC Splunk Cloud Indexers
-
© 2 0 2 0 S P L U N K I N C .
Splunk Apps
-
© 2 0 2 0 S P L U N K I N C .
App Installation
Direct App Install Splunkbaseor
Custom Apps
Premium Apps&
Non-Direct Install
App Browser Private App Upload Support Ticket
Get In!
-
© 2 0 2 0 S P L U N K I N C .
Cloud VettingAppInspect
AppInspect Passed Incompatible
-
© 2 0 2 0 S P L U N K I N C .
Training
Required RecommendedSplunk Fundamentals 1 (Free) Splunk
Fundamentals 3
Splunk Fundamentals 2 Advanced Search & Reporting
Creating Dashboards
Splunk Cloud Administration CourseAdministrator training for
Splunk Cloud Management:
• Users• Data Inputs• Forwarder Configuration• Data
Management
• User Accounts• Basic Monitoring• Problem Isolation
Become A Splunk Ninja
-
© 2 0 2 0 S P L U N K I N C .
SupportSOS
• Accessibility Issues• Usability Issues• General Questions
-
© 2 0 2 0 S P L U N K I N C .
Success PlansSupport & Services. What you need. When you
need it
-
© 2 0 2 0 S P L U N K I N C .
Professional Services OfferingsServices. What you need. When you
need it
-
© 2 0 2 0 S P L U N K I N C .
Additional ResourcesI Want Moarrr!
Resource Link
Cloud Migration Assessment App for Splunk
https://splunkbase.splunk.com/app/4974/
App Inspect Tutorial
https://dev.splunk.com/enterprise/tutorials/quickstart/yourfirstappinspect/
Splunk Essentials for Cloud and Enterprise 8.0
https://splunkbase.splunk.com/app/4748/
Splunk Cloud Documentation
https://docs.splunk.com/Documentation/SplunkCloud
Splunk Answers
https://community.splunk.com/t5/Splunk-Cloud/bd-p/core-splunk-cloud
Splunk Lantern Knowledgebase
https://lantern.splunk.com/hc/en-us
https://splunkbase.splunk.com/app/4974/https://dev.splunk.com/enterprise/tutorials/quickstart/yourfirstappinspect/https://splunkbase.splunk.com/app/4748/https://docs.splunk.com/Documentation/SplunkCloudhttps://community.splunk.com/t5/Splunk-Cloud/bd-p/core-splunk-cloudhttps://lantern.splunk.com/hc/en-us
-
© 2 0 2 0 S P L U N K I N C .
1. Splunk Cloud – The power of Splunk minus the management and
infrastructure
2. Data forwarding layer is critical for success
3. Design and manage your on-premise components
4. Utilise Splunkbase Apps – Learn about App Vetting
5. Get trained to maximise value
6. Splunk Docs, Community and Lantern are great sources of
information
7. Splunk Support and PS is always close to help
Summary
-
SESSION SURVEYPlease provide feedback via the
© 2 0 2 0 S P L U N K I N C .
Splunk Cloud 1.0.1Slide Number 2Slide Number 3Slide Number
4Slide Number 5Slide Number 6Slide Number 7Welcome To
SplunkCloudWelcome to SplunkCloudSlide Number 10Getting Data
InGetting Data InGetting Data InGetting Data InGetting Data InSlide
Number 16App InstallationCloud VettingSlide Number 19SupportSuccess
PlansProfessional Services OfferingsAdditional ResourcesSlide
Number 24Slide Number 25