SplunkLive! Utrecht 2017 - Coolblue Customer Presentation

Matthew Hodgkins | SplunkLive! Utrecht

A Little About Me

● Been at Coolblue 1.5 years

● Background in operations

● Focus is monitoring and logging

Disappointment

Whoops

Agenda

● A little about Coolblue

● Logging in Coolblue before Splunk

● The migration to Splunk

● The benefits we found after moving

Business plan

Picture from

last

hackathon

Picture from

last

hackathon

ELK Architecture

Easy right?

# For e-commerce send logs here

10.0.0.2:6379

Challenges

● Around 180 Developers

● Many Languages

○ C#

○ PHP

○ Python

○ Node.JS

○ Delphi

ELK Architecture

Challenges

# For e-commerce send logs here

10.0.0.2:6379

# For backoffice send logs here

10.0.10.2:6379

Challenges

● Logs everywhere

○ Windows / Linux / Network Devices

○ Logging to disk

○ No standardization

Offices

ELK Architecture

Physical stores

Warehouses

ELK Architecture

Challenges

# For e-commerce send logs here

10.0.0.2:6379

# For backoffice send logs here

10.0.10.2:6379

# For amsterdam store send logs here

192.168.2.2:6379

# For rotterdam store send logs here

192.168.3.2:6379

Challenges

● Storage

● Retention

Microservices. Microservices Everywhere.

The main reasons

● Amazing AWS integrations (Splunk App for AWS)

The main reasons

● Amazing AWS integrations (Splunk App for AWS)

● Fully managed

The main reasons

● Amazing AWS integrations (Splunk App for AWS)

● Fully managed

● No more worrying about architecture changes

with growth

The migration

● Standardized logging frameworks

● Log however you want, as long as its JSON

● Reviewed a ton of dashboards

● Planned a new architecture

The migration

● Standardized logging frameworks

The migration

● Standardized logging frameworks

● Log however you want, as long as its JSON

The migration

● Standardized logging frameworks

● Log however you want, as long as its JSON

● Reviewed a ton of dashboards

The migration

● Standardized logging frameworks

● Log however you want, as long as its JSON

● Reviewed a ton of dashboards

● Planned a new architecture

Splunk Cloud Architecture

Splunk Cloud Architecture - AWS

Splunk Cloud Architecture - On Premise

So where are we now?

So where are we now?

Benefit - Easier Config

● Logging by convention

# wherever you are, send logs here

127.0.0.1:514

Benefit - Easier To Test

Benefit - Exploration

Benefit - New apps are easy

● New service coming online?

○ Create an index for the service

Benefit - New apps are easy

● New service coming online?

○ Create an index for the service

Benefits - Templated dashboards

● Templated dashboards

Benefits - Real Time Dashboards

● Templated dashboards

Benefits - Audit Trails

● Templated dashboards

Benefits - Overall Health

● Templated dashboards

Benefits - Other Teams Onboard

● Templated dashboards

Benefits - Time Saved

● Templated dashboards

● Know what’s important to you and your

customers

● Make logging as simple as possible

● Dashboard templating

Takeaways

● [email protected]

● @MattHodge

● http://devblog.coolblue.nl

● http://careersatcoolblue.com