Copyright©2016Splunk Inc.

MarcChénéITMarketsProductManager,Splunk

DenisGladkikhPrincipalDevEngineer(akaoutcoldman),Splunk

MonitoringandTroubleshootingDockerAcrossCloudandOn-prem Environments

Whoweare?MarcChéné– Engineer,ITMarketsProductManager,APMer– Dadto3,super-fanandcoach– Loverofskiing,golfing,musicandgooddrink– Residentgroundskeeper/gardener– Twitter:@marccheneDenisGladkikh– Systemprogrammingdeveloper - building

Enterpriseapplications,MobileApps,DevToolsand scalablesystems

– Opensourcecontributor(VSCode, Docker,cAdvisor,antigen,MongoCDriver andmore...).

– Skydiver,Scuba diver,Downhill/nordic skier,hiker, GSDowner

– Twitter:@outcoldman

Disclaimer

3

Duringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfutureeventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose

containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeaturesor

functionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.

Agenda Agenda

WhatisDocker?HowtoMonitorContainers?Splunk AnalyticsforDockerMonitoringyourCloudContainers

First,abitaboutcontainers…

Docker,inoneSlide

6

Build- Ship- Runyourapplications– ”Infrastructureascode”– Enablesmicroservices architectures– Portable– EnablesCloudMigration

OpenSourceandCommunityMinded– DockerEngineisOpenSource– Thousandsofappscanbe“pulled”in

DockerHub/DockerStore– YourdevelopersLOVEDocker

Docker– It’snotVirtualization

7

VMs– focusonOSDocker– focusonapplicationsDocker– lightweightandFASTNOTmutuallyexclusivewithVMs

Docker– it’sabigdeal

8

OpenSourcedrivenecosystem

Massiveincreaseinadoption…

…Butthegrowthisjustgettingstarted

3PrimaryContainerUseCases

ApplicationModernization

DevOps – NewApps

CloudMigration

9

DockerAddressesCustomerPainPoints

11

StandardizationbetweendevandproductionenvironmentsLessefforttoputintoreleasemanagement=fasterdevelopment

“Butitworkedindev...”

DockerCreatesNewMonitoringChallenges

12

NewlayersofabstractionContainershaveShortlifespansYoustillhavedependenciesonotherlevelsofthestackNewconsumersofmonitoringdata

Containermonitoringandtroubleshootingneedstobeeasy,focusedonanalytics,andrelatedwithotherpartsofyourinfrastructure

HowtoMonitorContainers?- GettingDataIn(GDI)

13

Splunk LogStreamingOptionsforDockerDockerNativeLogging– Splunkloggingdriver,Syslog,AWS,JSONfiles,etc.

Logginglibraries in.NET,Javaandnode.js

Custom(e.g.,KafkawithHTTPEventCollector)

UniversalForwarder– AppLogs,Syslogforwarding,Performance,etc.

Cloud– AWS,GCP,Azure

Usetheoptionthatisrightforyou!

VisibilitytoyourContainerEnvironments

Secure—supportsTLS/SSLandtokensSimple– config-basedsetupandcollectdataScale– BasedonHTTPDataCollectorBasedonSplunk HTTPConfigurable- Supportscontainerlabels,environmentvariables

SplunkLoggingDriverforDocker

BasedonSplunkHTTPEventCollector+DriverbuiltdirectlyintoDocker

VisibilityintoyourContainerEnvironmentsSkipverificationforthevalidsplunk urlRawdatacollectionfromthenativelogdriverEmbeddedjson formatsupport

SplunkLoggingDriverforDocker(comingsoondocker 1.13)

VisibilitytoyourContainerEnvironmentsLogs– AccesstoApplogs,syslogUDPforwarding,JournalDStats– DatafromDockercontainersSearch– TroubleshootDockerrelatedproblemsDashboardsandAlerts-ProactivelymonitorDockerenvironments

AddingUniversalForwarderstoyourDockerEnvironments

ManywaystogetDocker-basedmachinedata– choosewhat’sbestforyou

Splunk Analytics

- Splunk Images- It’sTimeforAnalytics

18

DeliveringSplunkasaContainerImage

19

Splunk containerimages– Splunk Enterprise6.4.1– Splunk UniversalForwarder6.4.1IncludesconfigurationandDockerAdd-Onforcontainermonitoringout-of-the-boxCertifiedimageComingsoontotheDockerStore(http://store.docker.com)

docker run splunk/enterprise:6.4.1-monitordocker run splunk/universalforwarder:6.4.1-monitor

DemoSetup

20

Usecase:ContainerLogAnalysisandMonitoring“fullstack”applicationwith4containersmonitoredwithSplunk– MariaDB – ouropensourcedatabaselayer– Wordpress -- aratherbusyapplication– My_app – ourmade-upapp– Splunk – yes,we’rerunningSplunk INACONTAINER!Keytakeaways– Time-to-value– Splunk ispre-configuredtodiscoverandcollectmachinefromall

yourcontainersrunningonanode– Insightacrosslogsandmetrics– Insightintocontainers,applications,compliance,andthedatathoseapplications

generate– Docker– upandrunningfast!

DemoTime!

- GettingDataIn(GDI)- Splunk LoggingDriver- Analytics

21

MonitoringyourCloudContainers

22

MonitoringforYourCloudEnvironments

23

AmazonWebServiceintegrationviaCloudWatch andElasticContainerService(ECS)GoogleCloudPlatformintegrationviaStackdriver Pub/SubandcloudmonitoringAPIs

SampleDockerCloudData

VisibilitytoyourContainerEnvironmentsSplunkAdd-OnforDockerUniversalControlPlane

MonitorChanges– Identifychangesincontainers,updatestocontainerdeploymentsUsageInsight– Insightintocontainers,clusters,andnodesAnalyzeandCorrelate– Changes,usage,errorsandconfiguration

ImproveDockercontainercompliance,availabilityandperformance

# 1. Come visit us at our boothdocker run splunk/visitourboothvisitourbooth_1 | Booth IT Markets

# 2. Test out our Splunk logging driverdocker run --name wordpress --label web=wordpress \--log-driver=splunk \--log-opt splunk-token=00000000-0000-0000-0000-000000000000 \--log-opt splunk-url=https://192.168.99.100:8088 \--log-opt labels=web --log-opt tag="{{.Name}}" \--publish 80:80 \-d wordpress

CalltoAction…

# 3. Try out our docker images in Docker Storedocker run splunk/enterprise:6.4.1-monitordocker run splunk/universalforwarder:6.4.1-monitor

# 4. Demos will all be available on GitHub under Splunk!git clone https://github.com/splunk/docker-gettingstarted-conf2016.git

# 5. Visit our site to learn more about containerscurl http://www.splunk.com/containers

CalltoAction…

WhatNow?

28

HowtorunSplunk asaDockerImage?SessionID:SF88089

Relatedbreakoutsessionsandactivities…

THANKYOU