Upload
vudat
View
228
Download
2
Embed Size (px)
Citation preview
Copyright©2016Splunk Inc.
MarcChénéITMarketsProductManager,Splunk
DenisGladkikhPrincipalDevEngineer(akaoutcoldman),Splunk
MonitoringandTroubleshootingDockerAcrossCloudandOn-prem Environments
Whoweare?MarcChéné– Engineer,ITMarketsProductManager,APMer– Dadto3,super-fanandcoach– Loverofskiing,golfing,musicandgooddrink– Residentgroundskeeper/gardener– Twitter:@marccheneDenisGladkikh– Systemprogrammingdeveloper - building
Enterpriseapplications,MobileApps,DevToolsand scalablesystems
– Opensourcecontributor(VSCode, Docker,cAdvisor,antigen,MongoCDriver andmore...).
– Skydiver,Scuba diver,Downhill/nordic skier,hiker, GSDowner
– Twitter:@outcoldman
Disclaimer
3
Duringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfutureeventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose
containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeaturesor
functionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.
Agenda Agenda
WhatisDocker?HowtoMonitorContainers?Splunk AnalyticsforDockerMonitoringyourCloudContainers
First,abitaboutcontainers…
Docker,inoneSlide
6
Build- Ship- Runyourapplications– ”Infrastructureascode”– Enablesmicroservices architectures– Portable– EnablesCloudMigration
OpenSourceandCommunityMinded– DockerEngineisOpenSource– Thousandsofappscanbe“pulled”in
DockerHub/DockerStore– YourdevelopersLOVEDocker
Docker– It’snotVirtualization
7
VMs– focusonOSDocker– focusonapplicationsDocker– lightweightandFASTNOTmutuallyexclusivewithVMs
Docker– it’sabigdeal
8
OpenSourcedrivenecosystem
Massiveincreaseinadoption…
…Butthegrowthisjustgettingstarted
3PrimaryContainerUseCases
ApplicationModernization
DevOps – NewApps
CloudMigration
9
DockerAddressesCustomerPainPoints
11
StandardizationbetweendevandproductionenvironmentsLessefforttoputintoreleasemanagement=fasterdevelopment
“Butitworkedindev...”
DockerCreatesNewMonitoringChallenges
12
NewlayersofabstractionContainershaveShortlifespansYoustillhavedependenciesonotherlevelsofthestackNewconsumersofmonitoringdata
Containermonitoringandtroubleshootingneedstobeeasy,focusedonanalytics,andrelatedwithotherpartsofyourinfrastructure
HowtoMonitorContainers?- GettingDataIn(GDI)
13
Splunk LogStreamingOptionsforDockerDockerNativeLogging– Splunkloggingdriver,Syslog,AWS,JSONfiles,etc.
Logginglibraries in.NET,Javaandnode.js
Custom(e.g.,KafkawithHTTPEventCollector)
UniversalForwarder– AppLogs,Syslogforwarding,Performance,etc.
Cloud– AWS,GCP,Azure
Usetheoptionthatisrightforyou!
VisibilitytoyourContainerEnvironments
Secure—supportsTLS/SSLandtokensSimple– config-basedsetupandcollectdataScale– BasedonHTTPDataCollectorBasedonSplunk HTTPConfigurable- Supportscontainerlabels,environmentvariables
SplunkLoggingDriverforDocker
BasedonSplunkHTTPEventCollector+DriverbuiltdirectlyintoDocker
VisibilityintoyourContainerEnvironmentsSkipverificationforthevalidsplunk urlRawdatacollectionfromthenativelogdriverEmbeddedjson formatsupport
SplunkLoggingDriverforDocker(comingsoondocker 1.13)
VisibilitytoyourContainerEnvironmentsLogs– AccesstoApplogs,syslogUDPforwarding,JournalDStats– DatafromDockercontainersSearch– TroubleshootDockerrelatedproblemsDashboardsandAlerts-ProactivelymonitorDockerenvironments
AddingUniversalForwarderstoyourDockerEnvironments
ManywaystogetDocker-basedmachinedata– choosewhat’sbestforyou
Splunk Analytics
- Splunk Images- It’sTimeforAnalytics
18
DeliveringSplunkasaContainerImage
19
Splunk containerimages– Splunk Enterprise6.4.1– Splunk UniversalForwarder6.4.1IncludesconfigurationandDockerAdd-Onforcontainermonitoringout-of-the-boxCertifiedimageComingsoontotheDockerStore(http://store.docker.com)
docker run splunk/enterprise:6.4.1-monitordocker run splunk/universalforwarder:6.4.1-monitor
DemoSetup
20
Usecase:ContainerLogAnalysisandMonitoring“fullstack”applicationwith4containersmonitoredwithSplunk– MariaDB – ouropensourcedatabaselayer– Wordpress -- aratherbusyapplication– My_app – ourmade-upapp– Splunk – yes,we’rerunningSplunk INACONTAINER!Keytakeaways– Time-to-value– Splunk ispre-configuredtodiscoverandcollectmachinefromall
yourcontainersrunningonanode– Insightacrosslogsandmetrics– Insightintocontainers,applications,compliance,andthedatathoseapplications
generate– Docker– upandrunningfast!
DemoTime!
- GettingDataIn(GDI)- Splunk LoggingDriver- Analytics
21
MonitoringyourCloudContainers
22
MonitoringforYourCloudEnvironments
23
AmazonWebServiceintegrationviaCloudWatch andElasticContainerService(ECS)GoogleCloudPlatformintegrationviaStackdriver Pub/SubandcloudmonitoringAPIs
SampleDockerCloudData
VisibilitytoyourContainerEnvironmentsSplunkAdd-OnforDockerUniversalControlPlane
MonitorChanges– Identifychangesincontainers,updatestocontainerdeploymentsUsageInsight– Insightintocontainers,clusters,andnodesAnalyzeandCorrelate– Changes,usage,errorsandconfiguration
ImproveDockercontainercompliance,availabilityandperformance
# 1. Come visit us at our boothdocker run splunk/visitourboothvisitourbooth_1 | Booth IT Markets
# 2. Test out our Splunk logging driverdocker run --name wordpress --label web=wordpress \--log-driver=splunk \--log-opt splunk-token=00000000-0000-0000-0000-000000000000 \--log-opt splunk-url=https://192.168.99.100:8088 \--log-opt labels=web --log-opt tag="{{.Name}}" \--publish 80:80 \-d wordpress
CalltoAction…
# 3. Try out our docker images in Docker Storedocker run splunk/enterprise:6.4.1-monitordocker run splunk/universalforwarder:6.4.1-monitor
# 4. Demos will all be available on GitHub under Splunk!git clone https://github.com/splunk/docker-gettingstarted-conf2016.git
# 5. Visit our site to learn more about containerscurl http://www.splunk.com/containers
CalltoAction…
WhatNow?
28
HowtorunSplunk asaDockerImage?SessionID:SF88089
Relatedbreakoutsessionsandactivities…
THANKYOU