• Home

  • Documents

  • Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark...
18
Splunk Spark Integration Gang Tao

Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Embed Size (px)

Citation preview

Page 1: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk Spark IntegrationGang Tao

Page 2: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

About Me• Software Engineer with 15+ Years experience • Now architect working on Data acquisition and Cloud App

• Used to be working on BI, ERP and other Enterprise application development

• Like data science and open source

Page 3: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk'Company'Overview'

3"

Company''

•  Global"HQs:""!  San"Francisco"!  London""!  Hong"Kong"

•  1,800+"employees"globally"•  Annual"Revenue:"$450.9M"(YoY"+49%)"

•  NASDAQ:"SPLK"

Products'

•  Free"trial"to"massive"scale"•  Splunk"products:""

!  Splunk"Enterprise"!  Splunk"Cloud"!  Hunk"!  Splunk"Light"!  Splunk"MINT"!  Premium"SoluWons"

Customers''

•  10,000+"customers"•  Across"100"countries"•  Small"to"large"organizaWons"

•  More"than"80"of"the"Fortune"100"

•  Largest"license:""!  400+"Terabytes/day"

Page 4: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk'–'a'Data'Pla-orm'

Mainframe)Data)

VMware)

Pla0orm)for)Machine)Data)

Exchange) PCI)Security)

Rela=onal)Databases)

Mobile)Forwarders) Syslog)/))TCP)/)Other)

Sensors)&)Control)Systems)

Wire))Data)

Mobile)Intel)

Splunk'Premium'Apps' Rich'Ecosystem'of'Apps'

MINT')

Splunk - a Machine Data Platform

Page 5: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Demo

Page 6: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk Technical Stack

PresentingProcessing

StoreAcquisition

Page 7: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk Deployment ArchitectureIndexer store  data,  transform  row  data  into  events  and  searches  the  indexed  data  in  response  to  search  requests.  

Search  Headdirects  search  requests  to  a  set  of  indexers,  merges  the  results  and  presents  them  to  the  user  

Forwarderget  data  into  indexers  

Page 8: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk VS Open Source

Page 9: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Splunk VS Open Source

Page 10: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

SQL of Machine Data - SPLSPL  –  Splunk  Processing  Language  

SQL  *nix  Pipe  Google  Search

Page 11: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Extensibility - Splunk Apph0p://apps.splunk.com/    

Enterprise  Security  ITSI  DB  Connect  Technology  Add-­‐ons

Page 12: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Why Integration?• Splunk to Spark

• Data Ingestion

• Unstructure/Semi Structure data Indexing

• Data processing with Splunk search

• Data Presenting

• Spark to Splunk

• Powerful computing capability

• Machine Learning

• Open Source community

Page 13: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Solution A

Page 14: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Solution B

Page 15: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Solution C

Indexer

Virtual Indexer (Spark)

SPL

Enhanced Search Command

Spark Driver

(SPL Parser)

Spark Worker

Spark Worker

Spark Worker

Page 16: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

Challenges• Avoid big data movement

• keep good user experience

• Adapt to SPL concept

Page 17: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created
Page 18: Splunk Spark Integration - GitHub Pageslitaotao.github.io/files/4. splunk_spark.pdf · Splunk Spark Integration ... • Splunk"products:""! Splunk"Enterprise"! ... splunk_spark Created

FireEye + Splunk: Intermediate Integration Guide | FireEye · advantage of many Splunk 6.x features that were not previously available. If your organization is still using Splunk

FireEye + Splunk: Intermediate Integration Guide | FireEye · advantage of many Splunk 6.x features that were not previously available. If your organization is still using Splunk

Documents
Spark/Cassandra Integration Theory & Practice

Spark/Cassandra Integration Theory & Practice

Documents
Tenable and Splunk Integration · PDF fileTenable and Splunk Integration August 17, 2016 (Revision 1) ... Tenable™ and Splunk have a history of collaboration and interaction between

Tenable and Splunk Integration · PDF fileTenable and Splunk Integration August 17, 2016 (Revision 1) ... Tenable™ and Splunk have a history of collaboration and interaction between

Documents
FireEye and Splunk: Intro to Integration

FireEye and Splunk: Intro to Integration

Documents
Splunk Spark Integration

Splunk Spark Integration

Data & Analytics
Spark/Cassandra Integration Theory & Practicedoanduyhai Spark/Cassandra Integration Theory & Practice DuyHai DOAN, Technical Advocate

Spark/Cassandra Integration Theory & Practicedoanduyhai Spark/Cassandra Integration Theory & Practice DuyHai DOAN, Technical Advocate

Documents
Manchester Hadoop Meetup: Spark Cassandra Integration

Manchester Hadoop Meetup: Spark Cassandra Integration

Software
Email Security Splunk Integration - proofpoint.com teams that are standardized on the Splunk Platform for threat research and incident response can act faster with Proofpoint email

Email Security Splunk Integration - proofpoint.com teams that are standardized on the Splunk Platform for threat research and incident response can act faster with Proofpoint email

Documents
Data Analytics Expert Knowledge - stg-tud.github.iostg-tud.github.io/ctbd/2016/20160630_Lecture_Darmstadt_Part1.pdf · Splunk Rapid Miner Unstructured Data Business Objects Spark

Data Analytics Expert Knowledge - stg-tud.github.iostg-tud.github.io/ctbd/2016/20160630_Lecture_Darmstadt_Part1.pdf · Splunk Rapid Miner Unstructured Data Business Objects Spark

Documents
Fortscale Splunk Integrationinfo.fortscale.com/hubfs/UEBA Content/Fortscale Splunk Integration.pdf · Fortscale Splunk Integration ... Fortscale digests access and authentication

Fortscale Splunk Integrationinfo.fortscale.com/hubfs/UEBA Content/Fortscale Splunk Integration.pdf · Fortscale Splunk Integration ... Fortscale digests access and authentication

Documents
[Spark Summit EU 2017] Apache spark streaming + kafka 0.10 an integration story

[Spark Summit EU 2017] Apache spark streaming + kafka 0.10 an integration story

Technology
BlackBerry Spark UEM Suites...• BlackBerry Spark UEM Suite includes Identity & Access Management (IAM) with Microsoft ® Active Directory integration, PKI integration, Kerberos and

BlackBerry Spark UEM Suites...• BlackBerry Spark UEM Suite includes Identity & Access Management (IAM) with Microsoft ® Active Directory integration, PKI integration, Kerberos and

Documents
Spring Integration Splunk

Spring Integration Splunk

Technology
SplunkingYour Mobile Apps - .conf19 | Splunk · Introducing Splunk for Mobile Intelligence (Splunk MINT) Deploying Splunk MINT – Intro to SDKs – Getting Started Using Splunk MINT

SplunkingYour Mobile Apps - .conf19 | Splunk · Introducing Splunk for Mobile Intelligence (Splunk MINT) Deploying Splunk MINT – Intro to SDKs – Getting Started Using Splunk MINT

Documents
Tenable and Splunk Integration · When Splunk has completed processing, it will require a restart. After restarting and logging back into Splunk, navigate back to “Managing …

Tenable and Splunk Integration · When Splunk has completed processing, it will require a restart. After restarting and logging back into Splunk, navigate back to “Managing …

Documents
The Purview™ Solution– Integration With Splunk€¦ · Splunk has a light-weight correlation system capable of producing custom-built Alerts. The Splunk system allows the administrator

The Purview™ Solution– Integration With Splunk€¦ · Splunk has a light-weight correlation system capable of producing custom-built Alerts. The Splunk system allows the administrator

Documents
Qwasi Splunk and NCR Integration: Business Analytics

Qwasi Splunk and NCR Integration: Business Analytics

Retail
StratioDeep: An Integration Layer Between Spark and Cassandra

StratioDeep: An Integration Layer Between Spark and Cassandra

Technology
Splunk and SentinelOne Integration

Splunk and SentinelOne Integration

Documents
Splunk in integration testing

Splunk in integration testing

Technology
Cisco and Splunk Integration · Cisco Technology Description SplunkBase URL Cisco Cloud Web Security This Splunk add-on allows a Splunk administrator to analyze and correlate Cisco

Cisco and Splunk Integration · Cisco Technology Description SplunkBase URL Cisco Cloud Web Security This Splunk add-on allows a Splunk administrator to analyze and correlate Cisco

Documents
Spark cassandra integration, theory and practice

Spark cassandra integration, theory and practice

Technology
NetFlow Optimizer™...Integration with Splunk Technology Add-on for NetFlow must be installed on Splunk indexers and search heads in order for NFO to work with Splunk. It collects

NetFlow Optimizer™...Integration with Splunk Technology Add-on for NetFlow must be installed on Splunk indexers and search heads in order for NFO to work with Splunk. It collects

Documents
Splunk Integration Guide - INETCO · Splunk Integration Guide ... The following documentation should also be available for reference: INETCO Insight Configuration Guide. ... Splunk

Splunk Integration Guide - INETCO · Splunk Integration Guide ... The following documentation should also be available for reference: INETCO Insight Configuration Guide. ... Splunk

Documents
Tenable and Splunk Integration · Splunk Splunkreceivesvulnerabilitydatacollectedby SecurityCenter Nessus NessusHost Scans,Nes-susPlugins Splunk SplunkreceivesvulnerabilitydatacollectedbyNes-

Tenable and Splunk Integration · Splunk Splunkreceivesvulnerabilitydatacollectedby SecurityCenter Nessus NessusHost Scans,Nes-susPlugins Splunk SplunkreceivesvulnerabilitydatacollectedbyNes-

Documents
Splunk For IT Operational Intelligenceuploads.integrity360.com/1425903243-Splunk-for-IT-Operations.pdf · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper

Splunk For IT Operational Intelligenceuploads.integrity360.com/1425903243-Splunk-for-IT-Operations.pdf · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper

Documents
Splunk*and*Spark* driver spark worker SplunkPipeRDD RDD Operations spark worker SplunkPipeRDD RDD Operations spark worker SplunkPipeRDD RDD Operations RDD Operations splunk index Events

Splunk*and*Spark* driver spark worker SplunkPipeRDD RDD Operations spark worker SplunkPipeRDD RDD Operations spark worker SplunkPipeRDD RDD Operations RDD Operations splunk index Events

Documents
StratioDeep: an Integration Layer Between Spark and Cassandra - Spark Summit 2013

StratioDeep: an Integration Layer Between Spark and Cassandra - Spark Summit 2013

Technology
Spark Integration Into an Enterprise Stack

Spark Integration Into an Enterprise Stack

Documents
Referent / Redner Benjamin Tiggemann · 2015-07-08 · Splunk for Exchange Splunk for Enterprise Security* Splunk for Vmware Splunk for PCI Compliance* Splunk for Windows Splunk for

Referent / Redner Benjamin Tiggemann · 2015-07-08 · Splunk for Exchange Splunk for Enterprise Security* Splunk for Vmware Splunk for PCI Compliance* Splunk for Windows Splunk for

Documents