Copyright © 2015 Splunk Inc.
Gerrit Schmitz Renjith Nair Senior System Engineer, Bosch SoDware InnovaGons
Splunk .conf 2015
About Us
Splunk Architecture @Bosch-‐SI
Splunk in Bosch IoT Business
Splunk Monitoring @ Bosch-‐SI
1
2
3
4
5 Past and Future Challenges
Agenda Bosch So(ware Innova0ons
About Us
Bosch So(ware Innova0ons
• Gerrit Schmitz Senior System Engineer
• Renjith Nair Senior System Engineer
• Combined Splunk Experience of 8 years+
About Us
Bosch So(ware Innova0ons Bosch SoDware InnovaGons Worldwide
Sales MarkeGng Prof. Services
Chicago
Sales & MarkeGng Professional Services Product Development
System Projects
Singapore
Corporate FuncGons Sales & MarkeGng Product Development Professional Services
Berlin
Sales System Technology
System Projects Professional Services Product Development
Waiblingen Sales
Professional Services
Shanghai
Immenstaad Corporate FuncGons Sales & MarkeGng Professional Services Product Development
Bosch So(ware Innova0ons § SoDware and system services for enterprise soluGons in the IoT
§ Experience ranges from complex soDware systems to domain soluGons
§ 700 associates worldwide
Prosyst – Cologne/Sofia Sales & MarkeGng
Product Development Professional Services
Sales Palo Alto
IoT Vision – A Connected World Industry Mobility Energy Smart Home Smart City
Bosch SoDware InnovaGons
The Things of Bosch
Splunk Architecture @ Bosch SI
Stu^gart
Singapore
10250 km
3950 km
Splunk Architecture @ Bosch SI
Five Search Heads Seven Indexers Eleven Heavy Forwarders Approximately 150 Universal Forwarders
Two Masters (both Stu^gart) Two Indexer Clusters (stretched) One Search Head Cluster (stretched)
Splunk Architecture @ Bosch SI
Splunk As A Monitoring Tool
PoC -‐ Splunk As a Monitoring Tool
Bosch So(ware Innova0ons
System Monitoring
ApplicaGon Monitoring
ReporGng
OpsMonK
Splunk As A Monitoring Tool
Splunk As A Monitoring Tool
Splunk As A Monitoring Tool Alerts
Splunk As A Monitoring Tool Alerts
Splunk As A Monitoring Tool Alerts
Splunk As A Monitoring Tool Maintenance
Splunk As A Monitoring Tool
Splunk As A Monitoring Tool
Splunk As A Monitoring Tool
Splunk In Bosch IoT Business
Bosch IoT Business eMobility
Industry 4.0
Bosch IoT Business Energy – Virtual Power Plant
Intelligent Tools
Manage your connected devices with the touch of a finger
The Bosch Indego is the first robotic lawn
mower with a free GSM connection that can be operated simply and conveniently using an
app.
Connected lawn mower Indego
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
Mobile data
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
Internet
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart
Business Portal
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted.
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
User Interface:
-‐ Connected lawn mower Indego
Connected lawn mower Indego
Connected lawn mower Indego
Challenges
– We use our own SSL cer0ficates. This is supported, but difficult.
– We isolate mul0ple Splunk processes on the same host. This is not supported, and also difficult.
– We run globally distributed Splunk clusters. This is not supported, but was quite easy.
– Our Splunk is completely highly available. Including Master and TCP Inputs
If you want to do something similar, we are here to help J
Past Challenges
– How could Splunk extract data from an embedded device? ê Universal forwarder available, but not officially supported for ARM h^ps://splunkbase.splunk.com/app/1611/
ê TCP Input cannot be access protected (safe for client cerGficates) ê That leaves the REST Interface
h^p://docs.splunk.com/DocumentaGon/Splunk/latest/RESTREF/RESTinput#receivers.2Fsimple
– Server AuthenGcaGon: via SSL CerGficate – Client AuthenGcaGon: via Username/Password – Client AuthorizaGon:
ê edit_tcp permission required ê Is it a good idea to grant this to a large number of devices?
Past and Future Challenges
To-‐Do List: – Migra0ng from single-‐0er to mul0-‐0er storage. – Use roles as distribu0on lists for alerts. Splunk knows the mail addresses from LDAP, why can’t we send alerts to a whole role?
– Limit volume by index – not indexer. Seems to require a change in Splunk. So far only alerGng works.
– Automa0cally provision new tenants. – Integrate more authen0ca0on mechanisms (oAuth).
Future Challenges
THANK YOU h^p://blog.bosch-‐si.com h^p://www.bosch-‐si.com/