SplunkLive! Salt Lake City AdvancedMD Customer Presentation

1. Copyright © 2014 Splunk Inc.
AdvancedMD

2. 2
Tyler Germer
Manager, Platform Operations
AdvancedMD

3. 3
ADP AdvancedMD
AdvancedMD
• Acquired by ADP 4 years ago
• Practice Management
• EHR
• Mobile offering
• AdvancedInsight™ Reporting
ADP (parent company)
• $11B revenue
• 620,000 clients

4. 4
About Tyler
Manager - Platform Operations Team
ADP employee for 3.5 years
Experience in all areas of system administration / networking
Evangelist / Believer in Splunk
Enjoy the gym, racquetball, and good food
Originally from Canada …love watching Hockey. Go
AVALANCHE!!

5. 5
Operations Team Charter
Managing our data center, production
server, infrastructure
Patching our online medical
applications
Reduce client impacting incidents
Ensure application uptime
Work with support teams on customer
issues

6. 6
Previous Monitoring Solutions: Key Challenges
“Splunk was going to do everything our monitoring solutions couldn't.”
• Broad infrastructure – HP blade servers,
F5 load balancers, Juniper/Cisco switches
– everything is generating logs
• Monitoring solutions told us different
things (Nagios, Event Sentry, Cacti)
• Cumbersome to find answers
Hard to
troubleshoot
quickly and find
root cause

7. 7
Splunk Phase 1
- Visibility across the Stack (single
pane of glass) – application,
networking, etc.
- Configure saved reports /
dashboards
- Utilize flexibility of Splunk
All Logs
“Phase 1 – Operational
Intelligence – find out the
things we weren't seeing.”

8. 8
Splunk Architecture
5 x Indexers (HP DL380) – physical
10 x Search Heads – virtual
4 x Heavy Forwarders – virtual
4 x SyslogNG Servers – Virtual
620WindowsUniversalForwarders(abouttodouble)–Virtual/Physical
Approx. 100 networking devices
1 Deployment Server (Corp) / License Server and 1 Cluster Master
1 Deployment Server (Prod)

9. 9
Splunk: Cluster Topology
Data sources
• Windows event logs, IIS logs
• Syslogs from firewall, switches, SAN
storage devices, Aruba wireless, VPN, HP
OA
• Custom logs
Indexing
• Set up for 300-350 GB
• Current: 20.0 GB
Applications
• Splunk for Juniper / Cisco, Splunk App for
Stream, Prelert

10. 10
AdvancedMD Splunk EcoSystem

11. 11
Fast Time to Value with Splunk
"Before Splunk, it took days if not weeks to find source of a problem, now it only
takes minutes or hours."
Software release planned
Within 30 min of software release we saw
trend of huge errors
Reached out to Engineering immediately to
point them to errors and so they could fix the
code before customer impact
Splunk came to the rescue – data is so visible
we were able to react quickly

12. 12
Splunk in the Operations Team
Everyone MUST use Splunk
– Mandatory goal of taking Using Splunk Training
Currently 10 users, users from other Departments underway
2 actively working on providing more value through Splunk
Teams look at Splunk on patch nights
– Look at potential Errors
Splunk User Group @ Salt Lake City – Email: Tyler Germer
tgermer@advancedmd.com

13. 13
Lessons Learned
Managers … LISTEN to your employees
It’s very easy to get data into Splunk
Real art is getting valuable data out / asking the right questions
Splunk Deployment Server is your friend
Docs.splunk.com is FANTASTIC
Splunk IRC … nerds helping nerds
Great book – Big Data Analytics Using Splunk

14. 14
What’s Next – Long Term Vision
"Splunk IS a game changer for ADP AdvancedMD."
MORE SPLUNK - Splunk for Sales, Engineering, Security, etc.
Using more Splunk Apps to get quicker return on investment
– Splunk Apps for F5, SQL, Exchange, Active Directory, NetApp
Embrace DB-Connect (underway)
Upgrading to Splunk Enterprise 6.2.2
Replace Event Sentry with Splunk (underway)
Splunk architectural review
Proactive customer service and business analytics

15. 15
Going above and beyond …

16. Thank You