Splunk software provides a scalable and versatile platform for the machine data generated by automation and control systems and connected industrial assets and infrastructure. Learn how our customers, including oil and gas companies, use Splunk software to improve performance, reduce downtime and increase security in their critical industrial environments. In this session, we will cover industrial data collection, best practices for storage and enrichment, and how you can use Splunk’s advanced visualizations and analytics to become more data-driven in your industrial operations.
Splunk for Monitoring and Diagnostics in the Industrial Environment
1. Splunk for Monitoring and Diagnostics
Gaining real-time insights into industrial operations
Brian Gilmore
Solution Expert
IoT and Industrial Data
2. 2
Safe Harbor Statement
During the course of this presentation,we may make forward looking statements regarding future events
or the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC. The forward-looking statements
made in this presentation are being made as of the time and date of its live presentation. If reviewed
after its live presentation, this presentation may not contain current or accurate information. We do not
assume any obligation to update any forward looking statements we may make. In addition, any
information about our roadmap outlines our general product direction and is subject to change at any
time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described orto includeany suchfeatureor functionalityina futurerelease.
6. 6
Benefits
Ensure
equipment
in the field
is operating
as intended
Monitor
and avoid
unplanned
downtime
Perform
better
root-cause
analysis
Reduce
costs and
optimize
processes
7. 7
IoT and Industrial Machine Data
DevelopVisualize PredictAlertSearch
Engineers Data
Analysts
Security
Analysts
Business
Users
Native Inputs
TCP, UDP, Logs, Scripts, Wire, Mobile
SDKs and APIs
Java, JS, C#, Python, Ruby, PHP
Modular Inputs
MQTT, AMQP, COAP, REST, JMS
HTTP Event Collector
Token Authenticated JSON
Real-time
Technology Partnerships
Kepware, ThingWorx, Cisco, Palo Alto
Maintenance
Info
Asset
Info
Data
Stores
External Lookups/Enrichment
OT
Industrial Assets
IT
Consumer and
Mobile Devices
8. 8
Splunk’s IoT and Industrial Partner Ecosystem
SDKs UI
Ingest and Platforms
IoT and ICS SecurityAdvanced Analytics and ML Custom User Interfaces
Services and Delivery
9. 9
Splunk and Kepware
Exploration and
Production
Operations
Enterprise Data Environment
- Splunk > Enterprise
- Splunk > Cloud
OPC DA
OPC UA
OPC HDA
Splunk
Universal
Forwarder
Local Data Collection
- SCADA
- HMI
10. 10
Best Practices
Build Baselines of Asset Performance
Find Seasonality in Your Operations
Monitor Trends and KPIs
Identify Anomalies and Outliers
Enrich Operational Data with External Sources
12. Improving SCADA Operations and Security
>99% Uptime and Availability
Analyze 50K miles of pipeline data
from servers and OT networks
Improved pipeline safety and
availability through higher
application uptime
Increase regulatory
compliance
20. 20
Data Sources
Schneider
Electric DNA
Application Logs
Proprietary
SCADA
Application Logs
AutoSol AES
Poller Data Logs
Palo Alto
Networks Data
Symantec
Antivirus Logs
Windows Event
Logs
DB Connect
Configuration
Files
23. 23
Get Started
More Info: Splunk.com/IoT
Download Splunk Free Trial
Download Kepware Free Trial – check out the webinar!
Download other Splunk Apps (MQTT, COAP, Kepware Explorer)
Visit Splunk Answers
Contact me: bgilmore@splunk.com
linkedin.com/in/industrialdata
@brianmgilmore
Notas do Editor
Splunk safe harbor statement.
For those of you who don’t know me, my name is Brian Gilmore, and I’m the Solution Expert for Industrial Data and the Internet of Things here at Splunk. I’ve been at Splunk for almost 3 years now, and I’ve loved working with our marketing team to help position our products which are a great fit for the challenges operational, security, and business analytics facing teams trying to manage complex and distributed asset intensive environments.
IoT is a big market
The biggest and lowest hanging opportunity for us right now is industrial
Companies in Manufacturing, Oil and Gas, utilities are struggling with challenges around availability, performance and security.
Utilities example
A power outage in December put 80,000 people in the dark in Ukraine.
This is recognized as the first public grid failure caused by a computer hack
It’s unlikely to be the last.
attack was multipronged, used malware that effected grid management and enterprise systems and a denial of service attack on call centers at at least two utilities. All adding up to hours of blackout and tremendous risk to grid employees who had to manually reset breakers the hackers had digitally locked them out of.
There are many free add-ons and Apps for Splunk software that simplify the connection and collection of data from both industrial systems and the Internet of Things. These include:
Rest API Modular Input: Poll local and remote REST APIs and index the responses.
Amazon Kinesis Modular Input: Index data from Amazon Kinesis, a fully managed service for real-time streaming data.
Apache Kafka Modular Input: Index messages from Apache Kafka messaging brokers, including clusters managed by Zookeeper.
DB Connect 2: Integrate structured data sources with your Splunk real-time machine data collection.
Universal Forwarder for Linux (ARM – Raspberry Pi): Dedicated Splunk package for Linux and ARM based systems where data needs to be collected directly from embedded devices such as the Raspberry Pi.
MQTT Modular Input: Index messages from MQTT, a machine-to-machine connectivity protocol, by subscribing Splunk software to MQTT Broker Topics.
AMQP Modular Input: Index data from message queues provided by AMQP brokers.
JMS Modular Input: Poll and index message queues and topics from messaging queues and topics, including MQTT messages, provided by message providers, including TibcoEMS, Weblogic JMS and ActiveMQ.
Protocol Data Inputs: Recieve data via a number of different data protocols such as TCP , TCP(s) ,HTTP(s) PUT/POST/File Upload , UDP , Websockets , SockJS.
Splunk App for Stream: Capture, filter and index real-time streaming wire data and network events.
COAP Modular Input: Index messages from a COAP (Constrained Application Protocol) Server.
SNMP Modular Input: Collect data by polling SNMP attributes and catching SNMP traps from datacenter infrastructure devices providing cooling and power distribution.
In addition, Splunk has a powerful ecosystem of technology partners.
Kepware Technologies – Connects Splunk software with thousands of industrial devices communicating on over a hundred proprietary industrial protocols. Stream real-time data to Splunk from industrial control systems, including SCADA.
Carvoyant – Connected car platform, integration with Splunk software allows enterprises to monitor their automobile fleets, including geo-location, engine parameters and diagnostics.
B&B SmartWorx – Intelligent sensors and gateways. Integration with Splunk (Splunk App) will include sensor data collection (via MQTT), and gateway and sensor network diagnostics and cyber security.
Bluvision– Intelligent beacons. Integration with Splunk (Splunk App) will include beacon data collection (via Websockets). Powerful retail applications.
ThingWorx (PTC) – The leading IoT Application Development Platform. Seamless data exchange between ThingWorx applications and Splunk Enterprise and Splunk Cloud, and ThingWorx customers can access Splunk search and analytics through the ThingWorx mashup builder.
Buddy.com – Cloud services for connected devices. Integration (Splunk App) will allow Splunk to stream data from any device connected to the buddy platform.
Octoblu (Citrix) – IoT developer platform. Has created libraries that allow any Octoblu-enabled device to stream its data to Splunk software and allows those same devices to use Splunk search and analytics to inform their own decisions and logic
Red Balloon Security – Security platform for the defense of embedded systems in the enterprise (IP Phones, Printers, switches and routers, etc). Uses proprietary firmware level protection and appliance-based endpoint monitoring, and is integrating (Splunk TA/ES Compliant CIM) with Splunk software to allow Enterprise Security monitoring of threats to embedded enterprise devices.
Bayshore Networks – Content-aware cyber security platform for industrial networks. Is integrating (Splunk TA/ES Compliant CIM) with Splunk software to allow Enterprise Security monitoring of threats to SCADA and other industrial networks.
Foxguard Solutions– Cyber security and compliance solutions for industrial networks built with Splunk. NERC-CIP compliance specialists.
UltraElectronics-3eti – Cyber security platform for industrial networks. Building ES compliant TA to allow collection and analysis of security relevant ICS data in Splunk.
Distrix – Software defined networking for industrial networks and the internet of things. Simplifies connectivity and delivers and enhances data over extremely complex networks. Distrix’s SDN supports Splunk to Splunk communication, and can enhance other data, including timestamping and meta-data enrichment, for ingestion in Splunk.
Prelert – Anomaly detection app for Splunk Enterprise. Valuable app for management of sensors and devices where rapid identification of anomalies in sensor readings or operations are critical.
Predikto – Leverages the power of Predictive Analytics enabling organizations to use their data to predict future asset failures.
N3N – Custom, advanced user interfaces for Splunk specializing in isometric views of industrial facilities.
R Project App – harness the power of R statistical processing language directly from Splunk interfaces and search processing language.
D3.js – Data driven documents for powerful user experiences.
HTML5 – Advanced web interfaces and applications for browser and mobile based user experience.
Enterprise Product Partners is using Splunk to monitor and manage their critical Industrial Control System infrastructure. This infrastructure powers 51000 miles of some of the most critical hardware in the world – oil pipelines.
By using Splunk enterprise and partner solutions from companies like Palo Alto Networks, EPP is able to better monitor and manage the availability of the applications and hardware in their environment, and are able to react more quickly to the unexpected but inevitable downtime in a system this large and complex.
PHIMSA regulations require that you react to critical application downtime almost immediately – and EPP is using Splunk to satisfy this requirement. Since starting with Splunk, they have seen tremendous improvement in their response time.
Midstream Energy Services Provider
Serves producers and consumers of natural gas, crude oil, refined products and petrochemicals
Manages approximately 50,000 miles of pipeline across U.S.
SCADA: Supervisory Control and Data Acquisition
PLCs: Programmable Logic Controllers
RTUs: Remote Terminal Units
Servers
Switches
Routers
Desktops
Previous issues with visibility and issue investigations were long and tedious
Needed to manage tens of thousands of diverse legacy field devices
Existing in-house solutions and vendor built tools made it impossible to correlate across systems
PHMSA requirements were strict and uptime is critical
Discovered Splunk Enterprise while looking at security solutions
Realized Splunk Enterprise could also solve operational challenges
Conduct operational investigations
Proactive Alerting
Increase overall pipeline visibility
Endpoint messaging
Timeouts
Leak Detection
Correlate sensor data with other SCADA data