Splunk for Monitoring and Diagnostics in the Industrial Environment
•
3 gostaram•2,281 visualizações
Splunk software provides a scalable and versatile platform for the machine data generated by automation and control systems and connected industrial assets and infrastructure. Learn how our customers, including oil and gas companies, use Splunk software to improve performance, reduce downtime and increase security in their critical industrial environments. In this session, we will cover industrial data collection, best practices for storage and enrichment, and how you can use Splunk’s advanced visualizations and analytics to become more data-driven in your industrial operations.
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (19)
Semelhante a Splunk for Monitoring and Diagnostics in the Industrial Environment
Semelhante a Splunk for Monitoring and Diagnostics in the Industrial Environment (20)
Mais de Splunk
Mais de Splunk (20)
Último
Último (20)
Splunk for Monitoring and Diagnostics in the Industrial Environment
- 1. Splunk for Monitoring and Diagnostics Gaining real-time insights into industrial operations Brian Gilmore Solution Expert IoT and Industrial Data
- 2. 2 Safe Harbor Statement During the course of this presentation,we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described orto includeany suchfeatureor functionalityina futurerelease.
- 6. 6 Benefits Ensure equipment in the field is operating as intended Monitor and avoid unplanned downtime Perform better root-cause analysis Reduce costs and optimize processes
- 7. 7 IoT and Industrial Machine Data DevelopVisualize PredictAlertSearch Engineers Data Analysts Security Analysts Business Users Native Inputs TCP, UDP, Logs, Scripts, Wire, Mobile SDKs and APIs Java, JS, C#, Python, Ruby, PHP Modular Inputs MQTT, AMQP, COAP, REST, JMS HTTP Event Collector Token Authenticated JSON Real-time Technology Partnerships Kepware, ThingWorx, Cisco, Palo Alto Maintenance Info Asset Info Data Stores External Lookups/Enrichment OT Industrial Assets IT Consumer and Mobile Devices
- 8. 8 Splunk’s IoT and Industrial Partner Ecosystem SDKs UI Ingest and Platforms IoT and ICS SecurityAdvanced Analytics and ML Custom User Interfaces Services and Delivery
- 9. 9 Splunk and Kepware Exploration and Production Operations Enterprise Data Environment - Splunk > Enterprise - Splunk > Cloud OPC DA OPC UA OPC HDA Splunk Universal Forwarder Local Data Collection - SCADA - HMI
- 10. 10 Best Practices Build Baselines of Asset Performance Find Seasonality in Your Operations Monitor Trends and KPIs Identify Anomalies and Outliers Enrich Operational Data with External Sources
- 11. Demo
- 12. Improving SCADA Operations and Security >99% Uptime and Availability Analyze 50K miles of pipeline data from servers and OT networks Improved pipeline safety and availability through higher application uptime Increase regulatory compliance
- 13. Splunk at Enterprise Products Partners, L.P. Chris Duffey SCADA Cybersecurity Coordinator
- 14. 14 Enterprise Product Partners L.P.
- 16. 1 Critical ICS Endpoints Engineering Workstations Control System Communication Embedded Devices HMI Historian Controllers
- 17. 17 Why Splunk?
- 18. 18 Our Adoption Journey Security Operations Business Analytics …
- 19. 19 Central Pipeline Monitoring Center
- 20. 20 Data Sources Schneider Electric DNA Application Logs Proprietary SCADA Application Logs AutoSol AES Poller Data Logs Palo Alto Networks Data Symantec Antivirus Logs Windows Event Logs DB Connect Configuration Files
- 22. Thank You
- 23. 23 Get Started More Info: Splunk.com/IoT Download Splunk Free Trial Download Kepware Free Trial – check out the webinar! Download other Splunk Apps (MQTT, COAP, Kepware Explorer) Visit Splunk Answers Contact me: bgilmore@splunk.com linkedin.com/in/industrialdata @brianmgilmore
Notas do Editor
- Splunk safe harbor statement.
- For those of you who don’t know me, my name is Brian Gilmore, and I’m the Solution Expert for Industrial Data and the Internet of Things here at Splunk. I’ve been at Splunk for almost 3 years now, and I’ve loved working with our marketing team to help position our products which are a great fit for the challenges operational, security, and business analytics facing teams trying to manage complex and distributed asset intensive environments.
- IoT is a big market The biggest and lowest hanging opportunity for us right now is industrial Companies in Manufacturing, Oil and Gas, utilities are struggling with challenges around availability, performance and security. Utilities example A power outage in December put 80,000 people in the dark in Ukraine. This is recognized as the first public grid failure caused by a computer hack It’s unlikely to be the last. attack was multipronged, used malware that effected grid management and enterprise systems and a denial of service attack on call centers at at least two utilities. All adding up to hours of blackout and tremendous risk to grid employees who had to manually reset breakers the hackers had digitally locked them out of.
- There are many free add-ons and Apps for Splunk software that simplify the connection and collection of data from both industrial systems and the Internet of Things. These include: Rest API Modular Input: Poll local and remote REST APIs and index the responses. Amazon Kinesis Modular Input: Index data from Amazon Kinesis, a fully managed service for real-time streaming data. Apache Kafka Modular Input: Index messages from Apache Kafka messaging brokers, including clusters managed by Zookeeper. DB Connect 2: Integrate structured data sources with your Splunk real-time machine data collection. Universal Forwarder for Linux (ARM – Raspberry Pi): Dedicated Splunk package for Linux and ARM based systems where data needs to be collected directly from embedded devices such as the Raspberry Pi. MQTT Modular Input: Index messages from MQTT, a machine-to-machine connectivity protocol, by subscribing Splunk software to MQTT Broker Topics. AMQP Modular Input: Index data from message queues provided by AMQP brokers. JMS Modular Input: Poll and index message queues and topics from messaging queues and topics, including MQTT messages, provided by message providers, including TibcoEMS, Weblogic JMS and ActiveMQ. Protocol Data Inputs: Recieve data via a number of different data protocols such as TCP , TCP(s) ,HTTP(s) PUT/POST/File Upload , UDP , Websockets , SockJS. Splunk App for Stream: Capture, filter and index real-time streaming wire data and network events. COAP Modular Input: Index messages from a COAP (Constrained Application Protocol) Server. SNMP Modular Input: Collect data by polling SNMP attributes and catching SNMP traps from datacenter infrastructure devices providing cooling and power distribution. In addition, Splunk has a powerful ecosystem of technology partners. Kepware Technologies – Connects Splunk software with thousands of industrial devices communicating on over a hundred proprietary industrial protocols. Stream real-time data to Splunk from industrial control systems, including SCADA. Carvoyant – Connected car platform, integration with Splunk software allows enterprises to monitor their automobile fleets, including geo-location, engine parameters and diagnostics. B&B SmartWorx – Intelligent sensors and gateways. Integration with Splunk (Splunk App) will include sensor data collection (via MQTT), and gateway and sensor network diagnostics and cyber security. Bluvision– Intelligent beacons. Integration with Splunk (Splunk App) will include beacon data collection (via Websockets). Powerful retail applications. ThingWorx (PTC) – The leading IoT Application Development Platform. Seamless data exchange between ThingWorx applications and Splunk Enterprise and Splunk Cloud, and ThingWorx customers can access Splunk search and analytics through the ThingWorx mashup builder. Buddy.com – Cloud services for connected devices. Integration (Splunk App) will allow Splunk to stream data from any device connected to the buddy platform. Octoblu (Citrix) – IoT developer platform. Has created libraries that allow any Octoblu-enabled device to stream its data to Splunk software and allows those same devices to use Splunk search and analytics to inform their own decisions and logic Red Balloon Security – Security platform for the defense of embedded systems in the enterprise (IP Phones, Printers, switches and routers, etc). Uses proprietary firmware level protection and appliance-based endpoint monitoring, and is integrating (Splunk TA/ES Compliant CIM) with Splunk software to allow Enterprise Security monitoring of threats to embedded enterprise devices. Bayshore Networks – Content-aware cyber security platform for industrial networks. Is integrating (Splunk TA/ES Compliant CIM) with Splunk software to allow Enterprise Security monitoring of threats to SCADA and other industrial networks. Foxguard Solutions– Cyber security and compliance solutions for industrial networks built with Splunk. NERC-CIP compliance specialists. UltraElectronics-3eti – Cyber security platform for industrial networks. Building ES compliant TA to allow collection and analysis of security relevant ICS data in Splunk. Distrix – Software defined networking for industrial networks and the internet of things. Simplifies connectivity and delivers and enhances data over extremely complex networks. Distrix’s SDN supports Splunk to Splunk communication, and can enhance other data, including timestamping and meta-data enrichment, for ingestion in Splunk. Prelert – Anomaly detection app for Splunk Enterprise. Valuable app for management of sensors and devices where rapid identification of anomalies in sensor readings or operations are critical. Predikto – Leverages the power of Predictive Analytics enabling organizations to use their data to predict future asset failures. N3N – Custom, advanced user interfaces for Splunk specializing in isometric views of industrial facilities. R Project App – harness the power of R statistical processing language directly from Splunk interfaces and search processing language. D3.js – Data driven documents for powerful user experiences. HTML5 – Advanced web interfaces and applications for browser and mobile based user experience.
- Enterprise Product Partners is using Splunk to monitor and manage their critical Industrial Control System infrastructure. This infrastructure powers 51000 miles of some of the most critical hardware in the world – oil pipelines. By using Splunk enterprise and partner solutions from companies like Palo Alto Networks, EPP is able to better monitor and manage the availability of the applications and hardware in their environment, and are able to react more quickly to the unexpected but inevitable downtime in a system this large and complex. PHIMSA regulations require that you react to critical application downtime almost immediately – and EPP is using Splunk to satisfy this requirement. Since starting with Splunk, they have seen tremendous improvement in their response time.
- Midstream Energy Services Provider Serves producers and consumers of natural gas, crude oil, refined products and petrochemicals Manages approximately 50,000 miles of pipeline across U.S.
- SCADA: Supervisory Control and Data Acquisition PLCs: Programmable Logic Controllers RTUs: Remote Terminal Units Servers Switches Routers Desktops
- Previous issues with visibility and issue investigations were long and tedious Needed to manage tens of thousands of diverse legacy field devices Existing in-house solutions and vendor built tools made it impossible to correlate across systems PHMSA requirements were strict and uptime is critical
- Discovered Splunk Enterprise while looking at security solutions Realized Splunk Enterprise could also solve operational challenges Conduct operational investigations Proactive Alerting Increase overall pipeline visibility
- Endpoint messaging Timeouts Leak Detection Correlate sensor data with other SCADA data