SlideShare a Scribd company logo

Tyler Rutschman- Kansas City

Splunk
Splunk

SplunkLive! Kansas City 2012

Technology
1 of 16
Download to read offline
Growing Splunk Tyler Rutschman - Garmin International Tuesday, May 15, 12
About Me Linux System Administrator Husband and Father of 2 Kids DevOps, Productivity Hacks and Tools, The Big Lebowski Tuesday, May 15, 12
OH: (during an outage) I don’t want to live in a world without Splunk. Tuesday, May 15, 12
Backstory Free instance installed in 2009 by the Network Team Single Instance on Central Log server Upgrade to Enterprise Tuesday, May 15, 12 I started as an IT intern my mentor had a free copy of version 2.x running on the log server. I was tasked with finding a solution for SOX & PCI requirements. (Which was mind expanding for an intern, to say the least) Worked with purchasing to get a small license for the enterprise features. My project ended up piping Splunk output into a python program that no one but I understood that printed out a text report that (I felt at least) was superior to the one in place at the time. (Big surprise, didn’t end up using it).
Building Blocks Split Splunk off onto dedicated instance License overwhelmed by single app Limited visibility and use Tuesday, May 15, 12 When I came back there was some cursory interest in the app, but no major users and no project champion. Welcome, back Tyler... Splunk Expert (by Default). I was also attached to Garmin Connect, which is our awesome fitness tracking site, after getting more comfortable in my settings, I began to integrate the site logs into Splunk
IF YOU HAVE MORE INPUTS THAN LICENSE YOU’RE GONNA HAVE A BAD TIME Tuesday, May 15, 12 Obvious, but this was my experience during the first dedicated instance. We had a small license and it was all being used by Garmin Connect. It really wasn’t taking hold like I knew it could.
Plan for Expansion Decided to make application more robust Read the Documentation Planned roll out Multiple Applications License Increase Scalable Architecture Tuesday, May 15, 12 After I became more comfortable in my position, I felt impelled to make the application more robust and widespread. I went to .conf last year, attended some training sessions and read up on the Administration documentation.
Enterprise Architecture Elements (so far) Puppet Deploy Infrastructure Layout Gotchas Future Plans Tuesday, May 15, 12 Overview of the Current Architecture Elements, will then go in depth a bit more on each subject.
Puppet Search, Indexer and Forwarder are “turn-key” ex: include splunk::indexer ...done Really Awesome for Forwarders Tuesday, May 15, 12 Puppet makes deployment simple. Servers are built with one include statement. Forwarders are split up based on role and inputs. Customize the inputs a bit if necessary and include the splunk forwarder class in the puppet node definition.
Infrastructure Tuesday, May 15, 12 Describe layers and functions. Search is load balanced. Search, Index and Forwarders are horizontally scalable. Network/Taiwan instances aren’t pictured but are separate dedicated instances. Will move the network index into the main infrastructure real soon now.
How We Use Splunk Web Access Logs Service Usage Metrics Feature Tracking Diagnosing Problems in Production Internal Application Audits Windows Security Events Tuesday, May 15, 12 We don’t have a wide variety if inputs into Splunk at the moment. We currently use it on all of the major IT web applications to obtain service metrics, track new features and diagnosing issues in Production. The developers are also starting to cater their applications to output Splunk friendly logs Windows security events are queried via WMI ad filtered to specific IDs, this helps keep the volume down while delivering value for the Windows guys.
Why I like Splunk Makes Users Happy Real Time Data No Alternatives Tuesday, May 15, 12 Ease of configuration, having the one stop shop for user-land configs. LDAP integration is super simple. Able to generate detailed reports and drill into the data on the fly is a killer feature and something that you simply won't find with any other application. User community and Documentation. There are no real alternatives to Splunk. Some tools touch on some of the features gained with the app, but there is no offering that matches what splunk can give you. I’ve tried SEC, logwatch, Logstash, and Spiceworks. None were as user friendly and robust as Splunk.
Gotchas Don’t Index a lot of data over NFS Shared Knowledge Bundle Time Sync Tag and Search permissions Tuesday, May 15, 12 Keeping up with the demand. From a license and user request perspective, I limited amount of time to handle the requests at hand. Familiar position for me at least, but a good problem to have. Mounted Bundles must have the same time across the board. Watch your permissions on saved searches and tags. They are usually private when I share them with another user and they cannot access.
Future Plans Fix Central Logging Check Out Deployment Server More Inputs Training Tuesday, May 15, 12 Currently only one centralized syslog server, want to scale it out and put a farm of syslog servers behind a load balancer. Splunk will be the defininitive timeline for syslog events. Read about Deployment Server but passed on it at the time. Would like to pick it back up and see how it could be beneficial. Add additional inputs to the application I’ve been tasked with training my coworkers on how to use the application. Once they pick it up and figure it out, they can do awesome things.
Tips and Advice WMI Event Filter for Windows Events Splunkbase (stack overflow engine) Tuesday, May 15, 12
Questions & Feedback Tuesday, May 15, 12

Recommended

Search Marketing
Search MarketingSearch Marketing
Search Marketing
Rob Goldman
 
Team_Fitbit, final
Team_Fitbit, finalTeam_Fitbit, final
Team_Fitbit, final
Sharon Huang
 
Garmin
GarminGarmin
Garmin
jeremyblanchard
 
Fitbit Public Relations Plan
Fitbit Public Relations PlanFitbit Public Relations Plan
Fitbit Public Relations Plan
Alicja Fratczak
 
FitBit
FitBitFitBit
FitBit
Mike Rueffer
 
FitBit Direct Marketing Campaign
FitBit Direct Marketing Campaign FitBit Direct Marketing Campaign
FitBit Direct Marketing Campaign
Isabel Balla
 
Fitbit Go-To Market Plan
Fitbit Go-To Market PlanFitbit Go-To Market Plan
Fitbit Go-To Market Plan
pranaysadarangani
 
Fitbit presentation
Fitbit presentationFitbit presentation
Fitbit presentation
jryan39
 

Recommended

Search Marketing
Search MarketingSearch Marketing
Search Marketing
Rob Goldman
 
Team_Fitbit, final
Team_Fitbit, finalTeam_Fitbit, final
Team_Fitbit, final
Sharon Huang
 
Garmin
GarminGarmin
Garmin
jeremyblanchard
 
Fitbit Public Relations Plan
Fitbit Public Relations PlanFitbit Public Relations Plan
Fitbit Public Relations Plan
Alicja Fratczak
 
FitBit
FitBitFitBit
FitBit
Mike Rueffer
 
FitBit Direct Marketing Campaign
FitBit Direct Marketing Campaign FitBit Direct Marketing Campaign
FitBit Direct Marketing Campaign
Isabel Balla
 
Fitbit Go-To Market Plan
Fitbit Go-To Market PlanFitbit Go-To Market Plan
Fitbit Go-To Market Plan
pranaysadarangani
 
Fitbit presentation
Fitbit presentationFitbit presentation
Fitbit presentation
jryan39
 
Powering Postbank Group’s Data-driven Strategy
Powering Postbank Group’s Data-driven Strategy Powering Postbank Group’s Data-driven Strategy
Powering Postbank Group’s Data-driven Strategy
Elasticsearch
 
PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...
PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...
PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...
Puppet
 
FNC2751.pdf
FNC2751.pdfFNC2751.pdf
FNC2751.pdf
CristhianEspinosa6
 
Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app development
Gaurav Lochan
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)
Zoumana Diomande
 
EVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM Upgrades
EVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM UpgradesEVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM Upgrades
EVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM Upgrades
Evolve The Adobe Digital Marketing Community
 
Building software by feature with immutable infrastructures on AWS
Building software by feature with immutable infrastructures on AWSBuilding software by feature with immutable infrastructures on AWS
Building software by feature with immutable infrastructures on AWS
Nicolas Mas
 
Splunk
SplunkSplunk
Splunk
Knoldus Inc.
 
Infrastructure as Code with Chef / Puppet
Infrastructure as Code with Chef / PuppetInfrastructure as Code with Chef / Puppet
Infrastructure as Code with Chef / Puppet
Edmund Siegfried Haselwanter
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
Splunk
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
Splunk
 
Software Engineering for Startups (University of St Andrews, 2013)
Software Engineering for Startups (University of St Andrews, 2013)Software Engineering for Startups (University of St Andrews, 2013)
Software Engineering for Startups (University of St Andrews, 2013)
RightScale
 
Plug in framework made easy
Plug in framework made easyPlug in framework made easy
Plug in framework made easy
Thomas Cheah
 
Top Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability ComparsionTop Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability Comparsion
Erin
 
Top Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability ComparsionTop Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability Comparsion
Erin
 
Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015
Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015
Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015
NoSQLmatters
 
Architecting a Large Software Project - Lessons Learned
Architecting a Large Software Project - Lessons LearnedArchitecting a Large Software Project - Lessons Learned
Architecting a Large Software Project - Lessons Learned
João Pedro Martins
 
Microservices and functional programming
Microservices and functional programmingMicroservices and functional programming
Microservices and functional programming
Michael Neale
 
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Steve Feldman
 
Plugin style EA
Plugin style EAPlugin style EA
Plugin style EA
Kinshuk Adhikary
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 

More Related Content

Similar to Tyler Rutschman- Kansas City

Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Steve Feldman
 

Similar to Tyler Rutschman- Kansas City (20)

Powering Postbank Group’s Data-driven Strategy
Powering Postbank Group’s Data-driven Strategy Powering Postbank Group’s Data-driven Strategy
Powering Postbank Group’s Data-driven Strategy
 
PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...
PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...
PuppetConf 2017: Moving faster with Puppet & Splunk- Hal Rottenberg, Andrew B...
 
FNC2751.pdf
FNC2751.pdfFNC2751.pdf
FNC2751.pdf
 
Tools/Processes for serious android app development
Tools/Processes for serious android app developmentTools/Processes for serious android app development
Tools/Processes for serious android app development
 
Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)Splunk 6.5.0-pivot tutorial (7)
Splunk 6.5.0-pivot tutorial (7)
 
EVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM Upgrades
EVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM UpgradesEVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM Upgrades
EVOLVE'15 | Flash Brief | Cat Reusswig | Adventures in AEM Upgrades
 
Building software by feature with immutable infrastructures on AWS
Building software by feature with immutable infrastructures on AWSBuilding software by feature with immutable infrastructures on AWS
Building software by feature with immutable infrastructures on AWS
 
Splunk
SplunkSplunk
Splunk
 
Infrastructure as Code with Chef / Puppet
Infrastructure as Code with Chef / PuppetInfrastructure as Code with Chef / Puppet
Infrastructure as Code with Chef / Puppet
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 
Software Engineering for Startups (University of St Andrews, 2013)
Software Engineering for Startups (University of St Andrews, 2013)Software Engineering for Startups (University of St Andrews, 2013)
Software Engineering for Startups (University of St Andrews, 2013)
 
Plug in framework made easy
Plug in framework made easyPlug in framework made easy
Plug in framework made easy
 
Top Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability ComparsionTop Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability Comparsion
 
Top Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability ComparsionTop Three Data Modeling Tools Usability Comparsion
Top Three Data Modeling Tools Usability Comparsion
 
Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015
Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015
Adrian Colyer - Keynote: NoSQL matters - NoSQL matters Dublin 2015
 
Architecting a Large Software Project - Lessons Learned
Architecting a Large Software Project - Lessons LearnedArchitecting a Large Software Project - Lessons Learned
Architecting a Large Software Project - Lessons Learned
 
Microservices and functional programming
Microservices and functional programmingMicroservices and functional programming
Microservices and functional programming
 
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
 
Plugin style EA
Plugin style EAPlugin style EA
Plugin style EA
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Tyler Rutschman- Kansas City

  • 1. Growing Splunk Tyler Rutschman - Garmin International Tuesday, May 15, 12
  • 2. About Me Linux System Administrator Husband and Father of 2 Kids DevOps, Productivity Hacks and Tools, The Big Lebowski Tuesday, May 15, 12
  • 3. OH: (during an outage) I don’t want to live in a world without Splunk. Tuesday, May 15, 12
  • 4. Backstory Free instance installed in 2009 by the Network Team Single Instance on Central Log server Upgrade to Enterprise Tuesday, May 15, 12 I started as an IT intern my mentor had a free copy of version 2.x running on the log server. I was tasked with finding a solution for SOX & PCI requirements. (Which was mind expanding for an intern, to say the least) Worked with purchasing to get a small license for the enterprise features. My project ended up piping Splunk output into a python program that no one but I understood that printed out a text report that (I felt at least) was superior to the one in place at the time. (Big surprise, didn’t end up using it).
  • 5. Building Blocks Split Splunk off onto dedicated instance License overwhelmed by single app Limited visibility and use Tuesday, May 15, 12 When I came back there was some cursory interest in the app, but no major users and no project champion. Welcome, back Tyler... Splunk Expert (by Default). I was also attached to Garmin Connect, which is our awesome fitness tracking site, after getting more comfortable in my settings, I began to integrate the site logs into Splunk
  • 6. IF YOU HAVE MORE INPUTS THAN LICENSE YOU’RE GONNA HAVE A BAD TIME Tuesday, May 15, 12 Obvious, but this was my experience during the first dedicated instance. We had a small license and it was all being used by Garmin Connect. It really wasn’t taking hold like I knew it could.
  • 7. Plan for Expansion Decided to make application more robust Read the Documentation Planned roll out Multiple Applications License Increase Scalable Architecture Tuesday, May 15, 12 After I became more comfortable in my position, I felt impelled to make the application more robust and widespread. I went to .conf last year, attended some training sessions and read up on the Administration documentation.
  • 8. Enterprise Architecture Elements (so far) Puppet Deploy Infrastructure Layout Gotchas Future Plans Tuesday, May 15, 12 Overview of the Current Architecture Elements, will then go in depth a bit more on each subject.
  • 9. Puppet Search, Indexer and Forwarder are “turn-key” ex: include splunk::indexer ...done Really Awesome for Forwarders Tuesday, May 15, 12 Puppet makes deployment simple. Servers are built with one include statement. Forwarders are split up based on role and inputs. Customize the inputs a bit if necessary and include the splunk forwarder class in the puppet node definition.
  • 10. Infrastructure Tuesday, May 15, 12 Describe layers and functions. Search is load balanced. Search, Index and Forwarders are horizontally scalable. Network/Taiwan instances aren’t pictured but are separate dedicated instances. Will move the network index into the main infrastructure real soon now.
  • 11. How We Use Splunk Web Access Logs Service Usage Metrics Feature Tracking Diagnosing Problems in Production Internal Application Audits Windows Security Events Tuesday, May 15, 12 We don’t have a wide variety if inputs into Splunk at the moment. We currently use it on all of the major IT web applications to obtain service metrics, track new features and diagnosing issues in Production. The developers are also starting to cater their applications to output Splunk friendly logs Windows security events are queried via WMI ad filtered to specific IDs, this helps keep the volume down while delivering value for the Windows guys.
  • 12. Why I like Splunk Makes Users Happy Real Time Data No Alternatives Tuesday, May 15, 12 Ease of configuration, having the one stop shop for user-land configs. LDAP integration is super simple. Able to generate detailed reports and drill into the data on the fly is a killer feature and something that you simply won't find with any other application. User community and Documentation. There are no real alternatives to Splunk. Some tools touch on some of the features gained with the app, but there is no offering that matches what splunk can give you. I’ve tried SEC, logwatch, Logstash, and Spiceworks. None were as user friendly and robust as Splunk.
  • 13. Gotchas Don’t Index a lot of data over NFS Shared Knowledge Bundle Time Sync Tag and Search permissions Tuesday, May 15, 12 Keeping up with the demand. From a license and user request perspective, I limited amount of time to handle the requests at hand. Familiar position for me at least, but a good problem to have. Mounted Bundles must have the same time across the board. Watch your permissions on saved searches and tags. They are usually private when I share them with another user and they cannot access.
  • 14. Future Plans Fix Central Logging Check Out Deployment Server More Inputs Training Tuesday, May 15, 12 Currently only one centralized syslog server, want to scale it out and put a farm of syslog servers behind a load balancer. Splunk will be the defininitive timeline for syslog events. Read about Deployment Server but passed on it at the time. Would like to pick it back up and see how it could be beneficial. Add additional inputs to the application I’ve been tasked with training my coworkers on how to use the application. Once they pick it up and figure it out, they can do awesome things.
  • 15. Tips and Advice WMI Event Filter for Windows Events Splunkbase (stack overflow engine) Tuesday, May 15, 12