Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Splunk Spark Integration

Gang Tao
April 08, 2016
Technology
1
1.1k

Splunk Spark Integration

An simple introduction of Splunk and possible solutions to do Splunk and Spark Integration

Gang Tao

April 08, 2016
Tweet

More Decks by Gang Tao

See All by Gang Tao
Visualizing the Pulse of Data
gangtao
0
82
Query Your Streaming Data on Kafka using SQL
gangtao
0
35
Unlocking Cloud Observability
gangtao
0
80
Scale Machine learning model deployment
gangtao
0
200
How to be interesting
gangtao
0
71
Cloud Monitoring
gangtao
0
76
Big Data Computation Architecture
gangtao
0
120
Regression
gangtao
0
83
Bayesian Classification
gangtao
0
520

Other Decks in Technology

See All in Technology
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
660
Taming you application's environments
salaboy
0
210
SDN の Hype Cycle を 一通り経験してみて思うこと / Going through the Hype Cycle of SDN
mshindo
3
290
minify の効果を最大限に引き出す TypeScript コードを書く
jsakamoto
2
110
Next.jsとNuxtが混在? iframeでなんとかする!
ypresto
2
1.7k
A Tour of Anti-patterns for Functional Programming
guvalif
0
1.5k
"とにかくやってみる"で始めるAWS Security Hub
maimyyym
2
140
心が動くエンジニアリング ── 私が夢中になる理由
16bitidol
0
130
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
160
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
3
380
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
170
DynamoDB でスロットリングが発生したとき_大盛りver/when_throttling_occurs_in_dynamodb_long
emiki
1
500

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Typedesign – Prime Four
hannesfritz
40
2.4k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Done Done
chrislema
181
16k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k

Transcript

  1. Splunk Spark Integration Gang Tao

  2. About Me • Software Engineer with 15+ Years experience •

    Now architect working on Data acquisition and Cloud App • Used to be working on BI, ERP and other Enterprise application development • Like data science and open source

  3. Splunk'Company'Overview' 3" Company'' •  Global"HQs:"" !  San"Francisco" !  London"" ! 

    Hong"Kong" •  1,800+"employees"globally" •  Annual"Revenue:" $450.9M"(YoY"+49%)" •  NASDAQ:"SPLK" Products' •  Free"trial"to"massive"scale" •  Splunk"products:"" !  Splunk"Enterprise" !  Splunk"Cloud" !  Hunk" !  Splunk"Light" !  Splunk"MINT" !  Premium"SoluWons" Customers'' •  10,000+"customers" •  Across"100"countries" •  Small"to"large" organizaWons" •  More"than"80"of"the" Fortune"100" •  Largest"license:"" !  400+"Terabytes/day"

  4. Splunk'–'a'Data'Pla-orm' Mainframe) Data) VMware) Pla0orm)for)Machine)Data) Exchange) PCI) Security) Rela=onal) Databases)

    Mobile) Forwarders) Syslog)/)) TCP)/)Other) Sensors)&) Control)Systems) Wire)) Data) Mobile)Intel) Splunk'Premium'Apps' Rich'Ecosystem'of'Apps' MINT' ) Splunk - a Machine Data Platform

  5. Demo

  6. Splunk Technical Stack Presenting Processing Store Acquisition

  7. Splunk Deployment Architecture Indexer
 store  data,  transform  row  data  into

      events  and  searches  the  indexed   data  in  response  to  search   requests.   Search  Head
 directs  search  requests  to  a  set  of   indexers,  merges  the  results  and   presents  them  to  the  user   Forwarder
 get  data  into  indexers  

  8. Splunk VS Open Source

  9. Splunk VS Open Source

  10. SQL of Machine Data - SPL SPL  –  Splunk  Processing

     Language   SQL   *nix  Pipe   Google  Search

  11. Extensibility - Splunk App h0p://apps.splunk.com/     Enterprise  Security  

    ITSI   DB  Connect   Technology  Add-­‐ons

  12. Why Integration? • Splunk to Spark • Data Ingestion •

    Unstructure/Semi Structure data Indexing • Data processing with Splunk search • Data Presenting • Spark to Splunk • Powerful computing capability • Machine Learning • Open Source community

  13. Solution A

  14. Solution B

  15. Solution C Indexer Virtual Indexer (Spark) SPL Enhanced Search Command

    Spark Driver (SPL Parser) Spark Worker Spark Worker Spark Worker

  16. Challenges • Avoid big data movement • keep good user

    experience • Adapt to SPL concept