3. Agenda
Introduction
How Cisco IT Operations Uses Splunk
Operational Intelligence
Splunk quick overview
Splunk on UCS
6.3 and results on UCS
Splunk IT Ops Demo
4. Cisco’s Footprint with Splunk
• 70+ Monitored
Applications
• 7+ Year Relationship
• Across 7 Global Data
Centers
• Flexible infrastructure to
accommodate new
business needs
5. Applying Splunk to Cisco IT Requirements
Aggregated multiple siloed systems into
Splunk
Monitoring 70+ Applications
846% increase of search volume per day
in one year
Operational Intelligence in minutes
rather than hours
Cisco IT uses Splunk to index a broad range of system logs and machine data for networking
devices, operating systems, unified communications, video events, and applications.
Proactive monitoring enables 50%
reduction in high priority issues
80% reduction in operational costs
90% improvement in problem resolution &
root cause analysis times
Improvements in system stability,
availability and performance
6. Insights Across Cisco - Platform
Business
Unit
Platform SPLUNK App
Sources and Logs
SYSLOG Windows
Active
Directory
ACS Storage
• Infra Structure
• IT OPS
• Security
• Commerce
• Sales & Marketing
• Channels
• Engineering
• Webex
• CCIX (web + app)
• FTP
• RAC DB
• WSG
• PING
• OBIEE
• ACE
• Splunk on Splunk
• Deployment Monitor
• UCS App
• JMX App
• Unix App
• NetApp App
• Network
• Linux / Unix
• UCS
• VMWare ESXi
• Datacenter battery /
temperature logs
• Pre-Prod
Event Logs
• Production
Event Logs
• Event Logs • Event
Logs
• AAA
Logs
• ISE Logs
• Event Logs
Search Heads Indexers Storage Data Center
• 16 VMs (64 core X 32 GB) • 20 VMs (16 core X 16 GB)
• 70 + Unique Indexes
• 56 TB SAN – Hot & Warm
• 28 TB NAS - Cold
• Prod: RCDN – 8 SH & 10 Indexers
• Prod: ALLEN – 8 SH & 10 Indexers
• Dev: RTP – 4 SH & 2 indexers
8. Splunk Activity – Daily Average
1. Interactive Searches = 55K+ 2. Scheduled Searches = 45K+
3. Total Searches = 100K+ 4. Number of Users = 180+
11. Replacing Legacy SIEM at Cisco CSIRT
Enter Splunk: Flexible SIEM and empowered team
– Easy to index any type of machine data from any source
– Over 60 users doing investigations, correlations, reporting, advanced threat
detection
– All the data + flexible searches and reporting = empowered team
– 2TB/day and searches take less than a minute. 7 global data centers with
350TB stored data
– Flashback Malware Example
– Estimate Splunk is 25% the cost of a traditional SIEM
12. 33 percent reduction in the time required to conduct security investigations
All security data is readily available in a single, centralized portal for faster and simpler
access
Ability to automate routine tasks and search log data allows CSIRT analysts to work
more effectively
Substantially easier correlation allows for more thorough investigations
Heading
Cisco Security Analytics Results
13. 240+ security apps & add-onsSplunk app for
Enterprise Security
Splunk Apps for Cisco Environments
Cisco ASA
NetFlow Logic
OSSEC
Cisco WSA
Cisco ESA
Cisco ISE
Sourcefire
Active Directory
Cisco Security
Suite
MobileIron
Bit9 ETD
Norse Darklist
600+ apps/add-ons
Cisco ACI, IOS,
Nexus 9000
Cisco UCS
VMware
NetApp
Servicenow
UNIX/Linux
14. Splunk App for Cisco UCS
NEW AND IMPROVED as of May 2015
Aggregates, monitors, trends and analyzes all
relevant data from Cisco UCS Manager instances
Enables proactive capacity and performance
monitoring/ management, fault trending, power
and cooling, and more
Works with other Splunk add-ons and data sources
(including Enterprise Security and PCI Compliance
add-ons) to aggregate and correlate data across
your enterprise
14
Applications
Operating Systems
Hypervisors
UCS server, storage, network
15. COLLECT DATA
FROM ANYWHERE
SEARCH
AND ANALYZE
EVERYTHING
GAIN REAL-TIME
OPERATIONAL
INTELLIGENCE
The Power of Splunk
15
Making machine data accessible, usable and valuable to everyone.
16. Turning Machine Data Into Business Value
Index Data: Any Source, Type, Volume
Online
Services
Web
Services
Servers
Security
GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
Applications
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Call Detail
Records
Smartphones
and Devices
RFID
On-
Premises
Private
Cloud
Public
Cloud
Ask Any Question
Application Delivery
Security, Compliance,
and Fraud
IT Operations
Business Analytics
Industrial Data and
the Internet of Things
Developer
Platform
Report &
analyze
Custom
dashboards
Monitor
& alert
Ad hoc
search
17. 17
Splunk Enterprise 6.3
Breakthrough
Performance & Scale
Doubles performance
and lowers TCO
Meeting the needs of the most demanding organizations
Advanced Analysis
& Visualization
High Volume Event
Collection
Enterprise-Scale
Platform
Supports DevOps and IoT
data analysis at scale
Simplifies analysis of
large datasets
Enterprise management
and integration
18. Breakthrough Performance, Scale, TCO
18
Search Performance
Indexing Speed
Intelligent Scheduling
25%+ Capacity Gain
2X Execution Speed
2-4X Data Rate
Vertical scaling maximizes use of CPU power
Total System Capacity
20-50% Increase
Improve speed of searches & reports
Onboard & analyze larger datasets
Optimize resource utilization
Reduce TCO by 20% or more
Comparisons to Splunk Enterprise 6.2
19. 19
UCS 6200 Series
Fabric Interconnect
UCS Manager
16 Servers
Per Rack
• UCS Domain (160 Servers
(with FEX)
• 80 Servers direct connect)
• Manage by UCS Manager
• Up to 11.2 PB storage
• Multiple UCS Domains
• Interconnect using Nexus
7000/9000
• Scalable to 1000s of servers
• Centrally manage by UCS
Central
Simple Scalability w/ Performance at Scale
20. Horizontal Scaling with UCS
• Scalable, componentized architecture
• Additional systems can:
• Grow data capacity
• Increase search capacity & performance
• Provide HA and DR
• Takes advantage of:
• Cisco Validated Design
• Cisco Reference Architecture
• Cisco UCS Service Profiles
20
21. Vertical Scaling with UCS
• Task parallelization software design
• Additional CPU capacity/system
• Improve search performance
• Grow data onboarding speed and
capacity
• Takes advantage of:
• Cisco UCS CPU capacity
• Cisco UCS system architecture
21
23. SplunkBase app resources
Cisco’s Big Data Design Hub features Cisco Validated Designs (CVDs) and other architectural docs
Big Data Applications Hub features reference architectures, solution briefs, infrastructure, automation,
etc.
Learn More About Splunk on Cisco UCS!
24. Thank You for Attending
For TechWiseTV episodes, TechWiseTV Workshops, Fundamentals and
Networking 101’s visit http://www.Cisco.com/go/TechWiseTV.com.
https://www.facebook.com/techwise
https://twitter.com/techwisetv