the table
play

The Table! How to tap into machine data for observability and - PowerPoint PPT Presentation

Mar 02, 2023 •224 likes •544 views

Dont Leave Money On The Table! How to tap into machine data for observability and business analytics Karun Subramanian IT Operations Expert www.karunsubramanian.com (c) Karun Subramanian About the Presenter 20+ Years of experience in

  1. Don’t Leave Money On The Table! How to tap into machine data for observability and business analytics Karun Subramanian IT Operations Expert www.karunsubramanian.com (c) Karun Subramanian

  2. About the Presenter • 20+ Years of experience in Systems and Network Administration, Software Development and Monitoring & Observability • Passionate about Machine Data Analytics at Scale • Focused on modernizing IT Operations • Splunk Certified Architect (c) Karun Subramanian

  3. What will you learn in this session? • Identify machine data in your org (Hint: It’s lot more than logs) • The Hidden values in machine data • Architectural patterns to collect, ingest and index Machine data • Real world examples on how organizations are tapping into Machine data • Developing a Machine data strategy (c) Karun Subramanian

  4. Machine Data (c) Karun Subramanian

  5. What is Machine Data? Digital exhaust produced by any device in the Network Events Application Logs Metrics A state change; an Typically diagnostic Measurement of a occurrence of information, including property something traces

  6. Machine data answers “What”, “Where” and “Why” of the reality of a System (c) Karun Subramanian

  7. Machine data is everywhere Active Directory Sensors Authentication Containers IoT Devices Audit Kubernetes/Container Database Middleware Orchestration Messaging Systems OS Applications CI/CD OS Performance API Automation programs Network device Event viewer Mail Server Network packets Mobile devices LDAP Server Call Detail records Web Server (c) Karun Subramanian

  8. What can you do with it ? Business analytics IT Operations/Monitoring Security/SIEM How many repeat A spike in 500 internal A spoofing attack customers in the past server errors month?

  9. Why is it hard to reap benefits from Machine Data? (Distributed) 2 Fast Huge Mostly Unstructured A formidable Millions of Multiple tera bytes Logs/Traces challenge records/sec per day Fun fact: IDC predicts the annual data generated will be 175 Zetta Bytes by 2025. (175 Billion Terabytes. Go figure)

  10. Why Traditional Datastores won’t cut it? Data Warehouse Hadoop/Hbase RDBMS Complex, long process to Not a low-latency system. Machine data is primarily get data in (ETL or ELT) time-series. RDBMS is not Complex data retrieval and suited for time-series data. Not suitable for search processing. Need of an Scalability becomes a and monitoring use case efficient MapReduce job bottleneck.

  11. Give everyone the data analysis capabilities; not just the Data scientists. (c) Karun Subramanian

  12. How does it look like? Apache Web Server Access Log 192.168.198.92 - - [22/Dec/2002:23:08:37 -0400] "GET / HTTP/1.1" 200 6394 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1...)" "- ” 192.168.198.92 - - [22/Dec/2002:23:08:38 -0400] "GET /images/logo.gif HTTP/1.1" 200 807 www.yahoo.com "http://www.some.com/" "Mozilla/4.0 (compatible; MSIE 6...)" "- ” 192.168.72.177 - - [22/Dec/2002:23:32:14 -0400] "GET /news/sports.html HTTP/1.1" 200 3500 www.yahoo.com "http://www.some.com/" "Mozilla/4.0 (compatible; MSIE ...)" "- ” 192.168.72.177 - - [22/Dec/2002:23:32:14 -0400] "GET /favicon.ico HTTP/1.1" 404 1997 www.yahoo.com "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3)..." "-" Linx PAM log Jul 7 10:51:24 srbarriga su(pam_unix)[14592]: session opened for user test2 by (uid=10101) Jul 7 10:52:14 srbarriga sshd(pam_unix)[17365]: session opened for user test by (uid=508) Nov 17 21:41:22 localhost su[8060]: (pam_unix) session opened for user root by (uid=0) Nov 11 22:46:29 localhost vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=1.2.3.4 Linux /var/log/messages Aug 16 22:49:37 tiger /bsd: uid 1000 on /var/www/logs: file system full Cisco pix firewall logs Sep 7 06:25:28 PIXName %PIX-6-302013: Built inbound TCP connection 141968 for db:10.0.0.1/60749 (10.0.0.1/60749) to NP Identity Ifc: 10.0.0.2/22 (10.0.0.2/22) Sep 7 06:25:28 PIXName %PIX-7-710002: TCP access permitted from 10.0.0.1/60749 to db:10.0.0.2/ssh Sep 7 06:26:20 PIXName %PIX-5-304001: 203.87.123.139 Accessed URL 10.0.0.10:/Home/index.cfm Sep 7 06:26:20 PIXName %PIX-5-304001: 203.87.123.139 Accessed URL 10.0.0.10:/aboutus/volunteers.cfm SSHD log Aug 1 18:27:45 knight sshd[20325]: Illegal user test from 218.49.183.17 Aug 1 18:27:46 knight sshd[20325]: Failed password for illegal user test from 218.49.183.17 port 48849 ssh2 Aug 1 18:27:46 knight sshd[20325]: error: Could not get shadow information for NOUSER Aug 1 18:27:48 knight sshd[20327]: Illegal user guest from 218.49.183.17 Aug 1 18:27:49 knight sshd[20327]: Failed password for illegal user guest from 218.49.183.17 port 49090 ssh2 Source: https://ossec-docs.readthedocs.io (c) Karun Subramanian

  13. Architecture (c) Karun Subramanian

  14. Considerations Search and Time bucketing Near real-time Index Events, Visualize (need of Metrics and Logs an inverted index)

  15. Building Blocks Search and Collection Log Visualization (c) Karun Subramanian

  16. Collection: Agent Based (c) Karun Subramanian

  17. Collection: Agent Based • Agents collect data and push to backend. In most cases, this is the most effective method • Generally low footprint Examples: • collectd/statsd • APM agents • Log collection agents (Beats,Splunk Universal Forwarder) • Tricky in Cloud environments (c) Karun Subramanian

  18. Collection: Agentless • Pull mechanism discouraged • Push from application. Code changes required in some cases • HTTP POST • Kafka producer • Open Tracing (A specification. Some implementations like Jaeger use Agents) (c) Karun Subramanian

  19. Collecting in the Cloud • Inherently difficult due to the ephemeral nature of the containers • Docker/Kubernetes documentation is NOT clear when it comes to application logs • Use Agentless mechanisms (HTTP, kafka producer) for application logs • Use native mechanisms (Fluentd) for Container logs (c) Karun Subramanian

  20. LOG Middleware Client Systems Database (Message Producers) Central Log BigData (Messaging Broker) Data Warehouse Publish/ Subscribe Search Stream Persistent AWS S3 Processing Storage (Flink) (c) Karun Subramanian

  21. LOG: Why a messaging middleware? • Separation of subscriber and producer • Buffering • Speed of processing • Retention • Stream processing (c) Karun Subramanian

  22. The Kafka difference Speed Data Persistence Scales Linearly Can easily achieve 2 Million Configurable retention Partitioning log helps in messages/sec scaling linearly. (Default 7 days) Messaging is not new. But never before a messaging system was created with this speed and scalability

  23. Search and Visualization using Timeseries data • Need of a tool that maintains an inverted index (not much different from traditional search engines. • A tool that crunches both unstructured text and metrics data • Need to be able to produce rich visualization • Examples: Solr, Elastic Search, Splunk (c) Karun Subramanian

  24. Case Studies (c) Karun Subramanian

  25. BOX Cloud Storage Provider Use case: Observability using Machine Data (Application and Operational Logs) 20 TB/day ingestion, 180 billion documents, 190TB total size Source : https://www. elastic .co/customers/box (c) Karun Subramanian

  26. Carnival Cruise Lines World’s Largest Cruise Line Use case: Observability using Machine Data (Application and Operational Logs), Security Data Sources: Applications, Satellites, Shipboard systems, Connected devices Consolidates data from all the ships and corporate offices around the world Source : https://www.splunk.com/en_us/customers/success-stories/carnival.html (c) Karun Subramanian

  27. Harel Insurance & Financial Services • One of Israel’s largest insurance groups • Use Case: IT Operations • 25 Billion documents, 14.5 TB Total data size Source: https://www.elastic.co/customers/harel-insurance-and-financial-services (c) Karun Subramanian

  28. Machine Data Strategy (c) Karun Subramanian

  29. Execution • Establish an on-boarding process • LOG (Kafka) the central component • Dev team owns the content & structure of data • Search and Visualize Platform • Attack OS metrics first, if applicable Next Gen IT Ops: Stream processing Machine data (c) Karun Subramanian

  30. To reap benefit from Machine Data, you must be able to collect, index, correlate and analyze in near real- time (c) Karun Subramanian

  31. Questions? (c) Karun Subramanian

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NEU TABLE By HAY Neu Table is a small table designed by HAY with a round or a square tabletop.

NEU TABLE By HAY Neu Table is a small table designed by HAY with a round or a square tabletop.

NEU TABLE By HAY Neu Table is a small table designed by HAY with a round or a square tabletop. Neu Table fjts a wide variety of indoor and outdoor environments, including offjces, cafs, restaurants, gardens, terraces and balconies. Neu Table

422 views • 10 slides
The Periodic Table Periodic Table & Electron Configurations Effective Nuclear Charge

The Periodic Table Periodic Table & Electron Configurations Effective Nuclear Charge

Slide 1 / 163 Slide 2 / 163 Chemistry The Periodic Table 2015-11-16 www.njctl.org Slide 3 / 163 Slide 4 / 163 Table of Contents: The Periodic Table Click on the topic to go to that section Periodic Table The Periodic Table Periodic

819 views • 28 slides
The Periodic Table Periodic Table & Electron Configurations Effective Nuclear Charge

The Periodic Table Periodic Table & Electron Configurations Effective Nuclear Charge

Slide 1 / 163 Slide 2 / 163 Chemistry The Periodic Table 2015-11-16 www.njctl.org Slide 3 / 163 Slide 4 / 163 Table of Contents: The Periodic Table Click on the topic to go to that section Periodic Table The Periodic Table Periodic

683 views • 42 slides
Table A2 Field Descriptions for the Laboratory Instrument Table (Table A2) Contains related to

Table A2 Field Descriptions for the Laboratory Instrument Table (Table A2) Contains related to

Table A2 Field Descriptions for the Laboratory Instrument Table (Table A2) Contains related to laboratory instrument calibration on an analyte level and GC/MS Tune information. This table is optional depending on project requirements. Do not

288 views • 5 slides
1 Chemistry The Periodic Table 20151116 www.njctl.org 2 Table of Contents: The Periodic

1 Chemistry The Periodic Table 20151116 www.njctl.org 2 Table of Contents: The Periodic

1 Chemistry The Periodic Table 20151116 www.njctl.org 2 Table of Contents: The Periodic Table Click on the topic to go to that section Periodic Table Periodic Table & Electron Configurations Effective Nuclear Charge

2.1k views • 164 slides
Table ADT and Sorting Algorithm topics continuing (or reviewing?) CS 24 curriculum A table ADT

Table ADT and Sorting Algorithm topics continuing (or reviewing?) CS 24 curriculum A table ADT

Table ADT and Sorting Algorithm topics continuing (or reviewing?) CS 24 curriculum A table ADT (a.k.a. Dictionary, Map) Table public interface: // Put information in the table, and a unique key to identify it: bool put(KeyType key, ItemType

604 views • 18 slides
Table Saw BEST PRACTICES 2018 Table Saw Purpose NCUs Table Saw Purposes Cutting

Table Saw BEST PRACTICES 2018 Table Saw Purpose NCUs Table Saw Purposes Cutting

Table Saw BEST PRACTICES 2018 Table Saw Purpose NCUs Table Saw Purposes Cutting Plywood Cutting aluminum sheeting Cutting Lumber Cutting high density foam Best Practice - Tooling Inspection Set-up Operation Storage

645 views • 15 slides
Table A1 Field Descriptions for the Analytical Results Table (Table A1) Contains laboratory test

Table A1 Field Descriptions for the Analytical Results Table (Table A1) Contains laboratory test

Table A1 Field Descriptions for the Analytical Results Table (Table A1) Contains laboratory test results and related information for field and QC samples (excluding instrument calibrations) on an analyte level for environmental chemistry

69 views • 3 slides
SLIT TABLE / Design HAY Slit Table is a simple metal side table in three shapes: round, oblong

SLIT TABLE / Design HAY Slit Table is a simple metal side table in three shapes: round, oblong

SLIT TABLE / Design HAY Slit Table is a simple metal side table in three shapes: round, oblong and hexagonal. Slit Table is paper origami translated to the metal universe, named after the slit that emerges when the plate frame is folded

550 views • 6 slides
17 www.scad.ae Table of Contents Table of Contents

17 www.scad.ae Table of Contents Table of Contents

Statistical Report Writing and Data Presentation Guide Methodology and Quality Guides - No. (17) 17 www.scad.ae Table of Contents Table of Contents

1.03k views • 41 slides
SIP Table 2 / Table 3 Adam Roach Anaheim, CA, USA Friday, March 26, 2010 Current Situation

SIP Table 2 / Table 3 Adam Roach Anaheim, CA, USA Friday, March 26, 2010 Current Situation

SIP Table 2 / Table 3 Adam Roach Anaheim, CA, USA Friday, March 26, 2010 Current Situation Table 2 / Table 3 in RFC 3261 summarized where fields MAY, MUST, and MUST NOT appear. (The table is normative). This means, for most header fields,

412 views • 13 slides
Name: _________________________________________________ Room 262 The Periodic Table is a

Name: _________________________________________________ Room 262 The Periodic Table is a

Name: _________________________________________________ Room 262 The Periodic Table is a truly fantastic table of information about all of the elements known to scientists. The table is laid out in 18 vertical groups, that we usually

255 views • 24 slides
Table A3 Field Description for the Sample Analysis (Table A3) This table contains information

Table A3 Field Description for the Sample Analysis (Table A3) This table contains information

Table A3 Field Description for the Sample Analysis (Table A3) This table contains information related to analyses of field samples and laboratory QC samples (excluding calibrations and tunes) on a sample level for environmental chemical analyses

70 views • 4 slides
How to use Table and Data Graph Advanced Skill 1. Select 3D table on the Object list, and add it.

How to use Table and Data Graph Advanced Skill 1. Select 3D table on the Object list, and add it.

How to use Table and Data Graph Advanced Skill 1. Select 3D table on the Object list, and add it. 2. Get a Table Node Setup Dialog. We can change Title, Navigation, Columns and Data on the dialog. 3. Click OK. We can get a default table

65 views • 4 slides
Sketchup drawing of Trestle Table plan Bottom: Legs and stretcher waiting for the table top to be

Sketchup drawing of Trestle Table plan Bottom: Legs and stretcher waiting for the table top to be

Sketchup drawing of Trestle Table plan Bottom: Legs and stretcher waiting for the table top to be lowered onto the tenons on the top of the legs. Assembled trestle Table with foremost leaf open. final table.jpg Bubinga is oily. Scrub with

654 views • 23 slides
PERIODIC TABLE ATI TEAS SCIENCE PERIODIC TABLE Questions related to Periodic Table test your

PERIODIC TABLE ATI TEAS SCIENCE PERIODIC TABLE Questions related to Periodic Table test your

ATI TEAS SCIENCE REVIEW PERIODIC TABLE ATI TEAS SCIENCE PERIODIC TABLE Questions related to Periodic Table test your understanding of how to read the periodic table of the elements. You may also be tested on various properties shared by

570 views • 5 slides
INBOUND 2016: FUTURE OF INBOUND + NEW PRODUCTS & FEATURES Amanda Whyte, Manager - Partner

INBOUND 2016: FUTURE OF INBOUND + NEW PRODUCTS & FEATURES Amanda Whyte, Manager - Partner

INBOUND 2016: FUTURE OF INBOUND + NEW PRODUCTS & FEATURES Amanda Whyte, Manager - Partner Services, HubSpot Dublin Amanda Whyte At HubSpot since we opened in Ireland 4 years ago One of the original 10 Irish hires (even

747 views • 59 slides
Federal Programs Updates Mississippi Association of School Administrators April 14, 2014 1

Federal Programs Updates Mississippi Association of School Administrators April 14, 2014 1

Federal Programs Updates Mississippi Association of School Administrators April 14, 2014 1 Agenda Updates on OFP Activities Title I, Part A allocation and reallocation Overview of ESEA Flexibility and the single accountability model

447 views • 42 slides
DEPARTMENT OF NATURAL RESOURCES AND ENVIRONMENTAL CONTROL Delaware Water Pollution Control

DEPARTMENT OF NATURAL RESOURCES AND ENVIRONMENTAL CONTROL Delaware Water Pollution Control

DEPARTMENT OF NATURAL RESOURCES AND ENVIRONMENTAL CONTROL Delaware Water Pollution Control Revolving Loan Fund December 14, 2011 OFFICE OF THE SECRETARY FINANCIAL ASSISTANCE BRANCH December 14, 2011 1 Delaware Water Pollution Control

975 views • 49 slides
Earnings Conference Call 2 nd Quarter 2017 August 2, 2017 Cautionary Statements Regarding

Earnings Conference Call 2 nd Quarter 2017 August 2, 2017 Cautionary Statements Regarding

Earnings Conference Call 2 nd Quarter 2017 August 2, 2017 Cautionary Statements Regarding Forward-Looking Information This presentation contains certain forward-looking statements within the meaning of the Private Securities Litigation Reform

905 views • 52 slides
FROM M DEEP LE P LEAR ARNI NING NG TO NE NEXT-GEN N VI VISU SUAL ALIZA IZATION ION: :

FROM M DEEP LE P LEAR ARNI NING NG TO NE NEXT-GEN N VI VISU SUAL ALIZA IZATION ION: :

ANADARKO KO PETROLEUM CORPORATION KINETICA CA INC FROM M DEEP LE P LEAR ARNI NING NG TO NE NEXT-GEN N VI VISU SUAL ALIZA IZATION ION: : A G A GPU PU-PO POWE WERED RED DIG IGIT ITAL AL TRAN ANSF SFORMAT RMATION ION

703 views • 42 slides
Student Mentors: o Kendra o Brandon o Taylor o Colton Facilitators o Cari Roderick

Student Mentors: o Kendra o Brandon o Taylor o Colton Facilitators o Cari Roderick

Student Mentors: o Kendra o Brandon o Taylor o Colton Facilitators o Cari Roderick o Neale Rasmussen Grant provided from: Office of Juvenile Justice and Delinquency Prevention U.S Department of Justice In Partnership with:

603 views • 48 slides
The Digital World of Kids: The Parent Connection Connected Kids Kids love the digital world,

The Digital World of Kids: The Parent Connection Connected Kids Kids love the digital world,

The Digital World of Kids: The Parent Connection Connected Kids Kids love the digital world, and it has changed the dynamics of their interactions & communications; Pew Institute found that 35% of teens prefer digital communication

806 views • 25 slides
Super Saturday WHOLE CHURCH EVALUATIONS Holding Up a Mirror: Provoking Better Ministry

Super Saturday WHOLE CHURCH EVALUATIONS Holding Up a Mirror: Provoking Better Ministry

Super Saturday WHOLE CHURCH EVALUATIONS Holding Up a Mirror: Provoking Better Ministry Through Evaluation Holding Up a Mirror Provoking Healthy Communication, Synergy, Alignment, AND Holding Up a Mirror ITS

339 views • 32 slides

More recommend