Videos: Features

Scale Splunk

You must have Flash installed and Javascript
enabled to view this video.

Click here if you need to download the free Flash Player.

Description:

Mark Bagley, Senior Product Manager, presents an overview of Splunk's deployment and scalability features.

Date: Feb 24, 2008
Permalink: http://www.splunk.com/article/2125

Transcript

Storyboard_01

Animation_01a: Montage of the different deployment graphics to be used later in the demo and splunk.com homepage animation.

VO_01a: "You can scale your installation with a range of options to access data, store it, search it and route it to other systems."

Storyboard_02

Animation_02a: Graphic of Splunk logo, OS logos

VO_02a: "Splunk is a self-contained software package that runs on lots of different operating systems."

Storyboard_03:

VO_03a: "It's really easy to install. "

Animation_03a: Show download page

VO_03b: "Download the package for your environment"

Animation_03b: Show download window

VO_03c: "Run the installation script and start Splunk."

Animation_03c: Show the Splunk product home page

Storyboard_04:

Animation_04a: Splunk server appears with user, highlight the web icon and disk icon to time with the voice over below.

VO_04a: "You're up and running with a web interface for users and a datastore for your data."

Animation_04b: Splunk server and use move up to make room for rest of graphic. Pop up firewall, router, switch feeding syslog into Splunk.

VO_04b: "You can send remote data like syslog directly to Splunk"

Animation_04c: Add an appserver, webserver with Splunk pulling data from them via scp, ftp, file copy, NFS/SMB/CIFS.

VO_04c: "Or grab data from remote locations via scp, ftp, file copy and watch local or mounted file systems."

Animation_04d: Add a database server and a windows server with Splunk pulling data via scripted input.

VO_04d: "Splunk can even access data through custom apis and interfaces like DBI or WMI using scripted inputs. You can access any data without agents or adapters."

Storyboard_05: Local data access

Animation_05a: Replace the firewall, router, switch, appserver, db, webserver with ~3 servers, and pop Splunk onto them

VO_05a: "For more control run Splunk locally on your systems to capture the output of status commands, grab performance metrics or watch the file system for configuration, permissions and attribute changes."

Animation_05b: Show the data now going into the central Splunk from the servers

VO_05b: "Splunk's lightweight operation and reliable data forwarding leaves your production systems virtually untouched."

Storyboard_06: Deployment server

Animation_06a: Pop the deployment server icon onto the central Splunk server and highlight it.

VO_06a: "If you have lots of systems running Splunk, use the deployment server to centrally control your Splunk configurations. Local Splunk copies poll a designated deployment server for configuration changes."

Storyboard_07: Linear scalability and load balancing

Animation_07a: Add a second central indexing Splunk server. Add load balancing icon at forwarding point and show lines from each forwarder via the load balancing icon to both indexers. Add more forwarders and indexers as voiceover progresses.

VO_07a: "If you need more indexing and search capacity just add more Splunk servers to linearly scale your installation and automatically balance the data flows..."

Storyboard_08: Distributed search

Animation_08a: Make users appear with them directing a search at one Splunk server, that search being federated to the rest and draw a search grouping box around all the search/indexing servers.

VO_08a: "With distributed search users can search many different Splunk servers at the same time, eliminating the need to move your data to one physical location."

Storyboard_09: Conditional routing to different Splunk servers

Animation_09a: Graphic showing two Splunk index servers and three data sources routing data.

VO_09a: "If you want to limit access to certain data, just route it to a separate Splunk server with it's own data store. Only those users with accounts on that server will be able to search it. Routing select data, like your security events, to external service providers or other systems is just as easy"

Storyboard_10: Data cloning and HA

Illustration: Shows user group with two lines, one solid, one hashed to two Splunk indexes with three data sources with green clone icons on top. Arrows point data from each source server to each index.

VO_10a: "Splunk can also be configured for high availability. Here's an installation where data is being cloned and routed to different Splunk servers eliminating any single points of failure."

Storyboard_11: Efficient datastore

Animation_11a - ZOOM IN on the Splunk server, all the way to the right. It should display the green storage disk with the items inside.

VO_11a: "Scaling your installation can mean storing a lot of data. Splunk efficiently stores your data using the file system."

Animation_11b: Put in one data icon in the green can. Add ".gz" as a label or a callout "compressed files"

VO_11b: "Your data is stored in compressed files requiring about 10% of the original data size."

Animation_11c: Display an index icon.

VO_11c: "Splunk then adds super dense index files to give you instantaneous search results on anything in your data. Indexes take about 30% of your original data size. Compare this to a typical database index approach, where just a few fields are indexed and the overhead is typically 400% or more!"

Storyboard_12: Archiving

Animation_12a: Start to move the rightmost data files one by one over to the grey area in the Splunk server and animate the deletion of the corresponding index files. Move in new 'data' icons in the top of the can. Move them left to right to show the data moving through time.

VO_12a: "Automated archiving of data can occur based on time or data size. The oldest data can be moved to storage devices designed for long term retention at a lower cost."

Animation_12b: Return to an all Splunk box - i.e. no grey area. Send two 'data' and two 'i' icons down the the grey area on the right of the SAN/NAS/DAS icon at the bottom.

VO_12b: "Splunk can automatically restore my archived data when I need to do a longer term investigation or respond to a discovery request."

Storyboard 13: Wrap-up

Animation_13a: Montage of deployment graphics

VO_13a: "Creating your own installation is fast and easy. Centrally index your data in a single data store or or locally index your data in multiple data stores and use distributed search. Route your data to your managed service provider or other systems and ensure proper replication. Splunk can grow and change as your infrastructure does. (pause) Get started with Splunk today - get your co-workers addicted tomorrow."

Videos in this category
|View all »
Splunk Feature Overview
Date: Mar 01, 2008
Index with Splunk
Date: Feb 29, 2008
Search with Splunk
Date: Feb 28, 2008
Alert with Splunk
Date: Feb 27, 2008
Report with Splunk
Date: Feb 26, 2008
Share Knowledge with Splunk
Date: Feb 25, 2008
Now Playing
 Scale Splunk
Date: Feb 24, 2008
Secure Splunk
Date: Feb 23, 2008
close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: