Our First Splunk Live! in Munich, Germany

Held at BMW-Welt on March 8th and hosted with local Splunk Partner IT-Cube Systems, attendees came from across Germany, Switzerland and Belgium to learn from presentations by Swisscom and Accenture.

Splunk competed successfully in the morning, drawing a room full of interested Splunk Live! attendees despite the brand new BMW cars and motorcycles on display in the BMW-Welt entrance.

Mika Borner: Swisscom

The first customer presentation was by Mika Borner, a long-time Splunk user. Swisscom is the leading telco/ISP in Switzerland and Mika spoke about their use of Splunk for managing their Internet messaging services.

Before Splunk: custom parsers/analytics, grepping through even one day’s logs took a long time (Swisscom handles 40 million emails per day), there was no live view and finding anomalies was almost impossible. In short, managing the distributed environment was hell.  More importantly, a high percentage of the messages going through their network was spam.

With Splunk: They no longer need custom parsers and can get a handle on what’s really happening in their environment.

“We’ve got a near real-time view on what’s going on, adapting for new logfiles is straightforward, and searching and alerting about anything is easy.”
Mika Borner of Swisscom: Self-proclaimed “Splunk freak” and Splunk user since May 2006.
“Think different. The only limit what Splunk can do for you is yourself.”

Swisscom uses Splunk for troubleshooting and investigating user and infrastructure incidents. Finding and preventing abuse and fraud–including preventing phishing emails, and abuse and fraud of their SMS service–was the initial driver for purchasing Splunk. They were further able to justify the purchase of Splunk to address service crashes. Not only did Splunk greatly reduce the time to resolve issues, they achieved ROI almost right out of the gates. Splunk is also used for reporting, statistics, trending, and capacity planning.

Splunk is used to monitor, analyze and report on Swisscom’s Internet messaging.

Mika created simple form-based searches, enabling Tier 1 people to easily find the data they need, such as all internet messages sent by a specific email account over a selected time period.

The Swisscom Splunk deployment consists of 2 Splunk indexers, 1 search head, capturing 140GB/day, and storing 6 months of data on a 10TB SAN. They use Splunk forwarders whenever possible, and make heavy use of Splunk’s Common Information Model.

Near the end of his presentation, Mika said: “How would I describe Splunk? Eierlegendewollmilchsau” (loosely translates from the German as an animal that does everything!).

Alexander Strobl- Accenture Technical Consultant

Alexander gave a presentation detailing how one of his clients uses Splunk. The client is one of the largest worldwide trading and services companies, with more than 50,000 employees on three continents. Before Splunk, the company was often faced with critical service downtime—a common problem for retailers both online and off.

Alexander said that now, with Splunk, “In 15 minutes I can end all the finger-pointing.” They keep tabs on the general health of their environment using Splunk dashboards, and Alexander recommends, “Wrapping your processes around Splunk to uncover its true power and benefit.”

Splunk is integrated into 10+ business critical applications and services, generating 20-50 GB/ day or approximately 1200 events per second, including custom files and events. The current deployment consists of 2 Splunk instances—one for testing; one for production, with data from hundreds of servers including WebLogic and custom Java logs. They’ve established interfaces between Splunk and other tools to speed problem resolution and issue trouble tickets.

What’s next? The client is planning to use Splunk for transaction tracking across all apps and services, and doing business process analysis.

To celebrate the first German SplunkLive, Splunk Sales Engineer Christian Glatschke marked another first–the first time a Splunk product demonstration was given while wearing Lederhosen. Thanks to all who joined us Next stops in EMEA—Stockholm and Amsterdam in early May.

Steve Sommer
Posted by

Steve Sommer