By Splunk May 10, 2011
NTU gaining real-time visibility across all security relevant data
Aviva Splunking AS400 logs + Windows, Unix and Linux to meet compliance
Great China Telecoms company using Splunk to deliver Operational Intelligence for value added services
April 12 2011 marked the second SplunkLive in Singapore, with nearly double the number of attendees from just a year ago. The Splunk team in Asia has also doubled in size during the same time-frame, to better service customers and the appetite for Splunk.
Run jointly with our partner Systex, attendees got to see our latest product release in action – Splunk 4.2. They also got to hear about 2 in-depth customer case studies.
Nanyang Technological University
The first customer speaker was James Zhou, Assistant Director of IT Security at Nanyang Technological University. NTU is an internationally reputed research-intensive institution, serving 33,000 undergraduate and postgraduate students. It’s also in the top 1% of universities globally.
James went on to discuss NTU’s environment. They have a very large high-speed campus network, serving the information and computing needs of tens of thousands of users in teaching, learning, research, administration and personal communications. Their challenge was in tracking and investigating security incidents that appeared on their network. James explained, “We were collecting lots of logs in lots of different formats. Collecting and making sense of all the logs was taking us hours and sometimes days to identify the source of incidents.” All of this resulted in an unacceptably slow response to security incidents.
NTU deployed Splunk as the single place to collect all of their live log data from across all their data sources and infrastructure. “Splunking our logs means we can now get an answer using a single search, instead of spending hours manually parsing through separate logs on dozens of servers and devices.”
Rapid results using Splunk – establishing baselines and norms:
Improving visibility and responsiveness of security incidents is a common use of Splunk. NTU liked how Splunk gives them visibility across all their security relevant data and gives them the forensics power to investigate incidents in minutes instead of hours or days.
But this is just the beginning; James looks forward to expanding the use of Splunk beyond security to troubleshoot problems faster and deliver better operational visibility of IT for IT.
Aviva
Peter Lee is the IT Risk and Security Manager at Aviva Singapore. Aviva is the world’s sixth largest insurance group, serving over 53 million customers across Europe, North America and Asia Pacific. Their IT infrastructure is a mix of AS400 systems, Windows, Oracle, Microsoft SQL Server and network devices.
Peter said their main challenge was in meeting compliance mandates efficiently. He explained the core issue. “We’re hampered by the sheer effort and complexity of searching across systems and devices to meet compliance. The traditional solutions we looked at didn’t satisfy our global and local compliance requirements,” he explained. Big issues were the inability to “drilldown” when an issue was spotted, or the inability to perform “ad-hoc analysis.”
Aviva initially deployed Splunk to collect all their AS400 logs. Peter explained that, “Splunk collects everything without any special connectors. It lets us create custom reports in minutes and basically do everything ourselves.”
Search across AS400 logs and drilldown:
Peter talked about the rapid return on investment they experienced using Splunk. “We have already recovered our initial investment from cost savings alone.”
What’s next for Splunk at Aviva? “We like Splunk’s flexible licensing and plan to expand its use for Application Performance Management for business applications. We also plan to regionally expand Splunk for more security and compliance use cases.”
Greater China Telecoms Company
The final presentation was delivered by Johnny Lin, Senior Director of Splunk Labs at Systex. Johnny talked about how a telecoms company in Greater China uses Splunk to deliver better operational intelligence. This particular telco has about 6.5M subscribers and provides the full convergent suite of services – mobile, fixed, cable TV and broadband internet.
Their IT department had evolved into silos of systems, functions and data and the value added services business was no exception. Johnny explained the complex environment. “They had massive amounts of log data, with everything load balanced, including logs! It was difficult to correlate and troubleshoot issues and gain any sort of meaningful analytics. This was multiplied by the many users that wanted access to the data.”
He explained that, “using traditional BI tools, such as data warehouse products, ETL tools, OLAP and data mart solutions was impossible.” Other challenges included, “ever-growing custom scripts, insecure log access and a lot of programming effort.”
The “ah-ha” moment for the telco was during a Splunk proof of concept. Systex led this effort to how Splunk easily collects, organizes and harnesses all the log data generated by their VAS infrastructure. The POC highlighted the use of Splunk for data collection, data analytics, ad hoc reporting, correlation, external database referencing and data integrity.
Within a matter of weeks, Splunk was deployed and today, the telco uses Splunk to deliver impressive results.
Call Center
The call center uses Splunk dashboards to provide real-time analysis and intelligence of end-to-end MMS transactions. “Tracking an MMS transaction end-to-end was something they had never been able to do,” Johnny stated.
Marketing and Product Managers
This group uses Splunk dashboards to analyze user behavior for mobile internet, WAP portal activities, etc.
Very simple Splunk search and results generated:
Operations Support
Splunk is used for SMS SLA monitoring and troubleshooting to maintain service levels. Billing verification dashboards are used for revenue reconciliation purposes.
Johnny finished up by summarizing what’s next for Splunk. “The IT director is mandating Splunk become the standard analytics platform.”
Thanks Johnny and the Systex team for supporting this latest event in Singapore and for an insightful presentation.
Check out our events page to see where we’ll be next. We look forward to seeing you there!