TIPS & TRICKS

Shining a Light on Industrial Data

Splunk By Splunk October 22, 2014

Enabling Insights from Industrial Data and the Internet of Things

This week we announced that our technology partner, Kepware Technologies, released the Industrial Data Forwarder (IDF) for Splunk as part of their most recent KEPServerEX update. This application enables a new and much easier way to connect to, index and analyze industrial data at scale in Splunk Enterprise and Splunk Cloud.

 

Industrial Data

Industrial data is a broad term for the machine data that is generated in industrial environments by industrial equipment, as well as by embedded computing platforms affiliated with SCADA and other automation and control systems. It typically represents physical sensor readings (temperature, vibration, pressures, valve position, etc.), or variables in the control algorithms that manage and control processes in industries such as oil and gas, manufacturing, and power.DGRM-Splunk-IoT-Kepware-101

Historical and real-time industrial data on its own can provide insight into operations, troubleshooting, security, compliance, safety, and business analytics use cases. Supplement with additional machine data and complementary data sources from application logs, security appliances, telemetry infrastructure and even relational databases, and you can build a complete, end-to-end machine data platform for your business in Splunk software.

DGRM-Splunk-IoT-101

Collecting, Connecting, and Enriching Industrial Data

KEPServerEX is a powerful framework, with over 150+ communications drivers for both proprietary and open industrial data protocols, including BACnet, Modbus, and OPC. Once communications are established between KEPServerEX and the industrial device or application, the IDF for Splunk plug-in is configured to connect KEPServerEX to Splunk software (a universal or heavy forwarder is recommended). Multiple Splunk software connections are supported. For each connection, individual data points (Tags) can be configured to stream data in real-time to Splunk Enterprise or Splunk Cloud. This data can be streamed at a user-configurable sampling rate, and at very high rates if necessary (sub-second rates are possible). Collection in excess of 10,000 events per KEPServerEX instance per second is possible even with the most basic of architectures, and will scale horizontally to massive scale. You can also take advantage of Splunk’s highly secure data forwarding and can build high availability, redundancy, and indexer clustering into your industrial data platform by building on Splunk software’s distributed architecture.

Another valuable feature of the IDF for Splunk is the ability to add custom descriptive metadata. Any Tag can have additional fields or unstructured text configured in the KEPServerEX environment. You can add, modify and remove metadata to individual Tags or on groups of Tags of any size. This metadata can include any key value pairs supplementing the standard IDF fields with asset identification information, geolocation information, additional common names, etc. Any metadata configured in the application is streamed with each event and can be used in Splunk software for aggregations, “group-by’s”, ad-hoc filters and correlations, etc.

  Screen Shot 2014-10-21 at 8.49.57 AM  

 

New Interactions and Insights for Industrial Data

In an oil and gas environment, for example, you could now use Splunk software to index data from upstream, midstream, and downstream equipment like the well data recorders, flow control devices on the pipeline, and the PLC’s in the refinery. Using Splunk’s powerful search and investigation, you could start to explore this data, looking for outliers, or for periods of time where sensor readings were out of range, or even for periods of time where readings were not being indexed regularly due to communication issues deep in the industrial network. Run aggregations across sensors, and find the global patterns that lead to failures. Set up saved searches to run on real-time data, and receive alerts before issues even occur. It’s a completely new way of interacting with industrial data and should provide tremendous value to both new and existing Splunk customers whose businesses rely on this critical infrastructure.

diagram oil industry data sources

Find Out More

To find out more about the Kepware Industrial Data Forwarder for Splunk, check out this video of Kepware demonstrating it in our Internet of Things Pavilion at .conf2014. You can also download a free trial from Kepware’s website. Finally, take a look at our Internet of Things and Industrial Data Solutions page, or download the Solutions Guide for Splunk and the Internet of Things.

 

 

 

----------------------------------------------------
Thanks!
Brian Gilmore

Splunk
Posted by

Splunk