The use case Splunk imagines is an Internet of Things environment such as a factory with many machines generating data. Meanwhile, Splunk Augmented Reality allows people to see their data where it lives. With a single button click - implemented via actions within Splunk’s alert management - you could realistically identify a process is consuming all your server’s CPU, then reboot it, or perform other relevant tasks, without once using any device beyond your mobile and, optionally, your watch.
This app shows your Splunk dashboards and provides alert information on both your phone and smartwatch. Data is encrypted, and the app supports both on-premise and cloud Splunk environments. Pulling out a laptop is a thing of the past Splunk Mobile will let you carry the power of Splunk and remedy situations on your smartphone immediately. This includes responding to out-of-hours alerts. Splunk states this change alone means admins can improve their total cost of ownership by up to 75%.Īdditionally, Splunk>next makes more use of smartphone applications, recognising Splunk admins and users alike are increasingly transacting on-the-go. This provides Splunk admins flexibility in configuring their resources, and also allows considerable pricing benefits. Now storage can be any S3 API-compliant storage. On the topic of storage, a second significant architectural change in Splunk>next is dubbed SmartStore, essentially separating compute and storage. This means you could still ingest the raw data to one repository, and transformed data into another.
The visual editor allows you to effortlessly send your Splunk data several ways. The pipeline need not be a single path, either. The pipeline is versioned so you can revert to a prior edition, should you find you’ve inadvertently added a bad rule. Even so, to make sure your own pipelines aren’t a problem, you can drill into the latency and the volume of inputs and outputs in your own rules and diagnose problems, all within the GUI. Splunk says its performance permits 100TB of data to be ingested per day, with millisecond latency over trillions of events. Of course, you don’t want to adversely impact this ingestion pipeline.
Splunk>next provides a visual pipeline editor whereby a simple rule can be added to modify this field before it is ingested. Previously, Splunk administrators would edit configuration files to achieve this. Now data can be analysed and acted on, and modified, while it is in motion, not only when at rest.Īn example of modifying data might be to redact credit card numbers from a point-of-sale system before hitting the indexer. The data was then indexed and searchable. Splunk’s historic distinctive feature over traditional data aggregation tools was its approach to ingesting unstructured data rapidly without any mapping or interpretation or other processing at that time. Splunk Data Stream Processor, for example, is a major shift.
0 kommentar(er)
