Download - SplunkLive! Stockholm 2015 - Statnett
![Page 1: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/1.jpg)
Copyright © 2015 Splunk Inc.
Linus Myrefelt @ Statnett SF
The Future is Electric
![Page 2: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/2.jpg)
2
The future is "Electric"
![Page 3: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/3.jpg)
3
Important
What I am going to talk about does not neccessarily represent : • The truth • Splunk’s opinions or thoughts • StatneG’s opinions or thoughts • My own thoughts
![Page 4: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/4.jpg)
4
Agenda " StatneG? " Linux " Where it all started -‐ "SPll" troubleshooPng (/ Root cause analyPcs) " The new driver -‐ devOps / agile development and rapid deployment " What we want to do -‐ ApplicaPon management / IT Service Management " What we all do -‐ Security (doh!) " The future is electric! – Next step on our journey " Take aways and Pps for your journey and success!
![Page 5: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/5.jpg)
5
StatneG, what? " Make sure that the lights are on in Norway " State owned company " Quite small (~1500) " We own, build and maintain the Norwegian power-‐grid " Regulates the market " "The spider in the web"
![Page 6: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/6.jpg)
6
SPll a young company " Light-‐weight company " Small environment in server/endpoint numbers " Large and complex network " MS dominated " Large group of developers " Heavily project focused organisaPon " Heavily depending on IT " Heavily regulated
![Page 7: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/7.jpg)
7
(linu(s|x)) Background and Role " Born and raised in the smålandian woods " Geek / "Hacker" since childhood " Living Oslo / Norway (same same but different) " Trying to speak Swedish in Norway and Norwegian in Sweden " Splunker since ~version 4 " Before: Consultant doing APM, NPM, Splunk and "security" " Now: Building "Next-‐Gen" log and monitoring plagorm at StatneG " Not a "PowerPoint warrior"
![Page 8: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/8.jpg)
8
My 3 (4 including Splunk t-‐shirts) favorite things J
![Page 9: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/9.jpg)
9
This is what I belive in!
![Page 10: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/10.jpg)
10
This is what I belive in!
![Page 11: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/11.jpg)
11
![Page 12: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/12.jpg)
12
Let’s get down to business – use cases
TroubleshooPng
Development
IT Service Management
Security
![Page 13: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/13.jpg)
13
Where it all started -‐ troubleshooPng (/ Root cause analyPcs)
![Page 14: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/14.jpg)
14
Our iniPal pain
How do you troubleshoot amongst 1000s of servers? What about many 1000s of network devices? What if you have 100s of thousands of communicaPon points? How do you go about and do just that?
![Page 15: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/15.jpg)
15
Our SoluPon to the problem … started with networking
![Page 16: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/16.jpg)
16
Enabled us to… " Maintain our infrastructure posture " Track faulty devices " Earlier and controlled replacement
" Correlate events " Spot trends on network " Bigger picture with drilldown
![Page 17: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/17.jpg)
17
And the SituaPon now? " The good guys use Splunk for root cause analy5cs (tuff word) " The bad ones use me or my colleague for root cause analy5cs (s5ll a tuff word)
![Page 18: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/18.jpg)
18
The new driver -‐ devOps / Agile development and rapid deployment
![Page 19: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/19.jpg)
19
Our developers were struggling with: " MulPple Stages " Across "zones / network segments" " Amongst mulPple servers " Use of crypPc tool with a hard to get syntax – tail, grep,awk,sed mm " Customized event viewer " Not scalable " Genng access to the right data " In a Pmely fashion
![Page 20: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/20.jpg)
20
SoluPon -‐ They threw it into splunk J
And they created a big fat mess -‐ … sPll like using grep and awk for your life
![Page 21: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/21.jpg)
21
What we want to do -‐ ApplicaPon management / IT Service management
![Page 22: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/22.jpg)
22
Our ops guys were struggling with… " SPll kind of of young company " Started to mature " Old but good siloed tools " Not very user-‐friendly or accessible
" Need something more unifying " HolisPc overview of services and KPIs " Give stak´holders the right informaPon " Technical overview with drill downs into alerts and events
![Page 23: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/23.jpg)
23
Our soluPon for Ops " Re-‐designed, re-‐architectured and scaled up soluPon " Splunk agent deployed " Part of standard image and rouPnes " Different departments pushing for expansion
" Need to seGle on informaPon model
![Page 24: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/24.jpg)
24
APM / IT Service Management
![Page 25: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/25.jpg)
25
Security – All "your" data belongs to me
![Page 26: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/26.jpg)
26
In Security we struggle with the following things
" Too few people … already heavily occupied " Not enough (good) people to hire " No single pane of overview " Hard to keep up with todays threat " No real "Malware popup"
![Page 27: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/27.jpg)
27
We want to do more " Improve our security posture " Enable the right peope with data " Do more with less " AND " Being able to keeping track of aGackers
" Threat intel , i.e blacklists … = Noise " Researching IP / AGackers is part of the game
![Page 28: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/28.jpg)
28
How we are trying to do it " UPlizing Splunk and data as enabler " Automate boring and Pme-‐consuming tasks
" We combine freely tools with homebrewed " Scraping public api and web services " Everything "hosPle" that goes in and out
![Page 29: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/29.jpg)
29
Security
Manager approv
ed
![Page 30: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/30.jpg)
30
The future is electric! – Next step on our Journey
![Page 31: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/31.jpg)
31
The future is electric! " ConPnue to roll out agent " Collect applicaPon logs " Expanding use-‐cases " Work hard on normalisaPon " InformaPon model " Service modelling " More integraPons into splunk " Keep adding reports and alerts
![Page 32: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/32.jpg)
32
Top Takeaways / My Tips " Invest in educaPon for (different) users " Use PS or a trusted local partner " Before reaching maturity … maybe start small
![Page 33: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/33.jpg)
33
Quote Box
Our mission is to make machine data accessible, useable and valuable to everyone.
![Page 34: SplunkLive! Stockholm 2015 - Statnett](https://reader034.vdocuments.site/reader034/viewer/2022050613/588037f71a28abfd0a8b480f/html5/thumbnails/34.jpg)
Thank You