Splunk so Big and Flashy Building Massive and Efficient Indexer Storage Environments for Splunk

Similar documents
EMC SOLUTION FOR SPLUNK

BIG DATA READY WITH ISILON JEUDI 19 NOVEMBRE Bertrand OUNANIAN: Advisory System Engineer

Life In The Flash Director - EMC Flash Strategy (Cross BU)

São Paulo. August,

Software Defined Storage

BUSINESS DATA LAKE FADI FAKHOURI, SR. SYSTEMS ENGINEER, ISILON SPECIALIST. Copyright 2016 EMC Corporation. All rights reserved.

Virtual Desktop Infrastructure (VDI) Bassam Jbara

Isilon: Raising The Bar On Performance & Archive Use Cases. John Har Solutions Product Manager Unstructured Data Storage Team

EMC STORAGE STRATEGY. Copyright 2015 EMC Corporation. All rights reserved.

Modernize Your IT with Dell EMC Storage and Data Protection Solutions

EMC XtremIO All-Flash Applications. Sonny Aulakh VP, Sales Engineering November 2014

DELL EMC ISILON SCALE-OUT NAS PRODUCT FAMILY Unstructured data storage made simple

DELL EMC ISILON SCALE-OUT NAS PRODUCT FAMILY

MODERNISE WITH ALL-FLASH. Intel Inside. Powerful Data Centre Outside.

Integrated and Hyper-converged Data Protection

THREE PATHS TO CLOUD CHOICE WITHOUT COMPLEXITY. Copyright 2013 EMC Corporation. All rights reserved.

Rethink Storage: The Next Generation Of Scale- Out NAS

Running Splunk on VxRack FLEX

The Impact of Hyper- converged Infrastructure on the IT Landscape

Integrated and Hyper-converged Data Protection

Dell EMC All-Flash solutions are powered by Intel Xeon processors. Learn more at DellEMC.com/All-Flash

HPE SimpliVity. The new powerhouse in hyperconvergence. Boštjan Dolinar HPE. Maribor Lancom

TITLE. the IT Landscape

Converged Platforms and Solutions. Business Update and Portfolio Overview

Redefining Enterprise Storage: EMC Storage Strategy

EMC & VMWARE STRATEGIC FORUM NEW YORK MARCH David Goulden President & COO. Copyright 2013 EMC Corporation. All rights reserved.

Three Paths To The Cloud. Kirill Kostitsyn

VMware Virtual SAN Technology

SOFTWARE DEFINED STORAGE

Cloud Meets Big Data For VMware Environments

New HPE 3PAR StoreServ 8000 and series Optimized for Flash

THE EMC ISILON STORY. Big Data In The Enterprise. Deya Bassiouni Isilon Regional Sales Manager Emerging Africa, Egypt & Lebanon.

VxRack FLEX Technical Deep Dive: Building Hyper-converged Solutions at Rackscale. Kiewiet Kritzinger DELL EMC CPSD Snr varchitect

DELL EMC ISILON SCALE-OUT NAS PRODUCT FAMILY Unstructured data storage made simple

NEXT GENERATION EMC: LEAD YOUR STORAGE TRANSFORMATION

HOW CISCO AND VCE ARE EXTENDING INFRASTRUCTURE MARKET LEADERSHIP THROUGH THE VBLOCK SYSTEM

Buy vs Build: Converged Platforms are the New End Game. Johannes Sieben Dell EMC CPSD varchitect Hyper-Converged

UNE APPROCHE CONVERGÉE AVEC LES SOLUTIONS VCE JEUDI 19 NOVEMBRE Olivier LE ROLLAND : varchitecte Manager, VCE France

Modernize Without. Compromise. Modernize Without Compromise- All Flash. All-Flash Portfolio. Haider Aziz. System Engineering Manger- Primary Storage

The storage challenges of virtualized environments

Vision of the Software Defined Data Center (SDDC)

VxRail: Level Up with New Capabilities and Powers GLOBAL SPONSORS

Copyright 2018 Dell Inc.

TRANSFORM YOUR APPLICATIONS

Copyright 2012 EMC Corporation. All rights reserved.

L offre de stockage DellEMC

IT Redefined. Hans Timmerman CTO EMC Nederland. Copyright 2015 EMC Corporation. All rights reserved.

EMC ISILON HARDWARE PLATFORM

DELL EMC ISILON ONEFS OPERATING SYSTEM

Bucket Diversity: Choosing Your Search Mate Wisely

Dell EMC ScaleIO Ready Node

Verron Martina vspecialist. Copyright 2012 EMC Corporation. All rights reserved.

ECONOMICAL, STORAGE PURPOSE-BUILT FOR THE EMERGING DATA CENTERS. By George Crump

Copyright 2012 EMC Corporation. All rights reserved.

FLASHARRAY//M Smart Storage for Cloud IT

XTREMIO: TRANSFORMING APPLICATIONS, ENABLING THE AGILE DATA CENTER

IBM FlashSystem A9000 and A9000R Ba5lecards versus HP 3PAR, EMC XtremIO, NetApp SolidFire, InfiniDAT InfiniBox, PureStorage FlashArray

Copyright 2012 EMC Corporation. All rights reserved.

HyperFlex. Simplifying your Data Center. Steffen Hellwig Data Center Systems Engineer June 2016

Building Your First Splunk App with the Splunk Web Framework

NEXT GENERATION EMC: LEAD YOUR STORAGE TRANSFORMATION

VMAX and XtremIO: High End Storage Overview and Update

Copyright 2012 EMC Corporation. All rights reserved.

NEC Express5800 R320f Fault Tolerant Servers & NEC ExpressCluster Software

HCI: Hyper-Converged Infrastructure

DELL EMC ISILON ONEFS OPERATING SYSTEM

The Impact of Hyper- converged Infrastructure on the IT Landscape

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

Copyright 2012 EMC Corporation. All rights reserved. Obrigado

VCE: A FOUNDATION FOR IT TRANSFORMATION. Juergen Hirtenfelder EMEA SI/SP

Software Defined Storage

DELL EMC VXRACK FLEX FOR HIGH PERFORMANCE DATABASES AND APPLICATIONS, MULTI-HYPERVISOR AND TWO-LAYER ENVIRONMENTS

Modern hyperconverged infrastructure. Karel Rudišar Systems Engineer, Vmware Inc.

Discover the all-flash storage company for the on-demand world

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Dell EMC Ready Solutions for Splunk

Isilon Scale Out NAS. Morten Petersen, Senior Systems Engineer, Isilon Division

MICROSOFT APPLICATIONS

EMC FORUM Vic Bhagat. Executive Vice President & Chief Information Officer EMC Corporation

Modernize with All Flash

High performance and functionality

LEVERAGING FLASH MEMORY in ENTERPRISE STORAGE

Nutanix Tech Note. Virtualizing Microsoft Applications on Web-Scale Infrastructure

Cisco and EMC Release Joint Validated Design for Desktop Virtualization with Citrix XenDesktop. Daniel Chiu Business Development Manager, EMC

UNFAIR ADVANTAGE Your Road to SAP Hana 2016 PURE STORAGE INC.

Ten things hyperconvergence can do for you

Building a Multi-protocol, analytics-enabled, Data Lake with Isilon

Modernize with all-flash

Today s trends in the storage world. Jacint Juhasz Storage Infrastructure Architect

Copyright 2012 EMC Corporation. All rights reserved.

End User Computing. Haider Aziz Advisory System Engineer-EMEA. Redefining Application and Data Delivery to the Modern Workforce

Taming Structured And Unstructured Data With SAP HANA Running On VCE Vblock Systems

Why Datrium DVX is Best for VDI

Renovating your storage infrastructure for Cloud era

Optimise Your Virtualised Applications with Flash

BIG DATA STRATEGY FOR TODAY AND TOMORROW RYAN SAYRE, EMC ISILON CTO-AT-LARGE, EMEA

Lenovo Validated Designs

BACKUP AND RECOVERY OF A HIGHLY VIRTUALIZED ENVIRONMENT

Hyperconverged Infrastructure: Cost-effectively Simplifying IT to Improve Business Agility at Scale

HPE Storage news. Mauro Colombo Hybrid IT sales & presales manager 23 rd May 2018

Transcription:

Copyright 2015 Splunk Inc. Splunk so Big and Flashy Building Massive and Efficient Indexer Storage Environments for Splunk Cory Minton Principal SE and Data Fabrics Leader, Emerging Technologies @ EMC

Disclaimer During the course of this presentamon, we may make forward looking statements regarding future events or the expected performance of the company. We caumon you that such statements reflect our current expectamons and esmmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentamon are being made as of the Mme and date of its live presentamon. If reviewed ater its live presentamon, this presentamon may not contain current or accurate informamon. We do not assume any obligamon to update any forward looking statements we may make. In addimon, any informamon about our roadmap outlines our general product direcmon and is subject to change at any Mme without nomce. It is for informamonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligamon either to develop the features or funcmonality described or to include any such feature or funcmonality in a future release. 2

These ARE The Droids You Are Looking For

Agenda! Data and Storage Tech Trends! Splunk Architecture! Why Flash Your Home Path?! The Big, Cold Data Lake! Converged SoluMons! Resources Sweet Apps and Ninjas

Data Growth 75% 78% 80% 2015 71 EB 2016 106 EB 2017 133 EB Source: IDC Total Capacity Shipped, Worldwide % of Unstructured Data 5

Do More With Less

Architecture Maaers Scale-up Scale-Out

Enter SPLUNK ENTERPRISE Industry- leading Plaform For Machine Data Any Machine Data Opera2onal Intelligence Datacenter Online Services Web Services Search & InvesMgaMon ProacMve Monitoring OperaMonal Visibility Real- Mme Business Insights Private Cloud Servers Storage Online Shopping Cart Security Desktops Telecoms Networks GPS LocaMon RFID Packaged ApplicaMons Energy Meters Messaging Custom ApplicaMons Public Cloud Web Clickstreams Databases Enterprise Scalability Smartphones and Devices Call Detail Records

Search Heads Query informamon across indexers and are usually CPU and memory intensive. Indexers Write data to disk and are both CPU and I/O intensive. Forwarders Collect and forward data; usually lightweight and not resource intensive. Splunk Architecture hap://docs.splunk.com/documentamon/splunk/latest/overview/aboutsplunkenterprisedeployments

Splunk Storage Requirements Enterprise Performance And Data Services! High- Performance Storage Rare & Sparse Searches! High- Capacity Storage Long- Term RetenMon! Scale- Out Infrastructure Indexer & Search Heads! De- dupe & Compression Clustered Indexer Deployments! Backup & Security Data ProtecMon & Compliance Search Heads Indexers HOT WARM COLD Capacity Triggered

Splunk Indexer Buckets HOT / WARM Recent searches/dashboards Usually block LUN High Random reads SequenMal reads / writes COLD Rare searches Usually NAS share Light Random Reads SequenMal reads / writes FROZEN Not searchable Usually offline media Only sequenmal write Splunk moves indexes from between from hot/warm to cold to frozen based on user configura2on Size of the buckets impacts performance

Indexer Storage Capacity 1TB Ingested Data WriWen Data = ½ Ingested Data = 500GB Raw Data Indexes Indexer *.gz *.tsidx Compressed Raw data 30% of wriaen data à 150GB Uncompressed indexes 70% of wriaen data à 350GB

How Much Storage Do You Need? 1TB Ingested Data = Daily indexing rate x ½ x Reten8on policy = 1TB x ½ x 60 days = 30TB Raw Data Indexes Indexer 9TB 21TB

Splunk Indexer Availability MulMple copies of index and raw data ê Index à # copies of indexes à Search factor (SF) ê Raw Data - > # of of copies of raw data à ReplicaMon factor (RF) Copy 1 500GB Copy 2 500GB Copy 2 500GB Copy 1 500GB 1TB * 60 days x ½ x 2 = 60TB (RF/SF=2) ** doubled ** 1TB * 60 days x ½ x 3 = 90TB (RF/SF=3) ** tripled ** 1TB Ingested Data SF=2 / RF=2 500GB written à 500GB replicated STORAGE CAPACITY MULTIPLIES!

Just How Much Storage? Storage Requirements in TB Splunk License (GB/DAY) 1 Year 2 Years 3 Years 4 Years 5 Years RetenMon (Days) 1 7 14 30 90 180 365 730 1095 1460 1825 25 0.025 0.175 0.35 0.75 2.25 4.5 9.125 18.25 27.375 36.5 45.625 50 0.05 0.35 0.7 1.5 4.5 9 18.25 36.5 54.75 73 91.25 100 0.1 0.7 1.4 3 9 18 36.5 73 109.5 146 182.5 250 0.25 1.75 3.5 7.5 22.5 45 91.25 182.5 273.75 365 456.25 500 0.5 3.5 7 15 45 90 182.5 365 547.5 730 912.5 1000 1 7 14 30 90 180 365 730 1095 1460 1825 2000 2 14 28 60 180 360 730 1460 2190 2920 3650 3000 3 21 42 90 270 540 1095 2190 3285 4380 5475 4000 4 28 56 120 360 720 1460 2920 4380 5840 7300 5000 5 35 70 150 450 900 1825 3650 5475 7300 9125 6000 6 42 84 180 540 1080 2190 4380 6570 8760 10950 7000 7 49 98 210 630 1260 2555 5110 7665 10220 12775 10000 10 70 140 300 900 1800 3650 7300 10950 14600 18250 *Assumes RF/SF = 2

DAS Presents Challenges 1 2 Dedicated Storage Infrastructure Silo that only runs Splunk Compromised Availability SSDs & servers fail Index rebuilds can take hours to days 3 Lack of Enterprise Data Protection No Snapshots or Compliance DR limited to Multisite Clustering 4 Poor Storage Efficiency Multiple copies of data Multisite Clustering Increases Overhead 5 Non-Optimized Growth Fixed compute to storage ratio Servers must maintain storage symmetry 6 Management complexity Multiple management points SPLUNK DAS ENVIRONMENT 1x 1x 2x 2x 3x 3x

Why EMC For Splunk OpMmized Infrastructure For Big & Fast Data Op2mized Shared Storage & Tiering Cost- Effec2ve & Flexible Scale- Out Powerful Data Services Hot & Warm Data Deployed On XtremIO or ScaleIO Encyption & Security Index File Compression Cold & Frozen Data Deployed On Isilon Scale-Out Capacity & Compute Independently Or As Converged Platform Snapshots For Backups Deduplication Of Clustered Indexes

Why Flash?!? Economic Influences Intelligent Scale- out Flash HDD ü Consumer Demand ü Data Services Allowing free Copies of ApplicaMon Data ü Flash technology has improved at a faster rate than Moore s Law

Xtremio Data Services Always- on, Inline, Zero Penalty, Free ALWAYS-ON THIN PROVISIONING INLINE DEDUPLICATION INLINE COMPRESSION XTREMIO DATA PROTECTION INLINE DATA AT REST ENCRYPTION AGILE WRITEABLE SNAPSHOTS

EMC Xtremio & Splunk All- flash Infrastructure For Hot & Warm Data High-Speed Search Accelerate SuperSparse & Rare Searches Search Heads Indexers Data Services For Hot & Warm Data Self-Encrypting Flash Drives Index File Compression Scale-Out Flash For I/O-Bound Data >1M IOPS & <1ms Latencies In-Memory Data Copy Services Dedupe Clustered Index Copies

EMC Scaleio & Splunk Converged Architecture For Hot & Warm Data Converged Splunk Architecture Leveraging ExisMng Hardware Investments Servers Search Heads Indexers Shared Capacity & Performance Remove Silos & Increase ROI On DAS Capacity & No Single Point Of Failure Network Storage 5K IOPS 1 TB 5K IOPS 1 TB 5K IOPS 1 TB 25K IOPS & 5TB 5K IOPS 1 TB 5K IOPS 1 TB

EMC Isilon Deep and WIDE Storage Single Volume/ File System Simplicity & Ease of Use High Performance Linear Scalability Unmatched Efficiency OneFS Easy Growth Policy based Tiering Mul2- protocol support

EMC Isilon & Splunk Low- cost & Secure Scale- out For Cold Data Search Heads Consolidate, Protect & Secure Cold Data Indexers High-Speed Ingest & Long-Term Retention With Native HDFS Integration Self-Encrypting Drives SmartLock Protects Cold & Frozen Data Scale-Out Capacity Up To 50PB Of Highly Available Capacity Snapshots IQ For Backups SmartDedupe For Clustered Indexes

Data Silos vs Consolidated Data Lake TRADITIONAL WORKLOADS NEXT-GEN WORKLOADS 24

Data Silos vs Consolidated Data Lake Isilon Scale- Out Data Lake 25

EMC Isilon Next- Gen Access Methods FILE One instance of the file services all dependent workloads simultaneously FILE 26

EMC Reference Architectures For Splunk Enterprise XtremIO and Isilon Reference Architecture ScaleIO and Isilon Reference Architecture

EMC Reference Architectures Single- Instance Distributed Indexers Indexers Search HOT & WARM XtremIO Mostly searches Heavy Random reads SequenMal writes Scale- Out 160 TB Flash & No Tuning No RAID ConfiguraMon Needed Many Copies & No Overhead DeduplicaMon & Compression COLD Isilon Adhoc searches Light Random Reads SequenMal Writes Scale- Out 50 PB Of Cold & Frozen Data MulM- Protocol = Always Searchable Tier Frozen Data Without MigraMon SmartDedupe & SmartLock

Vblock Systems The Only True Converged Infrastructure Best- of- breed Technology ApplicaMon OpMmizaMon Lifecycle System Assurance API Enabled, Converged Management Integrated ProtecMon and Workload Mobility SoluMons Pre- engineered, Pre- validated, Pre- tested Customer Experience Fastest Time-to-Business Highest Performance Highest Availability Converged Management Lowest Risk Lowest TCO

WHY VCE FOR SPLUNK? FOCUS ON BUSINESS OPERATIONS, NOT MAINTAINING INFRASTRUCTURE SPEED TIME- TO- DEPLOYMENT SIMPLIFY ONGOING OPERATIONS Factory Physical and Logical Build Roadmap and New Feature Planning Compliance- Ready ConfiguraMon and Patch Management Performance and Availability Single Support Through VCE

VCE Vscale Architecture Modular Grow- as- needed Architectural Design Flexible combinamons of EMC Isilon and XtremIO VCE TECHNOLOGY EXTENSION FOR COMPUTE General Purpose Compute GPU Cluster DAS Based HDFS Cluster(s) VCE TECHNOLOGY EXTENSION FOR STORAGE General Purpose Block Storage Object or ElasMc Cloud Storage Data Lakes Solid State Flash VCE TECHNOLOGY EXTENSION FOR DATA PROTECTION Data ProtecMon Data ReplicaMon 31

VCE to Address Three OpportuniMes Splunk VCE technology extension for EMC Isilon Storage Vblock/VxBlock System 540 Rack- Scale Bundle Vblock/VxBlock System 340 HOT/WARM Block/Scale- Out Bundle COLD

Sweet Apps and Ninjas

VCE Systems presented as an enmty Compliance history what has been changed? System inventory and health KPI dashboards One command to configure system logs and events Splunk App For VCE Vision

Splunk Apps XtremIO App Isilon App Allows Splunk to monitor Isilon performance

How We Size Splunk Infrastructure We Use Splunk Best PracMces Religiously We build Converged Systems first We have our own Ninjas to help! hap://splunk- sizing.appspot.com/ Not Officially Splunk- Supported

Why EMC For Splunk OpMmized Infrastructure For Big & Fast Data Op2mized Shared Storage & Tiering Cost- Effec2ve & Flexible Scale- Out Powerful Data Services Hot & Warm Data Deployed On XtremIO or ScaleIO EncrypMon & Security Index File Compression Cold & Frozen Data Deployed On Isilon Scale- Out Capacity & Compute Independently Or As Converged Plaform Snapshots For Backups DeduplicaMon Of Clustered Indexes

These ARE The Droids You Are Looking For

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback