Copyright © 2015 Splunk Inc.

Cisco TechWiseTVSplunk

Agenda

Introduction How Cisco IT Operations Uses Splunk Operational Intelligence Splunk quick overview Splunk on UCS 6.3 and results on UCS Splunk IT Ops Demo

Cisco’s Footprint with Splunk• 70+ Monitored

Applications• 7+ Year Relationship• Across 7 Global Data

Centers• Flexible infrastructure to

accommodate new business needs

Applying Splunk to Cisco IT Requirements

Aggregated multiple siloed systems into Splunk

Monitoring 70+ Applications 846% increase of search volume per day

in one year Operational Intelligence in minutes

rather than hours

Cisco IT uses Splunk to index a broad range of system logs and machine data for networking devices, operating systems, unified communications, video events, and applications.

Proactive monitoring enables 50% reduction in high priority issues

80% reduction in operational costs 90% improvement in problem resolution &

root cause analysis times Improvements in system stability,

availability and performance

Insights Across Cisco - Platform

BusinessUnit Platform SPLUNK App

Sources and Logs

SYSLOG Windows Active Directory ACS Storage

• Infra Structure• IT OPS• Security• Commerce• Sales & Marketing• Channels• Engineering• Webex

• CCIX (web + app)• FTP• RAC DB• WSG• PING• OBIEE• ACE

• Splunk on Splunk• Deployment Monitor• UCS App• JMX App• Unix App• NetApp App

• Network• Linux / Unix• UCS• VMWare ESXi• Datacenter battery /

temperature logs

• Pre-Prod Event Logs

• Production Event Logs

• Event Logs • Event Logs

• AAA Logs

• ISE Logs

• Event Logs

Search Heads Indexers Storage Data Center

• 16 VMs (64 core X 32 GB) • 20 VMs (16 core X 16 GB)• 70 + Unique Indexes

• 56 TB SAN – Hot & Warm• 28 TB NAS - Cold

• Prod: RCDN – 8 SH & 10 Indexers• Prod: ALLEN – 8 SH & 10 Indexers• Dev: RTP – 4 SH & 2 indexers

10 Indexers

16 Search Heads

47 Search Heads

20 Indexers

Daily Indexing ~ 2TB

2014

2014

2015

2015

2015

Cisco’s IT Operations Evolving with Splunk

Daily Indexing 300G

2010

Splunk Activity – Daily Average1. Interactive Searches = 55K+ 2. Scheduled Searches = 45K+

3. Total Searches = 100K+ 4. Number of Users = 180+

Replacing Legacy SIEM at Cisco CSIRT

Enter Splunk: Flexible SIEM and empowered team – Easy to index any type of machine data from any source – Over 60 users doing investigations, correlations, reporting, advanced threat detection – All the data + flexible searches and reporting = empowered team – 2TB/day and searches take less than a minute. 7 global data centers with 350TB

stored data – Flashback Malware Example– Estimate Splunk is 25% the cost of a traditional SIEM

33 percent reduction in the time required to conduct security investigations

All security data is readily available in a single, centralized portal for faster and simpler access

Ability to automate routine tasks and search log data allows CSIRT analysts to work more effectively

Substantially easier correlation allows for more thorough investigations

Heading

Cisco Security Analytics Results

240+ security apps & add-onsSplunk app for Enterprise Security

Splunk Apps for Cisco Environments

Cisco ASA

NetFlow Logic

OSSEC

Cisco WSA

Cisco ESA

Cisco ISE

Sourcefire

Active Directory

Cisco Security Suite

MobileIron

Bit9 ETD

Norse Darklist

600+ apps/add-ons

Cisco ACI, IOS, Nexus 9000

Cisco UCS

VMware

NetApp

Servicenow

UNIX/Linux

Splunk App for Cisco UCS

NEW AND IMPROVED as of May 2015

Aggregates, monitors, trends and analyzes all relevant data from Cisco UCS Manager instances

Enables proactive capacity and performance monitoring/ management, fault trending, power and cooling, and more

Works with other Splunk add-ons and data sources (including Enterprise Security and PCI Compliance add-ons) to aggregate and correlate data across your enterprise

14

Applications

Operating Systems

Hypervisors

UCS server, storage, network

COLLECT DATA FROM ANYWHERE

SEARCHAND ANALYZE EVERYTHING

GAIN REAL-TIME OPERATIONAL INTELLIGENCE

The Power of Splunk

15

Making machine data accessible, usable and valuable to everyone.

Turning Machine Data Into Business ValueIndex Data: Any Source, Type, Volume

Online Services

Web Services

ServersSecurity

GPS Location

StorageDesktops

Networks

Packaged Applications

CustomApplications

Messaging

TelecomsOnline

Shopping Cart

Web Clickstreams

Databases

Call Detail Records

Smartphones and Devices

RFID

On-Premises

Private Cloud

Public Cloud

Ask Any Question

Application Delivery

Security, Compliance, and Fraud

IT Operations

Business Analytics

Industrial Data andthe Internet of Things

DeveloperPlatform

Report & analyze

Custom dashboards

Monitor & alert

Ad hoc search

17

Splunk Enterprise 6.3

Breakthrough Performance & Scale

Doubles performance and lowers TCO

Meeting the needs of the most demanding organizations

Advanced Analysis& Visualization

High Volume Event Collection

Enterprise-Scale Platform

Supports DevOps and IoT data analysis at scale

Simplifies analysis of large datasets

Enterprise management and integration

Breakthrough Performance, Scale, TCO

18

Search Performance

Indexing Speed

Intelligent Scheduling25%+ Capacity Gain

2X Execution Speed

2-4X Data Rate

Vertical scaling maximizes use of CPU power

Total System Capacity20-50% Increase

Improve speed of searches & reports Onboard & analyze larger datasetsOptimize resource utilizationReduce TCO by 20% or more

Comparisons to Splunk Enterprise 6.2

19

UCS 6200 Series Fabric Interconnect UCS Central

UCS Domains 1 - N

UCS Manager

UCS Manager

UCS Manager

16 ServersPer Rack

• UCS Domain (160 Servers (with FEX)

• 80 Servers direct connect) • Manage by UCS Manager• Up to 11.2 PB storage

• Multiple UCS Domains • Interconnect using Nexus

7000/9000• Scalable to 1000s of servers• Centrally manage by UCS

Central

Simple Scalability w/ Performance at ScaleCisco ACI

Horizontal Scaling with UCS

• Scalable, componentized architecture• Additional systems can:

• Grow data capacity• Increase search capacity & performance• Provide HA and DR

• Takes advantage of:• Cisco Validated Design• Cisco Reference Architecture• Cisco UCS Service Profiles

20

Vertical Scaling with UCS

• Task parallelization software design• Additional CPU capacity/system

• Improve search performance• Grow data onboarding speed and

capacity• Takes advantage of:

• Cisco UCS CPU capacity• Cisco UCS system architecture

21

Splunk – Cisco UCS Benchmark Preview

22

SplunkBase app resources

Cisco’s Big Data Design Hub features Cisco Validated Designs (CVDs) and other architectural docs

Big Data Applications Hub features reference architectures, solution briefs, infrastructure, automation, etc.

Learn More About Splunk on Cisco UCS!

Thank You for Attending

For TechWiseTV episodes, TechWiseTV Workshops, Fundamentals and Networking 101’s visit http://www.Cisco.com/go/TechWiseTV.com.

https://www.facebook.com/techwise

https://twitter.com/techwisetv