tyler garmin- kansas city
DESCRIPTION
SplunkLive! Kansas City 2012TRANSCRIPT
![Page 1: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/1.jpg)
About MeAbout Me
Linux System AdministratorLinux System Administrator
Husband and Father of 2 KidsHusband and Father of 2 Kids
DevOps, Productivity Hacks and DevOps, Productivity Hacks and Tools, The Big LebowskiTools, The Big Lebowski
![Page 2: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/2.jpg)
Growing SplunkGrowing SplunkTyler Rutschman - Garmin InternationalTyler Rutschman - Garmin International
![Page 3: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/3.jpg)
OH: (during an outage)OH: (during an outage)I don’t want to live in a I don’t want to live in a world without Splunk.world without Splunk.
![Page 4: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/4.jpg)
BackstoryBackstory
Free instance installed in 2009Free instance installed in 2009
Single Instance on Central Log Single Instance on Central Log serverserver
Upgrade to EnterpriseUpgrade to Enterprise
![Page 5: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/5.jpg)
Level 2Level 2
Split Splunk onto dedicated Split Splunk onto dedicated instanceinstance
License overwhelmed by Garmin License overwhelmed by Garmin ConnectConnect
Limited visibility and useLimited visibility and use
![Page 6: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/6.jpg)
IF YOU HAVE MORE INPUTS THAN IF YOU HAVE MORE INPUTS THAN LICENSELICENSE
YOU’RE GONNA HAVE A BAD TIMEYOU’RE GONNA HAVE A BAD TIME
Super Cool Ski InstructorSuper Cool Ski Instructor
![Page 7: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/7.jpg)
Plan for ExpansionPlan for Expansion
Decided to make application more Decided to make application more robustrobust
Read the DocumentationRead the Documentation
.conf 2011.conf 2011
![Page 8: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/8.jpg)
Enterprise ArchitectureEnterprise ArchitectureOutlineOutline
Puppet DeploymentPuppet Deployment
Infrastructure LayoutInfrastructure Layout
GotchasGotchas
Future PlansFuture Plans
![Page 9: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/9.jpg)
PuppetPuppet
Search, Indexer and Forwarder are Search, Indexer and Forwarder are “turn-key”“turn-key”
ex: include splunk::indexer ...doneex: include splunk::indexer ...done
Really Awesome for ForwardersReally Awesome for Forwarders
Why not use Splunk Deployment Why not use Splunk Deployment Manager?Manager?
![Page 10: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/10.jpg)
InfrastructureInfrastructure
![Page 11: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/11.jpg)
How We Use SplunkHow We Use Splunk
Web Access LogsWeb Access Logs
Internal Application AuditsInternal Application Audits
Windows Security EventsWindows Security Events
![Page 12: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/12.jpg)
Why I Like SplunkWhy I Like Splunk
Makes Users HappyMakes Users Happy
Real Time DataReal Time Data
No AlternativesNo Alternatives
![Page 13: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/13.jpg)
GotchasGotchas
Don’t Index a lot of data over NFSDon’t Index a lot of data over NFS
Shared Knowledge Bundle Time Shared Knowledge Bundle Time SyncSync
Tag and Search permissionsTag and Search permissions
![Page 14: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/14.jpg)
Future PlansFuture Plans
Scale Central System LoggingScale Central System Logging
More Splunk from a User/Developer More Splunk from a User/Developer POVPOV
Additional InputsAdditional Inputs
TrainingTraining
![Page 15: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/15.jpg)
Tips and AdviceTips and Advice
WMI Event Filter for Windows WMI Event Filter for Windows Events - Events - http://t.co/gexrFnrc
Splunkbase AnswersSplunkbase Answers
![Page 16: Tyler Garmin- Kansas City](https://reader038.vdocuments.us/reader038/viewer/2022102815/55645830d8b42a682d8b56a0/html5/thumbnails/16.jpg)
Questions & FeedbackQuestions & Feedback