An enterprise intelligence platform that is built on Splunk delivers scalable, high-performance data analytics. These analytics enable enterprises and service providers to turn machine and event data into insights, bringing the power of data analytics to users across the enterprise. Combining the industry-leading Splunk Data-to-Everything platform with a reference configuration of Intel technologies helps organizations accelerate and scale their Splunk deployments. This combination enables the converting of raw data into operational, business, and security intelligence.
The power of Splunk lies in its ability to unlock data across all parts of the business. The data can come from many sources, including:
Organizations can combine data, ask questions, find answers, take actions, and address business objectives. The resulting insights can help them identify security threats, optimize application performance, understand customer behavior, and more.
To get the most out of a Splunk deployment, no matter the use case, IT organizations must:
This knowledge equates to low search runtimes, high data ingestion rates, and high numbers of concurrent searches. To simplify this often-complex process, Dell EMC, Intel, and Splunk worked together to design a reference architecture with several different configurations. These configurations are designed for various Splunk workloads, using Dell EMC servers and storage with the latest Intel technology.
Figure 1 shows that Splunk Enterprise ingests and processes data from many different sources to produce actionable insights, maximizing the value of event and machine data.
Applications, operating systems, networks, security software, client devices, the Internet of Things (IoT), and other technologies generate a significant amount of event and machine data. Monitoring and analyzing machine data can help organizations solve many problems, like analyzing Web traffic, understanding customer behavior, streamlining financial analysis, improving customer experience, and more. But machine data is complex, and enterprises face significant challenges in converting it into timely insights.
Splunk Enterprise can help solve these challenges by enabling enterprises to:
But as with any technology, efficiency is paramount to maximizing total cost of ownership and return on investment. Efficiently deploying Splunk Enterprise requires understanding the characteristics of a Splunk workload, and how the components of Splunk work together. Some workloads require more indexing of data, while other workloads focus on running searches. Still other workloads have a more balanced amount of data indexing and search queries.
Organizations struggle to obtain maximum performance and scalability from Splunk without understanding the workload, and then configuring Splunk infrastructure for that workload. It is more difficult to obtain timely analyses of their enormous and fast-growing data volumes.
An enterprise intelligence platform that is built on Splunk is a modern “data to everything” platform. That platform provides powerful capabilities for storing, organizing, analyzing, and gaining insights from a wide range of data sources.
The Splunk platform helps organizations to address critical use cases, such as:
The reference architectures and configurations options in this document can apply across any of these use cases.
Splunk Enterprise is a software product for enabling enterprises to collect, search, organize, analyze, and visualize data that is gathered from various system components. Splunk Enterprise ingests log and streaming data from a wide variety of sources, including websites, applications, sensors, and devices. From each data source, Splunk Enterprise indexes the data stream and parses it into a series of individual events that you can view and search. The Splunk web interface can be used to analyze the data further. The Splunk search language, lookups, macros, and sub searches reduce hours of tedium to seconds of simplicity. Tags, saved searches, and dashboards offer both operational insights and collaborative vehicles.
Figure 2 illustrates the Splunk Enterprise Core for parsing, indexing, and searching data.
Figure 2. Splunk Enterprise core
Splunk Enterprise software brings a new value proposition to the field of data collection and analytics. Traditional extract, transform, and load (ETL) systems require that all data be structured before insights can be gleaned from it, slowing down the analytics process. But Splunk Enterprise is different. It is an extract, load, and transform (ELT) platform. That is, it supports schema-on-demand (also known as “schema-on-read,” “schema-on-need,” and “schema-on-use”). Schema-on-demand enables data to be ingested first and structure to be imposed on the data later. With Splunk Enterprise, new raw data sources can be added at any time.
Depending on the use case, reference architecture for Splunk Enterprise on Dell EMC Infrastructure can provide the following business values: