GETTING STARTED WITH SPLUNK FOR MONITORING AND DIAGNOSTICS - Data Edge

1y ago
18 Views
3 Downloads
868.29 KB
5 Pages
Last View : 12d ago
Last Download : 2m ago
Upload by : Ronnie Bonney
Transcription

GETTING STARTED GUIDEGETTING STARTED WITH SPLUNKFOR MONITORING AND DIAGNOSTICSA guide to gaining real-time insights into industrial operations

GETTING STARTED GUIDEIntroductionoperate in silos in your environment. With limitedManaging industrial processes and systems meansyou’re likely working with SCADA and other industrialcontrol systems (ICS), process historians, andalarm and event sensors. These diverse operationaltechnologies (OT) make it challenging to gain avisibility, decision-makers can fall into the trap ofmaking decisions based on intuition rather than data.Unifying and analyzing the machine data generatedin industrial environments can help you to:unified view into the availability and performance of Ensure equipment is operating as intendedyour industrial environment. Monitor, track and avoid unplanned asset downtimeBy collecting, analyzing and visualizing time-series Rapidly perform root-cause analysis and pinpointsensor data, alarms and events, and other machinedata generated by your OT and IT systems, you cangain this unified view—and a competitive edge. Thiscostly operational issues Understand the cause of failures and improveefficiency and availabilityguide outlines how you can use this data and Splunksoftware to better monitor your industrial assets,applications and infrastructure, and quickly diagnoseissues in your industrial operations and processes.Benefits of Better Monitoring and DiagnosticsGetting StartedMany organizations already use Splunk software togain a consolidated view across their IT systems toimprove performance and availability. You can use thesame platform to gain a unified view into OT systemsGaining a real-time and unified view into the health,as well. Additionally, Splunk software is alreadyavailability and performance of highly distributedintegrated with leading IoT platforms, including AWSindustrial assets and complex control systems is anIoT, Xively by LogMeIn, and Citrix Octoblu, whichuphill battle. These systems often use proprietaryenable fast time-to-value for developers and end users.protocols and data-access interfaces that frequentlyData Sources TableData TypeWhere to Find ItWhat It Can Tell YouSensor data andother metricsHistorian databases, OPC,Kepware Industrial DataForwarder for Splunk,HTTP event collector,MQTT, AMQP, COAP, JMSAsset performance, anomaly detection, predictivemaintenance, set point monitoringAlarms and eventsOPC, alarm and event servers,databases,log filesRoot-cause analysis, failure forensics, nuisancealarm reduction, capacity planningApplication logsLocal log files, log4j, log4net,Weblogic, WebSphere, JBoss,.NETOperator activity, application performanceInfrastructure dataSwitches, routers,servers, desktops, HMIsNetworking and communicationstroubleshooting, cybersecurityGetting Started with Monitoring and Diagnostics2

GETTING STARTED GUIDEUsing Splunk for Monitoring and Diagnostics1) Get Baselines of Asset Performance What to look for: Equipment listed in alarmand event data Why? You can perform real-time analysis thatprovides immediate insight into where yourissues are occurring. Additionally, correlatingthis information with sensor data can provideinsight into why the issue occurred Example search: . “Generator 3” timechartcount2) Find Seasonality in Operations What to look for: Trends in issues by date,time or shift Why? Seasonality can help you pinpoint subtleoperational issues that can be resolved withoperator training or improved procedures Example search: . eval shift case((datehour 7 AND date hour 15),1,(date hour 15AND date hour 23),2,(date hour 23 OR datehour 7),3) stats count by shift3) Monitor Trends in Sensor Data What to look for: Trends in metrics collectedfrom your assets and industrial control systems Why? Using granular or aggregated timeseries analytics can give you a real-time viewinto the performance of your assets andprocesses. Aggregate data on-the-fly into KPIsand easily drill down into the root cause ofspikes or drops Example search: . Tag Power timechartpartial false avg(Value) as PowerGetting Started with Monitoring and Diagnostics3

GETTING STARTED GUIDE4) Identify Anomalies in Sensor Data What to look for: Anomalies in individual sensorreadings or anomalies against a body ofhistorical data from a group of assets Why? Using advanced analytics such asanomaly detection or machine learningcan quickly identify outliers and patterns Example search: . sourcetype opcdemo Windfarm chart avg(Value) overTurbine ID by Tag useother f anomalydetection pthresh 1 stats count byprobable cause5) Enrich Operational Data With Data From WorkOrder, Asset and Other External Systems What to look for: Patterns in metrics related toactivities not stored with your sensor data Why? Activities affecting your sensor datamight not be stored in your tag historian oroperational database. Find subtle root causes ofoperational problems by mashing up data fromall of your operational data sources Example search: . lookup workorderlookup Asset ID AS Asset ID OUTPUTNEWLast Maintenance Date AS Last MaintenanceDate stats min(Power) by Last MaintenanceTechnician, Last Maintenance Date, Asset ID sort min(Power) head 56) Enrich Operational Data With Geolocation Datato Gain a Global View of Operations What to look for: Patterns in data related togeographic or other location-based groupings Why? The physical nature of industrialenvironments means that cause and effect maybe related to proximity. Automatically groupdata on-the-fly using any location-basedborders—as big as a country or as small as aproduction line—to monitor metrics and KPIs Example search: . demo windfarmTag ”Power” lookup geo countries longitudelatitude stats avg(Value) as Power by featureId geom geo countriesGetting Started with Monitoring and Diagnostics4

GETTING STARTED GUIDEConnecting Splunk to Industrial Data and the IoTKepware Industrial Data Forwarder for SplunkGet real-time data collection from over 150 open and proprietary industrial data protocols commonin energy, manufacturing, and oil and gas environments.Modular InputsThere are many free apps and add-ons that simplify the connection and collection of data fromindustrial systems. Use MQTT, COAP, AMQP, JMS and other modular inputs for Splunk to quicklyand easily configure connectivity to these message brokers and protocols. For a complete list,go to our website.HTTP Event CollectorUse a standard API and token-based authentication to enable applications and devices to sendmillions of events per second directly to Splunk Enterprise or Splunk Cloud for analysis.SummaryManaging complex industrial operations isn’t easy, but getting full visibility of your operations can help.With this guide and data sources you may already be analyzing, you can move from being reactive toproactive, while maximizing your operations performance, security and availability.Try Splunk Cloud or Splunk Enterprise for free or learn more about IoT and industrial data.Already have Splunk? Download Splunk Apps on Splunkbase.sales@splunk.comwww.splunk.com 2016 Splunk Inc. All rights reserved. Splunk, Splunk , Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Light, SPL and Splunk MINT are trademarksand registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.5GSG-Monitoring-and-Diagnostics-101

GSG-Monitoring-and-Diagnostics-101 sales@splunk.com www.splunk.com Try Splunk Cloud or Splunk Enterprise for free or learn more about IoT and industrial data. Already have Splunk? Download Splunk Apps on Splunkbase. 5 Connecting Splunk to Industrial Data and the IoT Kepware Industrial Data Forwarder for Splunk

Related Documents:

As an alternative, an app can be uploaded using the corelight-client command line utility: corelight-client splunk list splunk delete Removes a previously uploaded Splunk App. splunk download Retrieves a previously installed Splunk App as a ZIP file. splunk list Returns a list of all installed custom Splunk Apps. splunk upload Uploads a new Splunk App from a ZIP file.

Intellipaat's Splunk certification training includes the complete aspects of Splunk Developer and Splunk Administration. This Splunk course also includes various topics of Splunk, such as installation and configuration, Splunk Syslog, Syslog Server, log analysis, Splunk dashboard, and deploying Splunk search, monitor, index, report, and analysis.

Splunk Configuration 1. To install Splunk Apps, click the gear. 2. To install Splunk Apps, click the gear. Click Browse more apps and search for "Fortinet" 3. Install the Fortinet FortiGate Add-On for Splunk. Enter your splunk.com username & password. 4. Then install the Fortinet FortiGate App for Splunk. Enter your splunk.com username .

This is Intellipaat Master Program in Splunk tool includes Splunk Developer and Splunk Administration training. As part of this Splunk course, you will work on searching, sharing, saving Splunk results, creating tags, generating reports and charts, installing and configuring Splunk, monitoring, scaling and indexing large volumes of searches and analyzing it using the Splunk tool. Instructor Led Training 26 26Hrs of highly interactive

Splunk Documentation: docs.splunk.com Splunk Education & Training: education.splunk.com Third-Party Tools (not supported by Splunk) Search Examples: Big Book of Splunk Searches:bbosearch.com GoSplunk-A Search Repository: gosplunk.com Sizing Tool for Predicting Storage Requirements: splunk-sizing.appspot.com

Gain Insights into your Microsoft Azure Data using Splunk Jason Conger Splunk. Disclaimer 2 . Deploying Splunk on Azure Collecting Machine Data from Azure Splunk Add-ons Use cases for Azure Data in Splunk 3. Splunk available in Azure Marketplace 4. Splunk in Azure Marketplace

Core Dashboard & Splunk Investigate - dashboards@splunk.com Core Viz & Splunk Investigate - visualizations@splunk.com ITSI Experience - itsi-beta-gt-feedback@splunk.com Enterprise Experience - dashboardsbeta@splunk.com

Accounting is an art of recording financial transactions of a business concern. There is a limitation for human memory. It is not possible to remember all transactions of the business. Therefore, the information is recorded in a set of books called Journal and other subsidiary books and it is useful for management in its decision making process. AcroPDF - A Quality PDF Writer and PDF Converter .