© 2018

7 SPLUNK INC.

Splunk for Business Analytics

George Merhej

July 2018
 © 2018 SPLUNK INC.

The World of Business Analytics is Changing

“Feeding transactional data into a traditional data warehouse no

longer represents the extent of capabilities necessary for BI.”

“The simple idea of building a traditional data warehouse to

support a BI platform is no longer sufficient.”

“….require new information management capabilities to integrate

information from disparate, external and unstructured information
sources.”
Source: Business Analytics Require New Information Management Capabilities
 © 2018 SPLUNK INC.

End User Demands Driving Shift

How do we get real-time How do we drive product

insights into purchases innovation with insight
online and from new into how customers use
Sales Products our products?
devices?

How do we use mobile How do we get better

and geo location data to visibility into customer
improve content mix for interactions with online
Marketing new mobile services? Support service in real time?
 © 2018 SPLUNK INC.

Big Data Comes from Machines

Volume | Velocity | Variety | Variability

Machine-generated data is one of the GPS,

fastest growing, most complex RFID,
Hypervisor,
and most valuable segments of big Web Servers,
data Email, Messaging
Clickstreams, Mobile,
Telephony, IVR, Databases,
Sensors, Telematics, Storage,
Servers, Security Devices, Desktops
 © 2018 SPLUNK INC.

What Does Machine Data Look Like?

SOURCES

Order Processing ORDER, 2016-05-21T14:04:12.484,10098213,569281734,67.17.10.12,43CD1A7B8322,SA-2100

MAY 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213.

Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException:
Middleware Error weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The
DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port:
ACMEDB-01:1521. Reason: Connection refused

05/21 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type
0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a-
Care IVR
13ae51a6d092, Trunk T451.16
05/21 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092
CUSTID 10098213
05/21 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092

{actor:{displayName: “Go Boys!!”,followersCount:1366,friendsCount:789,link:

http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”},
Twitter objectType:“person”,preferredUsername:“B0ysF@n80”,statusesCount:6072},body: “Can’t buy
this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if
you hate @ACME!!”,objectType:“activity”,postedTime:“2016-05-21T16:39:40.647-0600”}
 © 2018 SPLUNK INC.

A lot of Value in Machine Data

clientip method

12.130.60.4 - - [18/Sep/2014 05:26:50:193] "GET /product.screen?product_id=AV-CB-

01&JSESSIONID=SD8SL4FF8ADFF5 url HTTP 1.1" 200 3221
"http://www.myflowershop.com/category.screen?category_id=BOUQUETS"Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"634

bytes xfered
status return code
user agent
 © 2018 SPLUNK INC.

Example: Business Visibility From Machine Data

Machine Data (from customer
Product Information Geo location Data
interaction)
Customer interacts with service online or Correlated with product Location data based on
from any device information from database where the customer
purchased / interacted with
User User browser service
Product
session Action information
66.57.19.112 ..[05/Dec/2011 07:05:22:152]”GET /card.do? Product_id=K9-BD-01
action=addtocart&itemid=EST-17& product_id=K9-BD- Product Name=2 TB Portable Drive Geo location
01&JSESSIONID.SD7SLSFF8ADFF8HTTP 1.1” 200 3923 Manufacturer=iomega
AppleWebKit/535.2 (KHTML.like Gecko) Chrome/15.0.874.121
data
Safari535.2

Real-Time Business Insights from

Machine Data – What are interaction paths by devices?
– What products are popular in what region? – How can we improve customer experience?
– Which product are customers leaving in
cart?
7
 © 2018 SPLUNK INC.

Managing Machine Data vs. Structured Data

Machine Data
Stored Digital Information

Unstructured data
Tremendous source of business
(exabytes)

value
Structured Data Under leveraged by business
Business transaction data Cannot be handed by BI
Well understood & Needs a new approach
analyzed
Slow growth
Handled by traditional BI

8
 © 2018 SPLUNK INC.

Splunk Collects and Indexes Any Machine Data

Customer Outside the

Facing Data Datacenter
Click-stream data Manufacturing,
Shopping cart data logistics…
Online transaction data CDRs & IPDRs
Power consumption
Logfiles Configs Messages Traps Metrics Scripts Changes Tickets RFID data
Alerts GPS data

Windows Linux/Unix Virtualization Applications Databases Networking

Registry Configuration & Cloud Web logs Configurations Configurations
Event logs s Hypervisor Log4J, JMS, JMX Audit/query syslog
File system syslog Guest OS, Apps .NET events logs SNMP
sysinternals File system Cloud Code and scripts Tables netflow
ps, iostat, top Schemas
 © 2018 SPLUNK INC.

© 2017 SPLUNK INC.

 © 2018 SPLUNK INC.

Why Splunk?
Traditional Splunk

Schema at Write Schema at Read

SQL Search

ETL Universal Indexing

Structured
Unstructured
RDBMS
Volume Velocity Variety
 © 2018 SPLUNK INC.

Splunk Collects and Indexes Any Machine Data

Customer Outside the

Facing Data Datacenter
Click-stream data Manufacturing,
Shopping cart data logistics…
• Any amount, any location, any source.
Online transaction data CDRs & IPDRs
Power consumption
Logfiles Configs Messages Traps Metrics Scripts Changes Tickets RFID data
GPS data
No custom connectors
Alerts

Windows Linux/Unix
No RDBMS
Virtualization Applications Databases Networking
Registry Configuration &No
Cloudneed for WebETL logs Configurations Configurations
Event logs s Hypervisor Log4J, JMS, JMX Audit/query syslog
File system
sysinternals
syslog
File system No pre-defined
Guest OS, Apps
Cloud schema
.NET events
Code and scripts
logs
Tables
SNMP
netflow
ps, iostat, top Schemas
Splunk Turns Machine Data into Operational Intelligence
© 2018 SPLUNK INC.

Optimized for real-time, low latency and interactivity

Ad hoc
search

Monitor
and alert

Real-time
Collection and Report and
Indexing analyze

Custom
dashboards

Developer
Platform

13
 © 2018 SPLUNK INC.

Value for Different Use Cases

IP Addr
Product ID

Failed login Webserver ID

Amount
Error event log

CPU threshold
Activity Log
Event Log
 © 2018 SPLUNK INC.

Operational Intelligence Across the Business

Gain real-time insight from operational data to Real-time

make better-informed business decisions Business Insights
Operational
Visibility

Proactive
Monitoring

Search and
Investigate

IT & Ops Business

 © 2018 SPLUNK INC.

NOC, SOC and BOC

 © 2018 SPLUNK INC.

Business Insights with Splunk

Representative Use Cases Across Customers

Application Content & Search Real-time Sales

Analytics Analytics Analytics
(usage clickstream + feature
(mobile access + content (device activation +
descriptions + customer
downloads + search) billing plans + geo location)
profile)

Service Cost Online Monetization

Analytics Analytics Marketing Analytics
(call detail records + (customer clickstream + (web/mobile logs +
tariffs database + VOIP virtual goods pricing + ad pricing + click through)
peering) billing)
 © 2018 SPLUNK INC.

Insights Across Roles & Departments

Executive Management Product Managers Marketing Managers

Sales Operations IT Management & Operations Customer Service &

Support

18
 © 2018 SPLUNK INC.

Search Analytics In Action @ Comcast

Search (Machine Data)

>
Device ID Search Results
(MAC (Application
Address) Logs)

Time of
Search
Business Value
Correlation Criteria
Revenues driven by
Billing (Structured Data) MAC address same Search
Device Content Content in Search Results Improving local content
(MAC Purchased
Address) (IDA #) Purchase time mix
Better search results
Amount of Time of
Purchase ($) Search Tailor content promotion
 © 2018 SPLUNK INC.

Application Intelligence @ Salesforce.com

– Track every customer interaction on

the site

> >
– Graphs and reports illustrate feature
issues
– Trending and baseline of new features
– Refine
Used features managers
by product for better customer
and
experience and drive product
executives innovation
Customer
Interactions
Customers (application/web
logs)
 © 2018 SPLUNK INC.

Improving Customer Experience @ Cricket

User authenticates
& receives an IP MDN (Phone #)
address IP Address

(authentication log
has phone # / IP
address) Correlate Phone #
(MDN) and IP
Address
Activity Tracked by
IP Key to
- Searches understanding
IP Address
- Downloads Content Search
individual customer
Browsing
- Browsing Downloads behavior – insights
for support, IT and
business
 © 2018 SPLUNK INC.

Improving Customer Experience @ Cricket

(continued)
Real-time content analytics
• Top 10 customer searches
• Top song / artist downloads
• Top played songs
• Top artists searched for
Business value
• Improve banner hit rates
• Delivering better content
• Audit customer transactions
 © 2018 SPLUNK INC.

Delivering Business Insights Across

Companies
 ©
© 2200117
88 S
8PLUNK INC.

Thank You