Thursday, 4 July 2019

What is Splunk? Beginners Tutorial

What is Splunk? Beginners Tutorial


What is Splunk?

Splunk is a software technology which is used for monitoring, searching, analyzing and visualizing the machine generated data in real time. It can monitor and read different type of log files and stores data as events in indexers. This tool allows you to visualize data in various forms of dashboards.
In this tutorial, you will learn
  • What is Splunk?
  • Why we need Splunk?
  • Features of Splunk
  • Splunk Products
  • Splunk Architecture
  • How Splunk Works?
  • Applications of Splunk
  • Best Practices of using Splunk
  • Famous companies using Splunk
  • Alternative to Splunk
  • Disadvantages of using Splunk

Why we need Splunk?

Splunk offers plenty of benefits for an organization. Some of the benefits of using Splunk are:
  • Offers enhanced GUI and real-time visibility in a dashboard
  • It reduces troubleshooting and resolving time by offering instant results.
  • It is a best-suited tool for root cause analysis.
  • Splunk allows you to generate graphs, alerts, and dashboards.
  • You can easily search and investigate specific results using Splunk.
  • It allows you to troubleshoot any condition of failure for improved performance.
  • Helps you to monitor any business metrics and make an informed decision.
  • Splunk allows you to incorporate Artificial Intelligence into your data strategy.
  • Allows you to gather useful Operational Intelligence from your machine data
  • Summarizing and collecting valuable information from different logs
  • Splunk allows you to accept any data type like .csv, json, log formats, etc.
  • Offers most powerful search analysis, and visualization capabilities to empower users of all types.
  • Allows you to create a central repository for searching Splunk data from various sources.

Features of Splunk

Important features of Splunk are:
  • Accelerate Development & Testing
  • Allows you to build Real-time Data Applications
  • Generate ROI faster
  • Agile statistics and reporting with Real-time architecture
  • Offers search, analysis and visualization capabilities to empower users of all types

Splunk Products

Splunk is available in three different versions.
  • Splunk Enterprise
  • Splunk Light
  • Splunk Cloud

Splunk Enterprise

Splunk Enterprise edition is used by large IT business. It helps you to gather and analyze the data from applications, websites, applications, etc.

Splunk Cloud

Splunk Cloud is a hosted platform. It has the same features as the enterprise version. It can be availed from Splunk or using AWS cloud platform.

Splunk Light

Splunk Light is a free version. It allows search, report and alter your log data. It has limited functionalities and feature compared to other versions.

Splunk Architecture

Splunk Architecture Diagram
Here, are fundamental components of Splunk architecture:

Universal Forward (UF):

Universal forward or UF is a lightweight component which pushes the data to the heavy Splunk forwarder. You can install Universal Forward at client side or application server. The job of this component is only to forward the log data.

Load Balancer (LB):

Load balancer is default Splunk load balancer. However, it also allows you to use your personalized load balancer.

Heavy forward (HF):

Heavy forward is a heavy component. This Splunk component allows you to filter the data. Example: collecting only error logs.

Indexer (LB):

Indexer helps you to store and index the data. It improves Splunk search performance. By default, Splunk automatically performs the indexing. For example, host, source, and date & time.

Search head (SH):

Search head is used to gain intelligence and perform reporting.

Deployment Server(DS):

Deployment server helps to deploy the configuration. For example, update the UF configuration file. We can use a deployment server to share between the component we can use the deployment server.

License manager (LM):

The license is based on volume & usage — for example, 50 GB per day. Splunk regular checks the licensing details.

How Splunk Works?

Forwarder:

Forwarder collect the data from remote machines then forwards data to the Index in real-time

Indexer:

Indexer process the incoming data in real-time. It also stores & Indexes the data on disk.

Search Head:

End users interact with Splunk through Search Head. It allows users to do search, analysis & Visualization.

Applications of Splunk

Problem Statement: Mac-Donald had no clear visibility into what offers work best.
  • Offer type ( For example 20% off)
  • Cultural differences at a region level
  • Time of Purchase
  • Device used by the customer
  • Revenue generated per order
They needed insight into consumer behaviors and customer response.
The entire process using three types of Data source
  1. Order placed in Mac Donald Outlet
  2. Order placed in the Mobile Application
  3. Order places using the Web Application
Now the process carried from one step to other as mention in the below-given diagram.

Input

Input Data moves to Parsing stage,

Parsing

In Parsing Stage, relevant data is converted into events:
  • Customer Region
  • Revenue per order
  • Time of Order (Morning, Afternoon, Evening, Night)
  • A device used by customers (Mobile, PC, Tablet)
  • Discount Coupons applied

Indexing stage

In this stage, events are sorted and indexed for storage based on:
  • Sales by Geographical location
  • Order Revenue
  • Time of order (Morning, Afternoon, Evening, Night)
  • Device use by the customer
  • Coupon offered applied

Search Head

It is used to gain intelligence and perform reporting.
Mac- Donald used it to get the following information:
  • Which sales offer works best in which geographical location?
  • How does customer behavior changes in order revenue?
  • What is the best time to apply burger or combo offers?

How Splunk Helped?

  • Show all the order coming from across the specific region in real time.
  • Determine how different promotional offers are impacting in real-time
  • Monitor the performance of Mac Donald's in-house developing point of sale systems.
  • An employee can monitor what customers are saying and help understand customer expectations.
  • Analyzed the speed of different payment modes
  • Determine error-free payments mode

Best Practices of using Splunk

  • You should test the index so you can quickly perform the test.
  • There are specific fields you must get right at index time. Everything else you can create/modify only after indexing.
  • Event breaking happens automatically in spunk, so it's important to check that Splunk correctly detected the beginning and end of an event.
  • Splunk can automatically detect the time stamp. However, if your log format has a differ timestamp you need to configure the timestamp.

Famous companies using Splunk

Some famous companies using Splunk are:
  • Cisco
  • Bosch
  • IBM
  • Motorola
  • PepsiCo
  • Adobe
  • Visa
  • Adidas
  • Facebook
  • Salesforce
  • Walmart

Alternative to Splunk

Sumo Logic

Sumo logic tool helps you maintain the infrastructure of your application. Searching and analyzing data logs in real-time is simple. The tool allows you to monitor and visualize historical and real-time events.

Loggly

It allows you to analyze the logs and have fast searching experience. The tool helps you to collect data from the system using Syslog compatibility.
Download link: https://www.loggly.com/

Fluentd

Fluentd is a free and open source data collector tool. It helps you to save the logs in FS buffer. Therefore, you can retrieve it whenever you want. It also offers services like load balancing, retries for maintaining robustness.
Download link: https://www.fluentd.org/

ELK stack

ELK Stack allows users to take to data from any source, in any format, and to search, analyze, and visualize that data. The tool offers centralized logging. This feature is helpful when attempting to identify problems with servers or applications.

LogFaces

Logfaces is another alternative of spunk which allows you to email your queries. This tool keeps log data within the premises. The tool comes with an easy to a desktop application.

Disadvantages of using Splunk

Some disadvantages of using Splunk tool are:
  • Splunk can prove expensive for large data volumes.
  • Dashboards are functional but not as effective as some other monitoring tools.
  • Its learning curve is stiff, and you need Splunk training as it's a multi-tier architecture. So you need to spend lots of time to learn this tool.
  • Searches are difficult to understand, especially regular expressions and search syntax.

Summary

  • Splunk is a software which is used for monitoring, searching, analyzing and visualizing the machine-generated data in real time.
  • Splunk reduces troubleshooting and resolving time by offering instant results.
  • Splunk is available in three different versions are 1)Splunk Enterprise 2) Splunk Light 3) Splunk Cloud.
  • 1)Universal Forward (UF) 2) Load Balancer (LB) 3) Heavy forward (HF) 4) Indexer (LB) 5) Search head (SH) 6) Deployment Server(DS) 7) License manager (LM) are essential components of Splunk tool.
  • Important applications of Splunk are: 1)Interactive map 2) Promotional Support 3) Performance Monitor 4) Real-time feedback 5) Dashboard, and Payment process.
  • The most important best practice of using Splunk is that you should use test index so you can quickly perform the test.
  • Famous companies like Cisco, Bosch, IBM, Motorola, Adobe, Visa are using this tool.
  • 1)SumoLogic 2) ELK stack 3) Log faces 4) Fluentd are some alternatives of Splunk
  • The biggest drawback of Splunk is that it can prove expensive for large data volumes.
Posted by at No comments:

Nagios Tutorial for Beginners: What is, Installation, Architecture

What is Continuous Monitoring?

Continuous monitoring is a process to detect, report, respond all the attacks which occur in its infrastructure. Once the application is deployed into the server, the role of continuous monitoring comes in to play. The entire process is all about taking care of the company's infrastructure and respond appropriately.
In this tutorial, you will learn:

What is Nagios?

Nagio is a free to use open source software tool for continuous monitoring. It helps you to monitor system, network, and infrastructure. It is used for continuous monitoring of systems, applications, service and business process in a DevOps culture.
Nagios runs plugins stored on the same server. It plugin's connects with a host or another server on your network or the Internet. Therefore, in the case of failure Nagios core can alert the technical staff about the issues. So that, your technical team performs the recovery process before outage in the business processes.

Why We Need Nagios?

Here, are Important reasons to use Nagios monitoring tool are:
  • Detects all types of network or server issues
  • Helps you to find the root cause of the problem which allows you to get the permanent solution to the problem
  • Active monitoring of your entire infrastructure and business processes
  • Allows you to monitors and troubleshoot server performance issues
  • Helps you to plan for infrastructure upgrades before outdated systems create failures
  • You can maintain the security and availability of the service
  • Automatically fix problems in a panic situation

History of Nagios

1996-Ethan Galstad uses the ideas and architecture of his earlier work to begin building a new application which runs under Linux OS
1999-The plugins that were which were originally distributed as a part of the NetSaint distribution are soon as a separate Nagios Plugins project
2002- Ethan renames the project to "Nagios" because of trademark issues with the name "NetSaint."
2005- Nagios becomes SourceForge.net Project of the Month in June
2009-Nagios Enterprises releases its first commercial version, Nagios XI
2012-Nagios again renamed as Nagios Core
2016-Nagios core surpasses 7,500,000 downloads directly from SourceForge.net website

Features of Nagios

Following are the important features of Nagios:
  • Relatively scalable, Manageable, and Secure
  • Good log and database system
  • Informative and attractive web interfaces
  • Automatically send alerts if condition changes
  • If the services are running fine, then there is no need to do check that host is an alive
  • Helps you to detect network errors or server crashes
  • You can troubleshoot the performance issues of the server.
  • The issues, if any, can be fixed automatically as they are identified during the monitoring process
  • You can monitor the entire business process and IT infrastructure with a single pass
  • The product's architecture is easy writing new plugins in the language of your choice
  • Nagios allows you to read its configuration from an entire directory which helps you to decide how to define individual files
  • Utilizes topology to determine dependencies
  • Monitor network services like HTTP, SMTP, HTTP, SNMP, FTP, SSH, POP, etc.
  • Helps you to define network host hierarchy using parent hosts
  • Ability to define event handlers which runs during service or host events for proactive problem resolution
  • Support for implementing redundant monitoring hosts

Nagios Architecture

Nagios is a client-server architecture. Usually, on a network, a Nagios server is running on a host, and plugins are running on all the remote hosts which should be monitored.
  1. The scheduler is a component of server part of Nagios. It sends a signal to execute the plugins at the remote host.
  2. The plugin gets the status from the remote host
  3. The plugin sends the data to the process scheduler
  4. The process scheduler updates the GUI and notifications are sent to admins
Plugins:
Nagios plugins provide low-level intelligence on how to monitor anything and everything with Nagios Core. Plugins operate acts as a standalone application, but they are designed to be executed by Nagios Core. It connects to Apache that is controlled by CGI to display the result. Moreover, a database connected to Nagios to keep a log file.
How do plugins work?
Consider the above example-
  • Check_nt is a plugin to monitor a windows machine which is mostly available in the monitoring server
  • NSClinet++ should be installed in every Windows machine that you wants to monitor
  • There is an SSL connection between the server and the host which continuously exchange information with each other
Likewise, NRPE(Nagios Remote plug-in Executor) and NSCA plugins are used to monitor Linux and Mac OS X respectively.
GUI:
An interface of Nagios is used to display in web pages generated by CGI. It can be buttons to green or red, sound, graph, etc.
When the soft alert is raised many times, a hard alert is raised, then the Nagios server sends a notification to the administrator.
Nagios GUI

Install Nagios at AWS

Step 1) Got to https://aws.amazon.com/marketplace/pp/B0773T3529 and click Continue to Subscribe
Step 2) Accept Terms
Step 3) You will see subscription pending message
Step 4) Refresh the same page after a few minutes and click "Continue to Configuration
Step 5) Keep the settings default and click Continue to Launch
Step 6) Review the settings. Create a new Key and click launch
Step 7) Note the public DNS of your instance
Step 8) In your windows machine, use the tool putty generator to convert pem file to ppk
Step 9) In putty, enter the public DNS
Step 10) In Auth section, enter the ppk key and click open
Step 11) In terminal,
  1. Enter login name as ubuntu
  2. Run this command sudo htpasswd -c /etc/nagios3/htpasswd.users nagiosadmin
  3. Enter a new password of your choice
Step 12) In your browser, Go to location http://<Public DNS>/nagios3 in my case http://ec2-54-209-48-136.compute-1.amazonaws.com/nagios3/.
Enter Username: nagiosadmin
pass: set in the previous step
Step 13) Nagios Loads

Application of Nagios

Nagios is a health check & monitoring system for a typical Data Centre, comprises all type of equipment's such as:
  • Server & Network Nodes
  • Application monitoring from a single console
  • Application Monitoring with transaction-level insights
  • Monitor Middleware & Messaging Components
  • Customizable Reports and Dashboards
  • UPS Backup System
  • Bio-Metric Identification System
  • Temperature & Humidity Control System (Sensing Mechanism)
  • CCTV/NVR System
  • Storage Subsystem (NAS&SAN)

Disadvantages of Using Nagios

  • Important feature like wizards or interactive dashboard are only available on Nagios XI, which is quite an expensive tool
  • Nagios core has a confusing interface
  • There're many configuration files which are very hard to configure for users
  • Nagios can't monitor network throughput
  • The tool not allows you to manage the network but only allows to monitor the network
  • Nagios makes no difference between various devices like servers, routers, or switches as it treats every device as a host

Summary

  • Continuous monitoring is a process to detect, report, respond all the attacks which occur in its infrastructure
  • Nagio is free to use open source software tool for continuous monitoring
  • Nagio offers effective monitoring of your entire infrastructure and business processes
  • Ethan Galstad uses the ideas and architecture of his earlier work to begin building a new application Nagios which runs under Linux OS
  • Nagios is relatively scalable, Manageable, and Secure
  • Three important components of Nagios architecture are 1) Web Interface (GUI) 2)Nagios Server 3)Plugin
  • Nagios allows application monitoring from a single console with transaction-level insights
  • This tool not allows you to manage the network but only allows to monitor the network
Posted by at No comments:

Top 13 ServiceNow Interview Questions and Answers

1) What is ServiceNow?
ServiceNow is a cloud-based IT Service Management tool. It offers a single system of record for IT services, operations, and business management.
2) What is the full form of CMDB?
The full form of CMDB is Configuration Management Database.
3) Name all the products of Services now
ServiceNow offers various type of tools which is design according to the need of a specific user.
  • Business Management Applications
  • Custom Service Management
  • IT Service Automation Application
  • HR management
4) What is the use of record matching and data lookup features in ServiceNow?
Data lookup and record matching allow you to define field value based on a specific condition in place of writing scripts.
5) Explain the term "Business Rule."
The business rule is server-side scripting. It executes whenever any record is inserted, modified, deleted, displayed or queried. The vital point to keep for creating a business rule is that when and on what action it suppose to execute. You can apply the business rule 'on display,' 'on before' or 'on after' when action is performed.
6) Can you call a business rule with the help of a client script?
Yes, it is possible to call a business rule using a client script. However, you can also use glide ajax for the same.
7) What is domain separation in ServiceNow?
Domain separation is useful ServiceNow method. It helps you to separate data into logically-defined domains. It also provides an option to separate administration.
For example, John is the CEO of two companies, and he is using ServiceNow single instance for both of these businesses. He doesn't want that user of one business can see data of other business. Here you need to use domain separation to isolate the records from both businesses.
8) State some best practices you should follow while using Service now
Here, are some of the best practices which you need to follow while using Service now:
  • You should replace spreadsheets and email with collaborative workspaces.
  • You should automate every business processes of your organization.
  • You can easily develop a modern work environment using ServiceNow.
  • You should aim to enhance, structure and automate the workflow to streamline service delivery.
9) What is a data policy concerning ServiceNow?
You can enforce online data policies by assigning read-only attributes for all the fields. Data policies are almost similar to UI policies. However, the difference between two is that UI policy only applies to data entered on a form by using a standard browser. On the other hand, data policies can apply rules for every data entered into the system.
10) How many types of search options are given in ServiceNow?
Five types of search options in ServiceNow are:
  • Lists: Use to find records in a list.
  • Global Text search: Helps you records in multiple task tables from a single search field.
  • Knowledgebase: Helps you to find knowledge articles.
  • Navigation filter: Allows you to filter the items in the application navigator.
  • Search scenes: It is a custom module which is created only by administrators.
11) What is the use of HTML Sanitizer?
The HTML sanitizer automatically cleans up markup in HTML fields. It helps to eliminate code and protect against security concerns like cross-site scripting attacks.
12) What is a record producer?
A record producer a catalog item which helps you to create task-based records from the Service Catalog. For example, you can create a change record or a problem record with the help of record producer. It offers an alternative way to create records through the Service Catalog.
13) What is the use of an import set tool?
Import set tool helps you to import data from various data sources, instead of using a transform map. The import sets can acts as a staging table for imported records.
Posted by at 4 comments:

ServiceNow Training Tutorial: What is, Use, Reporting

What Is ServiceNow?

ServiceNow is a software platform which supports IT Service Management (ITSM). It helps you to automate IT Business Management (ITBM). This cloud-based platform is designed based on ITIL guidelines.
ServiceNow focuses on service-orientation toward the tasks, activities, and processes. It uses machine learning to leverage data and workflows to help modern enterprise becomes faster and more scalable.
It offers the flexibility, power, and dependability to achieve the goals of the incident and problem management. Moreover, users are free to select their most comfortable support interface. It provides all the information to the technician to diagnose and repair issues while removing the dependency on spreadsheets and emails.
In this tutorial, you will learn-
  • What Is ServiceNow?
  • Why use Service Now?
  • Key Features of ServiceNow
  • History of ServiceNow
  • Who uses Service Now?
  • Products of ServiceNow
  • How to get access to ServiceNow
  • Create a Report in Service Now
  • Best Practices of using Service Now

Why use Service Now?

Here are the prime reasons for using ServiceNow
  • All stakeholders including employee and customer make changes to the same platform which streamlines operations and provides a single version of the truth
  • Allows your employee to perform better, and the service levels will eventually improve
  • Helps to reduce ITSM costs up to 60%
  • Helps you to replace unstructured work patterns/business processes with intelligent workflows
  • It offers many ways to get help including forms, questionnaires, chat, email, etc.
  • Web services and email actions handle events from various monitoring tools and external sources.
  • ServiceNow will help you work very quickly which makes your work process smarter and faster.
  • Being SaaS, you do not need to worry about configuration, deployment, updates, and maintenance.
  • You can offer a customer friendly self-service portal with your branding.

Key Features of ServiceNow

  • Ease of customization
  • Better Support to your customers with low maintenance cost
  • Real time analysis and reporting
  • Data confidentiality and integrity
  • Improved operational tracking
  • On-demand IT Service Management
  • Instance-based implementation
  • Low configuration requirement to quickly running within an enterprise

History of ServiceNow

Fred Luddy founded ServiceNow in 2004. He was former CTO of Peregrine Systems and Remedy Corporation. The company is headquartered in San Diego. CA with offices throughout the US, Asia, Australia, and customers spanning across more than 48 countries.
Historic Milestones
2006- The company is named as Service Now
2007- ServiceNow opened their first Silicon Valley office
2011- The company established a partnership with Accenture
2012- ServiceNow comes with US$210 million IPO and become a publicly traded company
2017- The company acquired Telepathy a UX UI Firm
Release Cycle
ServiceNow has a 10-12 month release cycle, launching new UI, apps, and features with every release. They also ship hotfix, patch release to address maintenance issues.

Who uses Service Now?

Following stakeholders use service now to achieve their business goals:
  • Employees - Use it to request their related IT business services.
  • IT support Team- Use it to manage service requests or incidents.
  • Administrators – ServiceNow helps administrators user access, roles & privilege management
  • Implementers – Use it to deploy process applications and platform features which fulfills an organization business needs.
  • Developers – Create new functionality with scripts to extend standard configurations.

Products of ServiceNow

ServiceNow offers ranges of products which is design according to the need of a specific user's need.
IT Service Automation Application:
This ServiceNow product offers visibility into end-to-end business services by understanding the relationship with the underlying IT resources. It also helps to enhance the availability by knowing service health and reducing event loss time by quickly finding disruptions in the system.
Business Management Applications:
IT business management is a strategic portfolio planning and executions tool. It helps you to focus on the areas which need the highest attention and accelerate time to value.
Custom Service Management:
The tool allows you to connect customer service with other departments to identify and resolve issues. It significantly reduces the cost and increases customer satisfaction. It helps you to increase customer satisfaction, boost efficiency and improve productivity.
HR management:
HR management service tool helps you to improve employee satisfaction. It is a single access point for efficient, personalized HR services. It also helps you to improve HR productivity, streamline employee transactions and optimize service delivery.
Enterprise Security Response Engine:
This performance analytics tool allows you to connect with your existing security tools. It helps you to quickly respond to incidents and vulnerabilities according to the potential impact on your business. The tools help you to improve the speed and efficiency of your security response. Security response engine also helps you to reduce the time spent on basic tasks.

How to get access to ServiceNow

Step 2) Enter Registration Details and Click Submit
Step 3) You will see a message to activate your account. Check your inbox
Step 4) Once Account is activated, sign in using the credential created above.
Step 5) Accept the Service Agreement
Step 6) Read and Accept the Developer Agreement
Step 7) Answer the Survey and click Submit.
Step 8) You will be redirected to ServiceNow Dashboard, Click "Request Instance."
Step 9) Enter your reason to use the instance.
Step 10) Select the London Release
Step 11) Instance will be processed which may take some time. In the dashboard, you will see the login credentials and login link.
Step 12) Clicking on the login link, you will be asked to change your password
Step 13) Finally, you will see the Dashboard.

Create a Report in Service Now

Step 1)
  1. Filter Report in the Navigator.
  2. You will get lots of preconfigured reports.
  3. Click on Create Report
Step 2) In the next screen,
  1. Enter Report Name
  2. Choose Data Source (Table)
  3. You may see a message that report is already configured. Ignore it
  4. Click Next
Step 3) In next screen
  1. Click the Report Type
  2. Click Next
Step 4) In next screen-
  1. Select the Measurement. In our case, we selected Escalation
  2. Click Run Button
  3. Report is generated
  4. Click Save to save the report

Best Practices of using Service Now

  • You need to replace spreadsheets and email with collaborative workspaces.
  • The goal should be to automate ALL business processes of your company
  • You should develop a modern work environment using ServiceNow
  • The focus should be to improve, structure and automate the workflow to streamline service delivery

Summary

  • ServiceNow is a software platform which supports IT Service Management (ITSM). It helps you to automate IT Business Management (ITBM).
  • ServiceNow helps to reduce ITSM costs up to 60%
  • Being SaaS, you do not need to worry about configuration, deployment, updates, and maintenance.
  • ServiceNow enables Real time analysis and reporting, Data confidentiality & integrity, improved operational tracking
  • ServiceNow has a 10-12 month release cycle, launching new UI, apps, and features with every release.
  • ServiceNow is used by 1) Employees, 2) IT Support Team, 3) Administrators, 4) Implementers, 5) Developers
  • Service Now Product suite consists of IT Service Automation, Business Management, Custom Service Management, HR management
Posted by at 2 comments:
Subscribe to: Posts (Atom)