Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
The second presentation at the Boston Splunklive event on January 28th was an in-depth profile of a large-scale deployment in a financial services firm, anonymously described as “one of the world’s largest providers of financial services.” Paddy Griffin, Director of Technical Architecture, used his extensive history in the software industry to provide context to his firm’s plans with Splunk. Unlike other major IT projects at his firm, this Splunk-based initiative is being rolled out in record time, using an iterative approach, to show they can provide a continually enhanced log aggregation and search service as part of their “nimble infrastructure.”
Paddy started his presentation by unveiling the name of the overall initiative: LASSIE (yes, like the famous collie from TV). The acronym stands for Log Aggregation Service with Splunk Indexing and Exploration. A somewhat fitting name when you see the last slide (below) in his presentation.
Think of LASSIE as a service: a log aggregation and search service planned, deployed and managed by a central group; providing value to users around the company. Below you can see some of the various data sources going into LASSIE (Splunk). Paddy said “The ability to index any data without having to maintain and support a data schema is huge.”
Phase 1 of LASSIE focused on providing capabilities for indexing, searching, monitoring and reporting based on log files and changes. Phase 1 also implemented the core foundation for the service including the definition of roles and role-based access controls, and service policies.
As part of the role definitions and role-based access controls, Paddy integrated Splunk with Active directory. These roles are being used both to control information access and privileges on LASSIE (Splunk), and also to provide the views needed by the diverse users in various parts of their business. They are likely to take advantage of the Single Sign-on (SSO) support in the upcoming release of Splunk 4.1. His team also defined a role called “Curators”-people who are aligned with the various business groups (such as bond trading) and have primary responsibility for a business app or service. Curators define the data sources sent into Splunk and who within their business unit can access the data.
Over time LASSIE will need to scale. The approach they are taking is to scale “horizontally”-setting up separate Splunk indexers for each set of users/business groups. Splunk will also enable them to scale linearly, by using multiple Splunk indexers on commodity servers, and let users within a business group search across the indexers. Future plans call for them to enable distributed search, enabling authorized users to get a combined view from searching across the separate Splunk indexes set up across the business groups.
The attendees got useful insights in how to plan a major Splunk deployment in a very large enterprise. And one of the benefits for Paddy from the Splunklive Boston is that he was actually able to meet for the first time other people from his firm who are already using Splunk as well. “Splunk has gone viral in my company!”
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.