Capture the Power of Splunk with Dell EMC Powerstore

Solution Brief

Capture the Power of Splunk with Dell EMC PowerStore Splunk provides a way to easily collect, index, and analyze the untapped digital exhaust or machine-generated data from IT infrastructures in meaningful and efficient ways. Splunk is designed to be highly scalable and provides highly available configurations. This allows organizations to react faster to changing business needs or problems through well-informed and data-driven decisions. To make the adoption of Splunk easier, Dell Technologies and Splunk have partnered and created an engineered portfolio of highly available, scalable, and optimized solutions for Splunk workloads.

Dell EMC storage products Transforming digital exhaust into valuable assets for meaningful business outcomes PowerStore T model appliance As technology and IT systems continue to evolve in the modern data center, so does the classification and meaning of data that they produce. Regardless of the systems producing this data, data are produced in massive amounts, and every IT infrastructure has its own Isilon distinct data footprint. Data footprints consist of structured, unstructured, timestamped, real-time, machine, dark, and other data classifications. Whatever the data composition may be, it is either big data that is primary to the business, or it is digital exhaust. This secondary type of data is a byproduct of the IT systems and consumers.

ECS This byproduct is usually unstructured machine data that is produced from servers, software, network logs, system logs, application logs, online activities, web browsers, Internet of things (IoT) devices, and more. Even though machine data is secondary to big data, machine data exists in greater volume and has an unknown value. Unfortunately, because of its unknown value, much machine data and other digital exhaust are frequently never used and are purged, causing Highlights lost business opportunities.

Outstanding overall efficiency with thin savings, Once its value is identified, machine data can provide enormous snapshots, and advanced data-reduction technologies. benefits to the business such as the following: Mission-critical availability for large-scale, high- • Provide awareness to opportunities value business analytics of digital exhaust • Decipher activity and trends Enterprise-class data encryption using 256-bit • Provide analytics for mobile devices and IoT metrics AES • Report immediate feedback to business changes Architected to maximize performance with NVMe • Improve security and intrusion detection media Non-disruptive hardware upgrades However, for the data to become useful, its format must be understood. Flexible scaling for distributed Splunk workloads Also, an analytic tool must be able to intelligently mine the data and retain the data in the long term for business analytics. Adaptable architecture for operational simplicity and agility Splunk Enterprise allows this to happen. It provides a way to collect the Ability to optimize and maximize shared and digital exhaust, index it, and provide a dashboard to visualize the tiered storage machine-generated data in meaningful ways.

© 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners

This capability allows businesses to react faster to changing business needs or problems through well-informed and data-driven decisions.

Splunk and PowerStore key benefits

Dell EMC™ PowerStore™ T models provide operational simplicity and agility, and fundamentally change the way Splunk environments are managed and perform. PowerStore uses a container-based micro-services architecture, advanced storage technologies, and integrated machine learning to unlock the power of your data. All PowerStore T models are versatile platforms with a performance-centric design that delivers horizontal and vertical scaling opportunities, always-on data reduction, and support for NVMe media.

• Multi-dimensional scalability: Provides seamless scale for capacity and performance for massive data growth • Cloud simplicity: Brings the simplicity of public cloud to on-premises • Streamlines operations: Integrated machine-learning engine for seamless automation • Predictive analytics: Machine-learning engine enables automatic monitoring, analyzing, and troubleshooting the storage environment • Data-in-place upgrades: No disruptions to Splunk software or its data • Exceptional storage efficiency: Reduces copies of data or index with lower replication and search factors (RF/SF), inline compression of index files, and inline deduplication for clustered indices • Increased data protection: Uses self-encrypting drive capabilities • Availability: Designed for six-nines of availability using patented technology (Dynamic Resiliency Engine)

Adding other Dell EMC storage solutions like Dell EMC Isilon™ and Dell EMC ECS™ brings even more benefits. This addition can help you realize greater Deleted Thawed storage efficiencies with purposeful data placement of hot and warm buckets on PowerStore and cold and frozen buckets Splunk buckets on Isilon or ECS storage.

PowerStore is a versatile platform that is architected for superior performance Hot Warm Cold Frozen using NVMe media, multi-dimensional scale, and always-on inline data reduction.

PowerStore brings the simplicity of public cloud to on-premises infrastructure, streamlining operations with an integrated machine-learning engine and PowerStore T model seamless automation. It offers predictive appliance analytics to easily monitor, analyze, and Isilon troubleshoot the environment. It also offers investment protection through flexible payment solutions and anytime upgrades.

High availability and fault tolerance for mission-critical Splunk deployments

PowerStore offers enterprise-class availability using a patented technology called the Dynamic Resiliency Engine. PowerStoreOS, a container-based OS architecture, in concert with the PowerStore fully redundant hardware, provide several highly available and fault-tolerant features for business-critical data. PowerStore continuously monitors the hardware components, and if it detects a failed component, PowerStore generates alerts and continues to service data requests without business disruptions. PowerStore has intelligent and flexible infrastructure to handle drive or hardware component failure seamlessly without causing any disruption.

To support mission-critical workloads at the application layer, it is essential to protect and ensure availability of ingested Splunk data from planned or Bucket unplanned events. These events can include server updates, server failures, network failures, or data-center failures.

Primary When configuring a Splunk indexer cluster, you must specify the number of copies of data required to be maintained. As incoming data arrives in Splunk, Bucket Bucket Splunk stores the data in a bucket and maintains the specified number of multiple-bucket copies for each bucket on separate indexer nodes. The number of multiple-bucket copies is the replication factor. Splunk tolerates a Secondary Secondary failure of ((replication factor) – 1) indexer nodes. Replication factor of 3

Reduced storage consumption and cost with PowerStore inline data reduction

As digital exhaust continues to grow and as it becomes identified as valuable machine data, it becomes a critical data asset in the business analytics world. This machine data can be run through Splunk to gain insights into IT infrastructure components and consumers. When using Splunk on PowerStore T models, the always-on inline data reduction feature greatly reduces the actual storage used but maintains the application data availability and protection expected from Splunk. This space savings is also applicable to Splunk environments that use a replication factor.

In an internal test that was run to ingest a Linux® log file in Splunk, a 4:1 data reduction savings was realized in a PowerStore T model appliance. However, the data-reduction savings can vary according to the type of data that is ingested into Splunk software and other data residing on PowerStore.

Splunk ingestion rates with PowerStore

We conducted a lab experiment using several Dell EMC PowerEdge™ 640 servers and a PowerStore T model appliance and followed published sizing information for Splunk and configuration guidelines in Splunk documentation. In this test, the Splunk deployment reached an ingestion rate above 1 TB per day with three indexers.

Efficient data protection with snapshots

PowerStore T model appliances use redirect-on-write technology to provide Splunk with additional data protection using array-based snapshots. A PowerStore snapshot is a point-in-time copy of the data which is space efficient and takes only seconds to create. Snapshot data can be used for application testing, backup, or DevOps.

Secured and automatic data protection

Dell Technologies engineered PowerStore T models with Data at Rest Encryption (D@RE) which uses self- encrypting drives and supports array-based self-managed keys. When activated, data is encrypted as it is written to disk using the 256-bit Advanced Encryption Standard (AES). PowerStore D@RE provides this data-security benefit to Splunk Enterprise while eliminating application overhead, performance penalties, and administrative overhead that is typically associated with software-based solutions.

Splunk value and future expansion

Analytics applications like Splunk are changing the way that untapped digital exhaust from IT systems and consumers is perceived. They change how digital exhaust is used to provide insights to drive business results, provide opportunities for business transformation, and improve operational performance. Since machine data generally exists in a greater volume than big data, and as its value becomes more identifiable, the need to provide a future-proof platform is critical. Splunk combined with PowerStore T model appliances enables organizations to be responsive to business demands.

Learn more about Dell EMC PowerStore Contact a Dell solutions Technologies expert