Splunk and Cisco APIC drive Network Analytics
When Cisco first envisioned the concept of an Application Centric Infrastructure (ACI) we knew it wouldn’t be possible for ACI to achieve its full potential without the active support of a broad and comprehensive partner ecosystem. Today, more than 26 partners delivering a range of industry-leading infrastructure, security, cloud, mobility and other solutions are actively teaming with Cisco to help organizations achieve our ACI vision.
One of these partners is Splunk, the leading provider of real-time operational intelligence.
Splunk is unique in its ability to ingest massive volumes of data across a multitude of sources, talk to every element of a data centre infrastructure in real-time, and create correlations across technology, application, security and networking and other silos.
Splunk shares Cisco’s vision for ACI and has teamed with Cisco to enable single pane of glass visibility across the datacenter for real-time monitoring of applications and underlying infrastructure components.
Together, Cisco and Splunk have partnered to develop Cisco ACI for Splunk Enterprise. This app, which will be released with APIC controller, delivers centralized, real-time visibility for applications and ACI infrastructures across bare metal and virtualized environments.
- Quick isolation of application issues resulting in faster root cause analyses
- Maximized application uptime through proactive performance monitoring
- Streamlined administration of multi-tenant environments
How It Works
Cisco APIC enables visibility to the network control plane with a unified, application-driven policy approach that aligns with Splunk’s own ability to provide visibility across all the components or layers in the infrastructure that can impact the application delivery to end users. APIC is in charge of monitoring the application health from a network viewpoint and assigns a health score for each application network under management. If any degradation in the fabric occurs and impacts a specific application, APIC recalculates the application health and notifies the fault management system of this change in health score.
Splunk uses Cisco’s open API framework to collect APIC events, health scores and inventory data. Cisco ACI for Splunk Enterprise (figure 1) leverages the Splunk search processing language to enrich APIC data with VMware data, thereby enabling a single pane of glass view for troubleshooting and incident management in a VMware environment.
In addition to the out-of-the-box reporting and analytics capabilities for the ACI environment, the app includes a set of pre-defined dashboards tailored to specific users:
- Helpdesk admin. Enables the help desk operator to ask questions of the data such as which tenant, which application, which VM, which Leaf and port are degraded before escalating the ticket to Tenant or Fabric admin as appropriate.
- Tenant admin. Delivers a simplified view of tenants with the ability to drill down to a specific tenant. Within that tenant, the admin can focus on a specific application and view application and VM health by bridge domains, applications and context.
- Fabric admin. Shows node and port level health and faults including leaf & spine visibility with the ability to isolate by a specific leaf and drill down by chassis, line card, fabric card, system controller, etc.
But wait …there’s more! This is just the tip of the iceberg of what is possible with Splunk and ACI. Splunk is a highly flexible platform which enables you to easily build on the out-of-the-box functionality of Cisco ACI for Splunk Enterprise to include unstructured and polystructured data from virtually any source across your global environment. You can collect data from up to tens of thousands of sources and correlate complex events for richer analysis and insights.
Splunk Practice Lead Hal Rottenberg points out, “With the advent of ACI, you will be able to tie business objects, like an application or a service, in a very dynamic and programmable fashion, to the low-level network constructs like VLANs and firewall rules that used to be walled off by the traditional silos seen in almost every IT organization … the data that’s needed to dynamically build a correlation that will allow you to make the One True Dashboard in Splunk!”
A Winning Combination
Advanced visibility and delivering the right information to the application owners is key in this era of cloud and mobile applications/data centres.
The combination of ACI’s tight coupling between applications and the network with Splunk’s ability to deliver centralized visibility across all facets of an application environment – from the applications themselves to network, compute, storage and even end points beyond the fabric – is a significant win for joint customers.
Visit Splunk booth 2011 at Cisco Live for a live demo on Cisco ACI for Splunk Enterprise live. For a full view of Splunk demos and speaking sessions, check out Visit Splunk at Cisco live 2014.