Leveraging the open architecture of the EndaceProbe INRs, Emulex now offers its customers an integrated Splunk Fusion Connector that extends Splunk by allowing users to select an event in their Splunk dashboard and deep dive to the associated packet-level information. This allows users to rapidly gain deeper insight into critical problems and ultimately lower TTR.

Going Deeper, Faster—The Combined Value of Splunk and Emulex Splunk is an industry-leading software platform for collecting and correlating machine data generated from a variety of different IT systems and infrastructure. Customers use the technology to help detect network problems, monitor infrastructure elements and gain real-time visibility into customer experience, transactions and behavior.

When it comes to resolving network issues, Splunk provides a wide breadth of visibility by nature of its network event collection and correlation capabilities, however the logs that provide this visibility are only application interpretations of the actual packet flows on traversing the network. This summary level information is very good at indicating the presence of network issues, but does not provide sufficient resolution to be able to determine the root cause of the problem.

Integrated with EndaceProbe INRs (see Figure 1 and Figure 2), the combined solution provides organizations with the ability to detect and investigate issues at the network packet-level, lowering TTR on a whole range of issues. Network Operations (NetOps) and Security Operations (SecOps) teams use the historical record of network activity to help engineers and analysts with troubleshooting and security forensics. Because Emulex captures 100% of the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE), 40GbE or 100GbE link, the EndaceProbe historical view is at a level of detail and accuracy found nowhere else in the industry.

Deploying EndaceProbe™ Intelligent Network Recorders and SplunkEmulex and Splunk deliver an elegant and seamless workflow solution for detecting and resolving network issues

S O L u T I O N S B R I E F

At a Glance

Splunk captures summary level information that indicates the presence of network issues, but does not provide sufficient resolution to determine the root cause of the problem. Integrated with EndaceProbe Intelligent Network Recorders (INRs), the combined solution provides organizations with the ability to detect and investigate issues at network packet-level in order to lower time-to-resolution (TTR) on a whole range of issues.

Product

EndaceProbe Intelligent Network Recorder

Solution Benefits

n Greater insight into critical network issues

n Reduce TTR

n Lower operational expenditures (OPEX)

The Endace Fusion Ecosystem Program optimizes data analysis workflows between

its family of EndaceProbe INRs and industry leading third-party monitoring and security tools that detect anomalous network behavior.

Endace is a division of Emulex

Figure 1 – Splunk integration

D ATA S H E E T

Deploying EndaceProbe Intelligent Network Recorders and Splunk

13-1127 · 6/13

By integrating Splunk and Emulex technologies at the ‘event’ level, organizations can complete the detection and investigation cycle more quickly and completely. The benefits of the Splunk Fusion Connector include:

n Productivity improvements for end users that ultimately result in lower OPEX

n Ability to contain real issues more effectively, thus reduce the impact on end users

n The opportunity to detect false positives more quickly and better ‘tune’ detection systems

n The ability to affect better quality fixes through true root-cause analysis

The SolutionThe Splunk Fusion Connector is a free piece of software, created by the team at Emulex, enabling NetOps teams that rely on Splunk for network fault management to dramatically reduce the time it takes to investigate and resolve network and security problems. It works by connecting users to the precise network packets that they need to diagnose, respond and establish the root cause of a problem through an elegant and seamless workflow.

The Splunk Fusion Connector is available through SplunkBase. The plugin is easy to install (on the appliance running the Splunk instance) and adds minimal overhead to the performance of the application.

EndaceProbe INRs are deployed at strategic/relevant points across the network. Leveraging the INRs’ RESTful API, users can click on a Splunk event and pivot straight to the packets of interest which are delivered to the user as a .PCAP or .ERF file for deep analysis in a protocol analyzer, such as Wireshark®.

ConclusionEmulex EndaceProbe INRs and Splunk integrate to provide a wide view of the network with a comprehensive search and drill down capabilities, providing SecOps and NetOps teams the fastest TTR for a whole range of issues in the industry today.

Figure 2 – Endace Flow Search

www.emulex.com Endace uSA Limited14425 Penrose Place, Suite 225Chantilly, VA 20151, uSAPhone +1 877 764 5411Phone +1 703 378 0601Fax +1 703 935 4840

Endace Limited (uK)Davidson House, Forbury SquareReading, Berkshire, RG1 3Euunited KingdomPhone +44 118 900 1425Fax +44 118 900 1426

Endace Australia Pty. Ltd.Level 32, 101 Miller StreetNorth Sydney, NSW 2060 AustraliaPhone +1 800 196 594Phone +61 2 8912 2157

Emulex Corporate Office3333 Susan Street Costa Mesa, CA 92626, uSA Phone +1 714 662 5600

Endace Fusion Ecosystem The Endace Fusion Ecosystem Program ensures a predictable customer experience when the Endace Application Dock is used. This program provides application vendors with a structured method for testing and validating the performance of particular applications in the Application Dock environment. Deploying applications into the Application Dock environment offers organizations a number of important and valuable benefits, including:

n Improved application performance

n Reduction in hardware footprint (for lowered OPEX and capital expenditures [CAPEX])

n Improved workflow

n Improved flexibility and agility

For more information about the Fusion Ecosystem Program, click here.