In this series, I am going to bring you in on my journey to make Splunk an operational intelligence platform and get this veritable tool to live up to its billing in a medium sized enterprise that features all the usual systems, user categories and issue, from security, to performance, to sustainability and customer relations.
The first step involves understanding the roles, features and capabilities of #Splunk. Splunk was invented about 8 years ago as a Google, but for enterprises and for machine data. I discovered Splunk in 2006 and since then I have had a near romantic relationship with the tool and the platform, given it's power than, and of course it's promise.
=====
Splunk is a data goblin system capable of eating up data spewed or thrown at it from almost any machine source and in about any format, and then it indexes the data it gobbles up in preparation for human consumption. Some common machine data include unix syslog ( also syslog-ng), windows log. Splunk relies on "data sources" and these could be from tradditional syslog port (514), splunk forwarder port (9997), any tcp or udp port (as configured), files and even via scripts. This utilitarian approach to consumable data source is one of Splunk's real strength.
Once Splunk get's the data, regardless of the source, it indexes it. A Splunk index is a collection of databases or subdirectories located in
The first step involves understanding the roles, features and capabilities of #Splunk. Splunk was invented about 8 years ago as a Google, but for enterprises and for machine data. I discovered Splunk in 2006 and since then I have had a near romantic relationship with the tool and the platform, given it's power than, and of course it's promise.
=====
Splunk is a data goblin system capable of eating up data spewed or thrown at it from almost any machine source and in about any format, and then it indexes the data it gobbles up in preparation for human consumption. Some common machine data include unix syslog ( also syslog-ng), windows log. Splunk relies on "data sources" and these could be from tradditional syslog port (514), splunk forwarder port (9997), any tcp or udp port (as configured), files and even via scripts. This utilitarian approach to consumable data source is one of Splunk's real strength.Once Splunk get's the data, regardless of the source, it indexes it. A Splunk index is a collection of databases or subdirectories located in
$SPLUNK_HOME/var/lib/splunk. $PLUNK_HOME is the home directory of your splunk installation, and in Unix systems it is usually in /opt/splunk. The index databases represent Splunk Apps.
https://docs.google.com/document/d/1Rnn3WWtBRt99vMDOeHm0dpFaCvcyg2PUMN7zUiWA5ZY/edit?usp=sharing
No comments:
Post a Comment