Discovering Splunk

2024-09-05

Founded in October 2003, Splunk is a US company specialising in producing software programs for searching, monitoring, and analysing machine data via a web-style interface. In September 2023, Splunk was acquired by Cisco Systems.

Splunk, what is it?

The Splunk product will have the ability to make server-generated data more accessible for everyone. Splunk can ingest all kinds of data: documents, folders, Windows and network data, HTTP Event Collector (HEC), Metrics.

Splunk, qu’est-ce que c’est ?

How does Splunk work?

Splunk will collect all accessible data of the company (logins, metrics,...) and in order to do so, it can use multiple assets such as, agents (Universal Forwarder), database connector (DB_Connect) or HTTP Event Collector (HEC),etc. Then, Splunk will stock it in its database (Indexers).

When all the data is recovered and stocked for a fixed period, it will be accessible for the user through a graphical interface (Search Head) which will allow him to search for the needed information.

Comment fonctionne Splunk ?

What can you do with Splunk?

With the collection of large volumes of server-generated data, Splunk will meet the requirements of non-technical executives and managers, who will gain access to clear and usable data through graphs, reports, alerts, and/or dashboards.

Que faire avec Splunk ?

Splunk can actually analyse and correlate the data of the technical staff in order to solve and predict anomalies. We can also use the app Splunk ITSI (IT Service Intelligence), which relies on the Splunk data. This process offers a clear view of the technical performances but can also detect unusual behaviours, determining the causes and the concerned sectors.

Splunk ITSI, an app with end-to-end monitoring.

Glass Table:

This POV presents a monitoring health status panel that highlights the performance of the app.

Glass Table

Analyzer Service:

This tree gives a general overview of the main and underlying services, which can help us identify the fundamental causes of the dysfunction.

Service Analyzer

Deep Dives:

The side-by-side display of services means that all the measurements can be used and correlated over time to determine the underlying causes of the problem.

Deep Dives

In short, the Splunk software allows you to have all the logs of an app or company in one place. Thus, we can locate the problem and find ways to solve it. Splunk will detect malfunctions way faster, acting as an incident anticipation tool.

Sébastien Splunk This post was written by Sébastien, Extia’s Splunk Administrator.

Find more information on Splunk

Discover an exciting overview of Splunk on the official website. You will find a detailed description of the products, services, and resources.