Splunk is a unique platform to get the actual disparate systems throw their logs to one common platform where intelligence could be produced for Business, Security and overall health prospective.
When we talk about enterprises, it could be composed of any set of systems, in-house or external, legacy or customized, customer facing or business facing, Microsoft or Open Source etc.
I remember my experience of IT support in retail with World’s 2nd largest Home Improvement where handing Sales on Thanksgiving was a nightmare. Getting experts for 20 different running systems and also from the respective business in a War room had significant budget involved.
Now, when any unwanted error comes at any retail counter of any of over 1700 stores, a panic button is just an inch away. Everybody starts looking in the system, each one of the stakeholder (Hundreds) is being seen as a culprit, separate error logs are being watched and there are dozens of facilitators involved to connect the dots, so that no error stops the smooth sales of Thanksgiving.
This is just an example I used to be part of, but I believe each enterprise faces such situations and does post-mortem too. There must be a wish – can’t we have some Robot to assess all involved systems and just give the indicator of problem long before problem occurs.
Journey continues and an answer comes in the form of Splunk.
- Why can’t we have each system implement their logging mechanism uniform?
- Generally, data flowing in the participating system cause that, why not just capture that data in a secured way and point that out?
- Let’s have an agent in each participating system irrespective of their underlying OS (Linux, MS, Solaris, Mainframe etc.) and job of agent is just to push the logs to a common server.
- Let Common platform empower the stakeholder to build their dashboards for whatever needs they have, like Information Security, Web Interfaces/System Handshaking, Core Business Purposes or even for Root Cause Analysis.