4 minute read

Splunk is a piece of software used for searching, monitoring and analyzing big data generated by machines, applications, systems and IT infrastructure through a web interface.

Splunk captures, indexes and correlates in real time; storing it all in a repository where it searches to generate easily definable charts, alerts and dashboards.

Splunk’s goal is to make the data from these machines (this Big Data) accessible to the entire organization, allowing the identification of patterns, measurements, diagnosis of problems and provision of intelligence to any part of the business.

Splunk is a horizontal market-scale technology used for application management: information security, regulatory compliance, business, and web analytics.

Features

Data Ingestion

Splunk can ingest a variety of data formats like JSON, XML and unstructured machine data like web and application logs. The unstructured data can be modeled into a data structure as needed by the user.

Data Indexing

The ingested data is indexed by Splunk for faster searching and querying on different conditions.

Data Searching

Searching in Splunk involves using the indexed data for the purpose of creating metrics, predicting future trends and identifying patterns in the data.

Using Alerts

Splunk alerts can be used to trigger emails or RSS feeds when some specific criteria are found in the data being analyzed.

Dashboards

Splunk Dashboards can show the search results in the form of charts, reports and pivots, etc.

Data Model

The indexed data can be modelled into one or more data sets that is based on specialized domain knowledge. This leads to easier navigation by the end users who analyze the business cases without learning the technicalities of the search processing language used by Splunk.

Use cases

Inventory monitoring

The Splunk App for VMware collects inventory data that enables you to better monitor the components in your VMware vSphere environment. These inventory objects include hosts, virtual machines, data stores, and networks.

Performance monitoring

All of the dashboards in the Splunk App for VMware display a real-time operational state of the entities in your vSphere environment based on thresholds that are predefined in the Splunk App for VMware.

In addition to reporting on VMware performance, you can:

  • Look at host details and compare hosts in your environment.
  • Monitor real-time dashboards that visualize performance events across the virtual topology map.
  • Drill down to problem sources and access granular performance metrics using accelerated Splunk Enterprise searches.
  • Proactively detect performance issues and prevent them from impacting your end users.

Correlation

The Splunk App for VMware gathers granular performance and event data from your virtualization layer. Correlate that data with data from other entities (such as datastores) to resolve issues in your environment.

Troubleshooting

Use the dashboards in the Splunk App for VMware to determine the root cause of performance problems in your environment.

  • Navigate the topology map in the Proactive Monitoring view and drill down to discover the source of problems in your environment.
  • Track migrating virtual machines in your environment (as they migrate from one physical host to the next).

Scaling

The Proactive Monitoring view builds an interactive topology map of you environment. It is designed to scale to the largest of virtual environments and provides quick access to the data.

Capacity planning and reporting

Use the dashboards to find resources that are over or under utilized in your virtual infrastructure.

  • See real-time data for cpu, memory, disk, and datastore consumption and optimize your environment based on consumer needs.
  • Set alerts to notify you when capacity shortfalls occur and see where you can reclaim unused space or re-allocate additional resources.
  • Get visibility into bottlenecks and capacity utilization. The Splunk App for VMware collects granular performance metrics at 20-second intervals which enables you to trend utilization over time and optimize based on your data.
  • Use capacity forecasting to predict resource usage for different entities in your environment.

Proactive (operational) monitoring

Use the searches and reports to track changes in your environment.

  • Use the interactive visual maps of your virtual environment and alert on abnormalities to proactively manage issues.
  • Look at the real-time operational state (Home view) based on predefined thresholds and drill down into an interactive topology map to isolate problems.

Security reporting

Look at a visual display of security relevant events and check for potential security breaches.

  • Get visibility into user activity using access controls and an audit of tasks and events on your virtual infrastructure.

Change tracking

Audit changes to your environment, manage users and roles, and get insight to the scope and impact of changes that can negatively affect availability, performance, security and capacity.

  • Keep track of your virtual infrastructure, the state of the assets, and trend the performance impact of migrating virtual machines (from host to host).
  • Monitor events to get a definitive record of what happened in your environment.
  • Explore the topology map of your virtual environments. Highlight problems and make comparisons based on performance metrics.