I want to do a POC on Splunk. I have installed it on my Linux box. I know the search capability of it. I want to convince my management about its operational intelligence and data analytics capability. My management wants to see how Splunk can provide data analysis from application till the server os level. For this I want to make a setup. I can pull the logs from web, app, db, network and OS to my splunk server, but I want some ideas on creating the searches, scenarios and dashboard that will show various ways of data analysis from purely infrastructure point of view in datacenter environment. If you guys can provide me or guide me in some direction, that will very much helpful.
The easiest one to do a POC with would probably be one of the cisco apps. I only say that because you could ingest cisco syslog realtively painlessly. A lot of the operating system apps work best when you are using a universal forwarder installed on client servers to collect the data. This wouldn't be a problem if you have a test lab to use. The other alternative is to research using the data generators to create test data for different platforms to demo splunk's search and visualization capabilities.
Install the apps for the various components and systems in your environment, and play with them. That will give you an idea of how Splunk can work for your environment. There are a great many apps, so they should give you quite a few ideas.
Also, it would be a good idea to take the tutorial.
Here is the link to the main Apps page. There is a button at the bottom to show all apps. There are a lot of apps. I know nothing about your environment, so it is hard to point you specific apps. However, the CIM app is a good one for correlation, tho it can be trick to configure.
Thanks Luke for your response. Can you direct me to some apps and scenarios which I can install in my environment ? to show case something from data analysis point of view. I have already started going through the tutorials. Do you have any link through which I can create a co-relation event scenarios, that would be great.