All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Questions

tocstlit
Engager
‎09-24-2013 01:08 PM

We're looking for a solution that will help us do many different things:

  • Analyze outages (the logs that preceded the failure and help us analyze why it happened)
  • Notify of outages (email notifications when a server fails, for instance)
  • Track file changes (which user deleted a file or folder with a timestamp)

Most of our environment is virtual, but can the Splunk App for VMWare also monitor physical machines?

We also want a solution that doesn't take a lot of configuration and tweaking. We are the helpdesk as well as all other aspects of IT, so we need to be available to help our end users when they need us.

I appreciate feedback on whether or not Splunk will help us accomplish what we're looking to get set up.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lukejadamec
Super Champion
‎09-24-2013 01:27 PM

Those are general questions, but answerable. Basically Splunk analyses logs, and the rules are pretty simple. If you are collecting the logs, and the logs have the information you’re looking for then:

1) Yes, if the logs contain useful messages. Splunk is very good at showing you events for specific time periods.

2) Yes, if there is a log that precedes the outage, then an alert can be configured to trigger on that event.

3) Yes, if the system is configured to record file changes, then Splunk can show them to you.

View solution in original post

Reply
Solved! Jump to solution

Narj
Path Finder
‎09-25-2013 07:37 AM

Regarding (2) - if you mean an actual server outage as in dropping off the network or OS crash, splunk won't know about this as it isn't actively polling anything. You could feasibly do this by setting up alerts based on switchport linkdown messages but this could quickly become unwieldy and difficult to manage.

For polling and alerting you'd really need to be looking at something like SolarWinds/Whatsup/Zabbix/HP NNMi/OVO etc.

Splunk will definitely cover the log analysis requirements though, it's very flexible.

0 Karma
Reply
Solved! Jump to solution
Solution

lukejadamec
Super Champion
‎09-24-2013 01:27 PM

Those are general questions, but answerable. Basically Splunk analyses logs, and the rules are pretty simple. If you are collecting the logs, and the logs have the information you’re looking for then:

1) Yes, if the logs contain useful messages. Splunk is very good at showing you events for specific time periods.

2) Yes, if there is a log that precedes the outage, then an alert can be configured to trigger on that event.

3) Yes, if the system is configured to record file changes, then Splunk can show them to you.

Reply
Solved! Jump to solution

tocstlit
Engager
‎10-11-2013 07:55 AM

Thanks for your help. We decided to implement an OpenNMS monitoring system. We're going to hold off on Splunk for now. Thanks for your help!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...