All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Questions

tocstlit
Engager
‎09-24-2013 01:08 PM

We're looking for a solution that will help us do many different things:

  • Analyze outages (the logs that preceded the failure and help us analyze why it happened)
  • Notify of outages (email notifications when a server fails, for instance)
  • Track file changes (which user deleted a file or folder with a timestamp)

Most of our environment is virtual, but can the Splunk App for VMWare also monitor physical machines?

We also want a solution that doesn't take a lot of configuration and tweaking. We are the helpdesk as well as all other aspects of IT, so we need to be available to help our end users when they need us.

I appreciate feedback on whether or not Splunk will help us accomplish what we're looking to get set up.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lukejadamec
Super Champion
‎09-24-2013 01:27 PM

Those are general questions, but answerable. Basically Splunk analyses logs, and the rules are pretty simple. If you are collecting the logs, and the logs have the information you’re looking for then:

1) Yes, if the logs contain useful messages. Splunk is very good at showing you events for specific time periods.

2) Yes, if there is a log that precedes the outage, then an alert can be configured to trigger on that event.

3) Yes, if the system is configured to record file changes, then Splunk can show them to you.

View solution in original post

Reply
Solved! Jump to solution

Narj
Path Finder
‎09-25-2013 07:37 AM

Regarding (2) - if you mean an actual server outage as in dropping off the network or OS crash, splunk won't know about this as it isn't actively polling anything. You could feasibly do this by setting up alerts based on switchport linkdown messages but this could quickly become unwieldy and difficult to manage.

For polling and alerting you'd really need to be looking at something like SolarWinds/Whatsup/Zabbix/HP NNMi/OVO etc.

Splunk will definitely cover the log analysis requirements though, it's very flexible.

0 Karma
Reply
Solved! Jump to solution
Solution

lukejadamec
Super Champion
‎09-24-2013 01:27 PM

Those are general questions, but answerable. Basically Splunk analyses logs, and the rules are pretty simple. If you are collecting the logs, and the logs have the information you’re looking for then:

1) Yes, if the logs contain useful messages. Splunk is very good at showing you events for specific time periods.

2) Yes, if there is a log that precedes the outage, then an alert can be configured to trigger on that event.

3) Yes, if the system is configured to record file changes, then Splunk can show them to you.

Reply
Solved! Jump to solution

tocstlit
Engager
‎10-11-2013 07:55 AM

Thanks for your help. We decided to implement an OpenNMS monitoring system. We're going to hold off on Splunk for now. Thanks for your help!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...