Monitoring Approach Strategy

New Member

Hi All

I am looking for "Best Practice" type information on a Monitoring Approach Strategy. These would be things like:

  • What to log? (Windows, Linux, etc.)
  • What events to monitor?
  • What events to tune?
  • What do you do with the output?

Any help anyone can provide would be appreciated.


Tags (1)
0 Karma

Super Champion

Assuming that you are new to Splunk, but not new to computers in a Financial Services industry, then you should step back and consider your environment.

Somewhere in your organization the computers and servers you use were built and are maintained according to some form of Security/Compliance Guidelines. Those guidelines specify what you want to log, and why you want to log it.

Those are the things that you want to monitor and analyze with Splunk. You will probably find that each of those (and there are probably many) are separate topics here on Answers.

For example, when a Windows server was put into production it was preconfigured by someone at your shop to log a specific set of events, for a specific reason. We do not know that information.

Ultra Champion

+1. The question is still a bit open-ended.

What types of systems, standard applications, bespoke applications, what compliance framework (if any)...etc

0 Karma

New Member

Apologies. I am looking for a balance between Security, Compliance & Operations for the Financial Services industry. Hope that helps.

0 Karma

Ultra Champion

That would totally depend on your use cases.

Compliance? Security? Operations? Development? Billing? Business Intelligence?

Sorry, but you need to refine your question a bit before you can get any good answers.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!