Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Anyone splunking Akamai log events?

maverick
Splunk Employee
Splunk Employee
‎12-09-2010 05:24 PM

If so, what are you doing with them and/or kinds of useful searches, alerts, reports, correlations are you running against them?

Reply

jcbrendsel
Path Finder
‎01-16-2011 03:39 PM

We are not Splunking our Akamai logs, we we are splunking our Amazon Cloudfront logs. And we are about to start splunking logs from our secondary CDN (Limelight).

Cloudfront logs are written once per hour. We have crons that check for new logs twice per hour. So while this is not real time, its pretty good. And things get indexed in near real time once the the logs are pulled down.

We treat these much like ou Apache web logs. And are using this for lots of interesting things.

Reply

tedder
Communicator
‎12-16-2010 11:10 PM

I'm not doing anything magical with the Akamai logs, but we do ingest them into splunk. We miss the realtime access to our logs that we get from our own servers, but it's especially important to have insight into the data since we don't own the webservers. In other words, we know something is up with foo.com when the CPU or memory spikes up radically.

With Akamai, since we don't own or have to worry about the hardware, the access data has a higher importance. It's critical to monitor the traffic so we aren't surprised by a large increase in traffic that might have been seen in other ways.

Splunk plus Akamai is a great combination for us- we simply had to receive the logs from Akamai (on an FTP server) and point Splunk at that directory. Basic searches and saved Advanced Charting searches give our users the visibility they need. Saved searches with alerts (email if traffic falls below X) is very handy.

Reply

amanediel
Explorer
‎04-11-2018 03:35 AM

Hi,
I too want to ingest akamai logs and use them in splunk app for akamai in our setup we have 1 search head, 2 indexer and >50 forwarders. But i am unable to understand the splunk documentation to do so. Can you please help me setting up HTTP Event Collector configuration?

Thanks in advance

0 Karma
Reply

maverick
Splunk Employee
Splunk Employee
‎12-12-2010 06:48 PM

Actually I am asking this question for someone else and, yes, they are wanting to ingest the access logs and understand what useful web analytics they can do with the data once its ingested, other than what you might do with apache or IIS access logs, if any

0 Karma
Reply

tedder
Communicator
‎12-09-2010 06:03 PM

which logs? We are splunking our Akamai access logs, which are apache-style logs. We would like to ingest more Akamai logs, so I'm curious what logs you are ingesting.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...