November 11, 2014


Search better – Use Splunk

In most support projects, the basic investigations from the support team would involve digging up the logs to find out any exceptions and errors. I really struggled to search for these exceptions or even for keywords related to the issues. All you need to do is log in to the server, jump to the log directory, open the log file and grep (search) the required pattern.  If you are technically well versed with UNIX commands, it will be easier for you to search the logs in less time. I was wondering how to speed up the process when there are severity 1 incidents and one is supposed to prepare the basic investigations report for the management. In such scenarios, “Splunk” is the ideal tool to use for the search.

The “free” Splunk license is intended for individual use. The licensed version offers added capabilities to support multi-users, distributed deployments and includes alerting, role-based security, single sign-on, scheduled PDF delivery, clustering, premium Splunk apps, and support for much higher data volumes.

How would you feel if you had a browser-based search tool that could retrieve all the errors for single/multiple servers in a fraction of a second? Good, right? Well, Splunk is that tool. Think of a scenario where you receive a critical incident at midnight and you are responsible for investigating and resolving the issue to restore the service. You need to connect the servers where your applications are hosted with the help of a remote desktop (if it is more than one server, you need to individually log in to each of the servers and then find your application/server logs). All this process will be time consuming and you could end up in more outage for the applications.  Splunk is a platform that can google your requirement with all the servers and give you the output quickly. You can add any servers (Windows, Linux, Unix, etc) for the server, application, and network logs. Splunk is the Google for your logs. All you need to do is to configure your IT infrastructure hosts into Splunk. You can pull in all sorts of data, and perform all kinds of interesting statistical analysis on it, and present it in a variety of formats. You can simply search for specific patterns, or you can generate all manner of graphical reports.

You could ask how Splunk handles sensitive information.

Well, Splunk is quite secure and any sensitive information like passwords, credit card numbers, names, emails will be encrypted, preventing them from being seen.

Let me simplify the benefits of using Splunk. The key area where we can use Splunk most effectively is in IT Operations.

  • To generate automated alerts: Example, Splunk sends you an alert email if it finds any critical exceptions from the logs.  It will be faster than any other monitoring tool and identifies the issue before you manually identify it.
  • Investigations for Incidents and problem management: You can prepare the reports of incident investigation, and the RCA document in graphical outputs with various trends.

You will be surprised to know that Splunk has a broad customer base including system administrators, security engineers, networking engineers, developers, business analysts, support staff, service desk staff, technical managers, VPs, CIOs and more. For managers, it is very effective to create reports and dashboards, health summaries of IT infrastructures, performance reports, and capacity reports.

*Views or opinions, if any, presented in this blog post are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of its contents without the prior written consent of authorized representative of HCL is strictly prohibited.