Splunk - Overview

Advertisements
Previous Page
Next Page  

Splunk is a software which processes and brings out insight from machine data and other forms of big data. Machine data is the data that is generated by machines like CPU running a webserver, IOT devices and Logs from mobile apps etc. This data is not needed by the end users and does not have any business meaning but they are extremely important to understand, monitor and optimize the performance of the machines which generate this data.

Splunk can read this kind of data which is unstructured or semi-structured and rarely structured. After reading the data Splunk allows to search, tag, cerate reports and dashboards on these data. With advent of big data, Splunk is now able to ingest big data from various sources, which may or may not be machine data and run analytics on big data. So, from a simple tool for log analysis Splunk has come a long way to become a general analytical tool for unstructured machine data as well was various other forms of big data.

  • Splunk Availability: Splunk is available in following three different product categories.

  • Splunk Enterprise: It is used by companies which have large IT infrastructure and IT driven business. It helps in gathering and analysing the data from websites, applications, devices and sensors etc.

  • Splunk Cloud: It is the cloud hosted platform with same features as the enterprise version. It can be availed from Splunk itself or through the AWS cloud platform.

  • Splunk Light: It allows Search, report and alert on all your log data in real time from one place. It has limited functionalities and features as compared to the other two versions.

In this tutorial, we will look at the important features of the enterprise edition.

Splunk Features

Data Ingestion: Splunk can ingest a variety of data formats like JSON, XML and unstructured machine data like web and application logs. The unstructured data can be modeled into a data structure as needed by the user.

  • Data Indexing: The ingested data is indexed by Splunk for faster searching and querying on different conditions.

  • Data Searching: Searching in Splunk involves using the indexed data for the purpose of creating metrics, predicting future trends and identifying patterns in the data.

  • Using Alerts: Splunk alerts can be used to trigger emails or RSS feeds when some specific criteria are found in the data being analyzed.

  • Dashboards: Splunk Dashboards can show the search results in form of charts, reports and pivots etc.

  • Data Model: The indexed data can be modelled into one or more data sets that is based on the specialized domain knowledge. This leads to easier navigation by the end users who are looking to analyze the business cases without learning the technicalities of the search processing language used by Splunk.

Previous Page
Print
Next Page  
Advertisements
img img img img img img

© Copyright 2019. All Rights Reserved.