Geeks in Paradise | Brian Chee » Splunk 2.1 update

September 25, 2006 | Comments: (0)

Splunk 2.1 update

TAGS: Testing notes

I had the opportunity to play with Splunk for the first time in the article Splunk makes log-file searches a slam dunk InfoWorld Test Center April 28, 2006 By Brian Chee where I found a superbly crafted piece of software for mining golden nuggets in the mass of syslog info found in just about any modern IT organization. My only reservations were a relatively unforgiving configuration that involved editing XML files, and a lack of integration with modern monitoring consoles. I guess the Splunkers and I were thinking alike, since this news story broke not long after my story appeared: Splunk touts partnership with CA InfoWorld News 2006-05-01 By China Martens, IDG News Service shutting me up immediately.

 

Not to be left standing still, the Splunkers have been very busy doing an even better job at mining those golden nuggets...here are some screen shots taken live at the Interop New York show...

 

Here is a screen shot of some live log files of folks getting caught in our HoneyNET aka the Extreme Sentriant named RochMotel.

Just to make life easier, the Splunkers broke up the InteropNET traffic into catagories to make the data even easier to find.

 

So if your log traffic gets really hot and heavy, you can setup distributed Splunk servers to split the load. In this case we broke it up by NOC1 or NOC2, and show floor.

In this case, my Splunk tour guide drilled down to find the source of some possible wireless issues.

Posted by Brian Chee on September 25, 2006 04:23 PM

RATE THIS ARTICLE: