What is Splunk?

By | February 12, 2020
0 Comment

I have decided to start writing again.  I will start with the three leading big data platforms and add more as time allows.  As you can see by the title, we will dig into Splunk today.

What is Splunk?

Splunk is a software technology used for monitoring, searching, analyzing, and visualizing machine-generated data in real time. For example, it can monitor and read different log files and store data as events in indexers.  In addition, Splunk allows you to visualize data in various dashboards.

Why do we need Splunk?

Incoming logs look something like this (This is sample data freely available on the web):

Event Gen

Trying to find the data you need is similar to looking for a needle in a haystack.

Benefits of using Splunk:

  • Offers enhanced GUI and real-time visibility in a dashboard
  • It reduces troubleshooting and resolving time by providing instant results
  • It is the best-suited tool for root cause analysis
  • Splunk allows you to generate graphs, alerts, and dashboards
  • You can easily search and investigate specific effects using Splunk
  • It will enable you to troubleshoot any condition of failure for improved performance
  • It helps you to monitor any business metrics and make an informed decision
  • Splunk will enable you to incorporate Artificial Intelligence into your data strategy
  • Allows you to gather practical Operational Intelligence from your machine data
  • Summarizing and collecting valuable information from different logs
  • Splunk will enable you to accept data like .csv, JSON, log formats, etc.
  • It offers the most powerful search analysis and visualization capabilities to empower users of all types
  • It allows you to create a central repository for searching Splunk data from various sources

Features of Splunk

Essential features of Splunk are:

  • Accelerate Development & Testing
  • Allows you to build Real-time Data Applications
  • Generate ROI faster
  • Agile statistics and reporting with Real-time architecture
  • Offers search, analysis, and visualization capabilities to empower users of all types

Splunk Products

Splunk is available in three different versions.

  • Splunk Enterprise
  • Splunk Free
  • Splunk Cloud

You can check out the comparison chart here.

Within these different versions, there are other products.

  • Core
  • IT Operations
  • Security
  • IoT
  • Business Analytics

Core

  • Splunk Enterprise
    • Ingest data from different sources, including systems, devices, and interactions, and turn that data into meaningful business outcomes across your organization
  • Splunk Cloud
    • Splunk Cloud meets the FedRAMP security standards and helps U.S. federal agencies and their partners drive confident decisions and decisive actions at mission speeds.  Now, agencies can ingest data once — in real-time — and use that same data to address various challenges across various programs and initiatives spanning security and IT operations, modernization, and mission objectives.
  • Splunk Investigate
    • Improved search allows you to build code incrementally using SQL-based query language while adding inline annotations for more performant queries.
  • Splunk Data Fabric Search
    • Analyze datasets with long timeframes spanning hours to multiple years.  Additionally, Splunk DFS analyzes high-cardinality data containing up to billions of unique values, such as user IDs or IP addresses.
  • Splunk Data Stream Processor
    • Perform real-time searches to detect specific conditions that occur on the stream.  Aggregate or filter out data that meet particular requirements and mask sensitive or private information

IT Operations

  • Splunk IT Service Intelligence (ITSI)
    • Splunk ITSI uses AI powered by ML to help decrease event noise and predict future degradation with KPI predictions and predictive cause analysis.  Discover when services are likely to degrade and proactively remediate issues and outages
  • SignalFx
    • Pre-built dashboards with hundreds of integrations and pre-built content enable fast time to value.  Discover new services in seconds and slice and dice data searches by service, availability zone, region, and more
  • VictorOps
    • Use VictorOps to streamline your on-call schedules and escalation policies.  From rotations to overrides, we automate the cumbersome essentials that make on-call a drag.
  • Splunk Insights for AWS Cloud Monitoring
    • View AWS audit activity, unauthorized users, key-pair and security group violations, VPC traffic source, out-of-band instance provisioning, security assessment findings, compliance checks, and AWS instance changes—all on simple-to-use dashboards
  • Splunk App for Infrastructure
    • The Splunk App for Infrastructure (SAI) provides a curated, unified metrics and logs experience focused on infrastructure performance monitoring.  Efficiently distribute metrics by defining, grouping, and filtering entities.

Security

  • Splunk Enterprise Security (ES)
    • Unlock the power of analytics-driven security.  Identify, prioritize and manage security events with event sequencing, alert management, risk scores, and customizable dashboards and visualizations.
  • Splunk User Behavior Analytics (UBA)
    • Automate threat detection using machine learning so you can spend more time hunting with higher fidelity behavior-based alerts for quick review and resolution
  • Phantom
    • Phantom’s flexible app model supports hundreds of tools and unique APIs, enabling you to connect and coordinate complex workflows across your team and tools.  Powerful abstraction allows you to focus on what you want to accomplish while the platform translates that into tool-specific actions.

IoT

Get an integrated view into the health of your critical assets and control systems, and perform advanced analytics with no programming.  Minimize routine preventative maintenance that introduces risk and decreases availability, set early warnings, and trigger real-time actions with live alerts and dashboards.  You can now quickly identify and diagnose issues and improve availability and performance.

Business Analytics

Get an end-to-end recreation of any end-to-end business process with the power of Splunk’s real-time data platform to discover anomalous pathways quickly.

Summary

We have scratched the surface with this Splunk overview.  This will give you a 1000-foot view of what Splunk is and how it can benefit your business.