Splunk is a product/tool which captures the real-time data & indexes the data, extracts interesting fields to analyse. We can create various Splunk objects like Alerts, Reports, Dashboards using this real-time data. By doing so, we can analyse various issues happening in Applications that feeds data to the Splunk.
For Example,
- you can find all the 500 errors of your application happened during last 12 Hrs.
- you can find all the intruders or users who are trying to hack the system. For example, if from a particular IP address, if we see some unusual 403 forbidden errors, let say, when the user is trying to enter the password with a lot of trials.
- you can create an alert with the above mentioned scenarios, for example, if we find 500 errors more than 10 in last 4 hrs, we should get an alert.
- We can create Dashboards with all the charts & reports in one place for a better monitoring and analysis.
Splunk provides a search query language of its own, which does have a lot of commands for searching & reporting, often called as "Transforming commands" & "Non-transforming commands". Using these commands - we can analyse & capture the realtime statistics of the application in one place.
No comments:
Post a Comment