Sunday, 29 September 2013

Splunk - A Solution for Centralized Logging

If any issue is observed in production, there are two major aspects related to providing the solution. First ‘how quick you can analyze the root cause’ and second ‘how quick you can fix the issue’. Story starts from analyzing the root cause. Unless, you find the root cause, you can’t even think about providing solution for that. Can you?

Now let’s think about actual production environment. There may be multiple JVMs where application is deployed.  For the developer or support team, it’s very tedious to go to each box, download the log files and start analyzing the log files to know the root cause of the problem.

To get rid of this tedious task, ‘Splunk’ can help you. Splunk is a product that turns machine data into valuable insights. Splunk can index application logs at centralized location and provides rich user interface on top of indexed logs. With the help of this user interface you can look for data patterns that you might be interested in. Splunk is an Agent-Sever based platform where agents are responsible to collect and index any machine data from various resources at real time.



Licensing Aspects

Splunk charges it’s customer on the basis of how may GB data per day collected/indexed. If you want to try this and you download this first time you will get all of the Enterprise features of Splunk for 60 days and you can index up to 500 megabytes of data per day.

Features
  • Fast data search and analysis 
  • Facilitates custom dashboards
  • Graphical representation
  • Access Control
  • Monitor and Alert
  • Distributed Search
  • Reports

Do you want to play with Splunk?

If yes, you can follow pretty simple step-by-step instructions from here to install it. First try to install it as ‘Local System User’. Once you install and log-in to the Splunk Web you will get below page:


Click on ‘Add Data’ link.



Click on ‘A file or directory of files’ link and provide your log file location. Once you provide your log file location and save data successfully you will see below page:


Now ready to search and click on ‘Start Searching’ link. In search box you can provide your data pattern to search in the log files. You can save your search pattern and result with actions provided with ‘Save’ button. Also, you can create reports and alerts using ‘Create’ button.


Isn't it so easy and interesting? Of course yes. I was really impressed when I tried in my local environment and used different features. 

Alternatives

There are many open sources in market which also provides centralized logging. For more detail refer this  link.

2 comments:

  1. Splunk is really a good tool for monitoring logs.

    ReplyDelete
  2. Nicely described. Keep it up :D

    ReplyDelete