Tuesday, January 20, 2009

Log Management, the easy way

Today i have found an interesting Log Management software, called Splunk. Seems very powerful, and they even have a free version.

Splunk website - http://www.splunk.com/

Splunk documentation - http://www.splunk.com/base/Documentation

What Splunk can do for you:

Index
With a variety of flexible input methods you can index logs, configurations, traps and alerts, messages, scripts, and code and performance data from all your applications, servers and network devices. Monitor file systems for scripts and configuration changes, capture archive files, find and tail live application logs, connect to network ports to receive syslog, SNMP and other network-based instrumentation. And this is just where it starts.


Search
Fast, free form search on anything, not just a few predetermined fields. Boolean, nested, quoted string and wildcard searches. No knowledge of specific data formats required. Combine time and term searches. Find errors across every tier of your infrastructure and configuration changes in the seconds before a system failure occurred. Fields are identified from your results as you search -- providing much more flexibility than a rigid set of field mapping rules imposed ahead of time.

Alert
Any search can be run on a schedule and trigger notifications or actions based on the search results. And because it works across different components and technologies, Splunk is the most flexible monitoring tool in your arsenal. Notifications can be sent via email, RSS or SNMP to other management consoles. Actions trigger scripts performing user described activities like restarting an application, server or network device.

Report
Splunk marries powerful reporting capabilities with the speed, flexibility and scale of IT Search. Search results can be easily summarized as reports with interactive charts, graphs and tables. The simplicity of analyzing massive amounts of data will amaze you (and your boss). And remember, because fields are identified as you search you can specify new fields without re-indexing your data.

Share
Everyone knows IT data is generally poorly documented by vendors, developers and operations staff. With Splunk everyone can add their own knowledge as they go. As you’re saving searches, identifying different types of fields, events and transactions you make the whole system smarter for everyone else. And that knowledge doesn’t walk out the door when someone leaves.

Scale
Scale your installation from a single application and just a few data sources to your whole datacenter and thousands of sources. You’ll find a wide range of options to access data, store it, search it and route it to other systems.

Secure
Of course you'll need to keep your IT data secure. Especially as you realize what a valuable information asset you have. Splunk gives you secure data handling, fine grain access controls, auditability, assurance of data integrity and integration with existing authentication systems.


When i will be done with the installation and configuration with my new servers i will give it a try, and share my experience with it.

No comments:

Post a Comment