Log monitoring with Splunk as data source for efficient IT management
In order to be able to manage your IT environment effectively, information is needed, and preferably as much as possible. Log monitoring monitors everything that happens within the IT landscape, thereby generating extremely valuable data. When this (big) data is then analysed, both the business and your IT department can benefit from the information.
Big Data is a term which is used often in the IT world, but what does it deliver in practice? Many organisations could easily make use of Big Data without being aware of this. However, one thing is needed for Big Data: logs, lots of logs. Think in terms of gigabytes, terabytes or maybe even petabytes. By performing analyses on these logs, a wealth of information can be accessed which would otherwise have gone unused.
In terms of management of your IT environment, the logs can be used to provide answers to crucial questions, on condition that the right information is present in the system. For example: which errors occur frequently? Which actions are triggered before a system crashes? How often were payments made via our website during the past week? How does the performance of our website correlate with the number of visitors? Which specific browser or OS is causing complaints from our users?
How does it work?
The Splunk software makes use of existing log files, databases, management systems, connectors and SNMP traps. The logs of all these sources are gathered and analysed, bringing together the three factors of Big Data: volume (quantity of data), velocity (the way in which the data works) and variation (various types of data).
The raw information which is retrieved from the various sources is then processed in dashboards, alerts and reports which meet the needs of your organisation. This can be a line graph of frequently occurring incidents in time, or the number of requested documents per location indicated on a map. The possible output is, of course, dependent on the input.
Who is it for?
Because not only IT-related data can be gathered, log monitoring is extremely relevant for the business. Think of insights into use and consumption, the accompanying costs and revenue, turnaround times for a purchase, or trend analyses during the past quarter. This management information can be used for strategic purposes.
A great deal of relevant information for the IT department can also be retrieved. For example, a functional administrator gains insight into errors on a specific page, correlation between visits and resource use of the system, etc. For a system administrator, the status of the systems, errors at the OS level, path levels and software versions can provide direct cost savings and efficiency improvements.
One of our customers, a large government body, uses log monitoring to monitor direct business processes. Documents move from system to system in various flows. With the help of log monitoring, it becomes clear whether documents have arrived and how long the turnaround times are for each type of document.
A dashboard displays how many documents are en route, and how many have arrived. It is then possible to click through to the specific department to which the document has to travel. More detailed information is displayed there. If a specific document does not arrive at the expected station, a trigger is sent.
In practice, this means that the IT department has insight into which components are functioning well, and how long the processes last. Action can be taken even before problems can occur as a result of missing documents. Furthermore, they can report directly to the business about the statistics of the various business units.
What are the benefits?
What log monitoring ultimately delivers is different for each organisation, and is highly dependent on the potential information offered by the sources. What we often see at our customers is:
- Greater insight into the use of systems;
- Faster detection and analysis of security threats;
- Reduction of resolution times, due to logs being analysed on-the-fly rather than manually after the fact;
- Cost savings due to better use of resources, or even scaling down of systems which have excess capacity.
Generally speaking, the payback period for the software is less than six months, and customers often quickly want to expand to other organisational divisions.
Naturally, log monitoring information can be integrated in Ymonitor. This means that multiple systems do not have to be approached each time to obtain the required information. Various types of information are displayed on a single dashboard, and can be clicked through.
Would you like to know more? Make an appointment for a free-of-obligation consultation or demo.
- For more information on our partner Splunk, see www.splunk.com