Splunk is the Engine for Machine Data

Your IT infrastructure generates massive amounts of data. Machine data - generated by websites, applications, servers, networks, mobile devices and the like.

By monitoring and analyzing everything from customer clickstreams and transactions to network activity to call records, Splunk turns your machine data into valuable insights.

Troubleshoot problems and investigate security incidents in minutes (not hours, or days). Monitor your end-to-end infrastructure to avoid service degradation or outages. And gain real-time visibility into customer experience, transactions and behavior.

Indexes any Data from any Source

Splunk collects and indexes data from just about any source imaginable, such as network traffic, Web servers, custom applications, application servers, hypervisors, GPS systems, stock market feeds, social media, and preexisting structured databases. No matter how you get the data, or what format it's in, it's indexed the same way - without any specific parsers or connectors to write or maintain. Splunk will store both the raw data and the rich index in an efficient, compressed, filesystem-based datastore, with optional data signing and auditing to prove data integrity.

Forwards Data from Remote Systems

Splunk forwarders can be deployed in situations where the data you need isn't available over the network or visible to the server where Splunk is installed. Splunk forwarders deliver secure, distributed, real-time universal data collection for tens of thousands of sources. They can monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics from virtual or non-virtual sources or watch the file system for configuration, permissions and attribute changes. They are lightweight, can be deployed quickly and at no additional cost.

Correlates Complex Activities

With Splunk you can correlate complex events spanning many data sources across your environment. Splunk supports five types of correlation. Time-based correlations, to identify relationships based on time, proximity or distance. Transaction-based correlations, to track a series of related events as a single transaction to measure duration, status or other analysis. Sub-searches, taking the results of one search and using them in another. Lookups, correlating with external data sources outside of Splunk. Joins, to support SQL-like inner and outer joins. Correlating events in Splunk enables richer analysis and insight from your machine data, driving better visibility and intelligence for IT and the business.

Engineered for Big Data

Splunk scales to collect and index tens of terabytes of data per day. Its architecture is based on MapReduce, so as daily volumes and data sources grow, you can scale performance by adding more commodity servers. Automatic load balancing optimizes workloads and response times and provides built-in failover support. Out-of-the-box reporting and analytics capabilities avoid the need to deploy third-party reporting tools. Splunk can be configured to use a SAN or other storage device for long-term storage needs.

Scales Across Data Centers

The Splunk distributed architecture lets your search and reports span multiple Splunk deployments within a single datacenter or globally across multiple datacenters. With role-based access you can control how far a given user's search will span. Regional users can see data from regional systems and enterprise-wide users can see data from all datacenters. With Splunk you get the visibility and intelligence you need from your data, all from one place. Securely connecting your Splunk installation takes just minutes, allowing you to design a manageable enterprise data fabric.

Provides Granular, Role-based Security

Underlying everything Splunk does is a robust security model. Every Splunk transaction is authenticated, including user activities through the web user interface, command line interface and system activities through the Splunk API. You can define your own roles for Splunk users with a comprehensive set of documented control points that limit functionality by user type. These fine-grained access controls limit the searches, alerts, reports, dashboards and views that different Splunk roles can see. Splunk also integrates with external LDAP and Active Directory servers to enforce enterprise-wide security policies. Single sign-on integration is also available to enable pass-through authentication of user credentials. Since all the data needed to troubleshoot, investigate security incidents and demonstrate compliance is persisted in Splunk, you can restrict access to sensitive production servers.



Next steps: Contact Westcon Solutions for

  • Complimentary product demo
  • Marketing resources
  • Sales quotation


Alicia Sim