Hi All
I am looking for "Best Practice" type information on a Monitoring Approach Strategy. These would be things like:
Any help anyone can provide would be appreciated.
Thanks
Assuming that you are new to Splunk, but not new to computers in a Financial Services industry, then you should step back and consider your environment.
Somewhere in your organization the computers and servers you use were built and are maintained according to some form of Security/Compliance Guidelines. Those guidelines specify what you want to log, and why you want to log it.
Those are the things that you want to monitor and analyze with Splunk. You will probably find that each of those (and there are probably many) are separate topics here on Answers.
For example, when a Windows server was put into production it was preconfigured by someone at your shop to log a specific set of events, for a specific reason. We do not know that information.
+1. The question is still a bit open-ended.
What types of systems, standard applications, bespoke applications, what compliance framework (if any)...etc
Apologies. I am looking for a balance between Security, Compliance & Operations for the Financial Services industry. Hope that helps.
That would totally depend on your use cases.
Compliance? Security? Operations? Development? Billing? Business Intelligence?
Sorry, but you need to refine your question a bit before you can get any good answers.