Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk as a SCOM substitute

CeJay
Explorer
‎04-17-2012 03:53 AM

Hi All, sorry for the lack of knowledge I have in regards to this area. But how suitable would splunk in regards to substituting for SCOM in a small NMS type deployment of 10-20 servers. It looks like the only monitoring application we would have for our server environment that fits the bill is Splunk.

I am trying to educate myself on this area slowly, hence the question. From what I've seen splunk would seem to fit the bill, I essentially want to know what SCOM can do, if anything, that Splunk can't.

thanks

chris

Tags (3)
0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎05-29-2012 06:04 AM

Agree with Clint and adding a high level summary. Thanks to Adrian for this...just wanted to make sure it gets shared.

SCOM

What SCOM is good at:

- Performance Monitoring
- Single system Alert Management (rules based identification of problems on a single host)

What SCOM is not very good at:

- Root Cause Analysis via machine data ( based on a SQL data store, event viewer type functionality)
- Historical Trending of Log Information (based on a SQL data store)
- Multi system or complex alerts (rules based identification of problems based on logs across multiple hosts)

SPLUNK:

What SPLUNK is good at:

- Root Cause Analysis via machine data
- Historical Trending of Log Information
- Multi system or complex alerts (rules based identification of problems based on logs across multiple hosts)

What SPLUNK is not very good at:

- Performance Monitoring
- Rules based identification of problems on a single host using non-gathered data
Reply

csharp_splunk
Splunk Employee
Splunk Employee
‎04-17-2012 07:48 AM

Splunk is not a polling system and, while we offer some monitoring capabilities, I would not call us a monitoring system either. The Splunk for Windows app adds some of these capabilities, and in small deployments, it might work as a replacement for SCOM. However, we certainly don't position it that way. Now, I would strongly recommend Splunk paired with an open source solution like Nagios (and the Splunk for Nagios app) as a full-on replacement for SCOM, as Nagios does the monitoring portion while Splunk provides the analytics and trending.

All that being said, nothing is preventing you from standing up Splunk and seeing if it can meet your needs as a one-size-fits-all tool. If you find success, we're certainly interested :).

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...