Splunk IT Service Intelligence

Splunk as a tool for capacity and performance management

draganmarkov
Explorer

I am wondering if anyone has any experience or suggestions for using Splunk as a tool for Capacity and Performance management (in addition to using it as IT ops and Security tool)

Ultimately i would like to be able to report capacity and performance stats for different domains such as VM's , Network, Telephony, Storage, etc.

The way i see it right now I'll have 3 types of data sources:
1. Systems that Splunk has apps for and logs to monitor (vSphere, CISCO, etc) - this one should be straight forward

  1. Systems that can be scripted to produce a daily, weekly or monthly reports (storage system, etc)- i think i should be able to monitor report directory and index the data sources such as .CSV ?

  2. Systems that don't log or have ability to report capacity/performance related stat - someone will collect couple of KPI's once a month - what is the best place to store the "manual" data inputs? A CSV file that gets ingested into Splunk?

1 Solution

adonio
Ultra Champion

This is a pretty large question as the opportunities are almost endless...
Many large organizations are using Splunk for that purpose, among other use cases.

as for your questions, yes you can index CSV data or use it as a lookup, however, ther great value splunk can bring is on data that is constantly flowing in. it will allow you to create advance statistics, collect many data points for ML and usage predictions and other

Start and looking for published use cases and documents / conf presentations regarding it. there are tons out there
take a look at this one for example:
https://conf.splunk.com/files/2019/slides/FN1137.pdf

View solution in original post

draganmarkov
Explorer

Thanks everyone. CSV for this type of data source/input will likely be a way to go.

0 Karma

ramgnisiv
Path Finder

The real challenge lies in the mapping of your data to your organisational structure. If you do not have proper Configuration Management for all your CI's, you might want to consider using something like a KV store to map the data you are gathering to your organisational structure. Once in place, maintaining the CM(DB) will be one of the challenges you'll face when wanting to report on Capacity & Performance management across your organisation. Just my 2 cents.

0 Karma

adonio
Ultra Champion

This is a pretty large question as the opportunities are almost endless...
Many large organizations are using Splunk for that purpose, among other use cases.

as for your questions, yes you can index CSV data or use it as a lookup, however, ther great value splunk can bring is on data that is constantly flowing in. it will allow you to create advance statistics, collect many data points for ML and usage predictions and other

Start and looking for published use cases and documents / conf presentations regarding it. there are tons out there
take a look at this one for example:
https://conf.splunk.com/files/2019/slides/FN1137.pdf

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...