Leading Universities Get Better Visibility Across Their Environments with Splunk (The Tale of SplunkLive! Boston)

One of my favorite parts about attending a SplunkLive! event is hearing Splunk users talking to one another about their experiences. Watching people from similar industries interact and talk about different uses of Splunk and seeing that twinkle in their eyes when a moment of discovery crosses their face…“Wow, Splunk can do that?” It makes me smile every time.

SplunkLive! Boston featured presenters from two long-term customers. First, Steven Maresca, from University of Connecticut talked about how Splunk was able to help the University meet PCI, HIPAA and other compliance mandates related to specific fields of research. Splunk helps them to meet log retention mandates, dashboards make audits easier for auditors, and SSO ensures the right people have access to the right data.

Working with law enforcement has traditionally been a huge time sink for IT teams. These unplanned, but necessary investigations often took days or hours to correlate across different data sets. Now with Splunk we don’t have to write one-off, throwaway scripts and can get results in seconds—even going so far as to map Mac address to IP address, crossed with geolocation so that officers can act immediately to recover stolen property.

Even better, they can use this data for reasons beyond law enforcement. Now they’re watching user trends to understand which types of devices are connecting where to understand peak usage and inform capacity planning.

Next up, Jim Donn, Network Management Systems Engineer, and Tim Hartmann, Unix Systems Administrators from another large University, this one located in Cambridge. Both the networking and systems management groups were looking for solutions that would provide centralized logging for troubleshooting, alerting, reporting and trending analysis. Tim and Jim had started their research independently but soon converged on a single answer: Splunk. Their Splunk deployment environment consists of: 400 Unix, Windows, and other servers; 3000+ Cisco devices; TACACS+ authentication logs; and VPN access logs; 47 staffers with Splunk logins, 25 regular Splunk users.

Tim and Jim reported on the quick success they achieved with Splunk. “Everyone in our org, as soon as they start using Splunk they won’t stop.” A major focus for them was on trending analysis. Before Splunk, they would trend a single server or component. Now, with Splunk they are able to do trending for an entire service. “We didn’t have that top-down view before.” The value of trending with Splunk came up in customer presentations and in the impromptu conversations with users during breaks and lunch. They highly recommended to the audience the Splunk for *nix and Splunk for Windows free apps that are included in Splunk.

One of the unexpected paybacks from implementing Splunk is that they were able to decommission two sizeable Oracle RDBMS servers and re-purpose the hardware. They had been using two sizeable HP boxes with Oracle licenses to store event data from their SMARTS devices. The re-purposed hardware and the cost avoidance of having to buy Oracle reporting software was in the ballpark of their entire Splunk license. And the database guys no longer had to support and maintain the Oracle databases and the users had far better access to the event data for analysis, trending and troubleshooting.

Both customers rely on the visibility and predictability Splunk gives them for an end-to-end view of the entire infrastructure. Splunk is empowering them to make better, more informed decisions to help improve the business overall.

Leena Joshi

Posted by


Join the Discussion