We love hearing about all the cool things our customers are doing with Splunk. It’s one thing to provide a solution to a specific pain point; but what really gets us excited is when users get creative and find value for a multitude of business areas. When we talk about value, we mean turning machine data into answers. Sounds simple but it applies to IT operations, DevOps, security, customer experience, analytics etc. Your company has machine data, you just might not be using it. You may also have tools you’re already using but just aren’t getting the value from, and getting those real-time answers to potentially very important questions.
System Engineer, Matthew Hodgkins works for Dutch e-commerce giant, Coolblue. Shortly after becoming a Splunk customer, he recently decided to start a series of “Splunk Spotlight” posts on his own blog, sharing his first-hand experience of Splunk and the various ways it can be used.
“Splunk is an amazing logging aggregation and searching tool. Even though I’ve been using it a few months now, I feel like I am just scratching the surface of what it can do.
My company recently switched over from the ELK stack (ElasticSearch, LogStash and Kibana) as we were moving to the cloud, with a focus on using managed services. The ELK stack is awesome, but it can be a pain to administer and extend. We were finding we spent more time administering our log collection pipeline as opposed to getting value from the logs it was storing.”
There’s that word again - value. What’s also important to most IT teams is getting to that business value fast. Matthew’s series shares technical examples focused on a single feature or command inside Splunk, and web server access logs. The blog post is a great way to show the “how” to start asking questions, getting useful answers and presenting that value as data visualizations. An interesting side note is that Matthew found the easiest way to start using Splunk is through Docker.
His first entry is very much around setting up, getting test data and the opportunities around the lookup command. Lookup allows you to enrich data you have in Splunk with external data sources to add context to your answers.
“The Splunk Lookup command is a wonderful way to enrich your data after it has already been collected. It can help make your searches and dashboards more useful by giving you contextual information. You can also use the powerful CIDR matching functionality to group IP addresses and search based on things like offices or VLANs.”
You can read up on Matthew’s first of the series, “Splunk Spotlight - The Lookup Command” in full right here. To stay up to date with his latest posts and when they’re live, be sure to follow him on Twitter (@MattHodge).
Thanks for reading...