By Splunk September 23, 2007
The following is a short interview I conducted with an IT event that I discovered last week while investigating an issue within my data center.
Maverick
Hello and thank you for taking time to participate in this interview.
IT Event
No problem. Thanks for having me, Mav.
Maverick
So tell us a little bit about yourself. What kind of event are you? Syslog? Web App? Proxy Log?
IT Event
Sure. I’m a syslog event.
Maverick
I see. Any particular kind?
IT Event
Well, I’m NOT a syslog-NG event, if that’s what you mean. Just plain standard syslog.
Maverick
No. I mean, what type? User event? SNMP trap? Something like that?
IT Event
Oh, yeah, I’m an sshd “session opened” event.
Maverick
As in reporting USER activity?
IT Event
Precisely.
Maverick
That makes sense. So when were you written out to the log file, exactly?
IT Event
A couple weeks ago. My timestamp is Sep 7 10:36:17, assuming you are interested in my details.
Maverick
Of course. Why would you think I’m not interested in your details?
IT Event
Well, most of the time we go unnoticed, is all. Most of the time me and all my fellow events just sit in our log file until it gets rotated out and eventually written over.
Maverick
You seem somewhat bitter about that. Why?
IT Event
Well, Mav, you would be bitter too if you had something important to say and no one to listen to you.
Maverick
Well, in all honesty, you are one out of thousands of syslog events that report USER activity in real-time and on a continual basis. The importance of your details, what you have to say, etc, is relative to each specific situation, don’t you think?
IT Event
See? That’s exactly what I thought you would say. That it’s all “relative”. That I’m not “important”. What I have to “say” is irrelevant until I’m applied to some “context” or “correlation”. You sysadmins are all the same. You just don’t get it!
Maverick
Well, technically, I’m an SE, not a sysadmin…
IT Event
WHATEVER!
Maverick
WOW! Settle down, dude…everything is okay…
IT Event
(taking a deep breath)…sorry…
Maverick
No problem….Some anger there, huh? This really bothers you, doesn’t it? Not being noticed?
IT Event
Yes, it does. I mean, I do have a purpose, a voice, something to say, and I have a need to be heard like everyone else.
Maverick
I understand. We all need that. I didn’t mean to imply that you were not important. I was just saying…
IT Event
I know what you were saying. It’s okay. You don’t have to explain. It’s not your fault. It’s just the way things are. It’s also one of the reasons we started the Association for Equal Rights for Events Everywhere, or AEREE.
Maverick
AEREE? Who is doing this? You and your fellow syslog events?
IT Event
Actually, ALL of the events from ALL of the log files in your IT environment as well as many other data centers around the world got together to form AEREE.
Maverick
Wow. I had no idea. That’s great! I’m happy for you.
IT Event
Yeah, well don’t get all TOO excited yet. We just started. We still have a long way to go, a tough journey ahead of us, if you will. But we think Splunk will help us raise awareness for our cause, so I’m not too concerned.
Maverick
You mean you think Splunk can help you promote event equality?
IT Event
Yes, exactly.
Maverick
That makes sense. With it’s robust universal real-time indexing and time-series searching technology, I can see how the Splunk platform could help the voice of AEREE to be heard by sysadmins, developers, operations folks, etc, pretty much anyone within a company or organization, for that matter.
IT Event
Well that’s our hope, at least. We’ll see.
Maverick
Excellent! Well again, thank you for your time and good luck with AEREE. I wish you the best.
IT Event
Thank you, Maverick.
If you found this interview interesting or if you have a story about an IT event of your own, please leave a comment and share. -Mav
----------------------------------------------------
Thanks!
Eric Gardner