Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
One of the coolest (and there are a lot of cool things about Splunk) things you can do with Splunk is mapping a transaction. Many times, what some consider a “transaction” may be the linkage between events often by multiple common factors. At Interop 2007 in Las Vegas this year, the network management team used Splunk to very simply see the entire set of DHCP events (or transaction) — why? When you hop on a network and get an IP address for your computer, four events actually occur, a DHCP Discover, Offer, Request, Acknowledge. Those four events occurring for your machine/computer/MAC address confirm that you got on the network and are as happy as a clam–hopefully.
In Splunk, we can easily link all four of those events (or the lack thereof) together in a “meta-event”, or an “event of events”. Using meta-events, we can create a whole new category of “success/failure” checking by using the combination of those events to focus on and isolate a user’s activity amongst everything else that’s going on.
I’ve featured Splunk 3.0 in this video, however these same techniques can be done in Splunk 2.2 with some slight modifications to the syntax.
No “funny SplunkNinja episode” here, I had to whip it out much quicker than a SplunkNinja video–but don’t worry, ninja’s in the dojo, workin on more media for you. In the mean time, check this out this quick How-To (there is video and audio as usual):
Blogged with Flock
----------------------------------------------------
Thanks!
Michael Wilde
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.