Digital Exhaust. Log Files. Time-Series Data. Big Data.

Whatever you call it, machine data is one of the most underused and undervalued assets of any organization. But some of the most important insights that you can gain—across IT and the business—are hidden in this data: where things went wrong, how to optimize the customer experience, the fingerprints of fraud. All of these insights can be found in the machine data that’s generated by the normal operations of your organization.

Machine data is valuable because it contains a definitive record of all the activity and behavior of your customers, users, transactions, applications, servers, networks and mobile devices. It includes configurations, data from APIs, message queues, change events, the output of diagnostic commands, call detail records and sensor data from industrial systems, and more.

The challenge with leveraging machine data is that it comes in a dizzying array of unpredictable formats, and traditional monitoring and analysis tools weren’t designed for the variety, velocity, volume or variability of this data. This is where Splunk comes in.

The Splunk platform uses machine data—the digital exhaust created by the systems, technologies and infrastructure powering modern businesses—to address big data, IT operations, security and analytics use cases. The insights gained from machine data can support any number of use cases across an organization and can also be enriched with data from other sources. The enterprise machine data fabric shares and provides access to machine data across the organization to facilitate these insights. It’s what we call Operational Intelligence.

Get Started
  • Video
    What is Machine Data?
  • Data Sheet Splunk Enterprise
  • Resource The Power of Splunk's Search Processing Language (SPL)
  • Infographic Enterprise Machine Data Fabric
Splunk Enterprise Free Download

Machine Data Sources

Machine Data Sources

Every environment has its own unique footprint of machine data. Here are a few examples.

Data Type Where to Find It What It Can Tell You
Application Logs Local log files, log4j, log4net, Weblogic, WebSphere, JBoss, .NET, PHP User activity, fraud detection, application performance
Business Process Logs Business process management logs Customer activity across channels, purchases, account changes, trouble reports
Call Detail Records Call detail records (CDRs), charging data records, event data records logged by telecoms and network switches Billing, revenue assurance, customer assurance, partner settlements, marketing intelligence
Clickstream Data Web server, routers, proxy servers, ad servers Usability analysis, digital marketing and general research
Configuration Files System configuration files How an infrastructure has been set up, debugging failures, backdoor attacks, time bombs
Database Audit Logs Database log files, audit tables How database data was modified over time and who made the changes
Filesystem Audit Logs Sensitive data stored in shared filesystems Monitoring and auditing read access to sensitive data
Management and Logging APIs Checkpoint firewalls log via the OPSEC Log Export API (OPSEC LEA) and other vendor specific APIs from VMware and Citrix Management data and log events
Message Queues JMS, RabbitMQ, and AquaLogic Debug problems in complex applications and as the backbone of logging architectures for applications
Operating System Metrics, Status and Diagnostic Commands CPU and memory utilization and status information using command-line utilities like ps and iostat on Unix and Linux and performance monitor on Windows Troubleshooting, analyzing trends to discover latent issues and investigating security incidents
Packet/Flow Data tcpdump and tcpflow, which generate pcap or flow data and other useful packet-level and session-level information Performance degradation, timeouts, bottlenecks or suspicious activity that indicates that the network may be compromised or the object of a remote attack
SCADA Data Supervisory Control and Data Acquisition (SCADA) Identify trends, patterns, anomalies in the SCADA infrastructure and used to drive customer value
Sensor Data Sensor devices generating data based on monitoring environmental conditions, such as temperature, sound, pressure, power, water levels Water level monitoring, machine health monitoring and smart home monitoring
Syslog Syslogs from your routers, switches and network devices Troubleshooting, analysis, security auditing
Web Access Logs Web access logs report every request processed by a web server Web analytics reports for marketing
Web Proxy Logs Web proxies log every web request made by users through the proxy Monitor and investigate terms of service and the data leakage incidents
Windows Events Windows application, security and system event logs Detect problems with business critical applications, security information and usage patterns.
Wire Data DNS lookups and records, protocol level information including headers, content and flow records Proactively monitor the performance and availability of applications, end-user experiences, incident investigations, networks,  threat detection, monitoring and compliance