3 years ago

Category: Software, Business, Database, Data

As you all know the necessity of monitoring the IT Infrastructure environment is growing day-by-day and sometime it will be very difficult to analyze the security/application/performance issues if we have huge amount of data, so it is always advisable to have a centralized platform to handle all your logs and configure interesting knowledge objects for better visualization, Alerting and Reporting mechanism, so in this article i would like to give a high level overview of “SPLUNK” Splunk is a software product that enables you to search, analyze, and visualize the data gathered from the components of your IT infrastructure or business.

After you define the data source, it indexes the data stream and parses it into a series of individual events that you can view and search.

Splunk components1.IndexerSplunk indexers provide data processing and storage for local and remote data and host the primary Splunk data store.2.Search headA search head is a Splunk Enterprise instance that distributes searches to indexers.3.ForwarderForwarders are Splunk instances that forward data to remote indexers for data processing and storage.4.Deployment serverThe deployment server is a tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances.

ex:./splunk add forward-server 54.159.147.66:3089 IP and PORT are the details of Splunk Enterprise version If it prompts for the password you need to provide the details of that instance.