For a Sysadmin or Security Analyst, one of jobs description is to monitoring log from on a server application. Its can makes problem when server that managed by a sysadmin consists of multiple application servers, by example web server, mail server and proxy server and the others server that have to be monitoring in realtime, so when there is a problem can immediately traced the problem through existing log.
SPLUNK, first hear this is from my coworker. This is something new for me, i got missunderstanding here. I think this is something like virus or other bad software. Then i search on google, i found few information about it. And i look at my senior blogs at here Digit Oktavianto AHA now my question have been solve. Splunk is one of solution that can be used to further facilitate the monitoring logs. Splunk will record all the data logs from the server to be monitored and then do the indexing process. The purpose of this indexing process would facilitate the search process (search) to find problems that occur in the system.
I have try to install splunk in my debian virtual server, but splunk also can be installed on other Operating System like freebsd, solaris and etc. From these free products we are able to try to do the monitoring and indexing logs, but only limited to 500 MB.
And not only that features provided in splunk application, we can use another “plugin” to improve splunk service for our analyst. Here i add plugin for splunk, name of plugin application is “Prelert”. Prelert is new feature introduced in Splunk application. For you who don’t know about Prelert : Prelert is a layer of highly advanced predictive analytics software that easily integrates with and turbocharges your existing management tools. It enables truly proactive management by automatically learning the normal behaviour of your application and supporting environment and alerting you to potential problems as they develop. Prelert is Splunk App that can enhance Splunk feature into anomaly detection through machine learning process.
Anomaly Detective’s self-learning predictive analytics with machine intelligence assistance recognize both normal and abnormal machine behavior. Using highly advanced pattern recognition algorithms, Anomaly Detective identifies developing issues and provides detailed diagnostic data, enabling IT experts to avoid problems or diagnose them as much as 90 percent faster than previously possible.
Prelert Dashboard feature included :
- QuickMode – quickly converts your existing timechart searches to on-going, proactive anomaly searches
- Real-Time – detect developing anomalies using continuous background anomaly searches
- Compare – use to compare two searches at different times
- AutoDetect – extend an ad-hoc Splunk search with on-the-fly anomaly detection
- Categorize – automatically categorizes raw text fields based on similarity of text strings
This post just a quick post for introduction in Splunk, Splunk Apps, and Prelert. Im dont want to talking about Splunk and Prelert because im still new in here, and new install splunk on my laptop. Maybe next post i will tell you about all of service that can be used in splunk application.
Below is some screenshots from my Splunk Dashboard, example of some Splunk Apps, and Dahboard for Prelert anomaly detective :
This is my screenshot for Prelert Anomay Detective new feature “Qucik Mode” :
Register your trial account, Download the Prelert Splunk Apps, Deploy Prelert in our Splunk machine, take the screenshot, and get your cool T-Shirt.
I heard if i send screenshot of my prelert to prelert admin, we can get free tshirt. I still waiting for my free tshirt, if i’ve got i will update this post again :p