Splunk

From Nuclear Physics Group Documentation Pages
Revision as of 14:52, 5 July 2007 by Maurik (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

SPLUNK

Splunk is a flexible data aggregation system, OK, in layments words, Splunk is a system that combs through log files (and anything else that contains structured information you want to throw at it) and presents the results in a summarized format. It is really a pretty neat thing. See the splunk website.

Splunk at UNH

We are running the free 3.0beta3 on our system [Jalapeno]. Splunk is resource hungry. It requires at least 600MB of memory and quite a bit of CPU. Although it is possible to run a splunkd server deamon on each node and have these pass the information to the master node, this is not how I chose to set it up. Our splunbk setup is as follows:

  • Splunk runs on [Jalapeno]. It is installed in /data/splunk, with a link to /opt/splunk.
  • Jalapeno mounts the /var/log directories from einstein and roentgen so that it can be accessed by splunk for aggregation.
  • The free version of splunk does not allow for login. We should restrict access to jalapeno to sysadmins.
  • This can be extended to do many different tasks!

More later....

Retrieved from "https://nuclear.unh.edu/wiki/index.php?title=Splunk&oldid=1949"