Splunk Alerts - Great feature for real time exception handling
May 23, 2014

Splunk Alerts - Great feature for real time exception handling

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Software Version


Modules Used

  • Search
  • Reports
  • Alerts
  • Dashboard

Overall Satisfaction with Splunk

We use Splunk for application alerts, reporting and debugging purposes. We have been using Splunk across multiple projects in our mobile development department. Splunk helps us to closely monitor application logs which are spread across multiple servers/jvm's. We get a consolidated, view of multiple log files in the Splunk dashboard. Splunk's real time indexing service is very efficient. It takes pre-defined key attributes of log files, creates a link to those attributes and displays it on the dashboard which can be further used to filter out results without writing any complex queries. We have created multiple alerts in Splunk to capture different scenarios, one of the most important alerts is the capturing of runtime exceptions (for eg. NullPointerException, Outofmemory Exception etc). This alert informs the development team immediately, resulting in immediate action to resolve that issue based on complexity.
  • Real time indexing of log files - This functionality helps us to track performance of the application during our monthly SOASTA run. We can see request coming and going to different services in real time.
  • Searches - Splunk queries help us to search multiple log files residing in different servers in one go, which makes debugging very easy in a distributed environment.
  • Alerts - Splunk alerts is an efficient tool which tells us before hand about issues in our production environment and gives us enough time to validate and fix those issues.
  • Reporting - We work in an SOA based environment where multiple services talk to each other, we use splunk to generate daily performance reports of each service which includes lookups, hits, failures etc.
  • We are using Splunk 6.0 version which is better in terms of performance as compared to its older versions, but it slows down, started using more server resources like memory, cpu time etc than expected, I guess this is one area where improvement is needed.
  • Splunk queries are slightly complex when it comes to new or less experienced people, if we can make it more simple that will be awesome. But I must say it is doing its job very well.
  • Positive - Less time to investigate logs and come up with a solution.
  • Positive - Splunk alerts help us to identify the problems beforehand.
  • Positive - Splunk reporting helps us to visualize everyday application performance and business analysis
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
Splunk is very well suited to our ecosystem. We have very complex distributed SOA based environment where applications are running on multiple jvm's configured on multiple servers to support high traffic load. Splunk has made everything transparent and now we can dig deep to figure out problems in no time. With Splunk, performance monitoring has reached the level where we are able to capture minor details, do analysis and take steps to improve.