Splunk in a production environment is a must-have today
August 31, 2017

Splunk in a production environment is a must-have today

Viktor Mulac | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

Production line quality monitoring and searching for patterns, leading to outages. Usually scan and fix tasks, finding an event, that leads to an outage.

Two main ways of using Splunk prevail: ad-hoc analysis, and monitoring and alerting.

In some applications with two production lines, Splunk connected directly to the controllers and monitored data in real time. In other applications, we analyzed logs from 5 systems, among others application server logs, database server logs, production line measuring PCs. In total 5 systems had to communicate and an error on DB server sometimes caused outages on the production line. Splunk helped to find patterns in these incidents. We then set up a monitoring app to provide early indication of a potential upcoming outage.
  • Parsing huge amounts of data, structuring data, or at least helping to find a structure
  • Very good performance.
  • Very good graphical representation of data, findings, report creation
  • I really cannot, since after a year we are still discovering more and more possibilities with the product. One specific wish of a manager was: can we work with the reports offline? (e.g. on the airplane) we have not found a reasonable way of doing this. The only thing we came up with was exporting data and rendering specific reports in flash (web viewer) and somehow simulating reports within limited (predefined) boundaries
  • Avoidance of risks in the production line is hard to translate to money. But the department managers know that this tool helps to mitigate risks. And the team grows.
  • After several Proof of Concept mini-projects, Splunk was finally approved as a regular company application: We are now able to link it to live data, not only to use logs. The data science team has grown to four people and we are ready to move from incident localization and fixing to process optimization, proactive monitoring and alerting, finding trends and relationships (what precedes what).
SAP HANA, Lumira, Business Objects and Designer
We use all of them. Either corporate policy, or simply because every tool has specific strengths, and it also depends very much on how keen the data analysts are in working with a particular platform. In production, where we have lots of M2M logs, Splunk is the preferred system.
ThingWorx, SAP BusinessObjects BI Platform, QlikView
Trained analyst, with e.g. python knowledge, regular expressions knowledge, etc. will do his tasks quite quickly.

In the beginning, when starting to learn Splunk, you have to deal with tons of error messages, (mostly resolved by Google discussions).

Splunk Enterprise Feature Ratings

Centralized event and log data collection
Not Rated
Event and log normalization/management
Deployment flexibility
Not Rated
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Not Rated