Splunk(x): Enterprise Operational Intelligence
It’s been a while since our last update on Splunk(x)! We’ve been busy working out the architecture to get to a point where we can implement NOC-like dashboards above our IT/ops space in our San Francisco office. We had a continual crowd around the Splunk(x) monitors for the first week in operation! They’re one of the first things people see when entering the office and are a great conversation piece. More importantly, the team sitting beneath them has only to look up to see a complete status snapshot of business application, infrastructure, website, and even Splunk(x) itself!
Of course, really important bits are still fired off in real-time through Splunk alerting and herein lies much of the value of Splunk(x). Our web team knows in a few seconds if the website goes down. My team knows if a Splunk indexer goes silent—we actually averted a situation last night where we could have lost production monitoring because we’re Splunking our Splunk.
For the dashboards, we’re taking data from several Splunk apps and rendering it in a friendly, easy-to-see format that can be read at distance away from the monitors. To name a few of the apps powering our monitors, the dashboards use data from the Pinger app, SFDC app, Keynote app, Splunk App for VMware, Splunk for F5 Networks, and Splunk App for Enterprise Security.
We’ve also been playing with some new visualizations for Splunk. Based upon the Google Maps app, my team is working on a visualization leveraging the Chrome Experiments WebGL globe api. Although not yet ready for distribution on Splunkbase, we’re using an early version to visualize download distribution worldwide. Look for this app to show up on Splunkbase soon!
The dashboard color scheme is designed to be viewable from at least our center aisle and the high contrast improves readability over the desktop dashboard color scheme. When presenting data on overhead monitors, fewer panels are better. On monitors where we have more than three panels to display, we have the monitor switch between predefined dashboards at set intervals.
I could write a blog entry on each of these dashboards separately but I’ll spare you the pain of reading it all! A picture is worth a thousand words, so please click on each of the Splunk(x) dashboards below to expand the images. If you’d like more information on how we’re using Splunk at Splunk, please leave a note in the comments below, tweet @Splunk and @_PaulStout or register for .conf2012, our Users’ conference, where I’ll teach several sessions about Splunk(x).
Our data is taking us to the peace of mind we need to know our business applications and operations are healthy. Where will your data take you? Let’s find out at .conf2012. Register today: http://www.splunk.com/goto/conf. #datajourney