In this Q&A, ITS Middleware Services Manager Patrick Casey talks about Splunk–what it is, why ITS uses it and where UNC-Chapel Hill is headed in its use of the system.
This Q&A is the fourth post in a Getting to Know series about ITS Middleware Services.
The series launched with Casey, in a Q&A, explaining what Middleware is, why the team has been growing and what the group is working on. In the second post, you can find a list of some of Middleware’s key service offerings. A third post detailed important changes to Middleware’s CloudApps platform.
What is Splunk?Splunk is typically thought of as a log aggregation tool, but in reality it is both a log aggregation system and a reporting engine for both machine and business data.
When did ITS start using it?ITS began using Splunk in earnest in 2009, but that was for a very small group of systems and security personnel. In 2014, Middleware was asked to support the system and over the past two years we have grown very rapidly and moved the service to a true enterprise-level service for our campus users.
What is most useful function of Splunk?The ability to make complex systems look simple by creating custom reports and dashboards.
What is most surprising about Splunk?Most people are surprised by just how easy it is to create scheduled reports and dashboards. You just query your data set and click “save as” and away you go!
What’s one campus Splunk statistic that speaks volumes about Splunk’s value?We have around 25 trillion distinct log events that can be searched that cross several thousand hosts and devices.
Where is the campus headed in its use of Splunk?As of today, we have 13 campus entities using Splunk, including the College of Arts & Sciences, the School of Medicine and the University Libraries. By providing the campus community with the tooling, we are helping them solve problems and policy concerns. But we also increase the visibility that the ITS Information Security Office has into these systems.