Espanhol Português Inglês

 









 

 

 

What is Splunk?

 

Splunk is software that provides unique visibility across your entire IT infrastructure from one place in real time. Only Splunk enables you to search, report, monitor and analyze all your real-time streaming and historical IT data from the same interface. Now you can troubleshoot application problems and investigate security incidents in minutes instead of hours or days, monitor to avoid service degradation or outages, deliver compliance at lower cost and gain new business insights from your IT data.




It's Software - Download and install it in 5 minutes

Try Splunk on your laptop and then scale it to your datacenter. It's a self-contained software package that runs on all major operating systems – just pick your platform, download and install. You're up and running with a web interface for users and an engine for indexing your IT data.

 

 

 

Indexes Any Data, From Any Source

 

Splunk indexes any kind of IT data from any source in real time. Point your servers’ or network devices’ syslog at Splunk, set up WMI polling, monitor live logfiles, enable change monitoring on your filesystem or the Windows registry, or schedule a script to grab system metrics. Splunk indexes all your IT data without the need for any specific parsers or adapters to purchase, write or maintain. Both the raw data and the rich index are stored in an efficient, compressed, filesystem-based datastore with optional data signing and auditing for data integrity. The more data you index, the more insight you'll gain from your IT infrastructure.

 

 

Forwards Data from Remote Systems

 

Splunk forwarders – lightweight Splunk servers with indexing turned off – can be deployed in situations where the data you need isn't available over the network or visible to the server where Splunk is installed. Splunk forwarders can monitor local application logfiles, capture the output of status commands on a schedule, grab performance metrics from virtual or non-virtual sources or watch the file system for configuration, permissions and attribute changes. Forwarders send data securely to the central Splunk server in real time. They are lightweight, can be deployed quickly and at no additional cost.

 

 

Indexes and Searches Terabytes of Data

 

Splunk lets you search billions of events in seconds on a single commodity server. As daily volumes and data sources grow, the Splunk scalability model based on MapReduce, lets you can scale search and indexing performance by simply adding more commodity servers. Automatic load balancing optimizes workloads and response times, and provides redundancy and built-in failover support. Splunk can also be configured to use a SAN or other storage device for long term storage needs.

 

 

 

Scales Across Datacenters

 

Splunk's distributed architecture lets your search span multiple deployments within a datacenter or globally across all your datacenters. With role-based access you can control how far a given user's search will span. Regional users can see data from regional systems and enterprise-wide users can see data from all datacenters. The Splunk vision is for every authorized employee to get the view into the IT data that they need; whether for investigations, or reports and dashboards, or analysis to continually improve IT operations and gain valuable business insights. Securely connecting your Splunk installation takes just minutes, allowing you to design a manageable enterprise data fabric.

 

 

Provides Role-Based Security

 

Underlying everything Splunk does is a robust security model. Every Splunk transaction is authenticated, including user activities through the web user interface, command line interface and system activities through the Splunk API. You can define your own roles for Splunk users with a comprehensive set of documented control points that limit functionality by user type. These fine-grained access controls limit the searches, alerts, reports, dashboards and views that different Splunk roles can see. Splunk also integrates with external LDAP-compliant directory servers and Active Directory servers to enforce enterprise-wide security policies. Single sign-on integration is also available to enable pass-through authentication of user credentials. Since all the data needed to troubleshoot, investigate security incidents and demonstrate compliance is persisted in Splunk, you can restrict access to sensitive production servers.

 

 

 

...........................................................................................................................................................................................................................................................................................................
© 2010 BRsec - Network and Security Solutions. All rights reserved - Phone / Fax: +55 (11) 3675-2016 - E-mail: vendas@brsec.com.br