Splunk- An Overview
by Anshuman Singh in Apps/DevOps, Cloud, General
There is a massive increase in machine data over the last decade. The main reason for this is gradual increase in number of internet connected devices (PCs / Servers / etc.). Splunk is a powerful platform for analyzing machine generated data gathered from the website, devices, applications etc.
Components of Splunk
There are 3 key components of Splunk
-
- Forwarder
- Indexer
- Search Head
Forwarder is used for forwarding the data from host to the indexer, the main task of indexer is to index the data getting in and respond to the search request requested by the customer/admin. Search Heads can run searches across multiple Indexers, it usually accessed via Splunk Web.
Splunk with AWS
As more workload is moving on AWS, we need to gain critical security, operational and cost management insights across the entire AWS environment. Splunk provides that kind of visibility with Splunk Enterprise, Splunk cloud and Splunk Insight for AWS.
The Splunk App for AWS delivers a rich set of pre-built dashboards and reports to analyze and visualize data from numerous AWS services – including AWS CloudTrail, AWS Config, AWS Config Rules, Amazon Inspector, Amazon RDS, Amazon CloudWatch, Amazon VPC Flow Logs, Amazon S3, Amazon EC2, Amazon CloudFront, Amazon EBS, Amazon ELB and AWS Billing – all from a single, free app.
Splunk can be used in both ways as a software download or as a cloud-based service (Splunk Cloud) and we can increase its capabilities by installing add-on apps. Although Splunk Enterprise has limited capabilities, its support for add-ons enables it to do much more, such as use threat intelligence feeds and offer security compliance reporting capabilities.