Splunk is a piece of software that can do several useful things:
With a variety of flexible input methods you can index logs, configurations, traps and alerts, messages, scripts, and code and performance data from all your applications, servers and network devices. Monitor file systems for scripts and configuration changes, capture archive files, find and tail live application logs, connect to network ports to receive syslog, SNMP and other network-based instrumentation. And this is just where it starts.
Fast, free form search on anything, not just a few predetermined fields. Boolean, nested, quoted string and wildcard searches. No knowledge of specific data formats required. Combine time and term searches. Find errors across every tier of your infrastructure and configuration changes in the seconds before a system failure occurred. Fields are identified from your results as you search — providing much more flexibility than a rigid set of field mapping rules imposed ahead of time.
Any search can be run on a schedule and trigger notifications or actions based on the search results. And because it works across different components and technologies, Splunk is the most flexible monitoring tool in your arsenal. Notifications can be sent via email, RSS or SNMP to other management consoles. Actions trigger scripts performing user described activities like restarting an application, server or network device.
Splunk marries powerful reporting capabilities with the speed, flexibility and scale of IT Search. Search results can be easily summarized as reports with interactive charts, graphs and tables. The simplicity of analyzing massive amounts of data will amaze you (and your boss). And remember, because fields are identified as you search you can specify new fields without re-indexing your data.
Everyone knows IT data is generally poorly documented by vendors, developers and operations staff. With Splunk everyone can add their own knowledge as they go. As you’re saving searches, identifying different types of fields, events and transactions you make the whole system smarter for everyone else. And that knowledge doesn’t walk out the door when someone leaves.
Of course you’ll need to keep your IT data secure. Especially as you realize what a valuable information asset you have. Splunk gives you secure data handling, fine grain access controls, auditability, assurance of data integrity and integration with existing authentication systems.
Scale your installation from a single application and just a few data sources to your whole datacenter and thousands of sources. You’ll find a wide range of options to access data, store it, search it and route it to other systems.
You can download Splunk for various platforms including Mac (Intel and PPC versions available).