The book Implementing Splunk: Big Data Reporting and Development for Operational Intelligence written by Vincent Bumgarner and for which I was a reviewer (yes, it’s a unashamed advertisement) is now available.
Tag Archive for 'log-mgmt'
The latest version Splunk (5.0) is now out, with some nice improvements:
The most visible missing feature for users (customers ?) is PDF report generation: Splunk is now able to generate natively PDF reports (including for report scheduling). You can forget the crappy PDF report app .
Report acceleration (similar to ArcSight trends) that allows fast reports [...]
In a non-dsitributed architecture (your indexer is also the host receiving the events), you might want to keep Splunk running as a non-privilegied user but still be still receive syslog from remote hosts. You have (mainly) two solutions:
Setup your favorite syslog daemon (syslog-ng or rsyslogd) to listen to port 514, and then configure Splunk to [...]
Splunk 4.3 is out for a few days, and this new release contains some nice improvements:
Sparklines (like in BlueCoat): * | chart sparkline count by host gives the following result:
Flash is replaced by HTML5 (for recent browsers; flash is still used for old browsers), but the behaviour of flashtimeline or reports is kept unchanged. Allows [...]
Arcsight recently presented their new version of the Logger. Some of the new features are:
Distributed reports over multiple Logger
User configurable dashboards
Event summary (overview)
Live event viewer
LDAP and AD directory integration
dedup and transaction search commands
SNMP polling support
The main log management solutions available on the market have different features, and different way of handling the data. This article focus on how ArcSight Logger, Loglogic and Splunk are handling archives, and what are their integrity functionalities.
How the different log management solutions are handling the data archiving ?
ArcSight allocates data by one gigabyte [...]