Thursday, August 11, 2005

splunk


I just saw a post mentioning splunk.  Splunk is a tool that lets you search through log files for various search terms.


I installed this, and tried it out for a little bit.  It looks like it has promise, but I don't think that I will use it.  I don't see the need of having a separate process to running all of the time to search though log files.  I am happy to do the searching my self with grep.


Maybe if I had to watch over many different machines, this would be more useful.  One thing that I would love to see is to be able to network different Splunk installations, so all an administrator would have to do is look at one machine to see all of the log files for the whole network.


Technorati Tags: ,

1 comment:

  1. Paul - thanks for trying it out and for posting about it! Just wanted to comment on the request about splunking across multiple boxes. The idea of the current personal server is that you schedule copies of files from multiple machines to one central Splunk host, or mount their drives as volumes on the Splunk host, or tail files over ssh. You're right that the big value of Splunk is in centralizing data from lots of servers and apps.
    We will be coming out with a version called Team Server at the end of September that lets you distribute Splunk input pipelines to different hosts so you can tail and read archived logfiles locally on each host and have them forward data to a central index database.
    Early next year we'll be allowing you to peer multiple Splunk database hosts as you're asking for.

    ReplyDelete