Throughout this book, we've been teaching you the fundamentals of using Splunk and building powerful analytics which can help an organization in a variety of ways. In this chapter, we will conclude our book with thoughts, concepts, and ideas to take this new knowledge ahead and apply to an organization.
You're reading from Splunk 7 Essentials - Third Edition
Common organizational use cases
Most organizations will start using Splunk in one of three areas: IT operations management, information security, or development operations (DevOps).
IT operations
IT operations have moved from predominantly being a cost center to also being a revenue center. Today, many of the world's oldest companies also make money based on IT services and/or systems. As a result, the delivery of these IT services must be monitored and, ideally, proactively remedied before failures occur. Ensuring that hardware such as servers, storage, and network devices are functioning properly via their log data is important. Organizations can also log and monitor mobile and browser-based software applications for...
Splunk architecture considerations
As an organization deploys Splunk, it will have specific requirements related to the architecture, its resiliency, and disaster recovery.
Splunk architecture for an organization
Usage, data volume, and criticality are the three biggest determinants of how much hardware you need in your Splunk environment. If you have large data volumes, a single server may not have enough processor capacity to index and provide searching together. Alternatively, consider the notion of installing Splunk on a single server. If that server were to fail, your Splunk application would fail along with it. If Splunk becomes a critical part of the organization, the cost of server failure may outweigh the costs of...
The Splunk community and online resources
When considering software for organizational purposes, it is important in today's world to consider online presence and community. Is the community very closed with little community fanfare or is it more open with significant online resources, documentation, and other community-based assets.
In addition to the great product, Splunk is also successful because it has a strong online community which is built, in large part, to help customers successfully implement the product for their needs.
The Splunk online community site can be a good starting point to help you tap into the following resources (https://www.splunk.com/en_us/community.html):
- SplunkBase: splunkbase.splunk.com provides Splunk apps and add-ons for you to consider based on your needs, as well as the sources of data in your organization. Premium Splunk-built apps such...
Summary
In this chapter, we saw how Splunk can be used at an organizational level for IT operations, cybersecurity, software development and support and the IoTs. We reviewed critical topics related to the planning of your Splunk infrastructure, including forwarders. We provided details for acquiring Splunk software through purchase and provided insights into the vast set of resources available through the Splunk online community.
We have enjoyed taking you through the first step in a very rewarding journey to use Splunk to benefit yourself or organization. You now have the skills and insights you need to take the product, explore its abilities with your data and build upon initial successes you may have.