Splunk, Data and CMDB’s
Gaining meaningful visibility over your IT infrastructure can be challenging. With multiple applications – such as New Relic, Solar Winds and ServiceNow to name a few – gathering information into a centralized location is critical to understanding the state of your enterprise.
Executives don’t want to spend time reading lengthy reports from different departments, where each department has to spend time collecting historical data about the systems that they manage.
Automating this process to allow everyone to see the state of world through colloborative data searches with multiple lenses is hugely beneficial. Technical Systems Managers should be able to view and action problems with compliance in real time, by collecting data into a single dashboard.
The first major challenge is on-boarding from the multiple and various applications into a single location. This can add up to hundreds of gigabytes of data every day but is well worth it. Once the data starts flowing, there’s no limit to what you can accomplish with it. Being able to search your data quickly and efficiently will prove invaluable. If you already collect all of this application data into a single location, then all the more reason to do this sooner.
The next step in this process is to enrich your data. Having an up to date CMDB is vital for any company of any size. It allows you to understand what infrastructure you have and, more importantly, who is in charge of it. Being able to marry up these application data sources with your CMDB will allow you to quickly engage with rectifying the issues that come out searching your data.
Mapping your CMDB to application data will also allow you work the other way. It will help to show you what systems are connected to your business that aren’t in your CMDB. This can be invaluable for threat detection (rogue machines) and new hardware that has not followed the proper procedures for being on-boarded into the company. For example, if your patch management picks up data from hardware that is not in your CMDB, surely it would be better locate this machine with a high priority in-case it shouldn’t be there.
Once you have all of your data enriched, generating metrics from this can be a computationally expensive task. Now, I don’t know about you but from my experience, executives don’t want to see a giant table with lots of columns showing too much information.
They want to see metrics – a select few numbers that try and represent all of the noise that’s making everything work in the background. This is going to involve condensing all of those beautiful tables into something little more bite-sized. And colours wouldn’t go a miss either.
The problem with this lies with being able to search through such a large volume of data. It can make viewing any dashboard so slow you won’t bother to look at it – All that hard work nothing. But how real time do you really need this?
Is your CMDB really going to change every 5 minutes? How often do your applications scan your systems? Running background searches and saving this data at regular intervals is the key to making all of this possible. It will allow you to show 10+ application’s data on a single page. The data will still be up to date and the reports produced will still be automated.
What about investigations and actioning?
Well, you already have those beautiful tables. Take your executive’s dashboards, create drilldowns for each metric and make filters so you can really get the granularity you want and be able to deal with the part of the data that is your responsibility. This means that if the boss really wants to see what’s behind the metrics, they still have that option.
This can theoretically be scaled to any number of applications that you want to show. It all depends on the what your executives are really interested in, and the size of their screen.
Find out more about our Splunk Consultants
See how we can build your digital capability,
call us on +44(0)845 226 3351 or send us an email…