SPLUNK
Architecture:
Splunk is Log aggregation software that indexes the data that comes in from multiple channels which gets indexed into appropriate fields. This will allow you to query on top of the datasets in order to gather insight on your IT infrastructure so that you are able to troubleshoot incidents and problems extremely quickly from the log information of your machines.
You can gather multiple sources of log information or any type of data and send it to Splunk.
This is done by installing a Splunk agent that runs as a background daemon that periodically ship the data to the Splunk Server and from the server, will index the data and will allow your web browser interface to query and interact with the data in various ways.
This allows IT staff to troubleshoot incidents fairly quickly by inputting search queries that will allow you to cross-correlate from multiple data sources and 1) cross-correlate, 2) do predictive analytics to see if there are any patterns and 3) pattern recognition.
You can create alerts and monitor certain machines.
You can create custom desktops and visualizations.
Splunk is a high performance, scalable software server written in C/C++ and Python.
ex