QUESTION & ANSWER

Splunk + Nagios = quick data center troubleshooting

By Jan Stafford 13 Feb 2006 | SearchOpenSource.com

Digg This!     StumbleUpon     Del.icio.us

San Francisco-based Splunk recently announced its partnership with Nagios Project, the development team behind the popular systems management host and service monitor, and Nagios creator Ethan Galstad. Just prior to the announcement, Baum and Patrick McGovern, Splunk's chief community Splunker, spoke with TechTarget about Splunk, Nagios and why data center management and troubleshooting is so difficult.

What is your 30-second description of Splunk?
Michael Baum: "Splunk," of course, is a play on spelunking, where you are dropping into a cave with your light on and looking around. Splunking is where you drop into your IT data center and look around.

Nagios shows the flashing red light, and Splunk provides the troubleshooting tools that take them to cause of that flashing light, so to speak. Patrick McGovern Chief Community Splunker, Splunk

There are a lot of tools that give you fancy dashboards of services. But, generally, tools available now to diagnose the problems in today's complex data centers have become very brutal and try to take the intelligence away from the system administrator.

Splunk allows the system administrator to surf their IT data just like they surf the Web. So, if one has an issue and thinks there may be a problem with system number 123, one can start there; do queries and different types of complex searches to be able to find out. Then, you are able to graphically search down into the different tiers and be able to find out more about the problem.

Splunk is not a magic potion that just fixes your system. It allows people to fix their systems faster.

Why is IT troubleshooting so challenging?
Baum: The underlying root problem is too much complexity.

In a presentation that I give to Linux users groups, I have a slide that says: 'In the beginning, there was the mainframe, and it was good.' I show a picture of a giant computer with an on-off switch. Then I show a picture of a rack of servers and a data center with racks and racks of servers.

Now, think of this: Companies have dozens to thousands of servers stacked up in racks. Just one of those servers could be processing data that comes in from a thousand different sources. Think about a mail server and the tremendous amount of services that are going to create all of these different log entries. Now, that is just one machine. In a data center, the amount of log information that you need to sift through to resolve situations becomes very unmanageable very quickly.

Then, you have all these different systems that have to communicate together. There are a lot of different services to sort through. You have to see inside the different operating systems that are running simultaneously, each with their own format. You have people yanking out machines in the data center and putting new ones in and updating old ones. You're doing backup exactly at the same time a query is happening. Of course, all of these things are generating log information. It is a very complex situation.

So, if you ask a sys admin how he troubleshoots today, he'll say: 'Well, I have 200 machines, and I think that machine number 17 has a problem. So, I will look around; go through log files where I'm trying to diagnose what is going on. Oftentimes, it is not that machine -- it is one or two machines nearby that are causing that machine to fail. But I've had to spend a lot of time troubleshooting the machine that is having the problem, not the ones that are causing trouble.

Splunk sees all that unstructured data that is time-based and takes in that data at real time, whether there are systems being added or systems being yanked out. Splunk indexes all of the different data from all of the different tiers and services.

From the response to our articles about Nagios, I've learned it's well-respected by sys admins. What does Nagios bring to Splunk's product?
Patrick McGovern: If Nagios notices that something is wrong, then the sys admin can click a button, search their IT data, determine whether the problem resides in a log file or somewhere else, and see very quickly what is going on.

Nagios does have a great installed base; Nagios users can use Splunk to troubleshoot the tons of log files that they have to deal with on a regular basis. Nagios shows the flashing red light, and Splunk provides the troubleshooting tools that take them to cause of that flashing light, so to speak. It is going to be a tremendous win for both sides.

Beyond Nagios, are there other open source tools that may be added to Splunk's troubleshooting tools?
McGovern:: When I ran Sourceforge.net for five years, I watched it go from 500 to over 100,000 open source projects. I saw firsthand the software that gets generated when a lot of passionate people get together and want to solve a problem. So, there is a lot of fantastic software out there, such as Nagios. There are a lot of possibilities. Our ability to work closely in an open source community is a big win.

As a commercial vendor, how does Splunk draw the line between its free, open source products and commercial products?
McGovern:: We have two products out today. One is the Splunk Server that server is freely downloadable off our Web site. Anyone who wants to troubleshoot their data center can use it. The free product is a very simple inside, and in five minutes you can Splunk your data.

Splunk Professional has all of the things that the free product has, but it also has enterprise-class support, as well as functionality and features, such as the ability to search data from a number of different places and have multiple indexes of information. It also has live Splunk, where you can do searches on a regular basis be paged if something happens.

This article originally appeared on SearchOpenSource.com.

Tags: Network Monitoring,  Network Performance Management,  Network Management Software, Tools and Utilities,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Monitoring Meru reinvents wireless LAN troubleshooting and management Green enterprise: Three networking investments that make a difference Network device management overload: Engineers managing too many boxes What preventative maintenance procedures for network devices exist? WLAN QoS and SLA monitoring with 7/24 Wireless Quality Assurance costs How important are network infrastructure maps for engineers or admins? Understand Windows tracert output to troubleshoot network connectivity Network management and monitoring market remains crowded, fragmented When do applications suffer from poor network performance? Xangati help desk 'DVR' feature speeds up trouble ticketing resolution Network Monitoring Research Network Performance Management Desktop virtualization network challenges: A primer Green enterprise: Three networking investments that make a difference Storage area networks change management primer CA-NetQoS deal: Network management = application performance Virtualization change and configuration management primer Network change and configuration management primer Distributed network management means no more hard NOCs WLAN QoS and SLA monitoring with 7/24 Wireless Quality Assurance costs Network management from a service-based perspective Application switch testing: An easy RFP guide Network Management Software, Tools and Utilities Network automation lags general IT process automation for now How can I calculate perimeter firewall throughput? Where can I find a wire driver that unblocks recognized passwords? What network loss testing tools/methods calculate dropped packets from a PC? Network user management Green enterprise: Three networking investments that make a difference Dynamic policy ensures faster, safer network for school district Storage area networks change management primer CA-NetQoS deal: Network management = application performance Virtualization change and configuration management primer

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 10-high-day busy period  (SearchNetworking.com) ACK  (SearchNetworking.com) baseboard management controller  (SearchNetworking.com) call failure rate  (SearchNetworking.com) jam  (SearchNetworking.com) Jini  (SearchNetworking.com) maximum segment size  (SearchNetworking.com) maximum transmission unit  (SearchNetworking.com) netstat  (SearchNetworking.com) network tracking tool  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary