Independent Study of Splunk

The paper’s objective is to easily search data and integrate all data sources or tools into one place for people to identify issues in visualizable ways based on correlating multiple data sources. On the other hand, we would use Splunk to build customized dashboards depending on critical success factors (CSF) and critical-to-quality (CTQ) from a single “pane of glass” that gives us a powerful search engine in root cause analysis, data analytics, and integration of multiple logs. In the paper, we introduce various methods to integrate all data sources or tools into one place for authorized users to access and view all of them from a single screen. Typical dashboards are designed based on monitoring log files, viewing the trend of hung threads of a server, or tracking recent changes and critical incidents. Furthermore, we offer customizable dashboard functionality for different technical departments to smoothly work on their complex daily tasks. To analyze huge data results from the Splunk searching tool, we could annotate the data stream with metadata keys including host, server, source, source type, and index. However, some limitations and disadvantages are in the Splunk tool. Therefore, we provide different scenarios that could make Splunk run slowly. Then, we not only discuss what root causes exist in Splunk itself or inside of companies themselves but also describe what aspects of Splunk still need to be improved. Finally, we could take advantage of Splunk to build various functional dashboards to get a quick view of overall system health, application performance, and end-user ramifications for fulfilling business purposes. Additionally, we summarize beneficiations using Splunk and discuss current related works on Splunk tool.