Splunk tagged posts

August 31, 2019 Posted in Blogs, ECM, ESX, IT Infrastructure, Performance, SQL Server

One of my banking clients has a large SQL Server farm which hosts support data. Another client uses SharePoint as ECM (Enterprise Content Management) system which relies on underneath SQL Server farm. Both are dependent on the infrastructure operating 24*7*365, both have strong needs to monitor the performance of SQL Server farm.

Let’s see how to build performance monitoring layers for a SQL Server farm. Though this might not be the best approach, it can be a great reference based on technical implementation feasibility under existing IT environment.

A picture is worth a thousand words. Let’s assume that we utilize NetApp as storage, VMware ESXi (vs. Hyper-V) as bare-metal OS. The guest OS is Windows Servers on which SQL Server instances run. As illustrated, scale-out (vs...

June 29, 2015 Posted in Blogs

Splunk Enterprise is a popular solution for the operational intelligence for data center. The name of Splunk comes from ‘spelunking’ because the founders of Splunk feel understanding machine data is like spelunking in cold cave.

The way that Splunk Enterprise works is to collect syslogs and event logs from all network devices, Windows and Linux machines, etc., then build up time series based index data files as the search source. Splunk instances include Search Head, Search Peer (Indexer) and Forwarder.

In a data center, the log files keep growing all the time. In order to make Splunk index these files efficiently, to make proper capacity planning is significant. Below is the formula to do capacity planning for Splunk:

(Daily average indexing rate) * (Index Replication Count) * (retenti...