Splunk

Cisco has bought Splunk amid much fanfare, representing a massive investment. Why has Cisco bought Splunk and how can it help your business? Let’s take a look.

ASSOCIATED BLOGS:

• Meraki Cloud Wi-Fi
• Cisco Meraki Wireless Overview
• Meraki Switching
• Meraki
• Perpetual POE

What is Splunk?

At the most basic level, Splunk is an engine to ingest data. Most businesses connect to a range of devices and use a wealth of applications. They also have advanced security tools along with physical appliances and equipment and cloud-based services.

Most of these systems produce log data – and of course its all in different formats. This means you need a tool that can ingest the base, raw data – but then needs to be able to make sense of that data and provide some sort of useful insights.

The data is sometimes structured, sometimes unstructured. It all needs to be stored and analysed.

The Splunk platform (the first layer in the image the image below), is the engine is the engine that takes in all that data and allows higher layers of processing. The image below (from Splunk) shows the concept:

Above that engine, applications are able to analyse the data and provide insights – and being Cisco, there’s other Cisco tools, such as AppDynamics that can provide specialised feedback on specific datasets – in this case for applications.

ASSOCIATED BLOGS:

• Thousand Eyes Managed Services
• Cisco SDA Architecture
• Cisco DNA Center Enablement
• xFSU - Extended Fast Upgrade

Splunk Advantages

The case for Splunk is multi-pronged, but the most obvious is very simple: multiple teams tend to end up using the same data, but for different purposes.

This leads to overlap where logfiles and telemetry are sent to more than one location, to be analysed by multiple end applications.

That’s a lot of duplication of cost and effort to support those systems, as well as extra bandwidth used and more load on the system sending the data.

The Splunk Platform stores that data and allows those multiple end applications to access it – no more multiple streams of the same data being send to duplicated data repositories.

This leads us to another major advantage. With Spunk ingesting all that data from a variety of sources, it means the data picture is much fuller – quite simply, with more access to a wider data set, you have multiple touch points and the analysis can be better.

Splunk excels at:

• Application Monitoring: How are the applications your teams rely on actually performing
• Infrastructure Monitoring: Is all that networking equipment, including your network security, working as expected?
• Digital Experience Monitoring: How does the network look to your end users – is it serving their needs?

ASSOCIATED BLOGS:

• Meraki Site-Site VPN
• Meraki Managed Service
  

Observability Use Cases

Installing and using Splunk can be considered a journey – a journey of discovery into how your network is operating, supporting your users and workflows – and what might be the next thing to go wrong, that you can attend to now.

The image below shows the journey, which we’ll explore a bit more:

• Foundational Visibility: This is all about starting the journey to capture the key data in your environment. You can’t fault find and produce insights unless you have this visibility, to the journey starts here
• Guided Insights: At this stage, there will be a large number of insights starting to be produced as the amount of data gathered starts to build the picture. The aim at this stage of the journey is to prioritise actions, detections and investigations – start focusing in on what is happening and get to grips with alert storms, so you can see the full picture
• Proactive Response: reducing the time spent on manual responses. In het stage above, a baseline of alert handling was established and at this stage, it's about automation and moving up to detecting and handling complex threats and issues
• Unified Workflows: This is moving into the BAU stage and standardising response protocols to events, threats and issues, as well and incremental system improvements

ASSOCIATED BLOGS:

• Cisco DNA Center Assurance
• 5 Ways DNA Center Solves your Challenges

Splunk: Summary

The aim of this blog was to provide a very high-level introduction into what Splunk is – and how it can help your business.

In a nutshell, Splunk is all about storing data (structured and unstructured, as we noted above), in a database.

The database can then be analysed and based upon this, events, issues and threats can be alerted on and remediated.

A lot of duplication occurs in companies with different teams needing data for different reasons – and Splunk gets rid of that duplication, as well as adding the best of breed analysis on top of the data.

In the end it means you will have a lot more visibility into what is occurring on your network and with your applications – and the main aim is to ensure your user experience is top notch. If it's not – you will have the exact data to work out and resolve the issues.

That’s if you’ve not spotted it before it actually became an issue – which is the gold standard of network monitoring.

ASSOCIATED BLOGS:

• Cisco Meraki Access Points
• Cisco Meraki Switching
• Meraki Made Simple