VIAVI is investigating an integration between Splunk and Apex. So the question is, what problem would you want to solve with Splunk that would be easier to solve with integrating data from Apex?
At a minimum, I’d envision that as just sending threshold alerts up to ServiceNow. Ultimately it would also be good if it could also include a link to download a .pcapng or .bfr file of the packets that led to the threshold exception or even a link to the Connection Dynamics view of the event conditions. (From one of our customers)
To start what's in the Apex logs. Define Apex application log files and directories to monitor - file monitor destinations. Ingest this log data into Splunk for searches, alerts, statistics and dashboards.
That feedback about ServiceNow sounds familiar David. :)
As for the Splunk/Apex integration, it really depends on how Splunk is being used. It's such a versatile tool, and it seems like everyone uses it slightly differently. If Splunk is ingesting data primarily to normalize it and send it over to a SIEM then the existing syslog capabilities of Apex are sufficient. If Splunk is being used for metric dashboards, reporting, capacity planning, etc., then shipping performance metrics and EUE scores would be useful. If Splunk ITSI is in use then the metrics along with threshold alarms would be useful.
For the purposes of my specific company, the syslog capabilities are serving their purpose. There may be some appetite for ingesting metric data in to Splunk, but we're actually going to research using the Apex API to see if it would make sense to feed those metrics in to SL1 instead. As for threshold alarms, we'd much rather see development on a ServiceNow Event/Incident integration.
At a minimum, I’d envision that as just sending threshold alerts up to ServiceNow. Ultimately it would also be good if it could also include a link to download a .pcapng or .bfr file of the packets that led to the threshold exception or even a link to the Connection Dynamics view of the event conditions. (From one of our customers)
To start what's in the Apex logs. Define Apex application log files and directories to monitor - file monitor destinations. Ingest this log data into Splunk for searches, alerts, statistics and dashboards.
Thanks for the feedback Paul!
That feedback about ServiceNow sounds familiar David. :)
As for the Splunk/Apex integration, it really depends on how Splunk is being used. It's such a versatile tool, and it seems like everyone uses it slightly differently. If Splunk is ingesting data primarily to normalize it and send it over to a SIEM then the existing syslog capabilities of Apex are sufficient. If Splunk is being used for metric dashboards, reporting, capacity planning, etc., then shipping performance metrics and EUE scores would be useful. If Splunk ITSI is in use then the metrics along with threshold alarms would be useful.
For the purposes of my specific company, the syslog capabilities are serving their purpose. There may be some appetite for ingesting metric data in to Splunk, but we're actually going to research using the Apex API to see if it would make sense to feed those metrics in to SL1 instead. As for threshold alarms, we'd much rather see development on a ServiceNow Event/Incident integration.
Thanks for your feedback Josh! Have a great weekend!
Please log in or sign up to comment.