Splunk

Description

Splunk - a platform for collecting machine data (log-files) from physical, virtual and cloud environments, with subsequent storage, processing and analysis. As a result of indexing the data and converting it into a "key - value" format, the data becomes available for analysis through a web interface. In most cases, the program distributes the input data into fields, with their further processing.

The process is carried out using spl queries, which allows you to build a variety of tables and samples, create reports, dashboards, build computational fields, work with internal and external directories.

The flexibility of the product is ensured by the fact that the product does not use any predefined scheme of processing log-files, but instead focuses on working with arbitrary formats of system data logs.

Splunk allows you to analyze data both in real time and pull data from archives, so that later with the help of visualization allows you to generate reports and Alert for information security analysts.