Splunk? or?

Started by Dieselboy, July 03, 2023, 07:02:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Dieselboy

July 03, 2023, 07:02:29 AM
Looking for an open source component to collect telemetry from network devices + everywhere. Does it exist? Seems like I need separate systems for network and then OS-based and container based.

https://www.sdxcentral.com/articles/news/cisco-aims-for-full-stack-observability-with-opentelemetry/2023/05/

https://techblog.cisco.com/blog/getting-started-with-opentelemetry

https://www.cisco.com/c/en/us/solutions/collateral/enterprise/design-zone-security/telemetry-architecture-guide.html


Splunk does a free 14 day trial, might check it out but wanted something I could play with more long term.

icecream-guy

#1
July 04, 2023, 07:50:37 AM
Splunk is just a log aggregator with programmable search functions which allows one to create dashboards to make sense of the logged data.
it doesn't really collect anything from anywhere. I supposed one could use SNMP Get. to collet data from network devices, and put into Splunk  Splunk charges by the log volume, and Cisco Thousand Eyes isn't cheap either, the Fed team, where i am has been trying to setup Thousand Eyes for months.
:professorcat:

My Moral Fibers have been cut.

deanwebb

#2
July 05, 2023, 08:45:22 AM
There are some other Splunk-ternatives like Elastic and Gravwell, I'd check those out. They aim themselves at beating Splunk on features and price.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Dieselboy

#3
July 12, 2023, 02:23:27 AM
Thanks... I didnt want just another log aggregator unless there were smarts to actually do something with the data. I have a home lab, so even there it would be a lot of data for one person.

I had been looking at Salesforce's LogAI last weekend.. Seems like it might be useful for doing something with that data but I hit a couple of snags when I tried to load in sample Windows log. First being, need to configure a .json to match on the log sections (why can't the AI do that) and second, probably because my .json was not exactly as required, the code was erroring out later on. It's only provided from salesforce for research purposes, it's not a polished/finished product.

Azure has models available over API so might try those out. Should then be able to use powerBI for visualisation.
Print
Go Up Pages1
User actions