Overview
The Application Platform Services team provides log management and operational intelligence capabilities via Splunk.
The Splunk product and application is capable of capturing, indexing and correlating real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. The services we provide include the following:
- Add data to Splunk
- Install Splunk applications
- Manage Splunk knowledge objects
- Other related services
How can I get it?
To request logs be added to Splunk, submit a Pegasus Ticket for a SPLUNK DATA REQUEST. Options for sourcing data include syslog, installing a forwarder on the server hosting the data, and other less common approaches.
Splunk extensions (called apps or add-ons) exist for integrating a variety of technologies with the Splunk environment. To request an application be installed, submit a Pegasus Ticket for a VUMC IT APS REQUEST.
Users with appropriate permissions are able to access logs and create Splunk knowledge objects. Requests to share knowledge objects with other users or groups can be made by submitting a Pegasus Ticket for VUMC IT APS REQUEST form. Shared knowledge objects must adhere to our Splunk Knowledge Object Naming Standards.
Power users are able to create alerts that invoke an email or Pegasus incident. To request that Splunk generate Pegasus tickets, submit a Pegasus Ticket to ESM specifying the Splunk index, source type, search query with a time range, CI, and scheduling frequency of alert.
The Pegasus CI for creating Splunk related incidents is “SPLUNK.”