![]() ![]() ![]() Do you then have the resources to actually build all of that in Splunk? How long would it take to actually recreate it all?.Do you then have the expertise to create all that in Splunk? The data sources, the indexes, the queries, the dashboards.Does your organisation have the expertise to know what data to collect from all the services that you need to observe?.Splunk core can take in metrics, traces and other event data so you could in theory build it all the observability you would ever want yourself but, and it is an absolutely massive but, consider: Your Splunk Observability instance to get data from your Splunk Cloud/Enterprise environment. Your Security/Event platform that is Splunk Enterprise/Cloud to listen to what Splunk Observability Says, or 2. Splunk does have an integration between the two, if you want either: 1. They have an entire product called Enterprise Security that takes advantage of the apps from various technologies that allow you to detect events that impact your security posture on a moments notice, especially in the zero-day situation where you need to know exactly who has what packages deployed for instance. It uses primarily the Universal Forwarder on the endpoint to get data in, but also supports a very wide variety of "Apps" within it's Splunkbase so someone could create their own method of getting data in if they choose via a URL webhook. Splunk Cloud/Enterprise has both an event-based index and a metrics index.Being a time-series based metric index it has incredibly high speed that can index down to the trace level for APM, but doesn't work well for the event based ideal in security use cases. It also allows for custom metrics to be brought in if you want to code it yourself, as well. Splunk Observability uses the Open Telemetry tech for getting a lot of data in, but also has integrations that bring metrics in from various technologies.Whereas Splunk Enterprise/Cloud has a highly configurable event index that is a natural fit for security and scenarios where you want any type of data in the system.Īnother way to look at it is how data gets into the system: Think of it like this: Splunk Observability has a high-speed metric index that is a natural fit for the ideals of total observability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |