Skip to main content
 
 
 
Splunk Lantern

Application data

 

Organizations employ a variety of commercial and custom, in-house built applications to help their operations run efficiently.

  • Application debug logs provide a record of program behavior that is necessary to identify and fix software defects, security vulnerabilities or performance bottlenecks. While test logs record the output results of application usage, debug logs provide information about an application’s internal state, including the contents of variables, memory buffers and registers; a detailed record of API calls; and even a step-by-step trace through a particular module or subroutine.
  • Telephony logs provide an overview of system health, along with troubleshooting and usage data similar to that of other network applications. Details include source, destination, time, and duration of voice/video calls, web conferences and text messages; call-quality metrics; error conditions; and user attendance at web conferences. Organizations can also link call records to actual user IDs and IP addresses to physical locations; information that can assist in troubleshooting and billing. Finally, logs can reveal any network segments experiencing congestion or other performance problems that may indicate equipment problems or the need for an upgrade.

  • VoIP logs provide troubleshooting and usage data similar to that of other network applications. Details include source, destination, time and duration of calls, call quality metrics, and any error conditions. Integrating VoIP source/destination records with an employee database such as AD or LDAP and a DHCP database allows linking call records to actual people and IP addresses to physical locations; information that can assist in troubleshooting and billing. 

  • Shared storage logs record overall system health, error conditions, and usage. Collectively, the information can alert operations teams to problems, the need for more capacity and performance bottlenecks. The data of this type is also used to understand access patterns to files and directories. These access patterns provide insight into performance of applications that are dependent on the storage.

  • Container logs are an efficient way to acquire logs generated by applications running inside a container. By utilizing logging drivers, output that is usually logged is redirected to another target. Since logging drivers start and stop when containers start and stop, this is the most effective way of capturing machine data, given the often limited lifespan of a container.  Container metrics contain details related to CPU, memory, I/O, and network metrics generated by a container. By capturing this data, you have the opportunity to spot specific containers that appear to consume more resources than others – enabling faster, more precise troubleshooting.

  • Structured Query Language (SQL) statements are the main interface in relational databases. SQL statements are used to create, read, update, and delete data in the database. Visibility into this activity enables you to do all of the following and more:

    • Detect and identify long running queries as candidates for optimization
    • Detect and identify slow queries as candidates for optimization
    • Monitor trends in query behavior for capacity and planning
    • Detect unauthorized data access 
    • Attest to compliance with data governance controls and rules

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: