Recovering lost visibility of IT infrastructure
A malware attack has forced you to shut down your IT infrastructure monitoring software in order to protect your assets. Now, you need to recover the lost visibility into the health and operations of your infrastructure. Because you already have a Splunk and universal forwarder deployed to your critical infrastructure, you know you can use Splunk to get the information you need.
Data required
How to use Splunk software for this use case
You can run many searches with Splunk software to recover lost visibility of IT infrastructure. Depending on what information you have available, you might find it useful to identify some or all of the following on your hosts:
You might also find it useful to identify some or all of the following on your networks:
- Inventory of devices reporting network data
- Network device down
- Problems with a specific network device
Check out the Splunk IT Essentials Learn app which contains a large library of use cases and out of the box searches you can use to gain greater visibility into your IT Applications and Infrastructure.
Next steps
You can use the results of these searches to collect, visualize, and monitor host infrastructure, as well as to expand monitoring to include applications.
Splunk software can also take on syslog and SNMP capabilities that you may have lost. Redirecting syslog traffic and SNMP data to Splunk software for further analysis can be one of the quickest ways to reestablish data flow and regain basic visibility.
These additional Splunk resources might help you understand and implement this specific use case:
- Demo: Getting data in for Linux, Windows, and Cisco in Splunk Cloud
- Blog: Splunk Connect for Syslog: Turnkey and scalable