Scenario: As a storage engineer you need to monitor your Dell Isilon storage clusters to keep track of capacity utilization and make sure users have access to what they need. Since you have several Isilon clusters, you want to consolidate all the Isilon activity logs into one place for capacity planning and troubleshooting. You want to use Splunk for that purpose.
How Splunk software can help
You can use Splunk software to understand key metrics related to your Dell Isilon NAS, including CPU utilization and cluster throughput. You can also watch for anomalies, such as user access failures and other events of interest shown in audit logs.
What you need
To succeed in implementing this use case, you need the following dependencies, resources, and information.
Managing Dell Isilon network attached storage using Splunk software can take less than one hour to set up.
The following technologies, data, and integrations are useful in successfully implementing this use case:
- Splunk Enterprise or Splunk Cloud
- Dell EMC Isilon Add-on for Splunk Enterprise
- Dell EMC Isilon App for Splunk Enterprise
- Splunk Heavy Forwarder
- Isilon NAS Cluster
- Data sources on boarded
- Storage device data
In addition, if you use syslog to send the Isilon data, Splunk's recommendation is to use a syslog server. You may have syslog infrastructure already in place.
How to use Splunk software for this use case
You can run many searches with Splunk software to manage Dell Isilon network attached storage. Depending on what information you have available, you might find it useful to identify some or all of the following:
- Capacity utilization runway in Dell Isilon NAS
- Cluster throughput in Dell Isilon NAS
- CPU utilization calendar for Dell Isilon NAS
- Top audit failures by user in Dell Isilon NAS
Other steps you can take
To maximize their benefit, the how-to articles linked in the previous section likely need to tie into existing processes at your organization or become new standard processes. These processes commonly impact success with this use case:
- Storage monitoring in the NOC
- Capacity planning
- Compliance and audit reporting for security
This use case is also included in the IT Essentials Learn app, which provides more information about how to implement the use case successfully in your IT maturity journey. In addition, these Splunk resources might help you understand and implement this use case:
- Conf talk: Splunk for IT ops: A storage perspective
- Conf talk: Master the dark arts: Demystifying Splunk architecture
- Blog: Thoughts on Splunking storage data
How to assess your results
Measuring impact and benefit is critical to assessing the value of IT operations. The following are example metrics that can be useful to monitor when implementing this use case:
- Throughput for file system and network
- Event rate by event type, such as read, write, getAttr, rename, and setAttr
- Number of locked and blocked nodes
- Cache hit and miss rates
- Number of operations over time
- Number of client connections