2014 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Building a Splunk-Based Lumber Mill: Turning a Bunch of Logs into Useful Products

Time 10/28/14 03:30PM-04:15PM

Room White River Ballroom E-F

We do not host flash-based video files on our servers anymore. Please contact Web Support for further details about netcast videos.

Session Abstract

Regardless of the size of the organization or the particular type, you have log data. This may include network operations, IT operations, security, or even educational/business/scientific data.

Those of us who are lucky enough to be able to collect this data centrally are then stuck with the monumental task of trying to actually find the important insights from within all of that information. The University of Illinois at Urbana-Champaign is utilizing a combination of Splunk and rsyslog to make this herculean task quite a bit more manageable.

This presentation will cover:
- A very brief description of the central logging environment implemented at the University of Illinois (to assist with understanding how all of this was integrated with the existing systems)
- A more detailed discussion of the architecture of a reliable Splunk deployment and how to integrate that with an existing log management ecosystem.
- How we've used Splunk to turn hundreds of gigabytes of logs per day into actual useful data including metrics.
- How to use the value that Splunk adds to the data analysis process as a positive feedback loop for expanding your existing central logging environment.
- Lessons learned from a (relatively) large Splunk deployment.

Interim CISO Joseph Barnes will be present to discuss the administrative challenges faced during the deployment and purchasing process.

Note: Though no live demonstration will be presented, plenty of screenshots of actual (pre-sanitized) data will be utilized and configuration snippets will be made available to assist others who would like to create a similar setup.


Speaker Robert Bregant II University of Illinois - Urbana-Champaign

Presentation Media

media item thumbnail Building a Splunk-based Lumber Mill

Speaker Robert Bregant II University of Illinois - Urbana-Champaign

Primary track Security

Secondary tracks Advanced Networking/Joint Techs

platinum Sponsors

gold Sponsors

silver Sponsors

bronze Sponsors

supporter Sponsors