Topics

n00b Question

jamie.orzechowski@...
 

I am a long time Splunk user and don't plan on migrating away from it.  I haven't been able to understand yet if Splunk could be a used as a datasource to drive Grafana dashboards?  is this possible, if so can someone point me in the right direction?

Caleb Call
 

Currently, we pull data from splunk via the api and push it in to graphite.  I don’t see how it could be a data source since it’s not a tsdb.  Would be cool if it could be a data source though.


On Mar 25, 2016, at 8:21 AM, jamie.orzechowski@... wrote:

I am a long time Splunk user and don't plan on migrating away from it.  I haven't been able to understand yet if Splunk could be a used as a datasource to drive Grafana dashboards?  is this possible, if so can someone point me in the right direction?


Robert Frey
 
Edited

Splunk works great for schema-less machine data, grafana is designed to visualize metric data. Metric data can generally be classified as key value pairs with floating point values. You could potentially push/pull metric data from Splunk (most likely by executing searches against the api that return metric data) into a grafana supported back end to integrate the two but Splunk itself is not a supported datasource for grafana at this time. Typically you would want to push metric data directly to a supported grafana data source in lieu of Splunk though (to save on Splunk licensing which is VERY expensive). Supported datasources include the Graphite ecosystem (including Cassandra based kairosdb and cyanite), influxdb, opentsdb, and recently elasticsearch (among others). If you are going to pull metric data from Splunk and publish it to abother back end that grafana can leverage (again not very cost efficient) it conceptually is no different than creating a metrics filter for log data in AWS cloudwatch for example (which also happens to be a supported datasource in grafana). Welcome to the world of opensource monitoring, I am sure if you take the time to evaluate and implement an opensource monitoring stack correctly you will save a ton of money in the process. PS Kibana 4.4 has come a long way from previous releases in a very short amount of time, if you haven't looked at ELK lately it's time to take another look. I still work with Splunk on a daily basis but I also, for example, monitor Splunk APM metrics (gathered from the Splunk introspection API via Sensu and relayed to Graphite which are then displayed in Grafana) in conjunction with a host of other metrics gathered from the hardware, virtualization, operating system and app/service layers on a platform that utilizes an openstack private cloud. Splunk is an expensive way to solve all your problems, you should use it sparingly.