Basic troubleshooting with Splunk
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Basic troubleshooting with Splunk
The Splunk GUI is designed to help you pinpoint problems across your deployment, even when you aren't certain what you are looking for. You can visualize data using the timeline and field histograms, add and remove search terms with a click, and zoom into the small time span where trouble happened.
This walkthrough shows how you might use Splunk to troubleshoot a simple problem. It uses the setup outlined in About the walkthrough setup. This is a multi-tier application that allows phone subscribers to activate and manage their accounts over the web, with servers spread across three domains in three different regions of the United States. Your logs include web logs, J2EE logs, API logs, and database error logs.
You now have a situation where a customer has called support and says they just tried to activate an account, but were unable to do so. The only information you have is the customer's account number and the approximate time they attempted to activate the account. With Splunk, you can find the problem across logs and drill down into the exact time that it happened to find the root cause.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.