The Art of Fencing and its Relation to PLM
In ancient Japan the first stage of fencing training was to develop the ability to respond instantly without thinking. Similarly, the first step in monitoring and troubleshooting Agile PLM is developing the ability to quickly make sense of log files. The fencer’s objective required arduous training. Ours can be achieved with just the application of a free tool and a little practice. We’ll cover the basics of using Splunk to help administer your Agile PLM system in this article, and start you down the path to Black Belt mastery of your log files.
Log files are the best and often the only means of quickly giving you an overview of what is happening in your system and where. The ability to make sense of log files corresponds to the fencer’s ability to defend himself in armed combat. Without the right tools, log files can be difficult to use. Splunk is designed to make them easier to use. Aggregating the vast amounts of log data and focusing on important events can be terrifically hard to do. You can get bogged down and lose valuable time. Splunk can cut that time down to a fraction. During a service related event, time is crucial and time equals money.
The fencers learned to respond instantly in a novel way. While doing the janitorial chores of the apprenticeship, they would constantly be under the threat of attack by the master with a practice sword. These practice swords, made of strips of bamboo bundled together, while not deadly, could still give quite a thrashing. Likewise, downtime in your PLM environment may not kill you, but it will hurt like nobody’s business if it goes on too long.
For instance, in the middle of cleaning a cooking pot, the master might leap from behind a wall, and the apprentice would be expected to defend themselves with the cookingpot.
The apprentice begin to focus on predicting the next attack and how to defend against it. Preoccupied and planning their next move, they’ll be even more vulnerable. If you’re mired in log files and something else critical comes up, you’re going to wish you were being hit over the head with bamboo instead.
Finally, the apprentice gives up. They say “I’m doomed, no matter what I do, I end up getting hit, so I might as well not try at all.” When he has given up, can he begin to react to the actual attacks, rather than his assumptions about where the attack will come from. In this way, he will develop the ability to effortlessly and spontaneously defend himself. When you’ve economized use of the log files, your attention and focus will be freed up to see the big picture as well.
Fortunately, the ability to effortlessly troubleshoot an Agile PLM system does not hinge upon years of apprenticeship with an ornery sword master. Experience and expertise play their part, but simply learning to harness the power of Splunk will take you a long way.
Where to get Splunk
Splunk is available in a free and a paid version from http://www.splunk.com. For our purposes, the free version is great. But, the paid “Enterprise” version offers additional features that can be useful when managing multiple Agile PLM environments or remote environments. Splunk is available for Windows (32 bit and 64 bit), Linux, Solaris, OS X, FreeBSD, AIX and HP-UX. Functionality is the same across all versions but here I’ll focus on Windows.
Installation
Installing Splunk is easy using the pre-built installations available from the web site. Installation details can be found here (add a hyperlink with the link below). http://docs.splunk.com/Documentation/Splunk(c)/5.0.4/Installation/Chooseyourplatform .
Setup
A new Splunk install needs only a few configuration changes to begin being functional:
- Change admin password: Splunk will force a password change on the first use.
- Data: Add some local log files to get started. You can add network log systems as well.
Some Agile specifics
After you login to Splunk (and change the password), you can start adding log files for indexing.The first time you start Splunk you will be presented with this welcome screen.Select Add Data to begin adding log files for indexing.
Select Preview data before indexing and then browse to your log file.
Select the log file and click on Continue:
Select Apply an existing source type and select log4j from the drop-down:
If the log file appears correctly, select Continue:
After selecting Continue you can apply other options, however, the defaults work well for Agile log files:
Add the rest of your Agile logs and then select Start searching:
Now that you have some files indexed, you can start searching for events across all of the log files. For instance, you can search for “warning”.
You can search by keywords or event types and filter the events by time, such as in this example showing events from the last 60 minutes. As you can see in this example, Splunk has aggregated events that occurred in the same time period from different logs.
Final Note
Splunk is at its best when you're searching for specific event types (such as JVM memory errors) during a certain time span. In this article we demonstrated howSplunk could turn you into an Agile Samurai working with just one server. But,this toolis much more useful when leveraged to troubleshoot a cluster of servers and track down an error that could have occurred anywhere. In that case Splunk multiplies your effort and the benefit of your expertise. It's available as a free tool and worth taking the time to become familiar with. If you want to become a master of The Art of Log Files.