Our Use Case PDFs and blog images are only available in German. If you are interested in further information, we are happy to assist you personally. Please don’t hesitate to contact us directly.
Get the PDF for download here: Log Analysis | Monitoring Text and Output Management System
1. The Initial Situation
NetDescribe was initially commissioned to design and implement the logging and evaluation of logs for a new text and output management system based on Splunk.
The goal was data consolidation for efficient system control through error detection, analysis of throughput times, etc.
What is a text and output management system?
A text and output management system is a system for generating individual and machine correspondence up to the output of these to various output channels such as local printers, printing lines, printing service providers, web portals, fax, e-mail, document archives. Areas of application include mass printing, interactive correspondence, forms, central and decentralized printing.
These systems consist of various individual components that store information in their log files or databases.
Looking ahead, process integration can be extended across all of a company’s business processes, including resource planning, product lifecycles, engineering, office, etc. One advantage is the increased synergy between the individual areas.
New approaches in this area aim to bundle all output processes in the company into a central system. Here, all system environments, different input formats, as well as all output channels such as print, web, archive, etc. are to be integrated.
With Splunk’s solution, this information should be consolidated and evaluated in order to be able to analyze error states, for example.
The First Step to Efficient Monitoring: Evaluation and Analysis of all Machine Data!
What is often lacking is data-driven insights for comprehensive visibility and rapid detection of changes, deviations from defined processes, attacks, errors and other threats in an IT landscape.
At the top of the companies’ wish list:
- end-to-end transparency in all your environments,
- fast error and threat detection,
- efficient investigations,
- an open and scalable system that can be integrated into individual structures and
- analyses available at any time according to individualised requirements.
2. The Use Case
Our customer has been ensuring IT operations for 17,000 users of health insurance companies in Saxony, Thuringia and Bavaria since 2008. The core task is to drive the transformation at the health insurance companies with all their might. The range of services extends from innovation and consulting, the organisation and realisation of tailor-made solutions, the complete operation of the technical systems to support in order to support the health insurance companies in achieving their goals.
The company’s goal was the clear traceability of its documents, the analysis of throughput times and dwell times, and the installation of a system for monitoring and diagnosing its industry-specific IT solution.
The Solution from NetDescribe
The use of Splunk Enterprise enables companies to consistently monitor, evaluate and visualise distributed data centrally via log analysis. Valuable insights from the machine data are thus provided.
Correlation rules and reports are created to immediately identify irregularities and threats and automatically detect areas with violations.
Of particular value to our customer was the central view of their entire IT environment on a single user interface, as well as the ability to perform ad hoc searches in addition to the standard reporting portfolio, in order to obtain quick answers to deviations from the defined process.
3. The Implementation
After the order was placed, the data sources were identified as part of a kick-off workshop:
- JBoss logs (Linux: app server)
- SFTP (Linux: app server)
- as well as other application logs
- MtextClient (800 – 900 terminal servers)
At the same time, the priorities for the various use cases were
- Tracking of documents via unique ID across all systems (for error analysis)
- Throughput time/average dwell time of documents in the respective system (from system A → B → A…)
- Health monitor for oscare® systems (traffic light dashboard)
and a schedule for implementation was created.
NetDescribe BUSINESS BONUS
In addition to pure product deployment, NetDescribe offers a holistic and efficient solution that supports you in consolidating and optimizing all of your IT processes.
Which interfaces and automations are the perfect fit for your IT processes? And how can you use them to secure, analyse and visualise all data traffic from the network to the cloud?
The graphic shows the various templates in the customer’s shipping process using the example of complete letter communication including response letters etc. This enables monitoring of the complete communication process and provides information on whether it runs according to the defined process specification.
The second graphic provides an overview of what is received in the various document groupings in a defined period (e.g. 24 hours). This enables, for example, targeted resource planning.
Source graphic 1 and 2: Anonymised representation of the logs of the text and output management system visualised
Graphic 3 shows the performance of the VPN accesses (global).
Even during the implementation of the initial project in the area of text and output management monitoring, NetDescribe came into contact with other areas (network and server) within the customer organisation, of which it was known that two further Splunk-based isolated solutions existed.
This special use case was used during the pandemic, when home office use increased rapidly, and serves as an example of the diverse uses of Splunk Enterprise.
Source Graphic 3: Anonymized representation of the Network Policy Server log evaluation and visualization
4. The Results
- After the implementation of the text and output management monitoring project, NetDescribe was commissioned to supply the associated Splunk licences.
- Through further use case workshops, our customer identifies more and more data sources that are to be monitored and evaluated with Splunk. In addition, there are Windows and Linux servers, firewalls and other network components as well as data from the customer’s container environment.
- Due to the good reference in the area of text and output management monitoring and the support of the project management, all three areas with Splunk isolated solutions could be convinced of an overall concept that provided for a central, uniform Splunk architecture for future requirements.
- The long-term support and trusting cooperation with the customer led to the fact that the required Splunk licence was also expanded again and again over the years.
- Today, our customer analyzes a total of almost 500GB of data daily with Splunk. The evaluation of the data was continuously automated and graphically processed in dashboards. The Splunk properties enable an ad hoc search for errors in order to quickly get to the bottom of a problem.
The Splunk Portfolio
Splunk platform.
Splunk Enterprise collects and indexes in real time all machine data generated in physical, virtual, or cloud environments. This can include data from applications, servers, networks, sensors, or telecommunications equipment. The solution correlates complex events, enables meaningful insights into machine data and simplifies analyses.
Splunk for security.
Splunk Enterprise Security improves all security processes and, as an analysis-driven SIEM (Security Information and Event Management) solution, gives you the holistic view to securely use generated machine data (e.g. information about networks, endpoints, accesses, vulnerabilities and identity data) and to reduce security breaches.
Splunk for IT and Business Services.
Splunk IT Service Intelligence (ITSI), as a monitoring and analysis solution, visualizes status data and key performance indicators (KPIs) of critical IT and business services. Splunk ITSI uses machine-driven (artificial) intelligence, identifies existing and potential problems, prioritizes the rapid recovery of business-critical services, and provides analytically driven IT operations.
The Splunk Functions at a Glance
Collection and indexing of machine data – Real-time event capture, universal indexing, adapter elimination, use of metric data, timestamps for events
Search and verification – Real-time search, transaction search, interactive results
Correlation and analysis – Machine-learning-based AI, correlation of complex events, event annotations, pattern recognition
Visualization and reporting – Dashboard creation, report automation
Monitoring and alerting – Monitoring of events and KPIs, proactive notifications
Security and administration – Encrypted access to data streams, secure user access
Get the PDF for download here: Log Analysis | Monitoring Text and Output Management System
