Has Anyone here tired splunk. This advertisement is going on my screen to day. It looks promising but wanting to know what others opinions are. Is it able monitor multiple servers or does each server need it's own install.. I am of course talking about one web server but mutiple servers being monitored by splunk.

Tell me you thoughts about this. Makes a great edition to server management. Also is there any other "like" packages that you would recommend.

Yeah, I just installed it. Doesn't appear to do anything but pretty up the logs a bit and make it easier to search through them. Naturally, it asks you to buy it immediately, but it appears to not be too intrusive.

I was going to install it on my mail server when I got this message:

"Your datastore's directory structure does not seem to be correct. Do you want Splunk to correct it? [y/N]:"

That scares me. I'm going to google that right now.

I've been running Splunk for about 6 months now. I love it. Its much more than just making the logs pretty, it like google for everything in my infrastructure (logs, conf files, emails, you name it).

I have Splunk agents that forward to a central index (this required me purchasing a professional license) and I have other boxes that are using syslog-ng data to forward data over TCP 514 to my Splunk index.

That message you saw at startup: "Your datastore's directory structure does not seem to be correct. Do you want Splunk to correct it? [y/N]:" is refering to Splunk's index (they sometimes refer to the index as the datastore). My guess is that the location you specified for your index did not exist and Splunk was asking if you wanted it to create them or you moved your index but didn't update one of the conf files. Their support team is one of the most responsive groups I've dealt with, I bet if you sent them a note about your problem you would get a response in under a day.

Awesome. I never considered contacting them directly as I'm using the free version. I've actually just started using logs (gasp, I know) so this seems useful. I'm fairly sure our company will never blow $2,500 on systems administration tools.

Wondering if it would be a good solution for home use. I can't blow 2500 dollars on a sys admin tool just for the index forwarding...That is what I would need to because of the fact that I have multiple systems and would need to have information forwarded to index server to thereby display the information, I can see where it would save me time from having to log into each system.

I bet you could get away with a free license if your home load is under 500mb and you had all of your machines forward their logs via syslog. Your splunk instance could listen on 514 or tail the central syslog file