However, products that claim to provide integrated log management are expensive, and many of them take time or interrupt processing, making it difficult to find the most suitable product. Meanwhile, Mr. Kawaguchi focused on ``Splunk Enterprise'' (hereinafter referred to as Splunk), which Macnica had just started offering in Japan in 2009.

At Interop Tokyo 2009, where Splunk won the Best of Show Award, Mr. Kawaguchi learned of its existence. He felt that Splunk, which can automatically and easily capture not only logs, but also all text-format IT data such as alerts and configuration files without normalization and full-text search, was very unique.

"There is no performance degradation even with large amounts of IT data, and the ease of operation is also attractive, such as identifying and indexing imported IT data and automatically creating alerts, dashboards, and reports, as well as free searches. That was it,” says Mr. Kawaguchi, looking back on his impressions of the demonstration at the time.

Dokkyo University decided to introduce Splunk in January 2010, with the recommendation of Splunk from NETMARKS, a DAINET3 design and construction SIer. Since the license system can be set with an upper limit on the amount of logs captured per day, operation was initially started with 500MB/day. After that, due to the increase in the number of accesses from smartphones in the university, etc., the amount of logs also increased, so in March 2011, it was expanded to 5 GB / day.

When introducing it, it was also important to maintain continuity with past reports by issuing reports in the same format as the analysis results of previous scripts. With Splunk, you can create a report that feels natural even if you compare reports from the past 10 years with reports from Splunk.

Currently, reports such as the number of ActiveDirectory logins for each student/teacher, the number of LDAP password changes for each user, the number of VPN logins, etc., analysis reports on the email usage status of teachers/students, etc., as well as Web access destinations using Proxy logs It is also used for statistical reports, fraudulent terminal detection, and failure countermeasures in emergencies.

"The automatic creation and sending of reports according to a set schedule is extremely helpful. In the past, we could only display the information we wanted to see in chronological order, but Splunk's dashboard allows us to compare freely. Because we can do this, we can now see cause-and-effect relationships that we hadn't noticed before," says Kawaguchi.

In addition, the graphs to be displayed can be freely selected from more than 10 types of formats, including pie charts and bar graphs, increasing the visibility of usage status through reports. In addition, customization is also performed to exclude unnecessary logs and extract only important data. Such flexibility is also one of Splunk's strengths.

“With conventional log analysis, work time and analysis results differed depending on the skill of the worker, but after introducing Splunk, the automatic collection of logs and the unification and sharing of analysis methods have made it possible for anyone to perform any work. It has become possible to complete it quickly, the analysis results are uniform, and the entire work has become more efficient.I feel that the work time spent on log analysis has been cut in half.Actually, due to the increase in system utilization rate The amount of logs has also increased, so I feel that I have been able to reduce the work time by more than half."

Mr. Kawaguchi says that by reducing the number of man-hours, he will free the staff of the information infrastructure maintenance section from routine work of system management, and will be able to design new systems with higher productivity and improve services for users. hope to be able to concentrate on On the other hand, we believe that it will be possible to further dig deeper into conventional log analysis and automate advanced analysis and subdivide statistical processing, such as the correlation of analysis results and trends in system utilization rates. .

Continuing log analysis has the potential to improve the efficiency of university management and the educational environment, and was one of the objectives of building DAINET-3.

"Since Splunk has a high degree of data coverage and can collect and analyze IT data such as logs from any system or device, future changes in the system environment, such as an increase in the number of accesses from smartphones and tablet PCs, are expected. I feel relieved because I feel that I can flexibly respond to this,” says Mr. Kawaguchi, who gives his seal of approval, expressing his desire to draw out the potential of Splunk by making full use of it.