The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/657874
32 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2016 Beyond Operational Intelligence with Splunk CASE STUDIES are not designed using modern techniques that would otherwise allow Splunk to automatically extract field-value pairs. Splunk comes with a field extraction wizard to help you create regexes when needed. From there, it is a straightforward process to ask other questions, such as "How long do full-text document searches take by user?" Perhaps the top 10 users would benefit from training on how to make their searches more specific. We can also enrich the same search results with data from other sources (HR, practice group or machine data like AD Sites or IP subnets) and pivot the same question by office, subnet or department. You can set an alert to run a script or send a notification via email or text when search times are above a certain threshold. Keep in mind that I have never supported the backend of any DMS environment. I just found the logs, sent them all to Splunk, looked at the indexed data and realized what was possible. » Dashboards: You can save any search as a dashboard panel and add multiple panels to a dashboard to display both visualizations and data in tabular or even raw format. This is useful when you want to adjust permissions to give multiple users access to the same searches and visualizations. It is easy to add inputs such as drop-downs, multiple selections or radio buons to pivot on or filter a base search. The best part about this is that it can be done in minutes using a point-and-click graphical user interface (GUI), assuming basic familiarity with the SPL and a lile understanding of how Splunk uses variables, which they call tokens. No development or programming experience is needed. More complex dashboards may require some understanding of XML, and for more complex searches you will need to know a bit about statistics. Splunk users find the product addictive because where an end goal could take days to weeks to get right with other tools, many Splunk dashboards only take minutes to hours. » Legacy Applications: Splunk either has or is on track to replace many of the firm's legacy applications. For example, Stroock uses a time and billing product with some integrated custom financial reporting solutions that are outdated. With the help of a database administrator and SQL queries, I reproduced the functionality of a custom solution with a beer graphical interface and improved user experience, all in just a few hours of work. Once we pulled in relational database data, we realized the magnitude of Splunk's potential. The heightened value to your organization comes aer you plug the tool into SQL (or Informix or any of the supported database types). The Splunk apps make onboarding various data sources so much less complex that a single Splunk administrator can handle pulling in multiple data sources, even though he or she may be less familiar with the sources than the subject-maer expert. Search through the selection of Splunk apps at hps://splunkbase.splunk.com. I reproduced the functionality of a custom solution with a better graphical interface and improved user experience, all in just a few hours of work.