In part 1 of this series, we talked about zombie data and what it means for your observability architecture. In this post, we’ll talk more about how to handle all of it.
How well can your organization handle the firehose of data it’s collecting? Yes, you have the ability to collect it, but chances are you don’t have the financial or human resources available to analyze all of it effectively.
You could limit what data gets collected and processed by your primary analysis system and then send the rest to a less costly secondary system or to storage — but then you may end up missing out on important events or paying to store massive amounts of zombie data that will never get analyzed.
Some organizations have thousands of servers and other devices continuously generating and collecting logs. The quantity of data moving through those tools is huge and will keep increasing, but the budget for your analysis and storage systems licenses is limited, so it’s best to get a handle on all of your zombie data before you wake up one morning to a data-pocalypse.
The first way to address your zombie data problem is proactive – by preventing as much data as possible from turning into zombie data. By putting a pipeline like Cribl Stream in between your sources and destinations, you can vaccinate your system against the threat of data zombification. Use it to transform your data by filtering, reducing, and aggregating information — or if you have a thousand similar events, you can transform them into metrics and reduce the volume of data.
Stream gives you the ability to reduce the total volume of data being ingested without sacrificing value or just ignoring it. By separating signal from noise ,before spending time and money collecting and storing everything. You can even filter out important events for analysis and send the rest to cold storage, instead of filling up that space with mountains of zombie data.
Stream sits in the middle of your observability architecture, but why not get closer to the source? Our intelligent agent, Cribl Edge does just that. Instead of moving data into a system of analysis or pipeline and then deciding if it’s important, you can make that decision right at the edge. With Edge, you get all the same power of Stream, with the added bonus of bypassing the need to route and centeralize first.
Not only does Edge save you the money you may be spending to move data across the enterprise, but by putting this smart agent on the host itself, you can automatically collect logs that you may not have realized existed. Edge will automatically find any log files being created by default.
So we’ve talked about how to prevent zombie data from taking over your storage space, but what if it already has and your data lake is full of zombies? At this point, a vaccine won’t cut it — that’s why we’ve also created a cure for data zombification. In addition to Stream and Edge, we’ve built a new application with search capability that we’ve appropriately named Cribl Search.
What if you didn’t need to pump all the data that you can into your system of analysis and pay the cost to store it there? It would be nice to look at all the data you have collected, but until now there was no affordable way to do that. Our newest solution allows you to search your entire data lake or all the sources in your enterprise that may contain data. Imagine having the ability to examine all the sources of data across your enterprise, and look for specific data, without having to collect and move it first?. You can then pull back what is interesting and do further analysis only on the specific data you were looking for. With Search, you can identify what logs, application information, state information, or security information exist where, delete what’s unnecessary, and bring data back for analysis only on an as-needed basis.
The number one cause of zombie data is the tremendous amount of volumes that systems administrators deal with on a daily basis. If you don’t have a bunch of engineers with tons of free time or another few million dollars in the budget, reducing this volume with Cribl’s suite of solutions is the way to go. Learn more about how we can help your organization avoid being overrun with zombie data at our upcoming webinar.