UCAS troubleshoots network with Splunk

UCAS – the organisation responsible for managing university and college applications – is using Splunk to monitor its IT infrastructure

UCAS, the organisation responsible for managing university and college applications, is using Splunk to monitor its IT infrastructure.

Peter Raymond (pictured), solution architect at UCAS, said that, as the organisation migrated to the cloud and scaled out its infrastructure, it needed a tool to aggregate device logs and intelligently search them across multiple servers.

“We’ve found we can get going easily with Splunk,” he said. “In IT early problems can be a real barrier to entry.”

Raymond said the technology, which indexes and renders searchable machine data, enables UCAS to troubleshoot, manage performance and use analytics to support the IT team. This means students can quickly and easily access information on "Track", UCAS’s online application portal.

The organisation processes over 2.5 million applications from 650,000 students, on behalf of 340 universities and colleges each year. Although it is active all year round, the service peaks on A-level results day. In 2013, there were 180 log-ins per second. UCAS has been using "Splunk Enterprise" to help cope with this pressure on its infrastructure since last year.

“We were going from a mix of on-premise to Amazon cloud and Microsoft Azure cloud, and we were having disparate logged data in those servers that we had to bring together and search.

“We are able to identify and resolve faults quicker. Where a request might come in from a web server and go to an application or database server, or indeed it might be bouncing around between servers in a web application farm, you need visibility into error conditions across those. Splunk enables us to see behaviour across the system with far greater insight.

Read more about log management software

  • Log management software can aid data security, boost IT accountability
  • App47 selects Loggly over Splunk for log management
  • Splunk shops find surprising uses for machine-generated data

“Often when you are about to have a problem on a system you get early indications of that. For example, there can be response time increase, and that can before the user experiences a fault. Splunk enables us to monitor response time, and often drill down to specific users. That means we can be more proactive in spotting faults before they occur.”

Raymond and his team looked at the log management tools market before selecting Splunk. They also use a range of analytics tools, but none of those other tools give access to logged data, he said.

"That’s what differentiates Splunk,” he said. “There is a gold mine of data in the logs.”

The organisation started using the technology in July 2013. “It was a big success for us in how we could visualise user experience response times and the sheer volume of transactions,” said Raymond.

Splunk agents were originally deployed on 30 servers. That has gone up to 40 and UCAS now plans to roll it out to more servers on the UCAS infrastructure.

UCAS has just agreed a 20 gigabytes per day licence, up from 5GB.

Read more on Network monitoring and analysis