What AppOps, DevOps and NetOps are doing with the new Corvil Splunk Add-On

Corvil and Splunk make for a powerful combination. Matt, our Director of Product Management, takes us through some notable real-life use cases.

What AppOps, DevOps and NetOps are doing with the new Corvil Splunk Add-OnBy Matt Davey    June 11, 2015      Product

What AppOps, DevOps and NetOps are doing with the new Corvil Splunk Add-On



We were delighted last week to release our official Splunk app, which can be installed directly from within Splunk, and is freely available for download from Splunkbase.

Corvil introduced Analytics Streams in our Giga release last year, which allow you to take your application visibility, metrics and alerts, derived from network data, and stream directly to your platform of choice. This data is a goldmine for IT Operations, and it’s been fascinating to see all the uses that Streams have been put to already. With the release of our new Splunk Add-On, it’s now trivial for anyone to send their Corvil Streams directly to Splunk, and it’ll be great to see all the creative uses it’s put to.

To give you an idea of the value and variety you can get from Corvil Streams, here is a sample of some things our customers have been using the Corvil+Splunk combination for already.

VoIP Call Records

One of our large banking customers has been using Corvil to monitor their global Voice over IP traffic. They can track the latency and loss of every packet between sites, and also quickly troubleshoot issues by pulling up call signalling traffic and the like. One of the metrics they’ve found useful is the call-records that we generate on completion of every call, as well as during a call. These records include call-quality metrics derived from the observed jitter and loss in the media streams, and are a great way to localise call quality problems to correlate with network events and discover root causes. They are now streaming call records directly to Splunk (which they were already using for IT Ops) and have added network-based VoIP call-quality to their dashboards. When they see issues they can follow a link to jump right into Corvil to troubleshoot any issues, backed up by complete packet captures. They send just the minimum data to Splunk, and keep the rest of the detail in Corvil.

File System access audit trail

A neat integration allowed an AppOps team to search in Splunk for all accesses to a specific file hosted on a NetApp filer, without turning on expensive granular logging on the filer. The network team had deployed Corvil where it could see all traffic in and out of the filer. Corvil’s storage analytics were already monitoring NetApp/NFS activity, and reporting file system response time and load, alongside all the network metrics. To help the AppOps team, they created a Corvil Stream to publish a message for every file access on the NetApp straight to their Splunk instance, which they use heavily for logfile analysis. The AppOps team really liked the fact that the Corvil was monitoring passively, so there was no possibility of impacting the NetApp performance. Now, in Splunk, they can search for all access requests to specific files (or regular expression matches on filenames, or volumes, etc.) and quickly see the network addresses making those requests. This assists in security incident investigations as well as operations.

Trading Compliance

Corvil is routinely and widely relied on for authoritative monitoring of trading flows, operating independently of the trading applications, and supplying accurate hardware-based timestamps. In other words, we tell you exactly what has happened, and when it happened, based on the observed network traffic. This is exactly the information that is needed when dealing with compliance requests and audit trails. Several of our customers use Splunk for medium/long term data storage, and are streaming our trading data into Splunk for this purpose. The Corvil data provides accuracy, and independence from the trading system. Splunk provides a powerful data search and storage platform across data sets.

DevOps QA cycles

A development team used Corvil to monitor the performance of every iteration of their application, by instrumenting their QA testbed. Corvil observed all the client requests and responses and reported the true performance from the network layer. This data was streamed to Splunk, which also consumed the application logs to provide a joined up view of the performance of each test run. When anomalies were spotted, the dev team could quickly jump into Corvil by following a callback link in each message, and examine the details of each transaction to see where the time was spent. The same visibility was also applied in production post-deployment.

If you are already a Corvil customer streaming to Splunk, we’d love to hear how you are using the Splunk Add-On. Also, if you’d like to learn more about getting going with streaming Corvil data to Splunk let us know how we can help.

What AppOps, DevOps and NetOps are doing with the new Corvil Splunk Add-On

Matt Davey, Director, Product Management, Corvil
Corvil is the leader in performance monitoring and analytics for electronic financial markets. The world’s financial markets companies turn to Corvil analytics for the unique visibility and intelligence we provide to assure the speed, transparency, and compliance of their businesses globally. Corvil watches over and assures the outcome of electronic transactions with a value in excess of $1 trillion, every day.
@corvilinc