Using Splunk as data source

Dec 15, 2015 at 9:02 PM
We have used PAL in many circumstances to troubleshoot performance issues for which this tool has been invaluable.

Has anyone tried or thought about if PAL could use perfmon data that was previously captured, such as with Splunk? (For those unfamiliar with Splunk - it's a tool that captures and analyzes machine data)

We are always reactive after an incident has occurred and cannot analyze the issues at that point in time unless PAL has been running (which is never the case). We are current using Splunk and it's already pulling many of the perfmon counters that are used in PAL (while other counters can be enabled).

One idea that occurred to me is that we already have much of the historical data needed for PAL. I've toyed with looking at how to point PAL to use data from Splunk instead of capturing it. Assuming that the counters were pre-configured we could run PAL analyze any server at any time without installing/configuring it locally.

Has anyone tried something similar?