Wouldn't it be great if you could map your server configuration changes to all the other events happening on your systems? It turns out you can and on one display. Splunk has added configuration management to it's feature set so you can now tell Splunk to log changes to particular files or directories. Check out Splunk File System Change Monitor This is a preview release, but it's cool since it adds CM to Splunk's ability to powerfully index whatever you can get it to eat, and it will eat most things. While CM systems detect and log change, and provide enforcement of policies, they are sparate systems that make it difficult to match change events globally from disparate systems. Each system has its own logs and status so you have to switch between logs and screens and build up a mental map to see what's going on. Splunk lets you pull up everything that's happening and view it in various forms. Once you can see it, you can figure out if it's authorized or unauthorized change. Nothing increases uptime and reliability like controlling change.