Dan's Take

Splunk Enterprise 6.2: Diving into Operational Logs

Making sense of all that data.

I've followed Splunk Inc. for quite some time and have always thought that its approach to exploring and analyzing data found in operational and machine logs to be clever and, potentially, quite useful. The company recently launched its newest edition of its enterprise product, Splunk Enterprise 6.2.

The idea is to make it easier for IT and business analysts to search through mounds of data, find patterns and glean useful and actionable insight. Splunk makes it possible for analysts to discover previously hidden relationships in their data, regardless of whether it's being created and stored on-premises, off-premises or in a cloud service provider's datacenter.

Splunk claims that this version of its software also reduces total cost of ownership by improving scalability of concurrent searches and eliminating shared storage requirements.

Dan's Take: It's the Ecosystem
Splunk describes itself as the provider of "the leading software platform for real-time Operational Intelligence." Translated from marketing speak, that means Splunk has developed technology that allows IT and business analysts to delve into the log files produced by systems, systems software, database engines, application frameworks, applications, and a whole host of other pieces of hardware and software so they can learn what's happening and when. It's possible, for example, to examine the events leading up to a database slowdown that knocked a customer-facing application off of the Internet.

With enough information, answers can be found to questions such as: Was the slowdown due to a failing network link? A dying storage device? Or something as simple as "pilot error," which happens when  a developer, operator or administrator entered commands that caused the problem.

Without putting on a lighted helmet, a waterproof jacket, caver's boots and then spelunking into numerous, distributed log files to discover the timeline of the failure and using skill to determine the root cause of the problem, the answer can be extremely hard to find. Splunk tools are in use in companies of all sizes and all markets.

Splunk has attempted to distinguish itself from a long list of competitors including suppliers such as BMC Corp., CA, Hewlett-Packard Co., IBM Corp., Tibco Software Inc., Loggly Inc., Sumo Logic, and a whole host of others, by making it possible for partners and customers to add their own logic to Splunk products to extend and enhance both the searching and analytic capabilities for the product.

Not to be outdone, most of the competitors have followed Splunk's lead and made it possible for customers and partners to add extensions to their search and analytical engines. While the technology from Splunk really doesn't do all that much more than competitive offerings, it was the first to open up its analytical engine so others could build upon it. Because of that, it currently has a larger ecosystem.

I've spoken with a few of Splunk's competitors and will write about them in the future.

About the Author

Daniel Kusnetzky, a reformed software engineer and product manager, founded Kusnetzky Group LLC in 2006. He's literally written the book on virtualization and often comments on cloud computing, mobility and systems software. He has been a business unit manager at a hardware company and head of corporate marketing and strategy at a software company.


Subscribe on YouTube