Splunk Releases New Version Of Software To Corral Big Data

Data management software vendor Splunk released version 4.2 of its solution for analyzing the massive amounts of data that are coursing through enterprise computer networks.  The product is intended to help organize and search the data not just to manage the operation of the IT infrastructure, but also to measure how the business is actually doing. But, as compelling as its offering may be, Splunk faces significant competition on many fronts, says an industry analyst.

Splunk 4.1, released 11 months ago, introduced the capability to search live streaming data; version 4.2 enhances that by generating alerts on security issues, network performance or other issues for a system operator. Examples of alerts that could be sent include creating a new script to fix a software glitch or generating a trouble ticket for another network problem.

Also new to version 4.2 is a "universal forwarder" that delivers secure, distributed, real-time data collection from numerous endpoints on a network. In addition, the management system has been improved, and there are easier-to-understand visualizations of data metrics.

For instance, many system management programs are called "dashboards" because the user interface resembles the dashboard of a car. With Splunk 4.2, various network performance metrics actually look like a car speedometer displaying real-time CPU performance, while a measure of disk utilization resembles a fuel gauge.

This visualization is to help IT people and others in an enterprise understand and make decisions based on the data, says Sanjay Mehta, senior director of product marketing at Splunk. "By visualizing data like this, it's very easy for people on the business side to actually understand and see what's going on," says Mehta.Splunk 4.2 delivers a tenfold increase in performance in distributed environments and a fivefold increase in performance for a single instance of Splunk in a nondistributed environment, he says. In addition to business analytics, Splunk 4.2 offers Web analytics--such as transactions per minute or page views--application management, security, compliance and management of other IT operations.

Network Computing blogger Michael Brandenberg acknowledged the advantages of making data understandable to non-IT staff when reporting on Splunk 4.1 in April 2010: "Senior management and even line-of-business leaders can leverage the real-time impact of Web traffic, for example, to quickly see the impact of their marketing strategies and quickly adjust them based on that online intelligence."

The amount of what Splunk calls "machine-generated data"--also called "big data"--is expanding rapidly. IDC reported late last year that "the expanding digital universe--reaching 1.8 trillion gigabytes [of data]--will drive demand for ... information infrastructure and real-time analytics for 'big data.'"

Splunk faces a wide range of competitors given the various markets it's selling into, says Andrew Hay, an analyst at The 451 Group. In terms of log management, it goes up against companies such as Quest Software, LogLogic and Check Point. In the security information and event management (SIEM) space, it faces stiff competition from ArcSight, LogLogic, RSA and Q1 Labs for large enterprise deals, as well as CA Technologies, IBM, Novell and Symantec for midmarket customers. "Splunk's search capability and its confessed ambitions beyond IT management data also bring it into competition with more forward-looking data-warehousing players such as Aster Data Systems, Greenplum, SenSage and Vertica Systems," Hay wrote in an e-mail.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: SaaS and E-Discovery (subscription required).