Splunk has released the fourth major iteration of its flagship
product. The new version features significant performance
enhancements, up to 10X faster search and 2X indexing according to the
company, as well as new features including user customizable dashboards
and a new Apps framework, enabling customers to extend the value of the
The Splunk product has its roots as serving as a centralized log database, which the company has coined as "IT Search". The premise is simple: coalesce the log data generated by the various components of the enterprise architecture into a central repository, index it, and make it searchable. The results, however, are much more impressive. Administrators gain a great visibility while troubleshooting a problem by getting the whole picture from all the affected systems in one place. Sean Delaney, Senior Systems & Security Administrator for VeriSign, has seen this direct benefit of a centralized log database. "By using Splunk on our email logs, our Operations team is resolving customer issues in three minutes that used to require a half hour of searching through various email servers."
Beyond pure performance enhancements, Splunk is extending the ecosystem of its product with the new App Framework. Available on Splunk's website, the applications at launch include a number of free add-ons to enhance the core Splunk product integration with a number of hardware vendors, including Cisco, F5, and Bluecoat, as well as streamlining the process of getting both Windows and Linux servers and clients feeding into Splunk. Also available are for-fee premium apps that assist Splunk customers in the areas of enterprise security, PCI compliance, and change management. Splunk expects the number of apps to grow not only from various networking vendors and its partners, but also from end-user submitted applications that can be shared in its central repository with the broader Splunk community.
The latest version of Splunk also strives to take that visibility and extend it beyond the back office and out to a broader office. The dashboard functionality enables CIOs to quickly see near real-time views of key metric data, as well as keep an eye on IT assets. With the role-based access controls, administrators can enable all types of people within the organization peer into the IT data, restricting them to only the data they need to see.
With a literal flood of data coming in from a multitude of disparate devices, servers, and applications, tools like Splunk provide a vendor-agnostic approach to getting real information from the chaos of IT data available. With history has shown, enterprise systems rarely get smaller or less complex, so the need for a centralized platform for turning this stream into actionable information will only become greater.