Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rollout: Splunk's Splunk Server 2.1 Beta

UPDATED November 8, 2006

The Upshot

Splunk aims to make IT's job easier by quickly searching for keywords in all log files and digging deep to find patterns across the entire system, not just within one file. Splunk takes aim at its competitors by giving system administrators the ability to create their own processors for undefined log sources.

When it comes to identifying network problems or proving a server hasn't been breached, the burden falls on the administrator. Maintaining accurate logs is a start, but combing through millions of lines of data to isolate problems requires a product with strong search capabilities.

Splunk searched through our massive piles of log data in a hurry. The event timeline and the ability to drill down in the log files let us spot patterns that would have been difficult to see. Technical reports are strong, but there's little for management. Furthermore, Splunk server currently cannot be installed on a Windows platform.

You've Probably Turned To Log Files to identify a problem's source before. But which log file do you look in, and what format is that log file in? Manually searching millions of lines of data just isn't feasible. Splunk 2.1 speeds the task by using keywords to let you quickly search through all your enterprise's logs.

Splunk is available for download for just about any platform except Microsoft Windows. Currently, the Splunk server can be installed on FreeBSD, Linux, MacOS X and Sun Solaris machines. The vendor is working on a Windows version, but does not have a timetable for delivery. Competing products lock you into a specific OS. LogLogic, for example, is available only as a turnkey device and Tenable's Log Correlation Engine only runs in Red Hat Enterprise.

  • 1