Splunk 4.1 - "the best of both worlds for IT data management"

Stephen Withers
Wednesday, 05 May 2010 17:02

Splunk says its eponymous product provides IT staff with the best of both worlds by providing real time and historical access to operational data.

Splunk works by copying, compressing, and indexing operational data from applications, servers, network devices and other parts of the IT infrastructure, explained senior director Sanjay Mehta. A wide variety of data sources can be included, such as log files, SNMP traps, and Windows registries.

Furthermore, additional data sources can be added to Splunk at any time.

Changes made in Splunk 4.1 mean the same search interface and data sources can be used for real-time monitoring or historical analysis. "We extract knowledge from the data at search time, not index time," Mehta told iTWire.

Major areas of application include IT operations management, applications management, security and compliance, and operational intelligence

According to Mehta, sample uses include retrieving all the data relating to a specific transaction on a web store, monitoring systems for any variance from a baseline condition, and root cause analysis.

For example, a customer or user might report that a web site is slower than usual. A Splunk search can be restricted to the relevant time and the user's IP address in order to determine what was happening. "It's a useful way of troubleshooting issues." said Mehta.

What else is new? Please read on.