Splunk Touts Troubleshooting Rx
- By Stephen Swoyer
- February 27, 2006
Using an application model with multiple touchpoints encompassing a range of systems, networks and data sources, how can IT troubleshoot application performance and reliability issues quickly and easily?
Scrappy start-up Splunk thinks it has a solution. Splunk markets a search and analysis tool that parses log and configuration files from hardware, operating systems, apps, databases, message queues and even enterprise service buses to help IT organizations troubleshoot performance and reliability problems.
"IT data changes every millisecond--it's streaming, rapid-fire information that isn't hyperlinked to anything, so our challenge is [to take] all of that streaming data and catalog it in real time," says CEO Michael Baum. "It's a whole lot different [from Web search]."
Of course, any sys admin worth his or her salt can grep, concatenate and analyze a collection of log files. Most organizations use homegrown or ad hoc tools to do that. Splunk outstrips vanilla search and analysis tools, Baum maintains, because it uses inferencing algorithms and other black-box technologies to reverse-engineer relationships. In this respect, he argues, it's able to reliably pinpoint problems that might span dozens of different log files involving hundreds of megabytes (or even gigabytes) of data.
Baum says Splunk can get at almost any data source--including data residing on mainframe systems. It supports standard connectivity (ODBC and JDBC, for example), messaging (MQSeries, MSMQ or JMS), and management (SNMP) standards, and also ships with a SOAP connectivity toolkit. "We have a number of different ways to tap data. We include a complete open set of SOAP APIs, for example, and as far as mainframe data goes, I know we've had people get at it right through TCP sockets," Baum notes.
Splunk is a pay-for-use product, but it's also available as a free "lite" tool. It's by means of the free download that many customers first take the Splunk plunge, Baum says. Go to Splunk for more info.
Stephen Swoyer is a contributing editor for Enterprise Systems. He can be reached at [email protected]