One of a systems administrator’s most tedious tasks is digging through log data to determine the cause of a problem on the network. This kind of manual searching is time intensive and error prone. A better solution is to use an IT data search engine such as Splunk.
Michael Baum, Splunk CEO and co-founder, says Splunk’s development team used their roots in Web search (at such places as Yahoo!, Infoseek, AltaVista, and Ask Jeeves) to create an IT search engine that lets you search and report on logs and IT data from any application, server, or network device—all in real time. Splunk is available as a free download that lets you log 500MB of data. Enterprise versions start at $5,000 and include features such as Active Directory (AD) integration.
Splunk 3.0 was announced at Interop in Las Vegas this week. The new version adds several useful features, including structured analysis and reporting and scripted inputs that let you index the output of any shell script or command-line action.
According to Michael, “reporting and more structured analysis on search results was something we definitely heard loud and clear from our user community.” Splunk’s new reporting capability lets you use the product’s built-in library of graphs, charts, and reports to analyze the data that Splunk gathers. As Michael says, this feature is especially important as IT search moves beyond just IT operations, into areas such as security and compliance.
The new scripting feature provides an easy method for porting data to Splunk. Users can write simple command-line or shell scripts that call another program, then send the output to Splunk for indexing.
Another unique aspect of Splunk is SplunkBase, a community-run wiki of IT events and troubleshooting information. The latest version of SplunkBase uses a taxonomy that lets you drill down into different types of technology (e.g., different Windows applications). In addition, the new version includes content called bundles, “which is a recording and exporting graphic that users can use to create custom reports on a unique technology,” according to Patrick McGovern, Splunk’s VP of Community and Services. “The idea behind SplunkBase is to allow IT pros to share information.”
Although Splunk 3.0 can index Windows data and includes a Windows agent, the product still doesn’t run on Windows—yet. Michael says a Windows version will be available in Q3. Currently, the company is still trying to determine which versions of Windows to support. For more information about Splunk, or to search the SplunkBase directory, go to http://www.splunk.com.