What did I find most useful about our briefing yesterday with the company? Finding out what it doesn’t do. [Note to any AR people, marketers and vendors out there: one of the very best things you can tell an analyst is what technology doesn’t do. By introducing constraints to the analysis you make yourself more compelling. There is really nothing worse than a briefing where a vendor claims they can do anything.]
- Splunk doesn’t do compliance.
- Splunk doesn’t do reporting.
- Splunk doesn’t do libraries of code to support the particular semantics of every network and security appliance in the world, for security incident management.
So what is Splunk? Its a search engine for machine data.
Splunk is a tool for finding needles in haystacks. Its a tool for navigating IT Dark Matter.
For people that know logs, and how to use them for root cause analysis, Splunk is going ot be a useful personal productivity tool.
Remember when you first downloaded a desktop search tool, how suddenly your own data became a lot more useful? You found out things about your work that you had forgotten you ever knew.
Splunk is like that but for log data. You can throw in constraints to the search interface and remove all the cruft, search by system, IP address, or whatever, with all kinds of nice AJAX goodness for autocomplete and so on.
Seems like Splunk can help systems integrators run down deployment, integration and "first month" problems, as much as help sysadmins taking care of production systems. You could argue then that Splunk has a value offering for pre-production work.
Splunk is an operators’ tool, rather than a CxO-enterprise sale like LogLogic, but that could make it quite viral. We can be pretty sure however that what Splunk doesn’t do now it will in future.
We’ll keep an eye on it for you… because we’re tracking log management and analysis.
disclaimer: Splunk is not a client, LogLogic is a client.