Splunk 3.0 Expands IT Search Capabilities
Features new search language, enhanced reporting
Applying IT search to enterprise problems has moved beyond the scope of log management and troubleshooting. Splunk today announced the release of its upgraded namesake product, Splunk 3.0.
Chrinina Noren, VP of product management and services at Splunk, told ESJ, “We’ve crystallized what 300 paying customers told us about our vision about what search can be. A customer can conduct a search and generate structured statistical reports, graphs, and dashboards. Splunk 3.0 gives users the flexibility of searching data across the enterprise.
“There are new ways of getting input into Splunk’s engine. Customers can expand beyond log files with all other IT data sources such as configuration data, metrics at the operating system level -- even data sources that use custom APIs.”
According to Noren, IT can search by operations (such as the availability of servers). “We’ve found that it’s now a suitable product to use for security and compliance queries, and even now some customers have started using it for business intelligence.”
“When we first launched the product, Splunk was used by senior systems administrators. It has gradually found its way to help desk desks and to groups that are later adopters such as database administrators. It has even started to find its way into customer support,” Noren says.
New features in this version include interactive filtering and dashboard features that support compliance and performance management. New data input options let you search for more than just data within server logs.
"The ability to pipe your search results into Splunk's new powerful commands, combined with the ability to construct your own commands with Python, allows for limitless possibilities," said Anthony Spina, a senior system administrator at SunGard, Assent LLC.
Other new features include:
Interactive reporting lets you analyst any log files and IT data files in real time with dynamic field extraction. This eliminates the need for complex data mapping and set-up. Splunk 3.0 can handle both unstructured searches and structured reporting.
Dashboards and personalization allow any report, chart, search or alert to be placed onto a personalized dashboard which can be shared or made private.
An expanded search language includes new statistical, arithmetic, and reporting operators.
Scripted inputs let the program index output from any shell script or command-line actions.
Support for 64-bit multi-processors improve indexing and search throughput for that platform
A deployment server offers centralized management and control of distributed
Dashboards are completely new; Noren says. Previous versions were limited to reporting, but now interactive report building including sophisticated graphic, all of which can be placed on a dashboard, expands the usefulness of Splunk’s results. Furthermore, you can filter on fields to generate summary reports.
Noren says that are many other minor changes; wildcard and phrase searching have been improved, and shortcuts are more intuitive.
Splunk 3.0 is available for download at http://www.splunk.com.
James E. Powell is the former editorial director of Enterprise Strategies (esj.com).