Splunk is making a name for itself in the realm of real-time operational intelligence. The company is raising its visibility with the new Splunk App for Stream.
Splunk claims the app offers a “new software approach” for capturing real-time streaming wire data. The firm defines wire data as machine data transmitted between applications over networks. Wire data can serve up information about business activity, app performance, security and IT infrastructure issues -- without any code instrumentation.
Splunk App for Stream captures this data so you can glean more insights when using Splunk Enterprise and Splunk Cloud for security, fraud detection, compliance, application management, IT operations and business analytics. The Splunk App for Stream is free for Splunk Enterprise or Splunk Cloud customers.
Unearthing Even More Insights
“The Splunk App for Stream, the first product delivered from our acquisition of Cloudmeter last year, is a new approach that further enhances the value that customers can realize with Splunk software,” says Leena Joshi, senior director of solutions marketing, Splunk. “Unlike traditional and appliance-based solutions, which are difficult to deploy, especially in public cloud infrastructures, the Splunk App for Stream enables customers to gain immediate wire data access on-premises or in public, private or hybrid cloud infrastructures.”
According to Splunk, its new app can be rolled out quickly to collect, aggregate and filter wire data from both network endpoints (such as virtual machines in public clouds or virtual desktops) and the network perimeter (such as routers, switches and firewalls). The app interface defines aggregation rules and filters so you have more control over data volumes and only grab the wire data that’s relevant for the analysis you’re undertaking.
The idea is to correlate wire data with logs, events and metrics and other machine data to unearth more insights into application and infrastructure performance, transaction paths, operational issues, infrastructure relationships, system downtime, security vulnerabilities, compliance and behavior.
Search in Google-Like Fashion
We turned to Peter Christy, a research director in the networking group at market research firm 451 Research, to get his take on the announcement. He told us Splunk is a unique tool that takes large collections of machine-generated log file information from systems, apps, and devices and lets someone search through them in a “Google-like” fashion.
“What you can analyze is limited by the logging entries that have been programmed into systems -- or apps -- and have been enabled to write to the log file. Stream lets you add events to the data that come from observing networking traffic,” Christy said. “With modern apps, most of the actions -- user communications, data access, service access -- can be seen on the network. Stream lets you flesh out what you can see and fill in tools, as well as adding analysis of network traffic and issues as a capability.”
From Christy’s perspective, there are competitive tools that do what Splunk does for specific uses. The difference with Splunk, he said, is that it’s by far the most commonly used tool, considering all the potential uses for it, such as security, IT ops, business analytics, and the ability to “program” its use from the raw data up.
“This could be a game changer for a simple possible vision. Over time a company is what its internal IT systems do, and over time, what the IT systems are doing -- and hence what the company is doing -- can be seen as traffic on the network,” Christy said.
“Analyzing network traffic requires little direct cooperation with large numbers of system or app staff, so the game-changing potential is the use of Splunk analyzing networking traffic to watch the operation of the business in detail -- performance, analysis, and exceptions," he added.