3 min read

Splunk Answers Business Demand For Big Data Analysis

Real-time IT tool for tracking log files, clickstreams, and message queues finds a second (more valuable) use answering business questions.
Splunk started out as a tool designed to help IT spot and solve problems with servers, messaging queues, websites, and other systems that generate machine data. But IT soon figured out this real-time tool could also answer all sorts of urgent business questions.

With Splunk Enterprise 4.3, an upgrade announced Tuesday, Splunk has added iPhone/iPad-friendly mobile clients, dashboards, and performance upgrades that the vendor says will make the system that much more valuable to business users.

At its core, Splunk is an IT-oriented monitoring system that captures and indexes machine data from server logs, clickstreams, message queues, and so on, and then supports querying and basic business intelligence (BI) and analytics.

Splunk uses a data manipulation language derived from Unix rather than SQL. The approach is more like text-based search, and that gives Splunk flexibility akin to a NoSQL product in that it requires no predefined schema.

[ So what are the basics behind the hyped Big-D trend? Read Big Data: Why All The Fuss? ]

"You can point Splunk at anything because it doesn't impose a schema when you capture the data; it creates schemas on the fly as you run queries," explained Sanjay Meta, Splunk's senior director of product marketing.

That flexibility enables Splunk to quickly deliver new dashboards with charts, historgrams, trend lines, and other visualizations without the data-model heavy lifting required by conventional data warehousing and BI tools, he said.

Splunk is clearly breaking into the business domain, but due to its unique language and technical nature, it's still something that will be set up by IT or power users. Once Splunk is set up, business users can review the metrics and dashboards to size up various business conditions. Customers like Expedia and Zulily that initially used Splunk to keep their websites up and troubleshoot IT problems soon realized that they could also answer business questions.

"They're doing things like looking at how many inquiries, how many searches, and how much traffic they're getting and where it's coming from, whether that's unpaid search, advertisements, or keyword buys," said Steve Sommers, Splunk's chief marketing officer. "They're also figuring out why they're getting out-of-stock conditions or why customers are abandoning purchases."

Where Splunk visualizations used to rely on Flash, the 4.3 upgrade introduces a mobile interface that's compatible with Apple's iOS. There's also a new dashboard editor that enables business users to configure and customize their views. That combination will put Splunk on iPads and should enable executives to tweak and tune their analyses and visualizations.

The 4.3 upgrade also improves Splunk's performance, increasing search speeds and the upper limits of concurrent users. Large customers such as Expedia have as many as 2,000 users, counting application developers and management, Web operations, and analytics and BI users. The upgrade is said to handle 10 times the number of concurrent users.

According to our Outlook 2012 Survey, IT should expect soaring demand but cautious hiring as companies use technology to try to get closer to customers. Also in the new, all-digital issue of InformationWeek: Inside Windows Server 8. (Free registration required.)