Splunk Stops The Log Slog - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
9/27/2007
05:57 PM
Mike Fratto
Mike Fratto
Features
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Splunk Stops The Log Slog

Version 3.0 is among the best low-cost log analysis tools, but it could use improvements in storage and offline indexing.

THE UPSHOT
CLAIM:  Splunk simplifies log aggregation and analysis and can process any text-based log data. A new visualization feature helps identify anomalies, and a community wiki, called Splunk Base, helps IT interpret log data.

CONTEXT:  Splunk beats doing log analysis on a per-device basis. However, appliance alternatives from vendors such as LogLogic simplify storage and archiving, and SIEM products offer more extensive analysis capabilities, albeit at a significantly higher price.

CREDIBILITY:  Splunk offers a ton of functionality with little configuration. Its natural-language search is easy to use, but customization is needed to really make it sing. All in all, it's one of the best low-cost log analysis tools we've seen, but we're waiting for improvements in storage, offline indexing. Click to see our extended review.

Aggregating and analyzing log data is an IT best practice--and a requirement in regulated industries--but it can also be a pain in the you-know-what. Many log aggregation products have purpose-built parsing engines that process logs as they're received and build up event databases. This works well if all your log sources have parsers built in, but not all do. That means for unsupported devices, events are stored as raw log data that's not easily searched. To make matters worse, there are no standards for log messages themselves. This makes extracting meaning from events difficult.

Meanwhile, the volume of data that network devices and servers generate can be staggering.

Enter Splunk 3.0, the latest software release from Splunk. This excellent analyzer accepts any plain text as unstructured log data, indexes keywords, and stores the records. Splunk uses a search-based interface for log analysis.

We tested the software in our Syracuse University Real-World Labs and found complex searches fairly easy once we glommed on to the search capabilities.

The software has basic archiving features, but they may not be sufficient for companies that need robust, long-term log storage. And because Splunk is software, you need to plan for adequate server resources. Splunk runs on Linux, but the company is working on a Windows version. You can try Splunk for free with a 30-day enterprise license, and a freeware version also is available. The product as tested starts at $5,000 for 500 Mbytes per day.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Slideshows
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Commentary
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Slideshows
Flash Poll