by Thor Olavsrud

Splunk updates platform, adds monitoring and analytics services

Sep 23, 2015
AnalyticsBusiness Intelligence

Splunk Enterprise 6.3 is intended to help the platform scale data collection for DevOps and Internet of Things devices, while the new Splunk IT Service Intelligence aims to deliver a central and unified view of critical IT services.

binary code statistics internet connections data
Credit: Thinkstock

At its .conf2015 users conference in Las Vegas yesterday, operational intelligence specialist Splunk took the wraps off a new version of its Splunk Enterprise platform and a new premium offering, Splunk IT Service Intelligence.

Splunk Enterprise 6.3 — designed for on-premises, cloud or hybrid deployment — is focused on enhancements to performance and total cost of ownership as well as high-volume event collection for DevOps and Internet of Things (IoT) devices. In many cases, says Clint Sharp, Splunk director of product management, Big Data & Operational Intelligence, the hardware cost of a Splunk Enterprise 6.3 deployment can be cut in half compared with Splunk Enterprise 6.0.

“Splunk’s new platform release, with faster search and analytics performance and support for new high-volume event collection, should appeal to organizations with high-velocity DevOps and IoT use cases,” Tim Grieser, research vice president at IDC, said in a statement yesterday. “With this release, Splunk is continuing to make enhancements that can lower total cost of ownership and that improve enterprise manageability.”

[ Related: Splunk and Tableau join forces]

To support scalable, high-volume data collection, the new version of Splunk Enterprise features a new HTTP event collector that uses a standard API to let applications and devices send millions of events per second directly to Splunk Enterprise or Splunk Cloud. The HTTP event collector can be integrated into developer services like Amazon Web Services’ AWS Lambda, as well as Docker and IoT services like Citrix Octoblu and Xively by LogMeIn.

“Splunk Enterprise drives value across our business, form keeping our online banking platform running, to detecting fraud and enhancing security,” Patrick Hofmann, head of IT infrastructure and deputy CIO at PostFinance, the financial services unit of Swiss Post, said in a statement. “The new features in Splunk Enterprise 6.3 allow us to optimize search and reporting performance across our data centers with total confidence in the availability of our data. Now, with the expected doubling of the speed of our searches, we can get the insights we rely on faster than ever.”

The Splunk Enterprise 6.3 enhancements include the following:

  • Increased performance, scale and TCO. Sharp says the new version doubles the speed of search, reporting and data onboarding while reducing hardware requirements by more than 50 percent compared with version 6.0.
  • Advanced analysis and visualization of large data sets. Version 6.3 features anomaly detection for uncovering rare invents for further investigation, geospatial maps that present location-based insights by geographic area and single value displays for “at-a-glance” visualizations.
  • High-volume event collection for DevOps and IoT devices. Version 6.3 features agentless, direct data onboarding using a developer-standard HTTP/JSON API, supporting millions of events-per-second connectivity.
  • New enterprise platform capabilities. Splunk Enterprise 6.3 features new monitoring and visualization that simplifies operational management, custom alerts that trigger actions in business and operational systems and data integrity controls for compliance and ensuring against data tampering.

Splunk also took the wraps off a new premium offering: Splunk IT Service Intelligence (ITSI). ITSI can leverage any data that resides within Splunk Enterprise to provide visibility into the health and key performance indicators (KPIs) of IT services. It delivers a central, unified view of critical IT services, using advanced analytics driven by machine learning to highlight anomalies, detect root cause and pinpoint areas of impact.

[ Related: Forget Five 9s, Splunk promises 100 percent uptime ]

“With Splunk ITSI, we wanted to build on how customers were already using the Splunk platform for IT troubleshooting and monitoring and deliver a complete solution for IT professionals,” says Rick Fitz, senior vice president of IT Markets, Splunk. “IT teams now have an innovative and data-driven approach to manage more effectively the new world of hybrid, cloud and software-defined everything in the data center. Splunk ITSI is in a class of its own because it provides both high-level monitoring and deep-dive troubleshooting and analytics in one solution available as either software or a cloud service.”

Splunk customer AdvancedMD, provider of cloud-based medical office software, has more than 13,000 daily uses who initiate claims. It is using ITSI to determine when there’s a problem at a high level and then zero-in on the interactions and fix problems.

“Splunk IT Service Intelligence was delivering insights days after installing, instead of the months it can take with legacy monitoring solutions,” says Tyler Germer, director of information technology, AdvancedMD. “Splunk ITSI helps us ensure that the claims service stays up and running at all times.”

Fitz notes the new monitoring and analytics solution scales to collect and index terabytes of real-time and historical events and metrics across multi-datacenter and cloud-based infrastructures.

Follow Thor on Google+