by Thor Olavsrud

Splunk App Captures Real-Time Streaming Wire Data

Aug 12, 20143 mins
AnalyticsBig DataSecurity

Splunk adds capability to capture wire data to its platform, dramatically expanding use cases for application management, IT operations, security and business analytics.rn

Aiming to expand its operational intelligence capabilities, Splunk today unveiled Splunk App for Stream, which the company says is a free addition to Splunk Enterprise and Splunk Cloud that makes it easy to capture wire data and combine it with the machine-generated data Splunk already captures and analyzes.

“The Splunk App for Stream, the first product delivered from our acquisition of Cloudmeter last year, is a new approach that further enhances the value that customers can realize with Splunk software,” says Leena Joshi, senior director of solutions marketing at Splunk.

“Unlike traditional and appliance-based solutions, which are difficult to deploy, especially in public cloud infrastructures, the Splunk App for Stream enables customers to gain immediate wire data access on-premises or in public, private or hybrid cloud infrastructures. It opens up for our customers a whole new class of data sets to provide continuous IT, security and business insights,” Joshi says.

Wire data is the information transmitted between applications over computer and telecommunications networks, making it an important source of information for troubleshooting performance issues, creating activity baselines, detecting anomalous activity, investigating security issues and discovering IT assets and their dependencies.

Splunk App for Stream is designed to be deployed to collect, aggregate and filter wire data from network endpoints—like virtual machines in public clouds or virtual desktops—and the network perimeter, such as routers, switches and firewalls.

Using fine-grained filters and aggregation rules defined through the app interface, Splunk customers can dynamically control data volumes and capture on the wire data relevant for the needs of their specific analysis.

Splunk Enterprise and Splunk Cloud already capture machine-generated data—system self-reported information like logs from routers, servers and other equipment. Combining wire data with system self-reported data dramatically increases the scope of operational intelligence capabilities, providing insight into application and infrastructure performance, operational issues, transaction paths, system downtime, infrastructure relationships, security vulnerabilities, compliance and customer behavior.

“What we’re introducing is a very simple, elegant mechanism,” Joshi says. “The potential of wire data that we see is pretty enormous.”

Wire Data Capture Enables New Use Cases

Splunk says top use cases for Splunk App for Stream include the following:

  • Application Management. It provides granular data on transaction response times, transaction traces, transaction paths, network performance and database queries without requiring any instrumentation of the application.
  • IT Operations. It empowers administrators to pinpoint root-causes of issues faster, map dependencies of critical infrastructure services and ensure the delivery of services at the levels required by the business.
  • Security. It enables in-depth monitoring and real-time correlation to drive sophisticated analytics on breaches, threat detection, intelligence gathering and threat prevention. It can be deployed in the midst of a breach/incident investigation to gain insight into network traffic from any system of interest not previously monitored.
  • Business Analytics. It captures web interactions and key metrics such as time spent on page, bounce rates, navigation paths and product performance, without the need to tag individual pages. It enables real-time end-to-end insights into business processes such as order management, provisioning, trade execution span and others, without requiring specific instrumentation.

Follow Thor on Google+