Sifting through performance logs saps time and money from just about every enterprise. System administrators who oversee networks of hundreds of servers might spend entire days reading files from a variety of devices to monitor overall network health. For even the most meticulous among us, this work is tedious.
Splunk is designed to change this. The software, from a startup of the same name, is a system log search tool that empowers system administrators to scrutinize their network performance logs more easily. While other log management tools exist, few if any cull data from every part of a network.
Think of Splunk as Google for system logs. Customers configure the tool to read logs from different network outposts. To use it, system administrators set their sights on a type of record (say one that would indicate a distributed denial-of-service attack), type a relevant phrase in a search box, and sit back while the software searches for the appropriate report.
The product can be used in several areas, including monitoring network security and keeping tabs on changes to a server. CEO Michael Baum estimates that Splunk can cut log management time to mere minutes in an average-size company and reduce the mean time to recovery after a network failure.
Glenn Evans, lead network engineer for Interop, says he used the software last year to keep tabs on the network for the annual InteropNet conference from one central location, analyzing network data immediately as it churned out. “Having Splunk was like having a second or third pair of eyes,” he says.