A while ago a college of mine was looking around and investigating possible tools and came across Splunk, so we signed up for an account and joined the newsletter. Last week I attended the Splunk > live Melbourne convention. So being new to the product I attended the 101 presentations.
From first glance the product looked impressive. Its ability to consolidate multiple data sources from logs on a switch to database connections and server logs to deliver real time reports for business analysis. Splunk’s only had a footprint in Australia for the past 5 years and looks to continue to build customers as more and more find value in its powerful reporting capabilities. Its been used by a number of fortune 500 companies and here in Australia by one of our major banks and a major online sports betting agencies.
The key to Splunk is thinking of it as a search engine. So rather then model the data then save it and then report on predefined filters, just add the data source to Splunk and then you define how and what you want to see. If you ask me what the one thing I have taken away form this was I found a new way of thinking about how reporting can be build from a search query and the “Google” way that Splunk does its magic.