January 10, 2012

Splunk update

Splunk is announcing the Splunk 4.3 point release. Before discussing it, let’s recall a few things about Splunk, starting with:

As in any release, a lot of Splunk 4.3 is about “Oh, you didn’t have that before?” features and Bottleneck Whack-A-Mole performance speed-up. One performance enhancement is Bloom filters, which are a very hot topic these days. More important is a switch from Flash to HTML5, so as to accommodate mobile devices with less server-side rendering. Splunk reports that its users — especially the non-IT ones — really want to get Splunk information on the tablet devices. While this somewhat contradicts what I wrote a few days ago pooh-poohing mobile BI, let me hasten to point out:

That’s pretty much the ideal scenario for mobile BI: Timeliness matters and prettiness doesn’t.

Hmm. Maybe StreamBase LiveView needs a mobile option as well …

Splunk’s basic use is to take the text string that is a log and make sense of it. But Splunk now also supports JSON structures. It does this via something called spath, which as you might guess from the name has XPath similarities. That probably bore more discussion than we found the time to have.

By the way: If you’re interested in BI over XML, that’s what my former clients at Skytide were founded to do, before they pivoted a bit. I don’t think those capabilities have disappeared from the product.

Splunk has graciously allowed me to post a slide deck. More stuff in there, including quotes from a customer — Expedia — that has 2700 Splunk users.


3 Responses to “Splunk update”

  1. centrelink on January 11th, 2012 7:54 am

    i’ve been a splunk user for almost a year now and splunk is really cool. thanks for the update

  2. deweyfresh on January 13th, 2012 5:06 pm

    I recently switched jobs to an employer that uses a massive hosted system for our customers, and I can tell you Splunk, while not perfect (what is?), is one of the best tools I have used in the last 15 years. While not truly real time, by the time the real time monitors flash their alerts and you get your query run, that information is available in Splunk.

  3. Splunk May Be Valued at $1.2 Billion. Still Lots of Opportunity for Consultants. | ServicesANGLE on January 13th, 2012 7:00 pm

    […] Splunk may have one big advantage in its existing relationships with system integrators. Lately we’ve been hearing more lately about Splunk being used for big data analytics applications such as more traditional BI. Splunk is […]

Leave a Reply

Feed: DBMS (database management system), DW (data warehousing), BI (business intelligence), and analytics technology Subscribe to the Monash Research feed via RSS or email:


Search our blogs and white papers

Monash Research blogs

User consulting

Building a short list? Refining your strategic plan? We can help.

Vendor advisory

We tell vendors what's happening -- and, more important, what they should do about it.

Monash Research highlights

Learn about white papers, webcasts, and blog highlights, by RSS or email.