Splunk’s victory in the compliance product space is remarkable given that Splunk isn’t specifically a compliance solution.
Even more remarkable perhaps is that Splunk’s general IT search functions – its tag line is “the search engine for IT” – is likely the reason for its win over such worthy competitors as Scentric’s Destiny R2, Mathon Systems’ Integral, CMO Handheld Software’s Easy Audit, and Abrevity’s FileData Manager.
RedMonk analyst Michael Cote says that traditional systems takes a taxonomic view of IT—in other words, each item, down to the parameter level, is discovered, tracked, and monitored.
“For most any sized IT environment, a too detailed approach that tells you everything, or even half of everything, can be overwhelming!” says Cote.
“Splunk has come at it from a completely different angle of treating the IT environment as unstructured data that requires effective search.”
According to Cote, Splunk crawls all the data in a given IT ecosystem and classifies discrete events of its findings, allowing an IT manager to access these events in a central store where they may then be examined.
In the case of compliance management, Splunk’s capabilities mean that instead of having to visit each system to be audited, you may instead search for anything out of the ordinary.
And more importantly, says Cote, as the need as the need to dig down further arises, you can stay in Splunk and narrow down your search around a related event.
“Now, that doesn’t make Splunk a complete solution for compliance, but it does make Splunk a handy tool for doing compliance checks and diagnosing problems to get back into compliance,” says Cote.
“When you find you’re out of compliance, Splunk’s IT search capabilities can help answer the question ‘why?’”
For his part, Splunk CEO Michael Baum notes that the organic nature of IT systems means that it is impractical to expect that reports generated about, say, an employee who has just left the company would help those in IT determine whether said employee has broken any compliance mandates.
“The IT infrastructure has changed during that time. You need his user ID, Web session cookies, IP or MAC address from his home computer, for example.
And unlike a static report, Splunk provides ad hoc access to vast amounts of data, [along with] real-time searching and indexing,” Baum says.
“Let’s keep in mind that the logging data that managers have to search through are not isolated silos of data but one big soup.”
“The obvious analogy here, of course, is to Google [because] without effective search, browsing the public Web alone wouldn’t be nearly enough,” Cote adds.
“Nowadays, people get the metaphor of search and for many it’s the primary interface into any data set. Even now, years after we’ve all become addicted to Google, few IT management vendors and projects provide real, quality search.
Instead, as in Splunk’s view of IT as ‘a big soup,’ search lets find what you need instantly instead of having to drill down from everything to the specific thing.”
Splunk is a free download that allows users to index up to 500 MB a day—great for those deciding whether the search metaphor is the way to go.
Those who desire greater indexing capabilities and support services can purchase Splunk licenses that range from up to 500 MB of indexing and one support contact to multiple TBs of indexing and multiple support contacts.
In addition, Splunk has partnered with other OEM, technology, and systems integrations partners to provide admins the best of both worlds, says Cote.
“Most projects recognize that Splunk is finally providing the search functionality that they’ve wanted for sometime but haven’t gotten around to implementing, so it’s great that Splunk is partnering rather than taking the view that there’s only one way to manage IT,” Cote says.