A vendor that searches log files and IT data to uncover security breaches and find the source of service interruptions is unveiling a new version of its product at Interop and will provide troubleshooting for the massive temporary network that powers the Las Vegas conference.
Splunk, which bills its product as the “IT search engine,” Tuesday is announcing Splunk 3.0, with new features such as personalized dashboards, expanded search language and interactive reporting.
Splunk’s search engine has been used by Interop for a couple of years and will once again help uncover potential security problems in Las Vegas this week, says Glenn Evans, lead engineer for the Interop network, which serves 450 exhibitors and 20,000 attendees.
In a previous show, Splunk’s product discovered that a private password allowing access to equipment in the network operations center had been inadvertently released to a public space, Evans says.
One big advantage of Splunk is that it consolidates log files into one location so they don’t have to be searched separately, Evans says.
“We collect all of the logging data and messaging data from all the different network devices and applications at the show, and we let the people who run the network search against that data to resolve problems,” says Splunk CEO Michael Baum.
This involves collecting and searching logs and IT data for a vast amount of unstructured information that changes constantly, he says. In addition to investigating potential security breaches and finding the sources of service interruptions, he says customers use Splunk to help comply with regulations such as the Sarbanes-Oxley Act and the Payment Card Industry data security standard.
New features in Splunk 3.0 include interactive reporting, which eliminates the need for complex data mapping and lets users shift easily from unstructured search to structured reporting.
New personalized dashboards let users receive any report, chart, search or alert on a dashboard. Splunk says it also has added a deployment server that enables “centralized management and control of distributed Splunk deployments across large numbers of applications, servers and devices.”
Improvements to the search language include a feature that lets users adjust the clock on search results. This is useful when analyzing data from many different sources and the clock on one of those sources is inaccurate, Baum says.
“It’s much more than searching on keywords; it’s time-based searching against this very repetitive data,” he says.
Splunk offers a free downloadable product that can index as much as 500MB a day. Customers who want to index more can buy an enterprise license for a minimum of $5,000. Some large customers spend as much as $500,000.
Last week, network management vendor Netcordia said it has partnered with Splunk to help enterprises uncover problems within their IT infrastructure.
“Under the agreement, Splunk will license its IT Search software to Netcordia as a means to index, search, and navigate the high volumes of events generated by network and security devices like routers, switches and firewalls,” a press release states.
“NetMRI will use Splunk as a front-end processor to collect and manage the massive number of events coming in from the network. NetMRI’s analysis engine intelligently parses through these events to discover the key patterns it needs to reveal hidden and harmful problems and generate actionable results.”