Splunk combs log files for hidden problems

Plumbing the depths of log files and other metadata, Splunk helps IT find the telltale patterns that reveal what's really going on

More and more IT systems generate a glut of metadata -- log files, systems states, and so on. “And more and more of the IT budget is spent trying to keep systems up and running,” says Michael Baum, CEO of Splunk. Much of that cost can be attributed to the growing complexity of systems and the labor it takes to sift through metadata for troubleshooting purposes.

Current technology can help IT monitor how a specific system is doing, but the data captured is tied to a specific data structure. The result? “You’re going to miss things that change and break,” Baum says.

Splunk -- short for spelunk, the sport of cave diving -- applies Google-like technology to log-file analysis. “Think of it as a search engine for free-form indexing for the Web applied to IT logs and data,” Baum says.

But as opposed to Web search engines, which basically crawl HTML pages and index them according to keywords, Splunk’s indexing engine must apply multiple techniques to parse common types of IT data. According to Baum, “You need to look at syslogs, multiline JFLAGs, UDP traps, and more.”

The result is a single search engine that helps IT staff troubleshoot the disparate log and state data. The tool can also be used to generate alerts based on specified data patterns, and even for capacity planning and trending analysis by IT analysts.

The company’s newest tool, Splunkbase, is a wiki-like service that allows IT staff at different companies to compare notes on the unique “fingerprints” that Splunk creates for each pattern. Say hello to communal troubleshooting.

Click for larger view.

Copyright © 2006 IDG Communications, Inc.

How to choose a low-code development platform