About Us | Login | Follow CITO Research:

Splunk 4.3 Aims at Accelerating Business Adoption of Machine Data: Why Don’t CIOs?

splunk flowchart

I don’t usually write about product announcements, but after hearing Sanjay Mehta, senior director of product marketing at Splunk, talk about Splunk Version 4.3, it occurred to me there was an important lesson for technology leaders lurking in the new features.

If you have been exposed to Splunk at all in your company, or if you have been following news about the product or attended a conference, you will be aware the most of the time Splunk enters an organization through the IT department. What usually happens is that Splunk works its magic for the IT staff and makes the log files for hundreds or thousands of machines look like one unified database.

But then a business person asks a question about what products are most often found in abandoned shopping carts or what is the domain name of customers with the highest net value. Such questions often mean not only sifting through a bunch of logs but by connecting detailed information from many different systems and making sense of it in complex ways.

Before too long a culture of Operational Intelligence takes hold, the kind we wrote about in this white paper. What is generally realized is that the kind of machine data that tracks micro events in web servers or payment systems or network security systems or telecom equipment, is actually tracking what people are doing. Splunk’s Search Processing Language provides a way for normal humans to explore and distill this data so they can find out more about what people are up to.

Splunk applications makes using machine data even simpler. So far, so good.

The unpleasant question that technology leaders should ask themselves is this: Why does this sort of business use of machine data always seem to happen by accident? The leadership lesson is simple: Why can’t we organize a simple program of systematically exploring what machine data sources we have, what questions are worth answering, and then bring machine data where it is needed? This shouldn’t be that hard but it is rarely done.

Instead, plan A seems to be serendipity. I have a solution to this problem I call the Question Game that I will cover in a later article.

What Splunk has done in version 4.3 is to add several features that would make Splunk’s user interface far more useful to an end user. Splunk has sent Flash packing and implemented its UI on HTML5, primarily so the iPad can be better served.

The configuration of the UI, which was heavily controlled by XML, now can be controlled by end-users directly using point and click techniques. Other nifty UI candy such as sparklines have been added.

The import of all of this is that Splunk can now plausibly be part of the BI suite and most companies. In other words, it provides that last mile in the machine data pipeline to the end user.

The question for technology leaders who have Splunk is: Will we figure out how to use this capability or wait around until good ideas come to us by chance?