IN the previous post, I've surveyed the landscape for the IT management software startups, and had decided to post reviews of the startups and their products periodically on this blog, eventually creating a directory for IT Management software startups. The first in the series of reviews is Splunk!
I've talked about the difficulties faced by startups in the IT management software industry that is dominated by true giants (IBM, HP, BMC, CA, etc.), and how innovative new approaches were necessary for startups to succeed before. I had no idea that the first startup that I'd review would have many of the answers. Splunk is an amazing company that seems to be doing everything right. It is a must to study for any startup in our field. There is so much to learn from what they are doing.
First, what is Splunk (the product)? Company home page describes it pretty well: “Splunk is a search engine for IT data. It's software that indexes and enables search of all logs and IT data”. Let's look at what differentiates Splunk. I'll attempt to find answers for the following set of questions at each review:
- Is software available for download? Yes.
This question may sound obvious but there are still number of startups that do not provide download of their software over the web, or require a cumbersome registration process.You can download Splunk software over the web, no registration is necessary for the download, no license is necessary to start using the product either. Well done!
- Is there an online demo? Yes.
Online demos are a great aid to potential customers who need to take a quick look at what a product is about before investing more time. Splunk does provide a useful demo . It gives you a pretty good idea how the Ajax UI works, how the searches are done, etc.
- Is there a free version? Yes.
This is brilliant! You can download the Splunk software and start using it, and it's free up to 500MB per day. By providing a free version of the product for low usage (and 500MB is not that low), Splunk allows customers to postpone the purchasing decision till they can actually see what it can do.
- Is it easy to get started? Yes!
It doesn't get any easier than this. On the web site, it says that it installs in 5 minutes, which brought a cynical smile on my face. Yet it turned out to be true. Installation is very smooth. I was able to install the software and configure it to receive data from a management tool in a very short time.
- Is pricing transparent? Yes!
Splunk shines here again. Pricing is explained clearly on the website (not an easy job). No surprises for the potential customers.
- Is there a community? Yes.
Splunk seems to be working hard to create a community. Given the difficulties startups experience in gaining access to customers, I believe community they are creating will be a great tool for them. SplunkBase is a great idea! It allows people to upload and tag log messages, so when there is a log message that you don't understand, you can search the site to see whether someone else already has an explanation. You can sense that many people will find Splunk through SplunkBase, when they are trying to figure out what a log message means. Great example for a community site. Everybody wins here. I'd guess that 50,000 downloads they've already reached is in no small part due to the community they're creating.
- Do they have a blog? Yes.
Number of Splunk employees seem to have a blog, including the CEO, Michael Baum. The blogs are aggregated in http://blogs.splunk.com.
- Is the product competing directly with the big guys? No.
Splunk can be considered complimentary to the solutions provided by the likes of IBM, CA, HP, etc. hence they don't have to battle the marketing and sales forces of the giants in the market. The CA agreement is an indication of the potential of Splunk to work with other management tools.
- Does the product provide open APIs? Yes.
It seems very easy to integrate Splunk with other tools. There is more work to be done in this area; REST and SOAP APIs seem to be still in development, documentation is limited at best, etc. Hopefully they are actively working on this. Command Line Interface already works pretty well and quite useful.
- Who are the competitors?
Splunk does not have a direct competitor. Custom solutions build around a collection of open source tools can be considered a competition.
- Does the software really work?
It certainly looks like it. The free version allows many people to use the software. Judging from the posts in the forums, and posts I've seen in blogs, I already had a sense that the product was solid. My own experience also has been positive.
I've gone through the following exercise:
- Installed and started Splunk.
- Configured a network port as the data input (9595)
- Configured a RapidConnector adapter to listen to notifications from EMC/Smarts server and send to the port Splunk is listening to in a tab delimited format.
- I've made searches from the web interface to find different events, etc.
- Splunk had already indexed the events from Smarts and showed me the results. The events were indexed by date. I could see the search results per day or even per hour.
- Figured out how permalinks work to be able to launch the Splunk web interface in context from RapidOSS console. Permalinks provide a simple way to have a URL that performs a specific search. For example, I was able to search the events related to a device for the last 24 hours by passing the device name as part of the URL.
- What hasn't worked?
- REST API is not yet complete, it also does not seem to return XML (it may just be me).
- Documentation for customization is very light. I could not find any information on how to create a custom data input, event type, etc.
This whole exercise took about 3 hours, which is very impressive. Splunk worked as advertised and started delivering value almost instantly. I'm quite happy that I had the opportunity to take a look at Splunk, it will take its place in my arsenal.
Once the documentation gets better, I can see that we can implement much tighter integration between RapidOSS and Splunk, enabling access to data provided by Splunk, in context from the RapidOSS console.
Other blog posts about Splunk:
Yes - there are quite a few
Yes - there are quite a few competitors - I would recommend liquidlabs logscape -
http://www.liquidlabs-cloud.com/products/logscape.html