Tuesday, April 29, 2008

Splunk adds change-management and Windows support to IT search software

IT search company Splunk today added to its arsenal of tools for IT managers with the launch of Splunk for Change Management, an application to audit and detect configuration and changes, and Splunk for Windows, which indexes all data generated by Windows servers and applications.

The San Francisco company provides a platform for large-scale, high-speed indexing and search technology geared toward IT infrastructures. The software, which comes in both free and enterprise versions, allows a company to search and navigate data from any application, server, or network device in real time. [Disclosure: Splunk is a sponsor of BriefingsDirect podcasts.]

Splunk for Change Management, which requires an enterprise license, continuously audits all configurations and changes, detects unauthorized changes, validates change deployment, and discovers service-impacting changes during incident response.

The new application leverages the existing Splunk Platform, allowing users to combine change audit events, configuration data, activity and error logs, and actual system and user behavior. This differentiates it from the traditional approach, which is often disconnected from incident response and cut off from other sources of IT data.

Among the features of the new product are:
  • Out-of-the box dashboards with over 40 reports showing changes across all datacenter components including applications, servers and network devices.
  • Predefined alerts that detect unauthorized change based on configuration variances and correlation with service desk systems.
  • Predefined searches to help identify service-impacting changes
  • Integration with service desk systems that validates the effect of change on system behavior.
Splunk for Windows, a free application, integrates Splunk's IT search with Microsoft's System Center Operations Manager's command and control view of the Windows infrastructure.

Splunk indexes event logs, registry keys, performance metrics, and applications log files, making all the data searchable from a single place.

Reports and dashboards included in the application provide a bird's eye view of service levels and problems across a large number of servers and applications, and predefined alerts can warn of cross-component problems.

Splunk has a variety of solutions for IT managers and developers who need some visibility into their various systems and components. Just a few weeks ago, I wrote about the Splunk Platform.

"The Splunk Platform and associated ecosystem should quickly grow the means to bridge the need for transparency between runtime actualities and design-time requirements. When developers can easily know more about what applications and systems do in the real world in real time, they can make better decisions and choices in the design and test phases. This obviously has huge time- and money-saving implications."

And, more than two years ago, I did a podcast about Splunk, when it launched the Splunk Base, an open Creative Commons-licensed repository of Wikis that with volume adoption to give systems troubleshooters a searchable library of knowledge about what ails IT components and how to swiftly remedy those ills. You can listen to the podcast here.

Splunk for Change Management pricing starts at $4,000 and requires an enterprise license. A 30-day free trial is available.

Splunk for Windows is free and is now available on the Splunk Base site.