With a company and product name like Splunk, you’ve gotta hang a bit loose, as I found upon sitting in at the company’s SplunkLive! event in Boston this week.
The first customer speaker of the day gave a frank assessment of his organization’s implementation (“the on-premises solution, we struggled with it…”) and his frustrations with the licensing model. You have to give Splunk credit for having enough confidence in its offerings to showcase such a kick-off case study.
Another customer whose Splunk implementation started with IT managers said he used to get “weird looks” from colleagues in finance and operations when it was suggested they use Splunk, too. And another customer who spoke at the event joked that “Get Drunk with Splunk” was one possible tagline for its use of the product that wound up on the cutting room floor.
San Francisco-based Splunk, which dared to trot out a Denver Broncos data analysis example in the heart of New England Patriots country, has grown over its 13 years into a $670M company with scads of big name customers like Coca Cola and partners such as Amazon Web Services and EMC in large part to being open to whatever works. Yes, its product started as an IT management and log analysis tool, but is now used just as commonly for gathering and analyzing security information, and increasingly by business analysts and those keeping tabs on the sprawling Internet of Things. Splunk’s heaviest user processes 1.6 petabytes of data per day.
The company refers to its products, which come in on-premises and cloud versions, as “operational intelligence” platforms.
Nate McKervey, director of technical marketing at Splunk -- and a Splunk user before he joined the vendor -- says the company is addressing customer needs “in the midst of a data revolution.” Whereas traditional tools encouraged customers to keep only data that they figured they’d need, Splunk enables them to build schema on the fly to answers questions that hadn’t occurred to them when the raw information was ingested. All data is relevant to security, for example, he says. Among the case studies he cited was a bank that used Splunk to help sniff out where stolen ATM cards were being used, based on their use at locations too geographically separated to have been visited by the same person within short time spans.
Jigar Kadakia, chief information security and privacy officer at Partners Healthcare, discussed his organization’s efforts to maximize its use of existing security tools and expand use of Splunk to aggregate log management -- all while rolling out a major electronic health record system. Splunk has been invaluable for, among other things, gathering information on and investigating four breaches that have been publicly identified over the past year, he said.
Kadakia acknowledged right away that the Splunk implementation hasn’t gone smoothly, but he’s optimistic it is on the track now and that Partners will eventually be able to use Splunk for more advanced purposes, including business intelligence and analytics dashboards that will improve operations on the clinical and ER sides. Partners is even looking to co-develop modules with Splunk that could be given back to the community (and perhaps save organizations from having to fork over big bucks to third-parties for such modules).
Among the issues Partners encountered was Splunk software not playing nicely with