Splunk Stops The Log Slog

Version 3.0 is among the best low-cost log analysis tools, but it could use improvements in storage and offline indexing.

Mike Fratto, Former Network Computing Editor

September 28, 2007

2 Min Read

THE UPSHOT

CLAIM:  Splunk simplifies log aggregation and analysis and can process any text-based log data. A new visualization feature helps identify anomalies, and a community wiki, called Splunk Base, helps IT interpret log data.CONTEXT:  Splunk beats doing log analysis on a per-device basis. However, appliance alternatives from vendors such as LogLogic simplify storage and archiving, and SIEM products offer more extensive analysis capabilities, albeit at a significantly higher price.CREDIBILITY:  Splunk offers a ton of functionality with little configuration. Its natural-language search is easy to use, but customization is needed to really make it sing. All in all, it's one of the best low-cost log analysis tools we've seen, but we're waiting for improvements in storage, offline indexing. Click to see our extended review.

Aggregating and analyzing log data is an IT best practice--and a requirement in regulated industries--but it can also be a pain in the you-know-what. Many log aggregation products have purpose-built parsing engines that process logs as they're received and build up event databases. This works well if all your log sources have parsers built in, but not all do. That means for unsupported devices, events are stored as raw log data that's not easily searched. To make matters worse, there are no standards for log messages themselves. This makes extracting meaning from events difficult.

Meanwhile, the volume of data that network devices and servers generate can be staggering.

Enter Splunk 3.0, the latest software release from Splunk. This excellent analyzer accepts any plain text as unstructured log data, indexes keywords, and stores the records. Splunk uses a search-based interface for log analysis.

We tested the software in our Syracuse University Real-World Labs and found complex searches fairly easy once we glommed on to the search capabilities.

The software has basic archiving features, but they may not be sufficient for companies that need robust, long-term log storage. And because Splunk is software, you need to plan for adequate server resources. Splunk runs on Linux, but the company is working on a Windows version. You can try Splunk for free with a 30-day enterprise license, and a freeware version also is available. The product as tested starts at $5,000 for 500 Mbytes per day.

Read more about:

20072007

About the Author(s)

Mike Fratto

Mike Fratto

Former Network Computing Editor

Mike Fratto is a principal analyst at Current Analysis, covering the Enterprise Networking and Data Center Technology markets. Prior to that, Mike was with UBM Tech for 15 years, and served as editor of Network Computing. He was also lead analyst for InformationWeek Analytics and executive editor for Secure Enterprise. He has spoken at several conferences including Interop, MISTI, the Internet Security Conference, as well as to local groups. He served as the chair for Interop's datacenter and storage tracks. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.

See more from Mike Fratto
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

thumbnail
Cyber Resilience
‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure
byShane Snider
May 6, 2024
3 Min Read
Ambassador-at-Large Nathaniel Fick at the RSA Conference 2024 in San Francisco.
Cyber Resilience
Questions for the Bureau for Cyberspace and Digital PolicyQuestions for the Bureau for Cyberspace and Digital Policy
byJoao-Pierre S. Ruth
May 16, 2024
5 Min Read
Business person draws a creative business project
IT Leadership
Why CIOs Are Under Pressure to InnovateWhy CIOs Are Under Pressure to Innovate
byLisa Morgan
May 15, 2024
8 Min Read
DNA (deoxyribonucleic acid) strand, illustration.
Data Management
DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?
byRichard Pallardy
May 7, 2024
15 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now