Splunk 3.0 drills deeper into IT data

Splunk continues to ramp up what it calls an "IT search engine," which captures log data and other kinds of information that can help identify problems and provide proof of compliance with various regulations, such as Sarbanes-Oxley and the Payment Card Industry standard. Splunk is somewhat like a Google search engine for IT data in that you pour in the data, with a simple interface and no need for complicated data mapping, adapters and configuration-- the software just figures out how to normalize and present the data.

At Interop, the company showed off a beta of version 3.0, which adds real time analysis of data and personalized, shareable dashboards. In addition, the search language includes new mathematical and reporting operators and support for indexing the output of any shell script or command line action. Other features include native implementation of 64-bit and multi-processor platforms and centralized management of distributed Splunk deployments.

According to company CEO and co-founder Michael Baum, Splunk has 350 paying customer and about 100,000 downloads of the free version, which lacks features such distributed search and clustering and multiple user accounts. Some of the new features enabled by version 3.0 include support for incident analysis and resolution, fraud monitoring, and change validation and detection, Baum said.

Splunk has come up with an flexible pricing model--metering the amount of data, starting with $5,000 for 500 megabytes of data. Splunk has also partnering with Netcordia, which will use the search engine for for collecting and analyzing network events.