What is Splunk?
Splunk is a big data software analytics platform that powers information technology (IT), security, and observability solutions. Splunk makes massive amounts of client data valuable and understandable to all of these teams and their stakeholders.
What is Splunk used for?
As a software company, Splunk is responsible for a log analysis platform that enables users to solve IT Operations and Capacity issues, meet security requirements, and provide observability.
The term “Splunk” also refers to the products created by Splunk.
About Splunk The Company
Splunk Inc, founded in 2003, has grown to over 7,500 employees and has an extensive partner ecosystem (including Kinney Group). Splunk Inc. is a Fortune 1000 company and publicly traded company using the NASDAQ symbol SPLK.
Splunk Enterprise and Splunk Cloud Platform
The best-known product by Splunk is Splunk Enterprise, which is a massively scalable log analysis tool. Splunk positions this product as a solution for collecting and analyzing large amounts of machine-generated data. Anything a computer creates as output, from logs to API endpoints via queries, is part of machine-generated data.
Core Splunk, or Splunk Core, is sometimes used to refer to Splunk Enterprise or Splunk Cloud Platform.
Splunk Enterprise was traditionally installed and run by the customer, perhaps with assistance from consultants. As Software-as-a-Service offers became common, Splunk released a managed-cloud version of Splunk Enterprise, currently called Splunk Cloud Platform.
Advantages of Splunk Enterprise and Splunk Cloud Platform
Splunk Core is highly extensible. Instead of locking users into a particular use case, the same data is available for many different use cases. The same Splunk environment may work for security, business analytics, and capacity planning.
One of the main ways to extend Splunk Core is through the use of Applications. Splunkbase (splunkbase.splunk.com) is the official repository of apps for Splunk. As of January 2023, there were over 2500 apps listed on Splunkbase. The vast majority of those apps are free to install and use.
Who uses Splunk Enterprise and Splunk Cloud Platform?
Security practitioners, developers, IT operations staff, business users, data scientists, and more can take advantage of Splunk. Being flexible in use cases extends its usefulness to a broad audience.
Splunk Enterprise Security
Many customers use Splunk Enterprise for security purposes. So many, in fact, that Splunk created a specific Security Information and Event Management (SIEM) tool named Splunk Enterprise Security (ES) that works in conjunction with Splunk Enterprise or Splunk Cloud Platform. Splunk ES is one of the leading SIEM offerings. As a premium app, it requires additional license purchase to use.
Splunk added a Security Orchestration and Response (SOAR) product to its suite of offerings in 2018 by acquiring Phantom. Splunk has since renamed the product to Splunk SOAR.
Splunk SOAR is usually used with Splunk ES to enable playbook responses to security findings. For example, if a series of incidents is always a finding, an automated response can stop the problem. SOAR allows security practitioners to repeatedly and even automatically respond to incidents. As a premium app, Splunk SOAR requires additional license purchase to use.
User behavior Analytics is a tool that watches users for abnormal behavior, which often is previously unseen. Splunk User Behavior Analytics is a machine-learning-based system that complements Enterprise Security. Splunk UBA identifies worrying behavior from users and entities.
Splunk IT Service Intelligence
Apologies that we’re about to do buzzword bingo. Splunk IT Service Intelligence (ITSI) is Splunk’s AIOps offering. ITSI revolves around services, which may be physical systems like an eCommerce site or a construct such as customer happiness.
Services have a health score in ITSI calculated using a variety of Key Performance Indicators (KPIs) defined by the customer. Hence, ITSI is open-ended and highly configurable.
Services may interact with one service score influencing another service score. Cascading services allow higher-level service scores, such as overall health for IT operations or even an overall score for the company’s services.
Observability is a way to measure a system’s state based on metrics, logs, and traces. Splunk ITSI is one part of observability. Splunk acquired SignalFx 2019 to bring in real-time monitoring and metrics for cloud environments, microservices, and applications.
Splunk Observability Cloud is a suite of products that provides a variety of observability tools that helps with both responding to outages and identifying the cause of issues. Observability is implemented in Splunk using Splunk Infrastructure Monitoring to improve hybrid cloud performance and Splunk Application Performance Monitoring to gain insights into cloud-native, microservice, and monolithic applications.
Other observability products from Splunk include Splunk Log Observer, Splunk Real User Monitoring, Splunk Synthetic Monitoring, and Splunk On-Call.
A Comprehensive Guide to Splunk
Splunk is a software company, and colloquially the term refers to the suite of products that Splunk delivers. Splunk produces a log analysis tool in two flavors, Splunk Enterprise and Splunk Cloud Platform, which empower a plethora of use cases. Splunk has several other product offerings that also are within the broad envelope of Splunk.
If you found this helpful…
You don’t have to master Splunk by yourself in order to get the most value out of it. Small, day-to-day optimizations of your environment can make all the difference in how you understand and use the data in your Splunk environment to manage all the work on your plate.
Cue Atlas Assessment: Instantly see where your Splunk environment is excelling and opportunities for improvement. From download to results, the whole process takes less than 30 minutes using the button below: