When Written: Dec 2011
In my last article I briefly mentioned Hadoop which is a technology that enables web applications to run across a lot of servers and not be affected by any hardware failure. No sooner had I sent my article off to the sub editors than I received a PR email from a company offering a product that will work with Hadoop.
As is often the case with press releases it can take several reads before you start to understand what a particular product being promoted is supposed to do. Quite why PR companies seem to find it necessary to cloak their client’s products abilities in such verbose prose is beyond me. It seems that they often assume that the reader already knows what the product does, and quotes from the Marketing Director rarely get ones juices flowing.
In the case of this particular press release there were two things that made me read and re-read it in an attempt to see if it was of interest to me. One was that our illustrious editor had suggested that the PR company contacted me and second was the name of the product; ‘Splunk’ . Splunk (http://www.splunk.com/product ) is an indexing and reporting tool for analysing ‘machine data’ normally but not exclusively in the form of log files.
I installed it on a spare development web server and told it to look at the web server log files. I then asked for a report on all the errors over the last 5 years and within seconds the report stared to fill up with a graph with details appearing when you clicked on any spot of the graph. This product looked promising as another tool in the armoury of the hard pressed administration team. It will report from the performance logs in Windows as well as SQL Server. Alerts can be set up and reports can be added to a dashboard so that all the information is viewable in one place. The performance of the software seemed impressive, although I was not able to push it very hard in the time available to me. To generate these reports you need to write queries in their own language and whilst a number are provided that you can edit, I think this is the biggest hurdle to users adopting Splunk to their world, but invest the time in setting it up and I’m sure it will pay rewards. The cost?
Well there is a free version and an enterprise version which costs $6900 for 500M of data which includes a Cloud version and of course the Hadoop version.

Strange name but a useful tool for system administrators
Article by: Mark Newton
Published in: Mark Newton