What is Splunk?

In simple words Splunk is Google for all the machine data /logs. It’s a data mining tool for Big Data, built in to handle Big/large data without affecting performance.

Splunk offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure.

Ever heard about machine data? What is it? Machine-generated data is one of the fastest growing and complex areas of big data. It’s also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Machine data comes in an array of unpredictable formats and the traditional set of monitoring and analysis tools were not designed for the variety, velocity, volume or variability of this data. Splunk turns this machine data into valuable insights. It’s what we call Operational Intelligence. Operational Intelligence gives a real-time understanding of what’s happening across the IT systems and technology infrastructure so one can make informed decisions.

Let’s see what splunk can do.

  • It’s a powerful software/Engine which can be used to search, investigate, troubleshoot, monitor, visualize, alert, and report on everything that’s happening in the entire IT infrastructure from one location in real-time.
  • You have to only enter the search keyword in search bar and done. Splunk will search logs of all machines/Servers /Network devices from your enterprise and will present available information as result just like Google.
  • You don’t need to login to multiple servers and dig for all logs for particular event Splunk will do it for you in smarter way.
  • For example if you want to know particular users activity on all servers then you just need to enter username in searchbar and hit enter.Splunk will collect and display all activities performed by user on all machines in few seconds.
  • Splunk Enterprise takes valuable machine data and turns it into powerful operational intelligence by providing real time insight to your data through charts,alerts,reports etc.


Some of the advantages of using Splunk are

  • Splunk does not require any database like Oracle or MySQL to store its data. It stores its data in indexes, so no additional cost for DB required.
  • It effectively reduces troubleshooting and resolving time by providing instant results. Splunk is the best way for root cause analysis.
  • SPlunk converts complex logs to visual graphs and reports resulting simplified analysis, reporting and troubleshooting.
  • It can work as monitoring tool, SIEM, reporting tool, analysis tool and much more.
  • It’s very easy to setup and expand.
  • It supports any format and any amount of data, enables centralized log management.

Splunk offers different products. They are

  1. Splunk Enterprise

Splunk Enterprise makes it simple to collect, analyse and act upon the untapped value of the big data generated by your technology infrastructure, security systems and business applications giving the insights to drive operational performance and business results. By monitoring and analysing everything Splunk Enterprise helps to gain valuable Operational Intelligence from machine-generated data. Splunk Enterprise will

  • Collects and indexes log and machine data from any source.
  • Powerful search, analysis and visualization capabilities empower users of all types.
  • Apps provide solutions for security, IT ops, business analysis and more.
  • Enables visibility across on premise, cloud and hybrid environments.
  • Delivers the scale, security and availability to suit any organization. Available as a software or SaaS solution.

The Splunk Enterprise architecture has different components like


  • Universal forwarder (UF) – It is a light weight instance of Splunk. It only takes data and forwards it to other components.
  • Heavy forwarder (HF) – It is a heavy version of Splunk. It takes data from UF and parses & filters the data to discard unwanted data.
  • Indexer – Splunk indexers provide data processing and storage for local and remote data.
  • Search Head (SH) – It is a GUI to see the data stored in indexer.
  • Deployment server (DS) – The deployment server is a tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances.

2. Splunk Cloud

Splunk Cloud delivers all the features of Splunk Enterprise, as a cloud-based service. The platform provides access to Splunk Enterprise Security and the Splunk App for AWS and enables centralized visibility across cloud, hybrid and on-premises environments.

  • Secure: It has dedicated cloud environments for each customer.
  • Reliable: 100% uptime SLA. All the features of Splunk Enterprise, including apps, APIs, SDKs. 10TB+/day scalability.
  • Hybrid: Centralized visibility across Splunk Cloud (SaaS) and Splunk Enterprise (software) deployments.

3. Splunk Light

Splunk Light is a comprehensive solution for small IT environments that automates log search and analysis. It speeds tactical troubleshooting by gathering real-time log data from the distributed applications and infrastructure in one place to enable powerful searches, dynamic dashboards and alerts, and reporting for real-time analysis all at a price under budget.

  • A comprehensive product for log search and analysis built on Splunk’s proven technology.
  • Search, report and alert on all your log data in real time from one place.
  • Designed for small IT environments with free download, easy set up and rapid data onboarding.
  • Easily upgrade-in-place to the full Splunk Enterprise or Splunk Cloud.

4. Hunk

Hunk is the big data analytics platform that lets rapidly explore, analyze and visualize data in Hadoop. It provides a simple, integrated experience designed to provide insights from your big data without specialized skills, fixed schemas or months of development. Hunk gives the power to rapidly detect patterns and find anomalies across petabytes of raw data in Hadoop without the need to move or replicate data.

  • Drive down costs by easily rolling historical data from Splunk Enterprise to HDFS and Amazon S3.
  • Interactively query raw data by previewing results and refining searches using the same Splunk Enterprise interface.
  • Quickly create and share charts, graphs and dashboards.
  • Ensure security with role-based access control and HDFS pass-through authentication.
  • Hunk natively supports Apache Hadoop and Amazon EMR, Cloudera CDH, Hortonworks Data Platform, IBM InfoSphere BigInsights, MapR M-series and Pivotal HD distributions.





Happy splunking!!!!!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s