Splunk
Splunk is a database system designed for extracting structure and analyzing machine-generated data. It takes in data from other databases, web servers, networks, sensors, etc. and then offers services to analyze the data, and produce dashboards, graphs, reports, alerts, and other visualizations. All this data is captured in a searchable repository and served via a web interface called Splunk Web.
Splunk is a horizontal application and is used by a large and diverse set of users with different knowledge bases in an organization to monitor IT operations, security, and business analytics. It is also possible to extend the Splunk environment by installing or developing an app. An app runs on the Splunk platform and includes inputs, lookups, and reports to display information about the data to add specific functionality. Over 90 of the Fortune 100 companies use Splunk.
History
Splunk was founded by Erik Swan, Michael Baum, and Rob Das in 2002. Prior to founding Splunk, all three founders were dealing with large-scale search infrastructures and were unhappy about the tools available for analyzing log files at the time. Early customers of Splunk reported their experience of debugging their environments as ‘digging through caves’ and ‘crawling through the muck to find the problems’, which inspired the founders to name the company after the word for exploration of caves, spelunking.
Splunk raised a $5 million Series A in 2004 led by August Capital and reached profitability by 2009. Splunk went public on NASDAQ under the ticker name SPLK at a price of $17 a share in 2012. Splunk acquired SignalFx, a cloud monitoring platform for infrastructure, microservices, and applications, in August 2019 for $1.1 billion.
- https://www.splunk.com/view/SP-CAAAGBY
- https://www.computerworld.com/article/2546902/splunk-inc--s-splunk-data-center-search-party.html
- https://www.crunchbase.com/organization/splunk#section-funding-rounds
- https://venturebeat.com/2009/10/14/it-search-company-splunk-reaches-profitability/
- https://dealbook.nytimes.com/2012/04/19/splunk-soars-in-debut/
- https://www.crunchbase.com/organization/signalfuse
Concurrency Control
Splunk supports concurrent search but limits the number in order to preserve performance. It also allows you to configure the maximum number of concurrent searches between scheduled and summarization queries based on your usage.
Splunk also supports concurrent users. A user uses exactly one CPU core on each indexer for the duration of the search. By default, a search on Splunk cannot use multiple cores.
Indexes
Splunk adds all incoming data to indexes after processing it. It indexes data by breaking them into events, based on the timestamp. After breaking the data up into events, the events are passed through the indexing pipeline where additional steps are taken, such as breaking the events into segments so indexing and searching can be done efficiently, building data structures for the indexes, and writing the events out to disk.
Splunk supports events and metrics indexes. Events indexes are the default index type, impose minimal structure, and can accommodate any type of data. Metrics indexes are highly structured and designed to handle high volume and low latency demands. These indexes have better performance and less space utilization compared to events indexes.
Website
Tech Docs
https://docs.splunk.com/Documentation/Splunk
Developer
Splunk
Country of Origin
Start Year
2002
Project Type
Written in
Supported languages
C#, Java, JavaScript, PHP, Python, Ruby