Splunk

from Wikipedia, the free encyclopedia
Splunk, Inc.

logo
legal form Corporation
ISIN US8486371045
founding 2003
Seat San Francisco , United States
management Douglas S. Merritt
Number of employees 4,700 worldwide
sales $ 950 million (2017)
Branch Software development
Website www.splunk.com
Status: 2019

Splunk is a log -, monitoring - and reporting platform, the data almost any type and makes almost any source accessible and useful to users. In this regard, Splunk speaks of the "data-to-everything platform" d. H. a platform that makes it possible to make all data visible, investigable, monitorable and analyzable in order to then use this data for actions or recommendations for action. The platform searches logs, metrics and other data from applications , servers and network devices and indexes them in a searchable repository . There can be graphics , reports and alerts generated. It is intended to support system administrators in recognizing and analyzing incidents . Log data from various systems and software components can be correlated to one another.

Splunk uses MapReduce as a scaling concept to record, index and search the relevant data, events and log files , similar to the technology used by frameworks such as Hadoop . The tool is a horizontally scalable technology that supports availability control , server and network management, email administration, transaction management, and information security / compliance. The term "Splunk" refers to the "data analysis" of unknown and unstructured information based on the English term "spelunking" (cave exploration).

The company is headquartered in San Francisco, with 8 offices worldwide and around 4,700 employees. Splunk generated around $ 600 million in 2015 and sales of $ 950 million in 2017. Splunk went public in April 2012 and is listed on NASDAQ under the trading symbol SPLK. As of 2016, Splunk has more than 10,000 customers worldwide.

history

Michael Baum, Rob Das and Erik Swan founded Splunk Inc in 2003. August Capital , Seven Rosen , Ignition Partners and JK&B Capital invested and participated in the company. In 2007, the company raised $ 40 million and started making profits in 2009. Splunk shares have been traded on the NASDAQ under the symbol SPLK since 2012 .

In September 2013, Splunk acquired the data analytics company Bugsense, which specializes in mobile devices. Bugsense offers a "mobile analytics platform that enables developers to improve app performance and quality". This has a "Software Developer Kit" that makes data analysis accessible to developers on mobile devices via a scalable cloud platform. The amount of the takeover price was not published.

In July 2015, Splunk bought the cybersecurity startup Caspidia for $ 190 million .

In October 2015, Splunk entered into a “cybersecurity alliance” with Booz Allen Hamilton Inc. , a US government security service provider , to jointly identify cyber threats and offer intelligence analysis technologies.

In 2016, Splunk pledged to donate $ 100 million worth of software and support to nonprofits and schools over a ten-year period.

The website Glassdoor According to the company comes in fourth place in the US ranking of the highest paid employee salaries. In October 2017, Splunk acquired technology and intellectual property from smaller competitor Rocana.

Products

Four products from the manufacturer are currently available.

Splunk Enterprise

Splunk Enterprise is a software package that can be installed on any modern operating system ( Windows , Linux , Mac OS ). The software package can be downloaded directly from the manufacturer and used free of charge for 60 days (evaluation license). After the 60 days have expired, there are two options: On the one hand, purchasing a license from Splunk Enterprise and, on the other hand, "switching" to the free version. The free version allows a daily log volume of up to 500 MB. The license size is generally calculated based on the daily incoming log volume. In addition to a limited license volume of 500 MB within the free version, other enterprise features such as B. the user management or cluster functions deactivated. Splunk Enterprise is currently available in version 8 (as of May 2020). All types of files (with the exception of binaries / executables) can be indexed, processed and evaluated. The evaluation takes place with Splunk's own search language SPL (Search Processing Language). Numerous mathematical functions allow extensive evaluation of the data. After evaluation, the results can be graphically processed and placed within individual dashboards. In general, Splunk can accept, process (parse), index and subsequently search and display data in a way that can be evaluated. Splunk has become a very established and widely used log management approach in the past few years. Many global corporations use Splunk for data analysis.

Splunk Light

Splunk Light includes the same features as Splunk Enterprise, but is limited in the number of users, the daily log volume allowed and the use of apps.

Splunk Free

Splunk Free is Splunk Enterprise with some limited features. For example, a limit of a maximum of 500 MB of new log volume per day allows only one user account and no clustering or single sign-on / LDAP functionality.

Splunk Cloud

Splunk Cloud includes the same features as Splunk Enterprise. The only difference is that Splunk Cloud is a cloud-based log management solution. Customers no longer transfer their data to their locally installed Splunk systems as they do with Splunk Enterprise, but to a server on the Internet, which can be used for data analysis.

Splunk Enterprise Security

Splunk Enterprise Security (ES) is a premium solution to facilitate operations in IT security departments. Splunk Enterprise Security is operated as an app on Splunk Enterprise or in the Splunk Cloud. The data to be processed must be mapped to the Splunk Common Information Model (CIM). An extra license (in addition to the Splunk Enterprise license) is required to use Enterprise Security. The Enterprise Security Suite is used in many large companies around the world. The implementation process is complex; the evaluation / processing of enormous amounts of data requires a fundamental evaluation of the underlying hardware (e.g. at least 1200 IOPS for the disk subsystem).

Enterprise security is also criticized by many voices. Generally speaking, ES offers deep insights into IT landscapes. All relevant logs are indexed (e.g. proxy logs, load balancer logs, AD logs, firewall logs, malware logs, etc.) and correlated. This creates complete transparency and searchability of the relevant infrastructure components. ES is delivered with ready-made use cases (so-called correlation searches). Installation and setup is generally carried out by Splunk Professional Services Consultants.

Splunk IT Service Intelligence

Splunk Service Intelligence (ITSI) is a premium solution for the end-to-end monitoring of digital services that consist of several components. Splunk IT Service Intelligence is operated as an app on Splunk Enterprise or in the Splunk Cloud. The data to be processed are declared using key performance indicators, which then represent a coherent end-to-end service.

Splunk User Behavior Analytics

Splunk User Behavior Analytics (UBA) is a premium solution that uses machine learning and algorithms to detect external cyber attacks and attacks by internal employees. The technology is based on big data technologies such as Hadoop and comes in the form of a virtual appliance. The data to be processed is sent to UBA via Splunk Enterprise and meta information is extracted. UBA contains attack models which contain machine learning scenarios. This includes, for example, models for peer group analyzes to identify outliers in behavior.

Splunk App for PCI Compliance

Splunk App for PCI Compliance is a premium solution. The basic idea behind this premium app is to provide companies that are subject to the PCI standard (including credit card companies or companies that store credit card information) with transparency regarding the individual PCI standards. For example, companies have to save or process credit card information and meet certain requirements that the installed endpoint security (e.g. anti-virus) is up to date. By collecting all log files from the malware software, the Splunk App for PCI Compliance can check whether the respective PCI-DSS standard (in this case Endpoint Security) has been met. The PCI standard also requires the use of SIEM products to ensure that the individual guidelines are checked.

patent

Splunk holds the following patents:

  • US patent number 7,937,344 "Machine Data Web"
  • US patent number 8,112,425 "Time Series Search Engine".

Splunkbase

Splunkbase

Splunkbase is a Splunk-hosted community where users can download apps and add-ons for Splunk that complement the functionality and usability of the product. At the same time, it functions as a quick and easy interface for specific application scenarios and / or sales products.

Splunk apps and add-ons can be developed by anyone, including Splunk itself.

Splunkbase includes u. a. Connections such as the Splunk app for New Relic, the ForeScout Extended module for Splunk or the Splunk app for AWS .

Comparable software

ArcSight or IBM QRadar are classified as direct (paid) competitors. As direct (free) competitors, there is currently only a small selection, including a. the ELK stack (Elasticsearch-Kibana-Logstash).

Web links

Individual evidence

  1. Splunk: Company overview. Retrieved July 3, 2019 .
  2. Annual Report. (PDF) Splunk Inc., March 1, 2018, accessed December 1, 2018 .
  3. Martin La Monica: Techies get 'the Wikipedia' of glitches. ( Memento of August 29, 2008 in the Internet Archive ) In: silicon.com. April 3, 2006.
  4. Bryan Burns and others: Security Power Tools . O'Reilly, Sebastopol 2007, ISBN 0-596-00963-1 .
  5. Max Schubert et al: Nagios 3 Enterprise Network Monitoring . Syngress, Burlington 2008, ISBN 1-59749-267-1 .
  6. Pui-Wing Tam: Start-Ups Aim to Help Tame Corporate Data. In: Wall Street Journal. September 8, 2009.
  7. ^ Bernard Golden: The Case Against Cloud Computing, Part Five. In: CIO. February 20, 2009.
  8. Splunk Inc. (SPLK) . Retrieved January 17, 2018.
  9. Talk About Big Data: Splunk IPO Has 1999-Style Day One Spike . In: Forbes , April 19, 2012. Retrieved January 17, 2018. 
  10. Splunk Inc. Announces Fiscal Third Quarter 2016 Financial Results . Splunk. November 19, 2015. Retrieved March 8, 2016.
  11. Data Center Search Party: ComputerWorld
  12. Splunk search engine raises US $ 25 million, IT PRO 12 Sep 2007
  13. IT search company Splunk reaches profitability . VentureBeat. Retrieved April 22, 2013.
  14. Evelyn Rusli: Splunk Soars as Investors Embrace Data Boom . In: The New York Times . April 19, 2012. Retrieved March 8, 2016.
  15. Splunk Announces Agreement to Acquire BugSense . Splunk. Retrieved September 16, 2013.
  16. Splunk Acquires Bugsense .
  17. Splunk acquires cybersecurity startup Caspida for $ 190M .
  18. Angela Messer: Booz Allen-Splunk Cyber ​​Alliance Blends Data, Experience .
  19. Why Splunk, Inc. Dedicated Just $ 100 million to philanthropy . In: The Motley Fool , October 6, 2016. Retrieved April 3, 2017. 
  20. ^ These Are the Highest-Paying Companies in America . In: Bloomberg Business , April 12, 2017. Retrieved April 18, 2017. 
  21. Natalie Gagliordi: Splunk buys IP assets of smaller rival Rocana | ZDNet (en) . In: ZDNet . 
  22. Splunk Product Comparison . Retrieved January 17, 2018.
  23. 7,937,344 "Machine Data Web"
  24. 8,112,425 "Time Series Search Engine"
  25. Splunk: Splunk Enterprise Admin Manual . Archived from the original on August 18, 2016. Retrieved January 18, 2018.
  26. Splunk, New Relic forge integration pact . In: ZDNet , March 22, 2017. Retrieved April 5, 2017. 
  27. ForeScout-Splunk integration hopes to bring greater insight to IoT security . In: TechCrunch , January 5, 2017. Retrieved April 5, 2017. 
  28. Splunk goes down-market and leverages AWS 'market dominance . In: Computerworld , November 30, 2016. Retrieved April 5, 2017.