New Tech

Splunk Black LogoI’ve been at my new job for almost two years now. “New” from the perspective that the last time I blogged, I was still at my previous job.

The job involved something new. New software and new technology that I haven’t worked with before. I went for an interview to become a Splunk Administrator.

Yeah, I said Splunk.

So what is Splunk?

It’s kind of hard to explain, because before Splunk, I had nothing to compare it with. Splunk is a brilliant piece of software that can collect data from any source, whether it be a log file, the Windows Event Viewer or even a Syslog source. Once all the data is collected on your indexers, the Splunk instances that store your data, it becomes searchable.

The Splunk search language is extremely powerful, allowing you to find fringe events between millions of events in minutes, even seconds if you have brilliant hardware. You can create charts and tables straight from the search language. Statistics are a breeze.

Splunk is also a very open piece of software. Not open source, mind you, even though it’s built on top of open source software like Python, Django and CherryPy. Just about the only thing closed about Splunk are the main binary files.

I’ve hacked things into and out of Splunk that I’m sure no one else has even attempted before (at least not in South Africa… I think).

I know I sound like a Splunk sales rep now, but this is really good software. I was kind of intimidated by it at first, especially since I’ve never heard of it before, but the more I read about it, the more I was convinced that this is a good direction to explore.

It’s now almost two years later and I have never looked back. I can’t remember when last I’ve been this challenged and excited to come to work in the mornings.

Splunk is cool. It’s free to try. So try it. You probably won’t regret it.