Just what, exactly, does Splunk do? Jason Conger explains it all from Citrix Synergy 2012

I had a briefing with Splunk the week before Citrix Synergy, but when I sat down to write about it, I wasn't sure that I could do it justice. The general idea is that Splunk can take any data, any log, from anywhere in your infrastructure and add it to a searchable, intelligent index through which you can extract all sorts of meaningful data about what's happening. By default, the system will watch all the logged events and return slices of interesting data. For instance, from the dashboard you can see that a specific server name or event type is occurring at a higher than normal frequency. From there, you can drill down and chase the cause of the error from the hypervisor to the storage, networking, and even the VM.

To help make sense of the ridiculous amount of information captured by the system (I mean that in a good way), Splunk also has "apps" that they make freely available to focus on specific information and format it in an instantly-useable way. These apps can also be customized, and there is a large community of users that also contribute their own apps.

Rather than try to dig much deeper, I tracked down BriForum speaker and all-around-great-guy Jason Conger to give the full demo on camera. The 25 minute video made Justin's arms tired, but at the end, even he understood what Splunk was all about. So grab a coffee and spend the next half hour getting a view of one of the more unique products in our space:


View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Splunk is a great tool for making sense of machine data, but sometimes the data is not easily obtainable or inconsistent because of the way vendors log events. For events where log data is difficult to get, the Splunk for ExtraHop app enables IT teams to capture targeted data. Check out the app on Splunkbase: splunk-base.splunk.com/.../extrahop


With the uncerntainty about what we will get with Desktop Director and Edgesight Splunk could end up becoming the leader in this space.

Splunk is a great product to provide a holistic view of your enviornment, adding Jason and Brandon were great moves.

@Tyson S, I am very excited about the Extrahop Splunk integration and should provide great visibility into several blind spots on the wire that we deal with on a daily basis.

Looking forward to watching this project mature.

Great work



I am new to Splunk and this helped me to get basic understanding, thank you for the article! I thought of leaving few more blogs on Splunk which I personally found quite useful. Let me know if you think the same.
What is Splunk and why is it needed: http://www.edureka.co/blog/what-is-splunk/
Splunk vs ELK vs Sumologic detailed explanation, when and where to use: http://www.edureka.co/blog/splunk-vs-elk-vs-sumologic
Splunk use case with an example of Domino’s Pizza: http://www.edureka.co/blog/splunk-use-case
Splunk architecture tutorial on Forwarders, Indexers and Search Heads: http://www.edureka.co/blog/splunk-architecture

Do keep me posted on more articles on Splunk.