Splunk 4.3 Overview

You must have Flash installed and Javascript
enabled to view this video.

Click here if you need to download the free Flash Player.


We think Splunk 4.3 is our best Splunk yet. It's mobile, faster, more scalable, easier to administer and with dashboards that business users can edit. Find out more in this essential overview.

Read about What's New in Splunk 4.3

Date: Jan 04, 2012 




Here at Splunk, our mission is to make machine data accessible, usable and valuable to everyone. Our last release Splunk 4.2 improved on the enterprise architecture of the 4.0 and 4.1 releases, to improve our customer's experience from the desktop to the enterprise.

Collect data from tens of thousands of endpoints. Search, analyze, and alert on your data in real-time. Create custom dashboards for different users and roles. All while scaling to Big Data proportions on commodity hardware.
But good enough is never enough. How do we continue to make Big Data of all sizes available to everyone?

With Splunk 4.3 we've done exactly that, by taking this amazing foundation and making it:

-Easier and more usable for IT and business users
-Faster and more scalable on the same footprint
-Easier to administer for complex enterprise deployments

Let's take a look.

In Splunk 4.3 our charts and timelines are now Flash-free. This means you can now use Splunk wherever you are - on your computer, on your on your iPad, iPhone or literally any device that has a web browser installed.

Dashboards can now be defined and edited entirely through the UI. You can change the chart type and various chart properties using the Visual Panel Editor without having to edit xml and reposition dashboard panels simply by dragging and dropping them. Whether you're and analyst or an executive, you can now take any data that is of interest to you and turn it into compelling tables and visualizations on dashboards.

We've also integrated real-time and historical search results. Now, when you kick off a real-time search, we backfill the window with historical data while also allowing the real-time data to stream in. This gives you the historical context and perspective that you need in many real-time monitoring use cases to frame incoming data against.

Sparklines is a new small multiples visualization in Splunk that is a great way to convey at-a-glance trending of Big Data at a granular level. Here you can see the top hashtags from our twitter data sample. While the count indicates the relative frequency of occurrence, the sparklines visually encode temporal trends providing insights that would have otherwise been hidden from you.

Per Result Alerting allows you alert and take action on each and every event that meets a specific criteria and makes it easier to define complex alerting conditions.
Splunk 4.3 includes great new capabilities that make it easier to manage and administer Splunk.

Data Input Preview takes the uncertainty out of indexing file-based data by showing you the data that is about to be indexed and preview how the event breaking and timestamp extraction will be handled by Splunk. It lets you see what you're getting, before you commit to an indexing strategy.

Machine data is one of the fastest growing, most complex segments of big data. With every release, we maintain our commitment to getting you search results faster than ever before even as you continue to scale to larger amounts of data and more users. Splunk 4.3 is no exception. We're making searching for "rare" terms up to 10x faster by leveraging a technique called Bloom Filters that allows us to very efficiently screen out data buckets without even looking at the data inside them. We've also streamlined the UI so that it can support up to 10 times as many active users per search head on the same deployment.

In summary, Splunk 4.3 helps you get the most from your machine data.

-It's Mobile - new no-Flash user interface delivers the power of Splunk anywhere
-It's more powerful - new visualizations, 10x more concurrent users, up to 10x faster "needle in a haystack" searches
-It's easier to use - with dashboards that anybody can edit and easier to manage.

Splunk 4.3 is available now. Download it for Free and learn more from our website.