SplunkLive! Minneapolis

Greetings from Minneapolis. Back due to popular demand, we’re here for our second SplunkLive in this city. Highlights of this event included a presentation from Splunk customer Carlson Wagonlit Travel and a presentation on Splunk for VMware – since a large percentage of attendees have complex environments with both physical and virtual servers.

Carlson Wagonlit Travel

Dan Zellmer, Senior Director Mid-Office Automation at Carlson Wagonlit Travel (CWT), shared his experience using Splunk for managing their AQUA application environment. CWT is a global leader specializing in business travel management.

AQUA is the project name for the Mid-office automation system used by branches worldwide for quality control, ticketing, fare checks, unused ticketing checks, seat assignments, and itinerary delivery.

Dan and his group faced the classic challenge of how to effectively troubleshoot and manage their complex environment. Manual grepping of logs just couldn’t cut it, especially given 1,200 VM machines that are part of their infrastructure. Like many other customers, CWT needed to be able to search on application logs, including, non-standard complex multiline logs from custom applications. As Dan’s team was rallying around the need for a centralized logging solution, the operations team was searching for a product to meet PCI compliance. The evaluated over 15 products and Splunk quickly rose to the top as one of the only products able to handle complex multiline logs – a key differentiator for Splunk. As someone said during the lunchtime customer panel: “You’re probably never going to get a developer to log the same way twice!”

CWT also wanted to be able to index their logs in real time, not just batch. Given CWT’s global footprint with developers in different regions of the world speaking different languages, they valued an intuitive, easy-to-learn and use interface. They also needed a system that would collect and store the actual logs and other data they’re capturing – instead of parsing and selectively storing modified events.

Splunk enables CWT to troubleshoot transactions and quickly figure out why transactions failed. Having all the logs and other infrastructure data in a single system enabled IT to proactively identify and fix the issues behind transaction failures and provide a higher level of service to their customers.

Back to the PCI Compliance side of the implementation. It’s important that developers have real-time direct access, but since CWT deals with credit card numbers, security measures must come into play. Splunk gives developers that real-time access, but only to the data they need and are authorized to see. As an added benefit, the more they are proactively identifying and fixing other issues, such as SQL errors that previously went undetected.

Thanks again to Dan and all of our other customers who came to today’s event. One of the best parts of my job is interacting with our customers. I hope I’ll have the chance to meet with more of you in August at our Users’ Conference. Remember, the early bird pricing expires tomorrow, so register today to save $200 – and to get access to more great user stories.

Steve Sommer
Posted by

Steve Sommer