The Splunk Revolution Comes to Europe

At two full house SplunkLive events in London and Amsterdam, it quickly became obvious that the Splunk fan following in Europe is turning into a serious sized storm. SplunkLive London opened to a full session of 200+ attendees at the Tower Hotel. After a lively Splunk introduction by CEO Godfrey Sullivan, came presentations from, and a consultant on behalf of a rather large London summertime sports event that involves grass courts., the world’s largest betting exchange runs thousands of bets per second and uses Splunk extensively across 5 different datacenters. Representing Betfair was Will Thames, the product delivery technical lead. Betfair started using Splunk to centralize their logging, and to make it easier for customer support to understand a customer’s actual experience on their website. When they realized what was possible with Splunk, they quickly expanded their deployment to not only trace transactions and monitor/report on bet completion and bet latency but also for application troubleshooting during the development cycles.

Splunk helps Betfair visualize code dependencies between systems and do a release-to-release analysis and tracking of bugs.

Betfair code quality dashboard

Using information from application logs, Splunk tracks response times back to customers placing bets, as well as the overall SLA until the confirmation of bet completion. Splunk notifies customer support proactively when SLAs aren’t met. Downtime is very expensive for Betfair(both in terms of lost revenue and decreased customer satisfaction), and Splunk makes it much much faster to detect application exceptions and prevent/minimize outages to users. Splunk adoption has grown organically at since the initial install, with the developers now writing logs in key value pairs that makes is easy for them to get their own health analysis dashboards in Splunk., a name familiar to most people in the U.K, is one of the world’s largest retailers, handling over 750k customers and 400k orders per week. Tesco uses Splunk to monitor 400 servers in 10 different environments, aggregating over 50 different types of logs. Splunk is used to bridge the gap between Java/Linux based systems and a historically Microsoft-heavy organization. Splunk is used for website session and order tracking, java based message queue monitoring as well as to allow development teams to resolve problems faster. Splunk key word alerting integrates with their existing MS SCOM monitoring and service desk systems.

Dashboards such as the below, created by correlating multiple sources of data in 5 minute buckets,  help’s Graham Smith and Joshua Anderson track user experience and website performance:

Splunk allows Tesco to track a customer’s actual experience throughout their site vs. traditional web testing methods. Monitoring of their Java based message queue helps them figure out the status of customer orders, and helps make sure orders don’t get lost, once placed:

Application Process Visibility Dashboard

Up to 300 developers have access to Splunk at and they have been able to not only improve the quality of their code, but have been able to assure environment integrity, and resolve issues across international locations very very quickly. Now that the engineering teams know what is possible with Splunk, they are quickly implementing a “beacon” in application logs, that will allow Splunk to correlate events as they transverse many different application components.

Last but not the least, Graham Morley, consultant for a rather popular sporting event in London, took the stage and served up another winner. Graham initially started using Splunk for network troubleshooting over 6000 switch ports across 150+ switches and 42 racks. Splunk was able to filter through the noise of all the messages and provide complete clarity to pinpoint the real issues.

But once he realized what Splunk was actually capable of, there was no stopping him. Now Splunk is used as a service delivery tool for just about anything network related. Splunk is, as an example, used to figure out which WiFi access points are being under utilized, so they could be re-purposed elsewhere. There were over 11,000 outlets during the busy 2-week period that could be configured with any one of 400 VLANs. Splunk was used to combine data from network switching infrastructure with other sources so 3rd party providers could figure out which outlet had which service available.

Listening to our customers talk about Splunk is an eye-opening experience, every single time. Their sense of excitement, their insights into the possibilities that Splunk could provide for their own organizations makes it an enormous pleasure to talk about their stories. More to come from my colleagues on SplunkLive Amsterdam…

In the meanwhile, if you’d like to attend a SplunkLive Event near you, register here.

Leena Joshi

Posted by