This Splunking Life

One of the great pleasures of working at Splunk is when customers get really specific about WHY WHY WHY they Splunk. We love it.

Sondra Russell is a metrics analyst at large public multimedia organization, with some rather famous radio shows and podcasts that I am a huge fan of.

She was very candid in her talk at the Baltimore SplunkLive! – she’d tried out the leading software for web analytics and had to follow a rather convoluted process to get her weblogs in. She had to decide upfront what data from her weblogs was needed vs not, she had to then format the logs so they fit the prescribed format and then upload the logs to the software. The process was nightmarish. Everyone always underestimates the time and effort taken to normalize data to upload into a regular database.

Sandra spent hours and hours, trying to get it right. Multiple log lines couldn’t be grouped into distinct visits, which made the data a little loopy to start with. Uploading didn’t always work right, there was no way to tell which data got uploaded and which was still in process. As she spoke, she recollected that she had just received an email this week about an upload she had started 6 months ago in April!! After some indeterminate amount of data was in, she couldn’t correlate anything with anything else.

Then one Friday evening, while searching for log analysis tools, she found Splunk and hasn’t looked back since! She simply pointed Splunk at her logs – no processing needed, and got to whatever numbers she was looking for, within an hour!. The whole thing was miraculous for her. She was able to get to the RIGHT numbers on distinct visits by grouping multiple log lines related to users. She knew all the answers: which shows had been heard how many times over the year, which podcasts were the most downloaded, which platform was being used the most to download podcasts…(see below)

Media Downloads by platform

Now of course, her organization uses Splunk for many more things that directly help them make better business decisions. In addition to being able to assess popularity of various programs through download and playback statistics, but are also able to reconcile royalty payments from a digital rights perspective, measure abandonment rates etc.

Shawn Grimes, Sr.Security Architect from Legg Mason, a global asset management firm, also talked about his usage of Splunk for compliance at the Baltimore SplunkLive!. Shawn had turned to Splunk during tough times – there were severe budget cutbacks, resulting in a reduction in SOX compliance staffing. Shawn’s team went from 9 people to 3, and the only way they could keep up was with Splunk. Splunk helped Shawn and his team to not only meet every compliance reporting requirement easily but with enough time left over to put in place best practices around compliance. Splunk also had a great price tag compared to another product that would have required many new server  purchases to handle the data volumes at Legg Mason. As a security architect, Shawn sees the ability to react quickly as the key in preventing and managing exploits. Splunk’s real-time dashboards help him detect anomalies quickly, and let him drilldown instantly, accelerating response time when incidents occur. In his own words, his CISO is really happy because of the comprehensiveness of monitoring with Splunk.

Splunk’s secure role based access controls allow access to production logs, without access to production systems. Splunk also maintains a secure audit trail of log review activity. As Splunk gets used more and more at Legg Mason – to quote Shawn-“Everyday someone thanks me for bringing in Splunk.”

Thanks to these fantastic customers for their stories!

A last quick note:  For Splunk users in education, there is a mailing list created and run by UConn for the purposes of sharing Splunk best practices and use cases.

Anyone is welcome to subscribe via (or by sending an email to containing “SUB SPLUNK-L FirstName Lastname” in the body).

Several universities from the northeast are already on this alias, and some corporate folks as well. Thanks to University of Connecticut for spearheading this..

Leena Joshi

Posted by