By Splunk October 29, 2012
Splunk Enterprise 5.0 is possibly the most important Splunk release ever. It represents an important step in the evolution of Splunk into a full –fledged data platform.
Now “platform” is possibly the most overused term in the technology industry, and every vendor wants to be one. According to the Wikipedia definition, a technology platform is a structural or technological form from which various products can emerge without the expense of a new process/technology introduction.
Shipping with Splunk Enterprise 5.0, is a fully versioned REST API with 170 endpoints, so you can integrate Splunk with your custom application and have the assurance of particular endpoint behavior. The REST API and the integrated JavaScript SDK contain the seeds of a broad platform for all kinds of machine data that can be manipulated at will to serve a variety of use cases. Data in Splunk can now flow through your organization, powering applications and serving reporting /analytic needs for a broad class of users. And this is just the beginning – read Jon’s blog here about what’s new for developers in Splunk 5.
Does this make Splunk a platform? No, not just that.
Our fantastic community of users, partners and developers have been building Splunk apps that sit on top of Splunk and provide out-of-the-box views, dashboards and knowledge specific to particular technologies, use cases or visualizations. In fact, Splunkbase now has several hundred apps –some developed by Splunk, some by customers, some by partners – most of them addressing some easy ways to address common IT problems, some of them being really creative ways to visualize and interpret data in Splunk.
Among new features in Splunk 5 that extend the notion of the Splunk platform is a feature called modular inputs, which provides a programmatic framework for defining new standard input types for Splunk. Let’s say you want to distribute a script with a stored procedure to pull metrics from your database to many of your database servers – you can now define it as an input and use deployment server to push it out to forwarders on your database servers. Much faster data collection! And centrally managed too!
Does that make Splunk the platform, then?
I would argue that its not just the REST API, the SDKs, the apps, the new features – its really our vibrant community of users who now are getting some of their most valuable insights out of Splunk. And who have done a fantastic job of sharing these insights with people throughout their organization. We have merely put the enabling technology in place to help your data power more and more uses in your organization.
When you’re using Splunk, think of not just what your data is telling you, think of whether someone else can use the same data for something else. Share data , share insights – use apps, SDKs, the REST API, whichever makes it easiest for you. The more you share, the more value you get from Splunk!
----------------------------------------------------
Thanks!
Leena Joshi