SplunkLive Denver – A Rocky Mountain High

On October 13, 2011, the Splunklive caravan headed to the Rockies with over 125 people in attendance at SplunkLive Denver – doubling the number from last year.  The event opened with a Splunk introduction from Stephen Sorkin, VP of Engineering at Splunk, and one the chief architects of the product.  The subsequent sessions were a “customer fest” with five presentations from customers that included CenturyLink, Staples, Ping Identity and two presentations from Cricket Communications – it set a new record for customer presentations at a Splunklive!

The customer presentation bonanza kicked off with CenturyLink, the third largest telecommunications company in the US.  CenturyLink discussed how their initial view of Splunk as a tactical solution to monitor platform rapidly evolved to that of Splunk as a strategic solution to monitor across the network including core services such as Voice Over IP (VOIP), Call Center and IPTV.  One of the many use cases at CenturyLink is the use of Splunk for automated load testing where they are taking data across the network to determine network break points – data that includes call detail records (CDRs), event logs, error logs, syslog, and other flat files.  With Splunk for load testing, CenturyLink was able to better understand key metrics such as the type of load generated, volume of load, and memory / CPU resource utilization – insights that are helping them scale to support growth and deliver better service.

Figure 1. Splunk for Automated Load Testing at CenturyLink

From Telco, we moved to the world of retail with a presentation from Staples.  They had the classic problem of tracing a transaction (in their case, a customer order) that traverses multiple applications and systems between the time an order is placed to when it is shipped from the warehouse.  When something goes wrong, it was hard for them to identify the problem source and the trouble ticket passes from one team to the other – “over the fence scenario” as Staples described it.  By using Splunk for order management system logs and web Methods logs to trace transactions, Staples now has a single complete view of the transaction flow and associated metrics.  Staples can now rapidly trace the legacy path of the transaction to decrease time to resolution and resources required to troubleshoot issues.  It is also interesting to note that Staples achieved all these benefits with no impact to their current system performance or code base.

Ping Identity, which provides security solutions to some of the world’s leading companies, talked about how they were using Splunk to gain better visibility into their SaaS applications.  Their Splunk deployment takes data across an environment that is 95% virtualized and includes over 400 servers.  Using Splunk, Ping Identity’s IT team is providing critical business insight to the executives.  Their executive dashboards track key metrics such as user count, location, behavior, product trends – such visibility is helping the business better understand their customer base.  With Splunk, Ping also eliminated a number of MySql databases and hardware while shutting down a legacy app as well.

Figure 2. SaaS Service Metrics Dashboard at Ping Identity

Next, we had two presentations from Cricket Communications – Cricket highlighted their broad use of Splunk for critical IT and business insights.  The first presentation focused on Splunking data to gain visibility into MUVE Music Service.  MUVE customers get unlimited access to songs from their mobiles devices – the key identifier to authenticate and track service access is the phone number or mobile device number (MDN).  However, all the search and download activity is tracked by IP addresses which are transient depending on time.  In other words, the same IP address may be associated with different MDNs depending on the time.  Using Splunk to correlate MDN and IP address opened up all kinds of insights into customer behavior for Cricket.  For example, with their Content Dashboard in Splunk, Cricket can track in real-time the top 10 music searches across customers, top song downloads, top artist downloads – such analytics provide tremendous value to Cricket in improving the quality of their service.

The next Cricket presentation from Clint Sharp highlighted his team’s use of Splunk for big data to gain operational insights across IT, business and other new data sources – data sources that include HTTP logs, Exception Logs, CRM Logs, point of sales (POS) logs, and F5 logs.  For Cricket, the best part of using Splunk for these sources was the lack of any need for ETL – where they spend 60% of the expenses in normalizing data.  With Splunk, Cricket has already achieved an ROI of over $1.2 million by reducing outage time by 15%.  As part of their efforts to deliver business new insights, Cricket has also instrumented their Tibco Business Events to write orders to a log file.  Splunk searches across the order data, correlates it with phone purchased and rate plans to provide real-time sales visibility to the business.  For example, the real-time dashboards show map of country with sales by location, sales by rate plan, sales by phone, sales by plan type etc.  As Clint Sharp from Cricket said “Don’t underestimate the power of Splunk or the imagination of the team using it.” – we completely agree!

Figure 3. Real-time Sales Dashboard at Cricket Communications

Seeing first-hand how passionate our customers are about Splunk, how innovative they are in their use of the product, and how much value they are deriving from it is one of the greatest thrills of being at a Splunklive.  If you would like to listen to these great stories and learn how you can benefit from Splunk, attending a Splunklive is a great start – see our calendar to register for an event near you.

Tapan Bhatt

Posted by