Splunk at Edmunds.com

Driving New Operational Insights and Efficiencies

The Business

When a company structures the walls and furniture of its award-winning headquarters to mimic the curves of the world's most exciting racetracks, you know you're dealing with a bold organization. Even before any car manufacturer created an online presence, Edmunds.com, which started publishing new and used vehicle guides in 1966, was the first Internet source serving automotive consumers. From that lone site, known as the Electronic Newsstand, Edmunds.com has anticipated and responded to its audiences with four must-see web destinations including a social networking site and the most-read site for auto enthusiasts. Having dropped its print operation in 2006, the entire business relies on a high-performing, reliable and secure IT infrastructure. For this company, the focus of a 2001 Harvard Business School case study, to keep anticipating which car consumers desire, it needs to learn everything it can from its data.

Challenges

With a scaled out, distributed, web application infrastructure Edmunds.com had limited visibility across their entire application stack. Each layer included a silod monitoring solution—great for single point analysis, but lacking a holistic view. Edmunds.com was stuck managing its infrastructure in silos, spending way too much effort on disparate analysis and not enough answering questions that could impact the business.

Enter Splunk

The 50,000 events per minute that occur on the Edmunds.com sites produce 60 to 70 gigs of data per day, and enter Splunk through syslog, a custom agent for Windows event logs, and a custom log4net appender for .Net data.

Availability

Through real-time alerting, daily and weekly reports and historical analysis, Edmunds.com monitors and tracks availability—the good, the bad and the ugly. The good includes analyzing traffic trends to ensure ad revenue and identify new customer behaviors. The bad covers device failures and security concerns such as port scans and aggressive spidering. The ugly refers to events (mostly errors) that disrupt revenue streams or impact the company image.

In addition, Edmunds.com uses summary indexing for statistical analysis on referrers, status, method, URI and User Agent. Combining these across web and application servers lets them understand baseline transaction types to better monitor anomalies.

Visibility

Through a distributed Splunk setup, which segregates sensitive machine data from non-sensitive data, everyone at Edmunds.com gets the access they need. C-level executives use dashboards showing business trends and analytics.

Before Splunk, network operations poured through silos of machine data to figure out why an application didn't work or who was doing what, and when. With Splunk, Edmunds.com can now run form searches for any application that narrow searches by environment, host or time. The team can also perform cross-application mapping, correlating errors between the web and application tiers.

Breakthroughs

Eliminating the machine data silos at Edmunds.com has enabled a new level of operational visibility. The IT team can now proactively manage the infrastructure and share powerful new insights to the business via dashboards. Today, system administrators and line of business managers alike leverage unique views of IT data to make better decisions.

Site performance equals revenue at Edmunds.com. After being plagued a dozen times a week with malicious incidents that impacted performance, the network team set up Splunk alerts to monitor the number of requests coming from a single IP address based on a threshold. Now the team immediately uncovers which virtual hosts and files are being targeted and takes action. This visibility has decreased weekly attacks by approximately 80%.

The benefits of Splunk also extend to the application development teams. Weekly "Top X" error reports for the web and application tiers help optimize the build process because they can easily monitor error diffs by build numbers and dates. Both practices have reduced production errors by a factor of ten. For the Edmunds.com, more efficient development means faster time to market for new products and services.

Splunk helps Edmunds.com get the answers they need, quickly. This ability helps keep a company living up to the boldness, innovation and speed reflected in its surroundings.