Splunk, the pioneer of IT search, released its Splunk for Change Management package on Tuesday at Interop Las Vegas 2008. While the standard Splunk product provides a way to consolidate IT logs plus a search engine to dig through them, the new Change Management module is aimed at turning Splunk loose on your IT infrastructure to sniff out and record changes to software configurations. The ultimate goal is to reduce incident response time by speeding up the discovery process.
“Splunk for Change Management is a powerful demonstration of IT Search blowing up the traditional way of thinking about infrastructure management,” said Splunk CEO Michael Baum. “Change auditing, detection, reporting and validation are no longer separate, point capabilities but can now span operations, security and compliance. The data has always been there in the machine logs and now Splunk turns it into valuable change intelligence.”
Harper Mann, Splunk senior product manager, further explained, “Splunk brings change audit events and configuration data together with activity and error logs so you can connect change with actual system and user behavior. And it does so cost-effectively because it leverages the existing Splunk platform and the IT data already indexed for operations, security, and compliance.”
The new module is essentially a collection of pre-configured Splunk dashboards available in the SplunkBase, which Splunk created for its users and partners to share applications and plug-ins. It is available as a 30-day free trial. When the trial is over you need to contact Splunk Sales about licensing. If you are an enterprise, the licensing start at $4,000, according to Christina Noren, VP Product Management.
The following screen shots show the list of some of the canned reports that come in the Splunk for Change Management module and an example of one of those reports.
You can download the standard Splunk application (which you obviously need to have before installing the change management module), and it is free to use for up to 500 MB of peak daily volume. Above that, you start to get into enterprise-level licensing where you purchase a license based on a scale of how much data you use.
Bottom line for IT leaders
Although the easiest way to think about Splunk is as a log consolidation and search tool, it can actually search and manage more than just log files, including messages, alerts, scripts, programming code, and virtually anything else that a computer can generate in a text file. Expanding Splunk to include this new change management module is a good idea because it can potentially streamline incident response by making it easier to pinpoint when a negative change was made that had a bad effect on the IT infrastructure. The other big benefit of this module is for auditing compliance.