Tuesday 26 October 2021

Improving the Signal-to-Noise Ratio


Last week was Splunk‘s 2021 event .conf21, held virtually for the second year and generally offering a great experience and a wealth of content for most people who should be interested in Splunk’s products. I say generally as the video stream slowed down at one point while the platform provider worked out what was happening. This put Splunk’s core message into sharp focus: things are complicated and finding the problem is becoming exponentially more difficult.

Splunk started addressing the concept of observability head-on in 2020, proposing their SIEM heritage as an antidote to the complexity of modern IT estates. The reality of modern IT is not all shiny new cloud-native apps. Instead, the typical landscape is littered with legacy systems, multiple cloud providers, spreadsheets, SaaS products, quick hacks gluing things together despite multiple, duplicative integration platforms. Figuring out what broke, not to mention why, in this typical environment is massively difficult, rising exponentially with the number of systems in play. The world needs tools to help find the problems and provide both immediate remediation and long-term insight for prevention.

The industry desperately needs tools that do not just recognise but positively revel in the messy reality of organically grown IT systems. And that is anything that is more than a year or two old. Splunk is making a strong play for this role under the slogan turn data into doing. Any running system generates masses of data, the hard part is pulling the important bits from it and acting on them – extracting the signal from the noise, as the Splunk execs said.

Observability is right into the literal hands of users with the new Splunk RUM (Real User Monitoring) product for mobile apps. Several other new capabilities have been added, many recognising that the Splunk portfolio itself is suffering from the complexity of scale. Templated content packs and a new visual editor to enable automation are just two of them.

The notion of a single surface on which to examine the data extracted by data collector tentacles tapping into all the elements of the infrastructure is very appealing. An observatory, or perhaps a microscope, for all that is both good and bad in the IT estate is very appealing. The idea of filtering weak signals out of a barrage of noise is also compelling. The question remains whether these benefits will be understood by the broader business audience without an engineering understanding.