Last week was Splunk‘s 2021 event .conf21, held virtually for the second year and generally offering a great experience and a wealth of content for most people who should be interested in Splunk’s products. I say generally as the video stream slowed down at one point while the platform provider worked out what was happening. This put Splunk’s core message into sharp focus: things are complicated and finding the problem is becoming exponentially more difficult.
Splunk started addressing the concept of observability head-on
in 2020, proposing their SIEM heritage as an antidote to the complexity of
modern IT estates. The reality of modern IT is not all shiny new cloud-native
apps. Instead, the typical landscape is littered with legacy systems, multiple
cloud providers, spreadsheets, SaaS products, quick hacks gluing things
together despite multiple, duplicative integration platforms. Figuring out what
broke, not to mention why, in this typical environment is massively difficult,
rising exponentially with the number of systems in play. The world needs tools
to help find the problems and provide both immediate remediation and long-term
insight for prevention.
The industry desperately needs tools that do not just recognise
but positively revel in the messy reality of organically grown IT systems. And
that is anything that is more than a year or two old. Splunk is making a strong
play for this role under the slogan turn data into doing. Any running system generates masses of data, the
hard part is pulling the important bits from it and acting on them – extracting
the signal from the noise, as the Splunk execs said.
Observability is right into the literal hands of users with the
new Splunk RUM (Real User Monitoring) product for mobile apps. Several other
new capabilities have been added, many recognising that the Splunk portfolio
itself is suffering from the complexity of scale. Templated content packs and a
new visual editor to enable automation are just two of them.
The notion of a single surface on which to examine the data
extracted by data collector tentacles tapping into all the elements of
the infrastructure is very appealing. An observatory, or perhaps a microscope,
for all that is both good and bad in the IT estate is very appealing. The idea
of filtering weak signals out of a barrage of noise is also compelling. The
question remains whether these benefits will be understood by the broader
business audience without an engineering understanding.