Research Library

Technical Insight: Enterprise Storage for Splunk

Published June 4th, 2019. This Technical Insight report reviews how some storage advancements are implemented under the guidance of Splunk and how HPE solutions are seen as advanced deployments. Download the free report now!

Executive Summary

The ultimate promise of AI is information delivery in real time. Given multiple streaming data sources, the AI platform should deliver decision-making data as a situation unfolds. Splunk is such a platform and has found a home alongside other AI platforms such as Hadoop and Spark specifically because of its real time data convergence capabilities. As such, it can now address the burgeoning interest in Internet of Things (IoT), IT Service Intelligence (ITSI) and Artificial Intelligence (AI) applications because it has already proven itself in critical enterprise security and event management (SIEM) roles.

Here we look at Splunk’s unique storage architecture—a critical enabler of Splunk’s real time processing capability. Splunk storage is responsible for ingesting data from disparate origins and in disparate formats and delivering that data to Splunk processing elements. It is also tasked with persisting data over increasingly longer time periods. As an information delivery and preservation engine, Splunk storage must display three qualities that are typically difficult to achieve all at the same time—high computational performance, PB scale and relatively low cost.

As new storage and virtualization technologies advance, they can and will be blended into the Splunk platform by users and vendors. Here we review how some of those advancements are implemented, often under the guidance of Splunk, and specifically how HPE solutions can be seen as examples of advanced deployments.

Splunk for Operational Intelligence Use Cases

The advent of streaming data gives rise to Operational Intelligence (OI) – the ability to make business decisions in real time based on a confluence of streaming data sources. These data sources, now becoming ubiquitous, are easy to tap. The challenge for computing technologists is converging them in such a way that business users are empowered to make decisions based on relevant, accurate and immediately available data. The Splunk platform delivers on the promise of OI by ingesting, indexing, and correlating real-time data in a repository that can be searched. Results are returned in the form of alerts, reports, graphs and other types of visualization.

As such, Splunk is commonly used for enterprise security where the ability of the platform to detect and deter threats is highly valued. For example, many enterprise IT organizations use outside contractors to develop, test and maintain applications when they are pressed to implement a new project but lack the internal expertise that may be required. However, bringing-in help from the outside potentially exposes the enterprise to security breaches when on the job and after contract termination. A financial services firm addressed this exposure by using Splunk to integrate data from the firm’s many security monitoring systems to assess the threat potential in real time and quickly remediate.

While upwards of 80% of current users deploy Splunk for security applications, other use cases that yield new insights from real time data convergence are also appearing. These include:

On-line Retail Order Tracking

On-line retail order fulfillment often involves a complex network of internal and external supply chain systems controlled by partners. The potential for orders to “fall through the cracks” is ever-present. The result is lost revenue and customer good will. Splunk is used to visualize its transaction pipeline while following orders as they travel from inception to final delivery.

Healthcare Insurance Claims Processing

Errors occur during healthcare claims processing. When this occurs, claims must be manually reprocessed adding expense to the system. At high error rates, the added expense is crippling. Splunk is used by one insurer to construct an end-to-end view of its claims processing chain that crossed multiple systems. The insurer is able to immediately identify improperly submitted claims as well as spot and remediate system errors.

Marketing Analytics

A SaaS vendor offers its platform on a temporary, free trial basis. Sales then follows-up with a conversion to purchase effort. Splunk is used to determine the most promising leads and the most effective ways to reach them. It also identifies prospects who are using the platform beyond the free trial period. In another example, a national wireless carrier uses Splunk to integrate and transform sales reports, web traffic, transaction data and marketing projections into a real time dashboard for use by marketing and sales executives.

Download now to read this free Technical Insight report. 


Register or login to download this Free document

Forgot your password? Request a new one here