The latest on Splunk

Got an update through from Splunk which is timely as I was hoping to implement a Splunk server as part of a virtualisation project to allow us to pick up and monitor on vmware logs and other outputs from the systems / equipment.

Splunk 4.2 is the  latest release here.

Some of the highlights for the new version are

  • Real-time alerting – provide immediate notification and response for events, patterns, incidents and attacks as they occur.
  • Universal Forwarder – new dedicated forwarder delivers secure, distributed, real-time data collection from thousands of endpoints.
  • Easier and faster – new visualizations, quick start guides for new users, integrated workflows for common tasks and up to 10X faster search experience for large-scale deployments.
  • Managing Splunk – new centralized deployment monitoring and centralized license management.

To me the dedicated lightweight forward really could be the tipping point for organisations wanting to implement Splunk to aggregate logs and other information but not wanting to place the additional strain of a full splunk server to gather info. So I’m hoping it lives up to the hype. More once it has a chance to bed in.