Blogs: Tips & Tricks

At Splunk, ‘dot’ releases get you a lot and our newly minted Splunk 4.3 is no exception. I’ve spoken to many 4.3 beta customers in North America, Europe and Asia and they’re all excited. Customers such as Expedia, Swisscom, Ceryx and Otto Group, to name but a few.

We grouped the features around three main focus areas: 1) making Splunk easier to use, 2) making Splunk faster and more scalable, and 3) making Splunk easier to administer.

In this post I want to dive in a bit and tell you how we’ve made Splunk easier to use. Our mission is to make machine data accessible, usable and valuable to everyone. Making Splunk easier helps drive the value of machine data to new IT and business users. It’s also compelling from a ‘big data’ perspective – machine data is, after all, one of the fastest growing segments of big data!

So what have we done in this new release to help our users? For one thing, timelines and charts in 4.3 are now Flash-free. This feature alone received an enthusiastic round of applause at our users’ conference in August where we previewed 4.3. Eddie Satterly, Sr. Director of Infrastructure Architecture and Emerging Technologies at Expedia said: “We have 2,700 users of Splunk and being able to provide dashboards on iPads means we can get more data to more people when they want it.”

John Cervelli, Sr. Director of Product Management at Splunk, demoing Splunk 4.3’s non-Flash user interface on a tablet at our users’ conference

A Systems Engineer from a Global Top 5 Financial Services firm told me that he already uses Splunk to quickly turn around ad hoc requests. What used to take his team 6 months now takes them a day to turn around. He loved the new non-Flash UI 4.3 and said their “mobile workers will be delighted.”

The bottom line for us is about getting visibility and insights to the people that need it – anytime, anywhere.

4.3 Visual Dashboard Editor

We also integrated new charting controls and drag and drop dashboard editing into 4.3, so that users can create and edit dashboards on the fly without coding in XML. Derek Mock, Director of Software Development, Ceryx commented that these easier dashboards, “empowers business users by making them self-service.” This was a common theme in the feedback. Mika Borner, Head of Internet Messaging, Swisscom, stated that he was, “impressed by how much faster it was to change charting views.”

Sparklines Visualizations in Splunk 4.3

Next, we introduced a new visualization called Sparklines, which provide a great way to convey at-a-glance trending of Big Data at a granular level. We got some great feedback from an IT architect at a top 5 nationwide home improvement retailer. He told us: “Sparklines means we can now very quickly spot trends. With a large number of stores nationwide, we have a lot going on. We need to know very quickly when something is going to happen and trending at the event level helps.”

Integrated Real-time and Historical Timeline

One of Splunk’s greatest strengths has been the fact you can integrate real-time and historical data in one dashboard. We’ve taken this a step further in Splunk 4.3 by integrating real-time and historical search results in the same chart. A senior product engineer at a global top 5 media, entertainment and communications company noted that, “Having the context of what happened 30 minutes ago with live data to watch conditions as they continue to happen is very useful.”

Last, but not least, is Per Result Alerting. The same user from the top 5 nationwide home improvement retailer commented on how this feature provides, “flexibility in adjusting the granularity of events triggering help desk tickets.” Mika from Swisscom liked how this feature will help them in monitoring and alerting for service abusers.

As you might expect, we’re just scratching the surface here. We haven’t even talked about improved speed and scale and features that make Splunk 4.3 easier to use and administer. Stay tuned!

Go to our What’s New in 4.3 page to learn more about the release.

Splunk 4.3 is available now. Download this latest version and discover how these improvements make your job easier. And be sure to let us know how it goes!

Happy Splunking!