All posts by Bernd Harzog

Bernd Harzog is the Analyst at The Virtualization Practice for Performance and Capacity Management and IT as a Service (Private Cloud).Bernd is also the CEO and founder of APM Experts a company that provides strategic marketing services to vendors in the virtualization performance management, and application performance management markets.Prior to these two companies, Bernd was the CEO of RTO Software, the VP Products at Netuitive, a General Manager at Xcellenet, and Research Director for Systems Software at Gartner Group. Bernd has an MBA in Marketing from the University of Chicago.

News: Splunk Announces Splunk App for Stream

PerformanceManagementSplunk acquired Cloudmeter back in December 2013. Splunk App for Stream is the result of this acquisition. It gives Splunk customers the ability to parse network data and add that data to their Splunk datastores.

The Splunk App for Stream

The Splunk App for Stream consists of two components. An agent sits inside of the network stack of the operating system (Windows or Linux). All network traffic for that operating system instance passes through this agent, and it can capture any portion of that traffic and forward it to the Splunk datastore. The second component is a user interface that allows the user to specify the application from which to collect data and the fields within that stream for that application to capture. This is crucial to avoid overloading the Splunk datastore with the most voluminous type of data (wire data) and to avoid overrunning the license limits on the Splunk installation. As Leena Joshi, Splunk’s senior director of solutions marketing, explained:

“The Splunk App for Stream, the first product delivered from our acquisition of Cloudmeter last year, is a new approach that magnifies the Operational Intelligence organizations can gain with Splunk software…Unlike traditional and appliance-based solutions, which are difficult to deploy, especially in public cloud infrastructures, the Splunk App for Stream can be added to gain immediate wire data access on-premises or in public, private or hybrid cloud infrastructures. It opens up for our customers a whole new class of data sets to correlate for additional IT, security and business insights.”

The Application Performance Management, IT operations management, and security use cases for Splunk App for Stream are summarized as follows:

Splunk.Stream.Applicaton.Monitoring
Application Management
Splunk.Stream.Operations.Management
IT Operations Management
Splunk.Stream.Security
Security

Where (and Where Not) to Use the Splunk App for Stream

The amount of wire data and Splunk’s pricing per amount of data ingested per day will make it prohibitively expensive to just dump all of the wire data from your hundreds or thousands of servers directly into your Splunk datastore. The good news is that Splunk gives you a very fine-grained way to control this with the user interface for Stream. However, the need and the ability to control the amount of data you ask App for Stream to collect and send to the datastore drives the use cases for this app. For example:

  • If you have a very small number of custom-developed applications that are critical to your business, and you know enough about them (since you built them) to know what data fields to expect on the wire, you can configure App for Stream to capture only the critical fields related to those critical applications. If you have hundreds or thousands of applications that are a mixture of purchased and custom-developed applications, then you need an AA-IPM solution, like those profiled in “Who’s Who in Application Performance Management for the SDDC and Cloud.”
  • If you are in IT Operations, App for Stream could be a valuable complement to Splunk’s App for VMware and the Apps for Citrix. If you know specific things represent problems in the network, you can set up App for Stream to look for them ahead of time, instead of running a trace and looking through a mountain of data after the fact.
  • The same holds true for security. If you know ahead of time what kind of an event on the network is associated with a security threat, you can set up App for Stream to find these for you instead of waiting for the event to happen and then doing a search.

This announcement also signals an important shift in strategy for Splunk. Prior to App for Stream, Splunk only collected data from management interfaces like syslog, SNMP, WMI, vSphere API, etc. Now Splunk has taken the extra step of collecting unique and valuable data that only vendors who specialize in this type of data collection provide. One can only speculate as to where this will lead.

Links to more information about Splunk App for Stream:

Summary

The Splunk App for Stream adds configurable slices of wire data to the Splunk datastore. This is a valuable additional source of data, but it is not on its own a complete network-based application performance, IT operations management, or security solution.

News: ExtraHop Announces Open Data Stream — Sets Its Data Free

PerformanceManagementThese days, just about every management product you might buy comes with one or more databases. This makes it extremely difficult to engage in analysis and correlation across datastores, which is one of the main reasons why management of IT operations is such a headache. ExtraHop has taken a bold step toward getting this problem fixed.

Continue reading News: ExtraHop Announces Open Data Stream — Sets Its Data Free

News: Crittercism Unveils Mobile Application Transaction Management

PerformanceManagementCrittercism, a leader in the mobile application performance management (APM) market, has unveiled an important extension to its solution – the ability to manage applications’ individual transactions that directly affect revenue.  Continue reading News: Crittercism Unveils Mobile Application Transaction Management

Will Open Source Kill Splunk?

PerformanceManagementOver at readwrite.com, Matt Asay published a blog post entitled “In A World Of Open Source Big Data, Splunk Should Not Exist.” He then does a pretty good job of debunking his own thesis and explaining why customers continue to pay Splunk big bucks to do what it does. However, since there is so much noise around the question of open-source big data tools as alternatives to Splunk, this question deserves further exploration.

Continue reading Will Open Source Kill Splunk?

Will Docker and VMware Compete?

CloudComputingVMware vSphere is a Type 1 hypervisor that allows one to run multiple instances of entire operating systems and their application stacks on one server. Docker is a container that allows one to put all of the things that an application needs into it, run that container on any version of Linux, and run multiple different containers in one instance of a Linux OS.  Continue reading Will Docker and VMware Compete?

Gigaom Structure: Hyperscale Cloud Innovation

CloudComputingAttending Gigaom Structure was an exercise in getting fire-hosed with the leading edge innovation that public cloud providers are bringing to their customers worldwide. These innovations not only will have a profound effect on public cloud computing, but also will ultimately impact data center architectures, costs, and benefits worldwide.

Continue reading Gigaom Structure: Hyperscale Cloud Innovation

Plugin by Social Author Bio