Splunk 4.1 is a Winner

Posted on April 19, 2010

Splunk 4.1 has arrived and really raises the bar for an already amazing tool. Several new key features have been added that make it worth an immediate upgrade:

  • Integration with Industry Single Sign-On products, such as OpenSSO, Tivoli, Oracle Identity Management, etc.
  • Event Level Workflows, such as opening a ticket or taking some action
  • PDF Reports
  • Event Extraction
  • Live Dashboards and Views
  • Real-time Search

The big killer-app for me that takes Splunk to a whole new place is the Real-time Search feature. You can enter a search string like usual and then set a time period, such as 1 minute. Then you will see events rolling in, real-time. At the end of the specified period the results clear and you see the next period of results start rolling in real time.

This feature is just absolutely amazing… its like an intelligent web-based analytical tail/grep of your logs! This is great for not just identifying problems but also verifying that you’ve fixed a problem or for use during debugging sessions. Did that config change really stop the 404’s? Have those errors actually stopped coming or do you need to keep working? This feature is a must-have for all sysadmins.

You can check out the list of new features and see videos about them on the What’s New in Splunk 4.1 page.