Splunk unveiled version 3.0 of its real-time log analysis search engine at Interop earlier this week.
Now in beta, Splunk 3.0 is available as a free downloaded. It is expected to be generally available at the end of June, Christina Noren, vice president of Product Management & Support at Splunk, told ServerWatch.
Interactive reporting that enables real-time analysis of logs and IT data with dynamic field extraction that eliminates the need for complex data mapping and set-up. Users can move seamlessly between unstructured search and structured reporting.
Other features new to version 3.0 are: dashboards and personalization, expanded search language in the form of statistical, arithmetic and reporting operators; inputs that allow shell script output or command line actions to be scripted; 64-bit multiprocessor support; and the ability to centrally manage and control distributed Splunk deployments.
The company believes the new version is ideal for customer support incident analysis and resolution, change validation and detection, fraud and abuse monitoring, business analysis, electronic discovery requests, and long-term compliance data retention.
It also, according to Noren, fits well with a virtualized infrastructure. "Virtual machines are often an argument for using Splunk," she told ServerWatch.
Virtualization, she explained, breaks many of the assumptions inherent in traditional server room architectures. Splunks' auto-discovery capabilities are well-suited to such an environment.
Splunk currently claims a customer base of 300 that includes the U.S. Postal Service, AOL and Apple, as well as a host of other Fortune 100 companies, Norren said.
It supports Linux, FreeBSD, Mac OS X, Norren said, noting AIX support is forthcoming, and Windows support will follow after that. Currently, Splunk can index content from any format, however.