San Francisco-based Splunk rolled out the latest version of its flagship product Splunk Enterprise 6.4, and a new Splunk Cloud release yesterday. 

The release arrived with the usual bells and whistles — the Splunk Cloud includes new interactive visualizations, for example — but the headline story is the new storage configuration in Splunk Enterprise.

The new configuration reduces and even eliminates some of the indexing and metadata used for real-time searches on historical data, whether in an on-premises, cloud or hybrid deployment. The company promises that this change alone achieves a 40 to 80 percent lower cost of maintaining data in storage, depending on the nature of the indexes and metadata.

And that, in turn, lowers the overall cost of big data analytics, due to the simple fact that data retention costs are typically the biggest factor driving analytics total cost of ownership, according to Jason Stamper, analyst with 451 Research

It’s a Trade-Off

Splunk has been able to do this, roughly, by trading off the indexing for some query performance degradation, with the customer's approval, explains Shay Mowlem, vice president of product marketing and management at Splunk.

"The way people query historical data, which is kept for a variety of reasons, is different than how they query real-time data," Mowlem told CMSWire.

Basically there are two query types. One is a sparse query, done in real-time and which, as described by Mowlem, is akin to searching for a needle in the haystack.

The other is a denser search focusing on a broader array that yields many more results.

"Customers can choose whether to run our optimization based on the nature of the data on an index-by-index basis." Users also are able to select what data they want to roll into the historical data category and what need real-time search capability, he said.

Other Enhancements

Other enhancements included in yesterday's release include new interactive visualizations in both Splunk Cloud and Splunk Enterprise. With these comes an open library on Splunkbase where custom visualizations created by a company's customers and partners can be shared.

Enhancements were also made to the big data analytics feature set, new platform security and management improvements.

Finally, Splunk has introduced cloud analytics apps for Akamai Content Delivery Network (CDN) services, Amazon Web Services (AWS) and ServiceNow.

10 New Ways to Visualize Splunk Data

If the new storage configuration was the headline news of Splunk Enterprise 6.4, the interactive visualizations were the subhead.

Splunk created 11 new visualizations for the release, including one for machine learning – that is, the visualization displays how performance has changed via improvements made through machine learning.

Another is called Punchcard, which measures changes to performance over time. A calendar heat map, a timeline, a bullet graph, a location tracker, a sankey diagram, a treemap, a horizon chart, a horseshoe meter and parallel coordinates round out the new visualizations.

The interactive visualizations allow customers to drill down to the original data, and therefore only are meant for Splunk data. "These are visual aids that let users see what is changing over time and how that metric compares to other relevant metrics," Mowlem said.

Already the use cases customers have been developing with these visualizations show “tremendous depth and richness,” he added.

"The net of it is customers want to visualize powerful data they can generate from Splunk."