Profile: In Search of Better Data-Center Management

Splunk takes data-center management lessons from the Web.

The idea was simple: "Google for log files," as one publication put it. Give IT administrators searchable access to the data center and troubleshooting gets a whole lot easier. So why did it take $5 million, three years, and a crack team of engineers to make it happen?

The answer, of course, is that a solution can be obvious without being easy.

Michael Baum, Erik Swan, and Rob Das "had been living this problem [of managing large data centers] for more than a decade," recalls Baum, now CEO of Splunk. Their combined backgrounds encompassed engineering and management positions at Infoseek, Yahoo, Apple, Avolent, Sun, and others.

"I loved this team from the beginning," says August Capital general partner David Hornik, who later invested in the company. "They're smart, hardworking, and extraordinarily entrepreneurial. Add to that a fantastic idea and it's a no-brainer ... it was clear to me that there was a huge opportunity for these guys." With their experience in systems management, distributed technology, and search technology, the Splunk team set about seeking a better solution for data-center management (also see the sidebar, "Other Solutions").

Fast forward to August 2005, and the public beta release of Splunk Personal Server. (Team Server came out in September.) The server works by accessing and collecting machine data, parsing it into discrete events and indexing them, and then logically linking those events into a searchable web. Users can run keyword or time-based searches to navigate what was previously a morass of unstructured data.

The journey to Splunk Server began with a year of research and customer discussions. The team spoke with more than 90 customers, according to Baum, in industries from financial services to transportation to high tech to online. "When we talked to ops people in big IT shops, we saw them taking error messages out of routers or app servers, pasting them into Yahoo or Google, and searching the Internet for other people who'd had to deal with those problems," Baum recalls.

This basic idea—that "IT people are comfortable with a search-based interface"—heavily informed the final look and feel of Splunk Server. But on a deeper level, the Splunk team owes more to the Web than it does to search technology. "How do you search and navigate a library of HTML data on the Web? How do you take a terabyte of unstructured information and create a UI and model for a product that searches and navigates that information?" asks Baum. They borrowed heavily from the Web "in terms of business models, UI ideas, how a community can contribute."

Splunk's open services architecture is built around a proprietary kernel. Splunk Server runs on Linux and Unix variants, and can manage Windows data from Windows environments, although it doesn't run on Windows boxes. Splunk's Web site and its internal infrastructure (such as its CRM and phone systems) are open source, and they've tried to cast the company in the mold of an open-source community.

Patrick McGovern, formerly of SourceForge, joined Splunk in order to build what Baum calls "the largest community of IT people in the world." Whereas the developers on SourceForge share code, SplunkForge users will, Baum hopes, "build the Wikipedia of IT production information."

Splunk's distribution model—a free trial version downloadable from—takes a page or two from the open source playbook. System administrators and other IT types can download the server, join SplunkForge, and immediately start talking about how to improve the product.

This grassroots, free-distribution approach, says Baum, netted them a $16 billion customer with almost no marketing overhead. The customer's IT professionals downloaded the trial version of Splunk, liked it, and asked their boss to buy it. Splunk didn't have to put a small army of enterprise salespeople onto planes to go court the VP of operations, nor did they have to spend a lot of advertising dollars.

When the company was on its third or fourth prototype, "I was writing checks to feed these people, and I was getting tired of that," says Baum. He considered continuing to fund the company himself or "hooking up with friends who wanted to share the burden." But when he saw "how painful it was for people, and how they beamed when they saw what we were doing," he started to reassess the size of the opportunity.

He decided "we'd be much better off to own a smaller piece of a bigger pie than a bigger piece of a smaller pie" and went looking for venture financing. He'd done five venture-backed startups and had spent some time in private equity, so having been on both sides of the fence he was "comfortable with the vagaries of the VC world."

Two years ago, they closed a $5 million Series A round with financing from August Capital and Sevin Rosen Funds. About nine months later, Splunk Personal Server launched at Linuxworld.

comments powered by Disqus


Subscribe on YouTube