
Splunk (big data) IPO Raises $229.5 million ($1.6 billion valuation) - JumpCrisscross
http://www.businessweek.com/news/2012-04-18/splunk-raises-229-dot-5-million-in-ipo-on-demand-for-data-analysis
======
jahewson
> _Splunk’s net loss widened to $11 million from $3.8 million a year earlier
> as the company stepped up spending on sales and marketing._

Do they have a viable business or is this just another "inflate and escape"
company?

~~~
sachinag
Losses have not scaled as revenues have. A cursory look at the financials
shows a management team making prudent decisions:
[http://www.sec.gov/Archives/edgar/data/1353283/0001047469120...](http://www.sec.gov/Archives/edgar/data/1353283/000104746912004425/a2208909zs-1a.htm#ce74101_summary_consolidated_financial_data)

~~~
jahewson
Indeed - nice to see some numbers, I guess this is the advantage of the P in
IPO...

~~~
carmen
for now.. Taibbi wrote about a new law that exempts reporting for 5 years

------
tocomment
It's almost funny how difficult the Splunk homepage makes it to figure out
what Splunk does and if it can help me.

Who designs these things? I gave up after two minutes.

~~~
gaius
Splunk in a nutshell: it runs a daemon on all your boxes, that tails all your
logfiles (you can configure which ones) and pipes them all to a central
logging server. On the logging server, another daemon runs that does pattern
matching/filtering on the incoming logs, and fires an alert when it gets a
match. And umm, that's about it really.

The one useful thing it can do is give (say) devs access to logfiles from prod
servers that they aren't allowed for whatever reason to log into themselves.
But you could do this yourself with a periodic rsync to an internal
webserver...

~~~
carguy1983
syslogd + open source monitoring + indexing has done this for a while now.

Competing business idea...?

~~~
thomasknowles
As a guy who used to resell Splunk, it offers a lot more in comparison to it's
open source alternatives. Being data agnostic with decent log compression,
with an extremely rich searching syntax, some very good (HTML 5) reporting
dashboards, decent reporting and a verbose API make it very attractive for
users (companies) who have compliance requirements or require some form of
performance monitoring. (I know it's a mega sentence)

I have since left working with Splunk directly but I would still advocate its
use because it's one of the better commercial (albeit expensive) log
management/SIEM products around.

------
nl
I use Splunk fairly heavily at work with a fairly significant amount of data
going through it daily.

It's pretty good software, and isn't as trivial as some on this thread seem to
think (I've built large Solr implementations too, so I know search reasonably
well).

The strong points: good interface, excellent data import, decent search
language, decent docs & community, good APIs, a good set of mostly decent drop
in applications that run on top of it.

The weaknesses: While indexeing is Map/Reduced based and scales fairly well,
querying is single threaded. That limits it to the performance of a single CPU
core + IO limitations. This also applies to things like sub-queries: in a
database they could be run separatly, but in Splunk they aren't.

It is also fairly expensive at large scale, although the licening model is
fair (it is licensed by data volume, so you can install it on as many machines
as you like and share the license between them).

~~~
invertd
Looking through their site it looks like a Splunk search (or a query) can
include a large set of non-trivial, CPU intensive operations. Therefore,
perhaps, it is a process that does not lending itself well to multithreading:
[http://splunk-base.splunk.com/answers/12027/singlemulti-
thre...](http://splunk-base.splunk.com/answers/12027/singlemulti-threading-
cpu)

~~~
nl
That's true as far as it goes.

Nevertheless, I believe that there are opportunities for query multithreading
that aren't being taken.

For example, a query like this appends the second query results to the first,
and the graphs both:

 _sourcetype="blah" | search blahblah | eval series="label1" | append
maxtime=600 [search anotherlongsearch | eval series="label2" ] | timechart
count(somefield) by series_

There is no reason why that second search couldn't be executed simultaneously,
and that would approximately half the time for the whole query to run
(assuming sufficient CPU power etc).

------
jayp
Congratulations to Splunk! Operational Analytics is an exteremely interesting
area rich with many complex problems: performance (processing complex queries
over very large data sets), prediction (proactive diagnostics), and
visualization (packing dense information in a human-friendly manner).

We at Pattern Insight are currently working on the next generation of logging
software, called Log Insight. If you are a Splunk customer or thinking of
buying them, take a look at at our product page
[<http://patterninsight.com/products/log-insight/>] for information on a more
sophisticated and complete solution.

Don't hesitate to contact me if you are on the job market and want to work on
interesting data-mining problems (full-time only please).

~~~
sakai
Is this type of comment considered OK in this community? I'm all for a little
competition, but it feels a bit dirty to me to congratulate a company while
calling their product a "[less] sophisticated and complete solution."

~~~
rdl
If it were a startup talking about how they're better for specific types of
problems (e.g. "if you're an EC2 fan but need to host in Russia, contact
me..."), I think that's totally ok. Big company vs. startup, general vs.
niche, non hn company vs. hn company (where "hn company" is "people on hacker
news regularly, or YC companies), traditional vs. open source/free, etc. are
all points in favor of making it ok.

I'm not sure in this case (I know lots of people at Splunk, Adammark/sensage,
and other SIEM companies, and IMO they're all useful in some cases, and too
expensive for a lot of cases).

------
spot
trading at 32, nice pop! <http://www.nasdaq.com/symbol/splk/real-time>

~~~
JumpCrisscross
I guess we have Credit Suisse, Morgan Stanley, JPMorgan, and and BofA to thank
for under-pricing this by nearly 50% [1]

[1]
[http://www.sec.gov/Archives/edgar/data/1353283/0001047469120...](http://www.sec.gov/Archives/edgar/data/1353283/000104746912004299/a2208812zs-1a.htm)

------
ashayh
Question for those who have used Splunk and alternatives: How much of what can
be done in Splunk, is not possible with alternatives like Graylog2?
<http://www.graylog2.org/>

~~~
AdamGibbins
and <http://logstash.net>

------
Symmetry
And the stock price went up 88% from the offering price in the first day of
trading, so they only made 60% of what they could have.

------
nn2
I considered splunk at some point until I read the EULA review of theirs at
<http://blog.hacker.dk/>

" Upon at least ten (10) days prior written notice, Splunk may audit your use”
…. ” Any such audit will be conducted during regular business hours at your
facilities“ … “You will provide Splunk with access to the relevant records and
facilities“ "

More or less they screw their customers.

~~~
davidu
This is entirely par for the course, and quite reasonable if you understand
how it happens in practice and why it exists.

There are Splunk customers who do not allow outbound connections to the
Internet and so Splunk can't use automated means of auditing license
compliance. So they reserve the right to audit you on site. So if you're the
CIA and you are paying for 1 petabyte and you are using 2, they want to know
and charge you appropriately.

As a matter of good corporate governance, they are actually doing you a favor
and preventing you from being a thief. :-)

~~~
nn2
Are you serious? I would never give some random supplier unlimited access to
my server and internal network. Such a requirement is an absolute show-
stopper.

~~~
davidu
Fortunately, you are not like other people.

Fortunately, customers of Splunk don't view them as a random supplier.

