Rather it is a SIEM or log management tool. SIEM stands for Security Information and Event Management. A SIEM collates log and even data in a single location. This makes it easier for a security analyst to get a comprehensive view of security logs and events than would be possible by looking through the log files of individual security tools.
Why the Confusion?
Given that these tools are quite different and that the modern IT organization probably requires both, why is Splunk often erroneously thought to be an APM? The reason for this is that because Splunk is a highly flexible tool with many use cases, including providing application performance data. Another factor contributing to the confusion is the fact that Gartner included Splunk in a report on APM Innovators back in 2012.
What is the Difference?
In theory, the machine data and logs that Splunk collects from the IT environment can be mined to provide insight into the availability and performance of applications. However, unlike an APM platform, Splunk is an analytics platform, not a troubleshooting tool. It has no instrumentation to go and figure out what is causing application slowdowns. Instead, a SIEM collects data from logs generated by IT applications, systems, and technology infrastructure. This mass of machine-generated data can provide valuable operational intelligence once it has been analyzed.
APM platforms are primarily troubleshooting tools that use agents to track application topologies and transactions to help eliminate bottlenecks that might be causing application slowdowns.
APM / Splunk Integration
Splunk recognizes that APM tools are uniquely helpful in identifying problems in application code and finding the root causes of performance slowdowns. This is clearly not something that Splunk has been designed to do. But Splunk does provide visibility across both applications and infrastructure in a single console.
A question often asked by IT organizations is “if I am already using an APM platform, do I also need Splunk?” The answer is yes! APM data can be considered just one data source that can be indexed and analyzed by Splunk in addition to a huge quantity of other machine data collected from all levels of the IT stack, including applications, infrastructure, and network.
For this reason, Splunk provides the Splunk App for AppDynamics and New Relic—two APM tools. These tools allow users to apply predictive analytics to APM data and correlate APM data with other machine data (wire data, logs, server data, infrastructure data, etc.) in Splunk.
Splunk also provides a Splunk IT Services Intelligence (ITSI) module for APM which allows administrators to access key performance indicators (KPIs) from popular APM tools to help determine the health of applications and services.
Splunk Makes a Major Acquisition with SignalFx
Earlier this year Splunk acquired cloud monitoring platform SignalFx for $1.05 billion. SignalFx is an APM platform used for monitoring infrastructure microservices and containerized cloud apps. This acquisition is a recognition of the fast growth of application containerization and also the relative explosion of SaaS application performance monitoring compared to much slower growth on-premise monitoring platforms.
Advice to Buyers
If you are already using an APM tool and using Splunk for machine and log data, ask your vendor about integrating the APM data with the standard Splunk data flow in a single console. This integrated view of application health data with a correlation of the various data types can provide better insight than either data stream by itself.
Was this helpful?