About The Global Automotive Supplier

A top global automotive supplier dropped Splunk Cloud in favor of LogLogic a few years ago due to high costs. But they became so fed up with LogLogic’s failure to deliver results they considered a return to Splunk Cloud.

While reevaluating Splunk Cloud, the team remembered how unhappy they were with the Splunk interface. So they expanded their search to include Devo. Another major issue they had with Splunk Cloud was how difficult—if not impossible—it was to search easily and quickly across multiple data sources.

Wanted: A Solution to Centrally Manage Global Data

A member of the Fortune Global 500, this North American automotive supplier with major facilities in EMEA and Asia had booted Splunk Cloud a couple of years ago due to its high costs.

Analysts were frustrated with how difficult it was to tie together all data sources, search across multiple sources, and obtain results quickly. First, the company replaced Splunk Cloud with LogLogic, but the effort was unsuccessful. Because the automotive supplier has major operations in EMEA and Asia, it needs to centrally manage, enrich, and analyze across the entire data set, even when it is stored in other locations, to comply with data sovereignty requirements.

This specific need, along with numerous LogLogic shortcomings, such as not being able to search by user name or hostname, raised concerns about compliance risks if the company couldn’t manage and search all of its global data. So they jettisoned LogLogic and began a new search, revisiting Splunk Cloud while also examining Devo.

Why Devo

Several critical capabilities made Devo attractive to the customer, including:

• The ability to easily analyze data, using the built-in Activeboards to bring machine data to life with rich visuals, intuitive dashboards, and interactive capabilities
• A much easier way to search across multiple data sources and support for use of subqueries, and searching by user name and hostname
• Devo conducts queries via an easy-to-use graphical user interface, which appeals to casual users. More advanced users can use the Microsoft LINQ language, which is more widely known and easier to use than SPL
• Designed ‘for the cloud’ with a multitenant architecture, Devo enables deployment in all major cloud providers—including Microsoft Azure, Amazon Web Services, and Google Cloud Platform—for maximum flexibility
• The ability to easily scale, ingest, and manage large volumes of data (e.g., multiple terabytes), regardless of geographic location, into a single, centrally managed data source that could scale to more than 50TB per day
• Because it doesn’t index data upon ingest, Devo delivers high parsing performance with all data available for immediate query
• Devo combines at least 400 days of historical hot data with the most recent data, making ad hoc query results across the entire data set virtually instantaneous, compared to more than 24 hours for Splunk

Next Steps

Once this deployment is up and running, the customer will begin exploring Devo for IT Operations as well as collecting data from connected automobiles.