Following its massive £7 billion merger last year, bookmaker Paddy Power Betfair has consolidated a lot of its monitoring, from security to IT operations, around the enterprise version of Splunk, moving away from less sophisticated options.
Speaking to Computerworld UK during Splunk's .conf2017 event in Washington D.C. this week, site reliability engineer (SRE) manager at Paddy Power Betfair, David Butler, explained why Splunk came out on top for log analytics, security and fraud monitoring, over some of its open source rivals.
At the time of the merger between the Anglo-Irish bookmakers, the two companies were using three tools for monitoring its IT systems: Splunk, ElkMonitor and Sumo Logic.
How Splunk won out
Each had their pros and cons. As Butler explained: "We had Splunk Enterprise in 2010 at Paddy Power then moved to ElkMonitor. Betfair moved off Splunk and on to Sumo Logic, so we had all three when we merged."
In terms of cost, Butler said that ElkMonitor being mostly open source meant the capital expenditure (CapEx) was perfectly reasonable, but because it's your own installation, the operation expenditure (OpEx) can get pretty high if you run at their scale - 26 billion time series data points a day, to be exact. The main thing with ElkMonitor though was that "the end users hated it", so that was out.
Sumo Logic, by comparison, came in cheaper on CapEx. However, the company charges for compute, so the OpEx became "a cost we couldn't control", according to Butler. When it came to the end users, they "liked it, but Sumo to me is like a cheap copy of Splunk", Butler said.
They ran a proof of concept (PoC), and Splunk Cloud came out on top for time series data, so the organisation decided to consolidate around that software.
Now all technology teams - infrastructure, database, IT security, development, IT operations, fraud and prodops - use Splunk Cloud in some capacity.
Combatting fraud with Splunk
The fraud team at Paddy Power Betfair is a particularly big fan of the tool. "They now have access to data across the Paddy Power brand and the Betfair brand, giving them a lot more data to see things they wouldn't have been able to see before and correlate things they wouldn't have been able to see before, which makes them far more effective," Butler said.
Butler says that what used to take the team 40 minutes in Sumo Logic, in terms of pulling a report and acting on it, is down to 90 seconds or less with Splunk, "so the speed that it works is far better, and that's with a much larger data set than Sumo ever had to deal with. This gives them more confidence of what they are shutting down, so that team is a big fan of Splunk now," he said.
Sign up for Computerworld eNewsletters.