Next Butler is looking to assess more areas where Splunk could be used.
"I suppose where we are at the moment is we did the merger and have everyone on the single platform, so we have people at different levels, utilising the data in different ways, so the idea is to keep looking at areas where we aren't utilising the data." This could include increased usage from the security and application reliability teams.
In general, monitoring and tooling are provided across the organisation as-a-service. Butler's team doesn't enforce tools on any teams across the organisation, so it doesn't set up and distribute dashboards for people, but it does look to offer best practice and support around certain tools.
So for security and IT operations the ideal stack looks roughly like this: Sensu at the top for real-time monitoring, Prometheus for time-series alerting, OpenTSDB as a metric store and Splunk for log analytics.
"What's interesting with those technologies is that they all overlap in one area or another," Butler explained. "That's in line with our monitoring strategy as we want them to overlap, as that means we aren't beholden to any one technology."
Butler's remit post-merger was "to make everything easier, do it for less money and remove all of the technical debt", and he initially thought a single platform approach would achieve this. However, he soon found that there was no magic tool to rule them all because "everyone had their own specific use cases".
So in the end he decided that the important thing was to harmonise the language everyone was speaking around a core set of tools.
So where Butler would like everyone to use Sensu "because we want all product ops to have a single place to look at alerts and centralise that", if a team wants to consume analytics directly through Splunk dashboards, they can use that instead.
"Rather than trying to restrict people we try to accommodate the most use cases that we can and offer it as a stack," he added.
Sign up for Computerworld eNewsletters.