No topic in technology is hotter right now than the related fields of analytics, artificial intelligence, and machine learning – pick your favorite buzzword to describe “how to do more with data”. While there’s always a bit of hype during such Silicon Valley heat waves, this one has staying power. The reason is simple: the technology has hit the radar of CEOs and Boards of Directors since its capabilities align with first-tier corporate objectives.

Executives are always looking for a competitive edge and the data their businesses generates can tell them a lot about what works, what doesn’t, and what’s likely to happen next in the marketplace. Data types from weather patterns to call center transcripts to web site clicks can impact major business decisions. The high-powered analytical tools that uncover the insights from this data can only be effective, however, if the “right” data and the “right amount” of data are available and accessible. Insufficient input will often lead to an incorrect output, and a misguided course of action.

Another strategic use of data analytics is protecting the organization against cybersecurity attacks, ie, playing defense. Avoiding the breaches that have tarnished the brands of many companies is top-of-mind in every C-suite. Again, it’s sophisticated tools – like Splunk – that continuously capture reams of data from thousands of endpoints (logs and events), and run that data through real-time and historical algorithms to keep companies out of harm’s way. Of course, Splunk’s potency is ultimately dependent on the underlying data in its domain.

All of this background leads to a basic assertion: to maximize the business and security value of data, companies should retain as much data as possible.

This is where SwiftStack and our partnership with Splunk come into play. SwiftStack enables organizations to maximize their investment in Splunk, by maximizing the power of Splunk data. (If you’re not familiar with Splunk’s data storage architecture, see the graphic below.)




Data is ingested into Splunk by Indexers and initially lands in a Hot bucket. When certain thresholds are met, the data is then rolled into a Warm bucket. To ensure low-latency performance for these landing areas, the Hot and Warm buckets are stored on Flash-based media, most commonly inside the Indexer units.

SwiftStack services the next bucket tier, called Cold, which is essentially a long-term archive of Splunk data and is fully searchable. SwiftStack can distribute the Splunk archive across multiple sites, along with synchronizing the data to the Public Cloud.


Did you know? Splunk charges based on the amount of data ingested, not on the amount of data retained. So, whether data is kept for a day or a decade, there are no additional fees due to Splunk.

SwiftStack’s modular, scale-out design is ideal for Splunk, as its data volumes are always growing. When deployed in combination with server hardware featuring high-capacity drives, the $/TB of SwiftStack storage aligns perfectly with the archive nature of Splunk Cold data. Further, IT can expand the storage infrastructure – a node at a time – as the Splunk environment expands, ensuring that they’re paying current market prices for hardware. And, SwiftStack’s Cloud Sync feature can be turned on at any time.

However, Splunk isn’t about archiving data for a rainy day. Its value comes when leveraging the data for business and security purposes. So, when a Splunk search is performed, SwiftStack leverages all of the CPU, disk I/O, and network bandwidth in the hardware to deliver high throughput rates against the Cold data buckets. Faster searches result in organizational insights now vs. later. And, that’s data analytics is all about.

About Author

Greg Govatos

Greg Govatos

Greg Govatos is the VP of Strategic Partnerships for SwiftStack.