While Loom's solution is not a Splunk alternative, we are often asked about the difference between the products so we'll try to stand on the key differences.

Splunk is an amazing tool that can transport and index huge amounts of machine data and expose a rich query, visualization and analysis interface over it.

Complexity

Being feature-rich also makes the tool more complex (search for Splunk cheatsheets and you'll get stunning 6-page results). Operating the tool requires expertise, and trained personnel are very hard to get by. Loom's vision is to automate those parts of the manual operations process, which machines can do better, and free the humans do what humans do better. Using Loom's solution, you are not adding yet another tool for your team to operate - you're saving them time.

Root-Cause Analysis

Performing manual root-cause analysis is very hard and time-consuming, often leading to dead-ends. Loom's solution will very often succeed in suggesting the root cause of an incident. It does so by examining various traits of the different abnormalities, such as order-of-appearance, similarity between anomaly-shapes, common mentioned entities and more. Coupled with our insights database, you will often see your incident already accompanied by its full root-cause analysis result, a human-language explanation of what happened and a recommended course of action.

Reactive vs. Proactive

While you have the ability to set thresholds and trigger alerts directly from Splunk, this has to be done manually - and (manually) getting to a healthy and sustainable alerting rule-engine is an impossible task for complex systems. Loom's solution does not work with thresholds and triggers, replacing those with smart machine-learning, which learns the baseline of your logs and continuously improves learning from your feedback. This means you can extend your coverage and tighten your "thresholds" without getting to alert-flooding.

Events transformations and processing

While there's probably no transformation, structuring or another type of processing you might want and isn't possible to do with Splunk, this is also a manual process - and has to be done on every log format and updated when log structures change. Loom's solution include a set of patent-pending algorithms that do this for you - automatically deriving the common structures in your logs, extracting entities and more - this again saves you time.

Abnormal behavior detection

While Splunk does offer anomaly detection over numeric data through its query language, this is very different than what Loom's solution does.

First, Loom's solution does not only detect "anomalies" - we prefer to say we detect interesting abnormalities in the data. For example, the appearance of a never-seen-before log line might be considered by Loom as an event worth your attention, but it definitely does not fit in the definition of an anomaly

Second, Loom's solution takes the "measure-everything" approach, continuously testing the state of every metric it can extract from your logs. This saves you the need to constantly balance between too many false alarms and not monitored metrics causing you to lose the ability to be proactive

AIOps For Modern Hybrid IT 

Watching Over Your Logs So You Don't Have To 

Did this answer your question?