For those of you that work with Splunk as a major portion of your day-to-day job, how do you answer this question? Lately I have stopped trying to explain what Splunk is/does and focus simply on what I do with it (because they usually don't get it, even if I keep it as simple as "it is like google for behind-the-scenes data").
The best answer that I have so far is this:
When any size company asks any kind of question about their operations but doesn't know how to get the answer, I use a special tool called Splunk to help them pull the answer out of their jumbles of data.
What do you tell your friends and relatives?
Here's how I'd tell my ten-year-old nephew:
In business, the computers and other machines all talk to each other
and keep track of things, like who logged on and what they did, or
maybe what got delivered somewhere and when.
I specialize in relating all that information together, and adding other
information, in order to answer business questions about either what
happened in the past, or what needs to happen in the future.
or, more simply -
I specialize in figuring out weird complicated stuff that happened and
explaining what it really meant and what to do about it.
I have this same issue trying to explain Splunk and came to the conclusion that most people will almost never understand it until they have a problem which requires a tool like Splunk to gain insights. I explain Splunk in a very simple way.. Splunk is a tool to collect and visualize your data, Splunk is a tool which allows you to gather data from a lot of different sources and make it available in one spot, kind of like how google works.
I then give an example like, say you have 10,000 servers that are generating data. You wouldn't want to logon to each server and check their logs as that would take a very long time. A better approach would be to push those logs to a central location so it's easier to access.