It’s critical that you are in the driver seat of your Splunk environment with choice and flexibility, and we have spent the last year extending the capabilities of Splunk’s unified security and observability platform to do so. We have continued to grow and innovate to ensure that you and your team have all the tools you need to have a secure, cost-efficient, and effective environment. Splunk Enterprise 9.3 and the latest Splunk Cloud Platform release give you all the tools you need to drive digital resilience.
We understand that today’s IT landscape continues to become increasingly complex with data growing at an exponential rate. Ultimately, this makes getting centralized visibility and building digital resilience highly challenging. The fast evolving tech landscapes have created new demands. Companies are losing up to $200 million a year in costs from downtime,cybersecurity is now the #1 risk companies face, and regulations are becoming more strict.
Additionally, not all data is created equally and data value changes over time. Splunk allows you to maximize value from your data while meeting you where you are in your hybrid and multi-cloud environments. By delivering digital resilience in ways no one else can with its unified platform, Splunk allows you to flexibly manage and contextualize massive data volumes for IT, security, and observability use cases. At Splunk, we want to give you flexibility and choice to optimize your data based on your needs.
Splunk Provides Complete Visibility and Insights, While Improving Data Economics
We continue to improve our data management capabilities that give SecOps, ITOps, and engineering teams control over the shape, volume, and destination of their data. We are introducing our next generation Data Management experience for filtering, masking, transforming, and routing data from edge to cloud. New capabilities and improvements include:
- Data Management Pipeline Builders provide customers the ability to create and manage pipelines powered by SPL2 to filter, mask, transform, and route data. Pipeline Builders are offered with a choice in where you deploy them - use Edge Processor for those who want more control over data before it leaves their network boundaries; and newly, Ingest Processor, our Splunk-hosted offering to transform data in the cloud, before the data is indexed.
- Recent enhancements to Edge Processor include configuring HTTP event collector (HEC) tokens to authenticate HTTP requests for data coming from a HEC source to enhance the overall security of the HEC data path; and an interactive point and click UI for Lookups and Cryptographic Functions so that you don’t have to manually write SPL2 commands in the pipeline definition.
- Unified GDI for metrics and logs extends the integrations between Splunk Cloud Platform and Splunk Observability Cloud. The upcoming release of the Ingest Processor Pipeline Builder makes it possible for customers to not only convert logs to metrics to better manage data volumes and capacity, but also establishes Splunk Observability Cloud as an endpoint for routing.
But it is not enough to just be able to filter, mask, and route your data if you aren’t able to access it afterwards. This is why we are investing in both sides of the equation and have continued to make strides in our federation capabilities. Last year we announced the release of Federated Search for Amazon S3 which allows you to search AWS S3 buckets without the need to ingest into Splunk. We are now expanding our federation capabilities with the preview release of Federated Analytics that allows you to run analytics workloads across data sources that span both Splunk and external data lakes starting with Amazon Security Lake. With Federated Analytics you can selectively fetch data from the security lake and build a short-term index that enables higher performance use cases like monitoring and ad hoc investigations. Importantly,this data works with your existing Splunk content and searches.
Flexibility To Help You Drive Digital Resilience
Business continuity is vital to ensure minimal downtime in your environment. Splunk Cloud Platform is designed to take advantage of multiple zones in a cloud service provider’s region, which already affords a high level of resiliency. However, customers in regulated environments are required to have higher requirements for disaster recovery plans for mission critical services. We are happy to announce the early access of Cross-Region Disaster recovery. Cross-region disaster recovery provides you enhanced levels of business continuity, enabling your Splunk Cloud service to be operational within minutes in the rare event of a cloud service provider regional outage. Splunk Cloud’s Cross-Region Disaster Recovery takes care of replicating data across regions, rerouting data flow from the primary to secondary region when a region outage occurs, and failing back to the primary region after it is restored.
Faster, More Efficient Workstreams With Better Administrative Functionality
Splunk Admins are essential to ensure your Splunk environment is optimized and running efficiently. We have continued to improve and add functionality to give admins greater control and visibility. Below are just some of the improvements we have added in this past year:
- Overview Dashboard (preview): allows you to prioritize metrics and personalize your experience by choosing which license entitlement and status metrics to display, providing a high-level view of the overall health of your deployment
- Workload Dashboard (preview): helps you better understand your usage and license entitlement metrics
- Cloud Flex Pricing: currently in preview, Cloud Flex pricing allows you to share SVCs across multiple Splunk Cloud Platform deployments or access burst SVC pricing when you need it for a high priority moment
Artificial intelligence has spread like wildfire becoming a part of people’s everyday workflows in order to streamline work and make people more efficient. Splunk has invested in embracing AI since 2015. Splunk AI Assistant, now generally available, uses generative AI to provide chat experience that helps users author and learn SPL by interacting with the AI Assistant in plain english. SPL allows new admins to shorten the learning curve when learning SPL. It also helps existing admins make their SPL queries more efficient and learn about new and exciting Splunk features.
We are so excited for you to try out and learn about our new platform innovations at .conf24. Make sure to attend our platform sessions, demo booths, and workshops for you to experience first hand all the latest and greatest Splunk Platform has to offer!
Follow all the conversations coming out of #splunkconf24!
Faya Peng
Faya leads the PM teams responsible for the Data Platform in Splunk Cloud Platform and Splunk Enterprise (includes Search, Indexing, Data Management, and Experiences). Her previous roles at Splunk include leading the Product Marketing team and Business Operations and Strategy for IT Markets/Observability. Faya holds a BS in Electrical Engineering from the University of Texas at Austin and an MBA from Harvard Business School.
