Enhanced Data-to-Everything Platform, new Observability Suite highlight Splunk product announcements at .conf20

In addition to several significant announcements, which include the new Splunk Observability Suite, Splunk also announced the acquisitions of two companies, Plumbr and Rigor, whose technology will rapidly be integrated into that suite.

Josh Klahr, Splunk’s VP of Product Management, Core Products

Splunk’s big customer event, .conf, has been virtualized this year, but the company didn’t use the absence of a physical event to hold up on new product news. Splunk made a flurry of significant announcements. They have enhanced their Data-to-Everything Platform with new  data-streaming and machine learning capabilities, including Splunk Machine Learning Environment (SMLE) to facilitate building and operationalizing machine learning models and algorithms. They announced the Splunk Observability Suite, which utilizes technology from the recent Omnition and SignalFx acquisition, and also indicated they are acquiring two companies whose technology will further strengthen the suite. In addition, Splunk made several security-related product announcements.

“We are really focusing on Splunk at the platform layer,” said Josh Klahr,  Splunk’s VP of Product Management, Core  Products. “Last year, we started using the term Data-to-Everything Platform and highlighted why a platform is important. The data in the platform is multi-use and multipurpose, so you build up a picture of what’s happening in the enterprise, and can ask all kinds of interesting questions.

“There’s both fine tuning and major enhancements to the Data-to-Everything Platform,” Klahr said. “We are announcing significant improvements to Data Stream Processor, which expands data streaming for multi-cloud environments. We have now made it available as a cloud service, with the beta launching at .conf. We’ve seen lots of interest in this, to work with streaming data before it gets ingested.

The second major enhancement to Data Stream Processor is the addition of the capability for SPL users to write custom pipelines.

“Data Steam Processor has the ability to write a pipeline, but you have to visually design it today on a design campus,” Klahr stated. “Advanced customers told us they want to write pipelines using SPL, so now we have added that ability to write custom pipelines. Trained Splunk users can now do this. That’s very powerful.”

On the other hand, Splunk has been strongly emphasizing the data democratization theme in recent years, and they have done this with Data Stream Processor in what Klahr called some fine tuning that responds to customer requests.

“We are  announcing that you can go from raw data to dashboard without writing any SPL,” he said “It lets an end user look at raw data, and makes it available to someone who doesn’t need to know SPL. This builds on the expanded capabilities that existed already for non-SPL users.”

Klahr noted that Splunk is continuing to make sure that Data Stream Processor integrates with the rest of the Splunk portfolio, with the addition of support of logs to metrics conversion, and the ability to write them to the new Observabilty Suite.

The Data-to-Everything Platform has also been strengthened by the launch of a beta program of SMLE [pronounced Smile], which makes it easier to build machine learning models in Splunk.

“SMLE gives trained data scientists familiar with languages like Python and who work with Jupiter Notebooks the ability to build models on top of data that sit on the Splunk Platform,” Klahr said. “A typical use case would be a customer with historical data who wants to train a model to find a persistent threat. They can access the data in the SMLE environment and build a model to calculate a score and deploy it back to the index to score historical data.”

Splunk is also announcing the Splunk Observability Suite, which brings together infrastructure monitoring, application performance monitoring, digital experience monitoring, log investigation and incident response into a single, tightly integrated product suite.

“This is really related to our acquisitions last year of Omnition and SignalFx,” Klahr said. “It merges the distributed tracing from Omnition and the microservices monitoring from signal effects. Signal Fx is all about scalable metrics and Omnition is all about scalable tracing, and this provides a strong log observer experience.”

In addition, Splunk made two acquisition announcements directly related to the Observability Suite, acquiring Plumbr and announcing their intent to acquire Rigor.

“Plumbr is an application performance monitoring [APM] company which significantly expands our APM capabilities,” said Tim Tully, Splunk’s SVP and CTO. Rigor is a digital experience monitoring [DEM] company that provides advanced synthetic monitoring and optimization tools.

“Together, these acquisitions accelerate our vision of delivering a comprehensive Observability Suite,” Tully stated. “We will move fast and furious to integrate these into the Observability Suite.”

“We are extremely focused on observability and ensuring we have a best in class suite around observability,” emphasized Doug Merritt, Splunk’s CEO.

In addition to strengthening observability, Splunk beefed up security, another of their buying areas, with enhancements to their security operations suite.  To help security teams unify and modernize security operations, Splunk introduced new updates to Splunk Mission Control, their cloud-native, unified security operations platform that brings together security data, analytics and operations.

“We have integrated the portfolio under the Splunk Mission Control product, so that it is now connected to both Enterprise Security and the capabilities that came through our Phantom SOAR and our Splunk UEBA [User Behavior Analytics],” Klahr indicated.

In addition, Enterprise Security has been enhanced with new, native risk-based alerts that help SOCs further refine the fidelity and priority of notable events.  Splunk Phantom has been strengthened with improvements to let customers automate more of their security operations, so that SOCs can more easily scale automation. Custom functions from Splunk Phantom also make playbook creation and execution faster and easier.

“For partners specifically, I think the improvements to Data Stream Processing are pretty interesting, because they open up opportunities for adding in new data,” Klahr said. “Specific domain knowledge provides a lot of value and that’s always important for the Splunk partner community.”

Splunk also emphasized that the company’s future will show a decided tilt to the cloud, where they are showing 50% growth quarter over quarter.

“We will remain a hybrid vendor, because not all data belongs in the public cloud,” Merritt said. “There will be lots of opportunity and need for our partner channel to focus on classic Splunk. But our team has been very prescriptive about understanding how to offer Splunk as a Service. We do expect that 80% of our bookings will be cloud-based over the next couple of years.”