Splunk AI encompasses a set of design principles around machine learning, as well as a variety of new and expanded machine learning tools.
LAS VEGAS – At their .conf23 customer event here, which concludes today, cybersecurity firm Splunk introduced Splunk AI, a basket term which describes a collection of AI offerings that improves their unified security and observability SIEM and SOAR platform. Splunk AI optimizes domain-specific large language models [LLMs] and machine learning algorithms built on security and observability data, so SecOps, ITOps and engineering teams are freed up for more strategic work. Key product innovations here are Splunk AI Assistant, Splunk App for Anomaly Detection, and new versions of IT Service Intelligence, Splunk Machine Learning Toolkit, and Splunk App for Data Science and Deep Learning.
Min Wang, Splunk’s new CTO, who joined the company four months ago from Google, outlined the value of the broad Splunk AI package, during the company’s technology keynote.
“Splunk AI has three unique things,” she said. “The Splunk Al innovations provide domain-specific security and observability insights to accelerate detection, investigation and response while ensuring customers remain in control of how AI uses their data.”
This domain-specific security and observability is one of the key principles of Splunk’s AI philosophy.
“It is very domain and Splunk-specific,” Wang stressed. It is also focused solely on security and observability, to give it a greater focus.
Second is its emphasis on making sure humans are in control of the AI process, and can intervene in it.
“It ensures both that humans are always in the loop, and are always in the driver’s seat,” Wang indicated.
The third principle is to make sure that Splunk AI remains open, extensible and flexible.
“You can either extend our models or bring in your own,” she said. With the new changes, Splunk has made it easier to build applications with machine learning.
Splunk AI strengthens human decision-making and threat response through assistive experiences, which empower SecOps, ITOps and engineering teams to automatically mine data, detect anomalies and prioritize critical decisions through intelligent assessment of risk.
One of the new products, Splunk AI Assistant, uses generative AI to provide an interactive chat experience and helps users author Splunk Processing Language (SPL) using natural language. Users can ask the AI chatbot to write or explain customized SPL queries to increase their Splunk knowledge.
“We will also be powering Generative AI with Domain-specific integration, although more work is needed here,” Wang said. “Splunk AI Assistant empowers more people to search in Splunk using natural language. Our vision is to embed Splunk AI Assistant into your workflow.”
“We are excited about what Splunk is doing about AI, building in machine learning assets, and taking it even further,” said Tom Casey, Splunk’s SP of Products and Technology.
The Splunk Machine Learning Toolkit 5.4 provides guided access to ML technology to users of all levels and is one of the most downloaded Splunkbase apps, with over 200k downloads.
“This toolkit is not industry specific,” Casey noted. “About 90% of downloads for the Machine Learning toolkit were for anomaly detection.”
The 5.1 update of Splunk App for Data Science and Deep Learning extends the Machine Learning Toolkit to provide access to additional data science tools to integrate advanced custom machine learning and deep learning systems with Splunk. This release includes two AI assistants that allow customers to leverage LLMs to build and train models with their domain specific data to support natural language processing.
Through leveraging techniques like forecasting and predictive analytics, SecOps, ITOps and engineering teams can unlock richer ML-powered insights.
In addition, with a few clicks, Splunk App for Anomaly Detection gives SecOps, ITOps and engineering teams a streamlined end-to-end operational workflow to simplify and automate anomaly detection within their environment.
The IT Service Intelligence 4.17 features greater detection accuracy and faster time-to-value. Outlier Exclusion for Adaptive Thresholding detects and omits abnormal data points or outliers like network disruptions or outage spikes for more precise dynamic thresholds to drive accurate detection.
The new ML-Assisted Thresholding preview uses historical data and patterns to create dynamic thresholds with just one click, helping to provide more accurate alerting on the health of an organization’s technology environment.
All new offerings within Splunk AI are now generally available, with the exception of Splunk AI Assistant and ML-Assisted Thresholding which are available in preview.