Introducing Splunk Enterprise 6.5 – Machine Learning and Simplified Data Analysis Open New Vistas

SCL-Splunk-conf2016-Badge-2_fb-1200x627Want to put the power of machine learning (ML) to work to help optimize IT, security or biz ops? Wish it were easier for more users in your org to use Splunk for data analysis? Or maybe you’d be interested in improving power user productivity, automating management functions, or lowering storage TCO? Splunk Enterprise 6.5 has something for everyone.

Machine Learning Meets Machine Data

The latest release of the Splunk platform lets you put machine learning to work to tackle any use case that matters to your organization.


Splunk Enterprise has long offered a strong array of ML commands like anomalydetection, outlierpredict and cluster that use fixed algorithms to do their work – no ML expertise required. Today, we formally introduced the Splunk ML Toolkit (v2.0 actually) –  a guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms.

The Toolkit really has two objectives – to extend the platform capabilities, and to make custom ML as simple as possible. Your team should have a good knowledge of statistics and of Splunk, but the Toolkit will keep you on the rails.

Input Types Example

The Toolkit Assistants let you choose among 25 popular algorithms and guide you through model creation, testing and deployment for common objectives like forecasting values, predicting fields, and detecting outliers.

Machine Learning Toolkit Showcase

Want help getting started? The Toolkit provides interactive examples for common objectives. And for total flexibility, you can use new ML SPL commands like fit and apply directly with any one of over 300 open source Python algorithms.

Dataset Tables Speed Data Prep and Analysis

Next up is Tables, a new feature that lets you create and analyze tabular data views without using SPL. Tables will make it easier for anyone to work with Splunk – even Splunk specialists – and will let you leverage your data into whole new uses and users.

Features like GUI-based data filtering, enrichment, and aggregation make power users more productive in creating rich data views for their own use or for other users. Summary views, statistics and easy editing make it simpler for anyone in your organization to analyze data. And the direct link to Pivot lets them create visual reports.

Splunk Table summary view

Hadoop Data Roll Can Save You $$$

Hadoop Data Roll give you another way to reduce historical data storage costs while keeping full search capability. It’s now a free option of Splunk Enterprise that lets you save up to 80% storage capacity by leveraging your data lake for storing seldom-accessed data.

And there’s much more…

  • Improved search productivity with syntax coloring, formatted views and intelligent auto-complete
  • Dashboard building improvements that let you edit XML inline, preview your dashboard before saving, and control the new refresh options
  • New for report table building are GUI-based controls for conditional table formatting, number formatting and table summary statistics
  • System health checks test the most commonly encountered Splunk operational issues, giving you a status and suggesting actions for any issues
  • Automated indexer rebalancing immediately balances storage loads across clustered indexers when you add a new indexer
  • New tools and guidance make it simpler for developers to create, package and certify apps. Check them out at dev.splunk.com

Release 6.5 is available now. We’re sure you’ll appreciate the new features.


Kevin Faulkner
Sr. Director, Product Marketing
Splunk Inc.

Follow all the conversations coming out of #splunkconf16!

Corey Marshall

Posted by