Splunk Platform: Innovation to Thrive in a Hybrid, Multi-Cloud World of Data

The technology landscape is shifting, faster than ever before. Not just the scale or volume of data, but the sources and the very fabric of how and where we manage that data. At the same time, we see our Splunk customers accelerating cloud and digital transformations, especially due to the unforeseen challenges — and opportunities — created by the global pandemic. Within this backdrop of rapid change, it is imperative to have a data strategy that provides clear visibility into increasingly digitized and distributed systems, and gives you the ability to act on the insights provided by this visibility. 

Splunk is the only data platform that can simultaneously serve the multitude of teams tasked with driving this shift across Security, IT, Observability, and more. The Splunk Platform mission is to help our customers — both on prem and in the cloud — understand what’s happening across this complex landscape. We believe that your data platform should work to help you not only successfully transform, but thrive as a business with visibility into all your data wherever it lives, the ability to make that data work for you at scale, and the ability to customize any solution you dream up.

Gain End-to-End Visibility from Edge to Cloud

From the early days of Splunk, getting data in (or GDI) has been a critical aspect of delivering the right data for visibility, investigation, and action. As data locality has proliferated, formats have evolved, and volumes have grown, customers need easy access to this data, in the right place, in the right shape, and at the right time

To support this, we are excited to announce two new capabilities for accessing cloud data, and working with data in motion, before it gets indexed by Splunk:

1) First, Splunk Data Manager (Preview), is a modern, simple, and scalable GDI experience for automated cloud data source onboarding in Splunk Cloud Platform

2) And second, Ingest Actions (Preview) gives you the ability to take action on data in motion to redact, filter, and route data, either to Splunk or to AWS S3 storage, accessed from within the Splunk Enterprise interface.

(Features available in preview for Splunk Enterprise are accessible via the Splunk Enterprise Beta program. For the purposes of this release, preview and beta are used interchangeably.)

In addition to ingest actions’ new ability to filter and route noisy data before it ever enters Splunk, we are continuing to innovate to ensure that the Splunk Platform provides cost-effective indexing and storage options for ALL of your data.

To support this, we have added two new capabilities to our already robust storage and value based pricing tiers within the Splunk platform. First, for Splunk Cloud Platform customers, our new Flex Index allows for cost-effective ingest, search, and storage for lower value data that may have long retention periods and is used primarily for historic forensic investigation and compliance queries. And, for our self-managed platform customers running Splunk Enterprise in MSFT Azure we have added SmartStore support (Preview), allowing Splunk Azure customers to grow to even larger scales while controlling storage costs.

With the introduction of Flex Index and SmartStore for Azure (along with our existing S3 data routing capabilities), we have rounded out our tiered indexing and storage options, providing value-appropriate coverage for all of your data tiers.

In the vein of value, we continue to see customer love for Workload Pricing and have expanded our coverage to make it available for all Splunk Cloud Platform customers. With Workload pricing, you can gain ultimate flexibility and control over your data and costs. No longer do you pay for the data you ingest, but instead for what you want to do with that data, and the corresponding value received. We’ve also made workload pricing easier to manage within the Cloud Management Console, introducing a series of dashboards that allow you to analyze and optimize your Splunk Virtual Compute (or SVC) usage by a variety of factors including source type, scheduled or ad hoc searches, apps context, and users. 

We believe visibility into data of all tiers is crucial to our customer’s success, especially when customers are on transformative journeys. Our customers are tackling some of the biggest industry challenges, while reimaging how they run their businesses through digital transformations. Splunk is the data platform no matter where you are on your cloud journey - on prem, managed in the cloud, hybrid, or fully as a service.

Moving from self-managed Splunk to our fully managed offering, Splunk Cloud Platform is an increasingly important decision for many of our customers, and we are doubling down to help you make this move with confidence and support. Our customers are finding increased business success as they adopt Splunk Cloud Platform, gaining much needed capacity and agility to tackle their most pressing business needs.

“Splunk Cloud allowed us to be able to rapidly expand our use case without having to invest in infrastructure and on premises technology…. and bring a lot of disparate platforms and the data that they provide all together into one place. So not only do we get the value of the information in a single pane of glass across the organization at a global scale, but we also can connect all of that data together in order to gain additional insights that were previously untapped.”
 - Brent Ball, Global Head of Intelligence, Analytics, and Response at Takeda 

Extend Investigation and Drive Faster Action For All Data Wherever It Lives

With end-to-end visibility of your data from edge to cloud, and access to that data wherever it lies, you’ve now set the stage to get insights and action from that data. As demands on your organization grow, you want a data platform that evolves so that you can get the answers you need. Splunk brought the original, powerful search to make your investigations possible. That search is getting more robust, faster, and is being reimagined for what’s next. 

We are excited to share that we are developing a new search experience, which is available in preview. It includes a more powerful user experience for both the advanced and casual user alike. We are also excited to introduce the Victoria Experience for greater scalability and performance. With the Victoria Experience in Splunk Cloud Platform, customers gain the ability to:

  • Dynamically scale from low gigabytes to greater than 1 petabyte per day in ingest volume, 
  • Access instant value from greater than 99% self-service installable apps

Victoria experience is currently available for 45% of our cloud customers and growing every day, giving users the ability to truly scale and customize for their unique needs.

Additionally, we released Federated Search earlier this year, and are excited to share that it continues to expand your reach across your data, wherever it lives — making Splunk Search more robust than ever.

In addition to advancements in Search, we know that having relevant, actionable data at your fingertips is what can set your company apart from the rest. With Dashboard Studio, now available for Splunk Mobile, we are also making it easier for you to share compelling insights and take action from anywhere. 


Customize Splunk Your Way 

At the platform level of Splunk, we make all aspects customizable so that our customers can use Splunk for their unique needs. Super Splunker Admins in particular play one of the biggest roles when it comes to that customization. We are redefining the admin experience, making it easier and faster to deploy, manage, and thrive with Splunk whether you are managing in the cloud, on prem, or both. 

I’m excited to share with you today improvements to the Splunk Operator for Kubernetes. Admins love this capability due to the ease with which you can deploy and scale in cloud in minutes not days. We are now introducing enhanced app administration and end-to-end automation of app installation, smooth updates without restarts, more secure delivery with S3, and compatibility with Splunk Enterprise Security.

Additionally, I am excited to share the enhancements to Splunk Cloud Platform Admin Config Service (ACS). ACS is the control plane to manage your application configuration. While ACS began life as a way to manage security groups to allow/disallow from IP addresses. You can manage HEC tokens and now upload private Apps. 

Similar to our effort to speed up deployment and management, we are committed to providing streamlined and easy extensibility within Splunk. With Splunk, if you can IMAGINE it, you can build it — and the best place to get started is Splunkbase. Splunkbase provides out-of-the-box, plug-and-play solutions to quickly customize and extend Splunk. We also have robust developer toolkits for the last-mile.

Today, we are excited to announce a redesigned Splunkbase experience (Preview). It is now easier than ever to quickly find new ways to use and extend Splunk with enhanced categories, as well as curated Collections of purpose-built apps for a variety of use cases. 

Customers and partners alike appreciate the extensibility of the Splunk Platform. 

Daniel Radke from the Deloitte Advisory Cyber Security Risk Services team shared with us that:

“The platform is so flexible and extensible (and open) that we've used it as a platform to develop many solutions to complex problems”.

Splunkbase is the place to get started on customizing Splunk for you! 

What’s Next?

There is so much to experience at .conf21 this year — from Keynotes, to super sessions, to the hands-on technical breakout sessions and app showcase. I encourage you to dive into all that .conf21 has to offer, and get in touch with your Splunk team soon!

Want to always be up-to-date on the latest and greatest?

Questions or suggestions?

Follow all the conversations coming out of #splunkconf21!

Josh Klahr

Posted by


Show All Tags
Show Less Tags