The State of Everything: Pouring Fuel on the Fire of Innovation at .conf19

UPDATED 6/21/2020: Splunk Data Fabric Search (DFS) is no longer available for purchase as of May 20, 2020. Splunk Enterprise 8.x customers may continue to use the free version of Splunk DFS included with their Enterprise license. Version 1.1 is the final release of Splunk DFS, and version 1.2 is the final release of the accompanying Splunk DFS Manager app. There will be no additional major or minor releases of either product. Splunk DFS 1.1 and the Splunk DFS Manager app 1.2 will be supported until the October 22, 2021 end-of-support date of Splunk DFS 1.1. See the Splunk Software Support Policy for details.

Splunk Business Flow is no longer available for purchase as of June 20, 2020. Customers who have already purchased Business Flow will continue to have support and maintenance per standard support terms for the remainder of contractual commitments.

This has been a big year for Splunk, and this week will certainly be one of the highlights. At .conf19, Splunk’s annual user conference which we’re kicking off this morning, you’ll see announcements and demos of exciting new Splunk capabilities.

Last month, I talked about how Splunk is the best company in the world at bringing world-class design to enterprise software. We’re pouring fuel on the fire to emphasize precise design that enables you to act on your data. 

And while Splunk is already known for speed and scale within our foundational enterprise platform, we’re continuing to evolve Splunk’s portfolio to help you achieve even better outcomes.

We’re Expanding Beyond the Index

When we created the Splunk platform, we were responding to our customers’ need for a data-driven IT monitoring solution. We then quickly expanded into security, since the capabilities Splunk provides to monitor your infrastructure go hand-in-hand with protecting it.

With more of our customers experiencing the value of cloud-based services, we created Splunk Cloud to offer a managed solution. As the value of the cloud has become more and more apparent to our customers, our commitment to providing a multi-tenant cloud environment has become a higher and higher priority.

We then extended into the DevOps community as a natural fit from our IT application roots. Our acquisition of VictorOps gave us more and better ways to enable developers. This has evolved into our observability portfolio you’ll see us showcase this week. But more on that in a moment.

Splunk New Product Development

As Splunk has grown, especially over the past few years, we’ve beefed up our R&D to meet customer demands from even more areas of the organization. One exciting result of our accelerated R&D program is Splunk Data Stream Processor (DSP). Splunk DSP lets customers refine, modify and adjust data mid-stream and in milliseconds, before the data reaches its destination.

Splunk DSP is built to handle multiple sinks, multiple data sources, data manipulation, data routing, data enrichment, data masking and, most amazingly, machine learning in the stream. We call this "Unbounded Learning" and are excited to roll out online, continuous learning algorithms that are simply drag-and-drop functions in the DSP pipeline. It’s as powerful as it is versatile. We like to think of DSP as a horizontal computing platform for real-time streaming data.

Our focus on R&D also led to Splunk Data Fabric Search (DFS), our federated search offering. It allows Splunk customers to interact with any data source outside of Splunk, opening doors for those of you who rely on Hadoop Distributed File System (HDFS) and Amazon Simple Storage Service (S3). DFS leverages modern federated querying technologies to push analysis down to individual data systems and then join that data together, which means you can use Data Fabric Search to analyze and deliver insights across multiple repositories without moving data.

As we evolve DFS, we intend for it to search object stores, relational data stores, other data lakes — wherever your data sits, we want to provide you a single pane of glass to access it.

DFS has already earned fans among some of our biggest customers, including Jon Prall, VP, Communications Production Engineering at Verizon Media.

“With Splunk’s new Data Fabric Search, we can detect and respond to potential issues within minutes, not hours, so our teams can focus on delivering innovative and personalized products for our customers,” said Jon Prall, VP Communications Production Engineering, Verizon Media. “Data Fabric Search harnesses the power of multiple Splunk deployments to gain operational insights about billions of events with optimized, scalable queries.”

That’s the kind of customer recognition we find most valuable and that fuels our motivation to drive better business outcomes for our customers.

Splunk Mission Control Takes Off

While we continue to bring new capabilities to the Splunk platform, we’re also refining and enhancing our core strengths. This week sees the launch of a new innovation to the Splunk Security Operations Suite to modernize and unify the Security Operations Center (SOC). Splunk Mission Control is a cloud solution that connects Splunk SIEM (Splunk Enterprise Security), SOAR (Splunk Phantom) and UEBA (Splunk UBA) products into a single unified experience.

One of the first Splunk customers to put Mission Control to the test is Starbucks.

“Starbucks’ security operations team is responsible to defend its customers, partners and the Starbucks brand. Our success is directly dependent on the ability for our team to respond and remediate threats at machine speed,” said Atom Coffman, manager of cyber security operations, Starbucks. “Leveraging Splunk as a part of Starbucks’ SOC, we are able to automate action and pre-built orchestration workflows, all from one central platform.”

Massive Query Acceleration

In addition to federated search, customers are going to see their Splunk query times reduced by 95%, which we have seen in our early beta customers. In fact in our beta partnerships, the more data customers had in their indexes, the higher the performance gains. We’re extremely excited to see years of R&D research in the DFS product come to life.

Extending the Power of Splunk to Business Operations

Speaking of better business outcomes, Splunk introduced Splunk Business Flow this year — another example of our customers guiding the evolution of our portfolio. Inside customer companies, business operations users were hearing great things about the value of data-driven IT and security solutions and started asking for the same power to help them improve their business operations. Now they have that with Splunk Business Flow: a fast, flexible, and intuitive process mining and analytics solution to drive continuous process improvement.

When faced with the challenge of maximizing business operation performance and reducing costs, Splunk’s Business Flow connects millions of events from disparate data silos to actually see and understand what’s happening. According to Mike Cox, Splunk Architect at Dominos, it’s working.

“Splunk Business Flow gives us unprecedented visibility into our processes as they are actually happening, allowing us to identify unforeseen bottlenecks, increase conversion rates and ultimately deliver a great experience for our customers."

Giving Our Customers What Information They Need, When and Where They Need It

We’ve talked about our evolution from IT monitoring all the way to business process mining, expanding our platform to meet more of our customers' needs. We’ve also grown to accommodate the different ways our customers intuitively use our platform.

Last year we introduced Splunk Connected Experiences, which includes Splunk Mobile, Splunk TV and Splunk AR. Imagine being able to point your mobile phone at a server and immediately see the CPU load, how much RAM is available and any other metrics you want to examine. If you’re at .conf, you don't have to imagine. You can see it in person.

Splunk Continues to Expand Its Leadership in Open Source 

Along with our dedication to cloud and mobile, we’ve kept our unwavering commitment to open-source software (OSS), an ethos you probably share. Not only has Splunk doubled down on open-source integrations, we’ve integrated the best of open source into Splunk, under the hood, so you never need to think about it.

You likely saw the announcements last month that Splunk acquired Omnition and SignalFx. Omnition has strong roots in the OSS community and holds a leadership role in projects like OpenCensus and OpenTelemetry. SignalFx is a leader in observability and Microservices Application Performance Monitoring (APM) for organizations at every stage of their cloud journey. This adds to our DevOps portfolio for developers to reach even higher outcomes.

The combination of Splunk, SignalFx and Omnition will give your teams one platform to monitor the entire enterprise application lifecycle, and drive a unified observability strategy combining metrics, traces and logs. We like to call this Splunk’s Three Pillars of Observability.

And the momentum continues to build, as you know if you read my blog post Monday announcing Splunk's intent to acquire Streamlio. Not only will this acquisition accelerate our efforts in real-time stream processing and containerized multi-tenant cloud platform applications, but it will further expand our leadership in open source.

Splunk Enterprise 8.0

All of these capabilities enhance our already world-class foundational platform.

At .conf19 we’ll show you the all-new Splunk Enterprise 8.0, and it’s more powerful and flexible than ever. Splunk Enterprise 8.0 brings optimized performance for your existing infrastructure, new cloud deployment tools and visual-focused analytics for any business user, empowering more users to bring data to every question, every decision and every action.

Not only does Splunk Enterprise 8.0 bring the value of Splunk to more users inside your organization, it also makes life better for your system administrator, with easier management and monitoring of a deployment at scale.

The Data-to-Everything Platform

We’ve come a long way since our days as an IT and security vendor. The Splunk Data-to-Everything Platform can help nearly every department inside your organization to collect, transform, route and analyze a complex web of data.

  • Splunk Enterprise 8.0 enables you to manage your Splunk deployments at an ever-increasing scale.

  • Data Stream Processor enables you to work with streaming, real-time data in a way never before possible.

  • Data Fabric Search gives you a comprehensive view of all data across your Splunk instances and the entire organization.

  • Splunk Mission Control makes it easier than ever for security analysts to turn data into doing by managing security across the entire threat lifecycle.

And all of these insights are available wherever and whenever you need them, on your mobile device or on the big screens of your NOC and SOC.

We can’t wait to show you what we’ve built and hear the outcomes you’ll achieve using the Splunk platform.

Follow all the conversations coming out of #splunkconf19!

Tune in to the livestream at 9am PT on Tuesday, Oct. 22, and Wednesday, Oct. 23, to watch the Day 1 and Day 2 keynotes.

Tim Tully

Posted by