What’s New in Splunk Cloud: Part 1

Every business transformation needs a data strategy and the ability to manage increasingly complex environments. And while companies all over the globe are embracing the cloud, this shift has only exacerbated the associated complexity, compounded by the uncertainty brought about by the current global pandemic. You’ve got more data centers and attack surfaces to monitor and secure, in addition to greater unpredictability and risk. To manage all of this, you have to leverage your enterprise data to gain the required insights on one portfolio. 

Now, succeeding means bringing data to every question, every decision and every action with a data-to-everything platform like Splunk. Splunk Cloud brings the benefits of the Splunk Data-to-Everything Platform in the SaaS model and has gone through significant changes since the beginning of 2020. Let’s recap the highlights.

FedRAMP Updates

We announced Splunk Cloud FedRAMP at a Moderate impact level at .conf19 last year. Available in the AWS GovCloud region, Splunk Cloud FedRAMP Moderate enables public sector customers and federal agencies to eliminate costly and time-consuming processes in selecting cloud technologies. We were pleasantly surprised to find commercial customers who do business with the US government are also selecting Splunk Cloud FedRAMP Moderate. Over the last year, we have made significant improvements to the offering based on customer demand. In addition to numerous “under the hood” service enhancements, other highlights include access to Premium Support staffed by US persons, enabling it to also be HIPAA compliant and support for the Autobahn program.

Multicloud Availability

We know that customers like choice and this also pertains to their Cloud Service Providers (CSP). Earlier this year, we announced that Splunk Cloud is available on  Google Cloud regions. Starting in three regions (Iowa, London and Singapore), this new offering benefits customers that already have their data in or have a preference for using Google Cloud. We are seeing all types of customers choosing this new Splunk Cloud offering — existing Splunk on-premise customers, those in other Splunk Cloud regions and customers running Bring Your Own License (BYOL) Splunk in Google Cloud. Since the announcement, we have been making steady progress to bring feature parity to all Splunk Cloud regions. Recently, Splunk Cloud in Google Cloud obtained SOC2 and ISO27001 certification and HIPAA attestation. Please refer to Splunk Cloud Service Description for more information. 

Workload-Based Pricing

We’ve also provided more options for customers to consume Splunk Cloud based on use cases. Historically, you purchase Splunk Cloud based on the volume of uncompressed data that you want to index on a daily basis. Now, Splunk offers workload pricing subscription as an alternate option for some customers to consume Splunk Cloud based on use cases. This subscription is based on SVCs allocated (SVC is a unit of capabilities in Splunk Cloud that includes compute, memory, and I/O resources) rather than data volume ingested — as a result, this subscription does not meter ingestion. You can increase ingest and/or search load and operate your Splunk Cloud to your desired performance objective, constrained only by the SVCs you purchased. As necessary, you can purchase additional SVCs to increase ingestion and search load or to improve performance. New and existing Splunk Cloud customers are increasingly choosing workload pricing subscriptions since they want to send more data to Splunk and our ROI analysis shows significant benefits for them.

Cloud Admin Empowerment

Splunk Cloud admins — we haven’t forgotten you. In the last year, we introduced these new CMC features and improvements to provide even more insight into the health and performance of your Splunk Cloud environment. Having these vital signs at your fingertips greatly improves your ability to be proactive in maintaining a healthy Splunk Cloud and ensuring your users have the best Splunk experience. CMC highlights include:

  • Upgrade readiness to help reduce friction from upgrades (app compatibility, etc.) 
  • License usage to help you manage cloud resource utilization
  • Workload management and top 20 memory consuming searches to determine any search performance optimization

Faster Innovation With Accelerated Releases

Finally, we realize that Splunk Cloud subscribers demand an always-on and agile experience for SaaS — let’s talk about Splunk Cloud releases. 

Splunk has shifted the focus of our software release strategy and cadence. We iterate new feature development on a much faster cadence and release these new features to Splunk Cloud first. To you, this means that if you’re a Splunk Cloud customer, new services and enhancements are delivered incrementally on about a six-week cadence, and once those are hardened from customer feedback and use, Splunk Enterprise customers receive them on a more traditional delivery cycle. As a result, there have been six new Splunk Cloud releases since the beginning of 2020. These releases are unique Splunk Cloud versions (i.e., not available for Splunk Enterprise) and have the following release numbering format: 

[Major Release].[Minor Release]. [Release Date] 

For example, Splunk Cloud 8.0.2007 denotes a release date of July 2020. The majority of Splunk Cloud subscribers are already on these unique Splunk Cloud versions and we are rapidly upgrading the remainder of the Splunk Cloud fleet. In addition to a steady stream of new feature introductions, we have also radically reduced the amount of time it takes to upgrade customers from one Splunk Cloud release to the next. 99% of customers on these Splunk Cloud releases are upgraded in less than one hour.

One of the major reasons for the improved upgrade time is the reduction of rolling restarts by making these common changes now reloadable. Enhancements include:

To convince ourselves, we have measured the effectiveness of these changes for Splunk Cloud subscribers. Illustrated in the diagram below, the green bar represents all subscribers (cohort) on the Splunk Cloud 8.0.2007 release or later and the orange bar represents all subscribers on prior releases. What it shows on a weekly basis for this cohort is that 90% of all changes made are reloadable. This significantly reduces disruption to their Splunk Cloud environment.

There are still lots of innovations coming to Splunk Cloud and you’ll be hearing more at .conf20 happening 20-21 October (North America) or 21-22 October (EMEA and Asia Pacific). In addition to the keynotes, I highly recommend checking out the various exciting Splunk Cloud-related sessions.

Follow all the conversations coming out of #splunkconf20!

Azmir Mohamed

Azmir Mohamed
Posted by

Azmir Mohamed

Azmir is a Principal Product Manager on the Splunk Cloud team. He joined Splunk after spending seven years at IaaS startups in various product management leadership roles. The last of these startups was Blue Box, which was by acquired IBM and where he ran the Bluemix Private Cloud offering. Prior to his startup stints, Azmir held senior product and strategy leadership roles at VMware and Cisco. While the SF Bay Area has been home for more than 2 decades, he was born and raised in Malaysia. And yes, he loves durian.

Show All Tags
Show Less Tags