Splunk in the Financial Services Industry Today

In the late 1960s, there was a rock band called Ten Years After and I liked the name the first time I heard about them. I wanted to use "Splunk and the Financial Services Industry: Ten Years After" as the title of this blog entry, but it’s been more than ten years since I wrote the first Splunk Blogs entry on Splunk and the Financial Services Industry. As you can tell, a lot has changed since then and more than a decade is an internet lifetime in technology. The ongoing digital transformation of the workplace and the innovation of new technologies have continued to uplift the banking industry.

This article could be about how Splunk, the company, has a presence in almost every major bank and brokerage in most geographies, but as in the previous article, I’d like to focus on how changes in industry and technology have gotten us to where we are and where we are headed. There are multiple topics that can be discussed, but I will name only a few as we want to make sure you can read this during a coffee break and not make it a book.

Mobile Banking

Even in the last century, banking was moving towards omnichannel banking as ATM and telephone transactions were prevalent, not to mention laptop access. The ubiquitous smartphone changed everything as now the consumer is the one in motion in any location performing almost any financial task. There are certain newer banks, whose main presence is because of smartphone apps and this allows for significant growth without heavy reliance on infrastructure and traditional customer management.

With new approaches come new challenges, but hopefully better solutions. The experience of users in terms of response time, error rates, ability to quickly get things done without having to go through a plethora of menus becomes paramount. This leads to the need for Real User Monitoring (RUM) to ensure the user’s experience is what is expected. Products such as Splunk RUM give visibility into the actual experiences of an entire community of mobile users so that apps are monitored and issues are mitigated. Let’s not stop there.

If you are a Splunk Enterprise or Splunk Cloud Platform user, there are a variety of metrics you can monitor just for mobile payments alone. For instance, OS version, location, user demographics, response time, response time by location over OS version, outliers in response time, error rates, and abandonment of transactions come to mind. Rather than going through the Splunk SPL to monitor each of these examples, I’ll give you something better. The Splunk Essentials for the Financial Services Industry has an entire section on mobile payment examples with sample data and sample SPL to get you started. Please download the app.

Mobile banking opens up an entire avenue for security concerns and associated use cases that involve phishing attacks, threat intelligence to mitigate, ransomware, and identity theft. It becomes more important than ever for a bank to use a SIEM as a security nerve center of the security operations center. It also makes it imperative that fraud analytics becomes a first class player in the enterprise and the bank’s Fusion Center. I’ll devote a future blog entry to fraud detection and FSI as financial crime is a bigger topic than it was a decade ago.

Machine Learning

Former Splunker, Dr. Tom Lagatta, used to tell us that machine learning is based on a 100-year old technology that uses advanced statistical methods to learn from past data sets to apply to future data sets. So, why is it new? For starters, people didn’t have computers a long time ago to calculate the results of numerical algorithms over vast amounts of data. Examining 1,000 events would be a chore. Furthermore, data science has become more of a mainstream approach in this century as traditional numerical computer science was the norm in the early era of the Internet.

Not surprisingly, this approach has influenced the FSI in a number of ways. Use cases include customer retention, market forecasts, customer classifications, targeted marketing, capacity planning, wealth management, and sales predictions. For instance, a bank may want to understand what features (variables) of transactions and bank interactions affect customer churn and narrow down what values of the features optimize customer retention. Machine learning can play a large role in this solution.

This above list of use cases is, of course, not exhaustive. One question that comes up is that not everyone is a data scientist, but how can the average user who can write queries use a query language to create “models” and apply those models to similar data sets for machine learning based results? In the Splunk world, there are a number of options including allowing the various products to apply machine learning for tasks such as assigning thresholds and predictive analytics at the request of the user.

To make this more fine grain for the citizen data scientist, Splunk offers the free Splunk Machine Learning Toolkit for all its customers. Users can simply use SPL (Splunk Processing Language) to write queries to create models and then use the same SPL to apply the query to other datasets for machine learning results. For advanced users, there is a capability to add one of hundreds of more algorithms from the Python Scientific Toolkit (Windows Version, Mac Version). The great part of all this is that knowing Python is not a requirement.  The Splunk MLTK becomes a boon to FSI as any number of machine learning use cases can be implemented quickly and allowing greater participation in the process rather than relying on a niche community for this effort.

Cloud Computing

Many of us were not in the workplace in those days of computing when terminals would be used onsite to initiate the work, but the real computing tasks would occur on remote mainframes, which may not even be in the same building. You could call this early cloud computing, although a large WAN based deployment may not have been involved. The more things change, the more they stay the same, but they become better, when it comes to technology. Today’s SAAS and cloud computing is a hybrid approach of physical machines, VMs, containers, and serverless architectures spread over distributed locations. This saves costs on HW and allows computing and storage resources to adjust when needed by hyperscalers.

The Financial Services Industry can now decide where to run their workloads and use modern distributed architectures that are agile and continuously implemented. This means that knowing where application components are running and having the ability to trace through transactions for troubleshooting and performance considerations becomes something to consider. Moreover, containers may be ephemeral — living only for a few seconds in some cases — so there has to be an easy way to monitor their usage and to mitigate issues automatically. Collecting this data (metrics, traces, and logs) in real-time with full fidelity in other systems becomes a necessity. With each new advancement comes a new challenge, but the challenge can be addressed with modern approaches as well. Splunk Observability Cloud is a suite of products that includes the necessities for infrastructure monitoring and Application Performance Monitoring (APM), among other things. Again we can devote a future blog on how Observability is used in the FSI world, but for now we can list this trend as a good thing that is much needed in the hybrid cloud world where workloads and application deployments can be anywhere and their associated metrics, traces, and logs need to be monitored and used to make intelligent decisions for the application.

An example of using observability would be monitoring microservices hosted in containers for a loan application. One service deployed in a badly configured container may bring the entire suite of operations to a halt. Not only can the improper service be detected in the particular container that hosts it, but intelligence can be in place to redeploy it with a previous working release allowing the loan application to continue working.

I would be negligent if I did not mention one huge development since the last time I wrote about Splunk with the FSI, and that is more than ever, we have customers using the Splunk Cloud Platform (as opposed to just using Splunk Enterprise on-prem) as their time series data platform for the same reasons customers use SAAS products, which may include easier deployment, time to value, easier to upgrade, no need to administrate, and not having dedicated on-prem hardware for deployment. The SAAS offering of Splunk Enterprise (Splunk Cloud) can help a financial institution speed up their deployments for monitoring and analytics with the benefit of increasing their operational resiliency.


As I mentioned, I would like for you to read this over a coffee break so I kept it shorter than it could have been. There are other trends such as new compliance regulations associated with newer technology developments, open banking APis, cryptocurrencies, NFTs, blockchain, non-tender based money laundering, etc, but I wanted to highlight just a few things here in the interest of your time. If you still are on a break, it may be a good time to open up the phone to listen to some music. After all, I started this article with Ten Years After.

Nimish Doshi
Posted by

Nimish Doshi

Nimish is Director, Technical Advisory for Industry Solutions providing strategic, prescriptive, and technical perspectives to Splunk's largest customers, particularly in the Financial Services Industry. He has been an active author of Splunk blog entries and Splunkbase apps for a number of years.

Show All Tags
Show Less Tags