How Splunk Spent Its Summer

It’s that time of year when we typically recount how we spent our summers, at least for those of us in the Northern Hemisphere. While it’s hard to beat the summer I spent at Space Camp as a kid (meet me for a beer and I’ll spill the story) we had a pretty awesome time here at Splunk. There’s too much to share in one blog, so here are a few of our stellar achievements.

The first two on my list have to do with Splunk Enterprise 9.0 which we announced at .conf22 in June. Version 9.0 has had one of the fastest adoption rates of any Splunk product, surpassing our previous major release launches including 8.0, 8.1 and 8.2. Customers are in various stages of adopting it and deploying to production and embraced two features right out of the gate, Data Manager and Federated Search, which, incidentally, were inspired by customer feedback. 


  • Data Manager. One of my mantras since joining Splunk has been “simplification,” and we’ve been incorporating it into our product development. Most of our customers today are adopting multiple cloud platforms but we heard time and time again that getting data into Splunk from public clouds was simply too hard. Data Manager simplifies and accelerates data onboarding from public cloud providers AWS, Microsoft Azure, and Google Cloud. Joseph Schooler, Data Scientist from Cirrus Logic remarked, “The thing that impressed me the most about Data Manager was it took less than 30 minutes to set up what before took several hours of multiple sessions with our cloud team over the course of several weeks. Being able to import, action, and monitor your data that fast is impressive.” Our initial goal was to attract 50 customers by the end of July. As I write, we’ve almost doubled our target. 
  • Federated Search, our other instant 9.0 on-premises success, also sprang from an issue we saw our customers facing. In talking with our largest customers, we saw a pattern of multiple deployments of Splunk across their own infrastructures and in the cloud. We often see customers standing up environments for development, testing and production or to have dedicated environments for operations, compliance and security teams. We heard that they needed to search across multiple Splunk deployments, which is why we originally built Federated Search.

    Over the last 12+ months, we expanded Federated Search to make it topology-agnostic across all Splunk instances — starting with Splunk to Splunk on-premises and cloud and expanding to other configurations. And we made it possible to search across on-premises and cloud instances — from one search bar. As I write, we have +160 Federated Search customers across different configurations, largely hybrid customers searching from on-prem to Cloud.

    With the announcement of 9.0 at .conf22, we also shared our expansion of Federated Search to third-party data sources starting with Splunk Cloud to Amazon S3, which is now in preview with more than 25 cloud customers.

    This is exciting because it paves the way toward our vision of indexing data lakes by helping customers use more of their data to generate higher value outcomes. Imagine for example, that customers suspect a company was attacked. With the ability to go back in time into their data lake using Splunk for forensic analysis, the company could prove that it hadn’t been attacked and preserve its reputation. 


It was also a summer of security accomplishments with the next three on the list happening in August.


  • New Security Framework - OCSF. Our security experts wowed the crowds at BlackHat in Las Vegas where Splunk helped announce the Open Cybersecurity Schema Framework (OCSF) project. A framework for more than security events, OCSF is the culmination of Splunk’s work on what we called CIM++, the next generation of Splunk’s Common Information Model. Splunk is a predominant player when it comes to consuming security events. Cloud vendors, network and endpoint vendors produce a lot of events. Forbes magazine described the significance of OCSF best, “Security teams today need some sort of ‘Rosetta Stone’ to translate and cross-reference information. Effective cybersecurity involves coordination of a variety of tools and platforms — and significant effort to normalize data across these multiple sources to try and compile a comprehensive, holistic view of the environment.” 
  • TrustRadius Winner. For our trophy shelf, Splunk earned six TrustRadius "Best of" Awards for our Splunk Enterprise Security, IT Service Intelligence, and SOAR products. TrustRadius is one of the top sites for credible customer product reviews for software and technology products. The Summer “Best of” Awards highlight positive outcomes from key insight questions answered by the reviewers. This one feels particularly satisfying because it comes from our customers. We put our customers first and we’re honored that they rewarded us with first place in so many categories. 
  • SIEM Sensation. Capping off a winning month, our Security Information and Event Management (SIEM) solution was awarded Best SIEM Solution by SC Magazine. The SC Awards are among the cybersecurity industry’s most prestigious and competitive honors, recognizing the people, products and companies forging the industry’s future and advancing the cause of safe and secure commerce and communications. 


That’s just a sampling of how we spent our summer at Splunk, following through on our customer promises, incorporating customer feedback and rubbing elbows with partners and customers in the extended Splunk community. I’m excited about our Fall lineup with exceptional customer experience continuing to be our North Star. Stay tuned.

Garth Fort

Posted by