Postcard From .conf22: Customers Inspire Our Latest Release

They say, “What happens in Vegas, stays in Vegas,” but I wanted to highlight the role our customers played at last month’s .conf22, our annual users’ event at the MGM Grand. It was awesome meeting customers in person again, and connecting virtually with thousands more. We had a terrific turnout with 8,200+ customers and partners representing 113 countries and more than 6,500 organizations. 

Of course, the marquee moment for Splunk was announcing the general availability of Splunk Enterprise 9.0 – our most significant release in three years – and enhancements to our Splunk Cloud Platform. Tied to this were over 40 major features and updates and hundreds of smaller changes including many to harden Splunk deployments and keep bad actors at bay. 

Many of the features were inspired by customer suggestions on ideas.splunk.com. This is our official platform for centralizing product enhancement requests and enabling customers and Splunk employees to create, vote on and discuss ideas across our product portfolio. Here are a few of what I consider our “fan favorites” in terms of things our customers wanted to see: 

  • Ingest Actions: This is a new capability that enables customers to rapidly author, preview and deploy transformation rules at ingest-time with an intuitive user interface. With Ingest Actions, customers can now instantly route data to external S3-compliant destinations for archiving or reducing unnecessary ingest. Ingest Actions is delivered natively in Splunk Cloud Platform and Splunk Enterprise and easily integrates with existing transformations across different deployment topologies. Customers can focus on bringing their high-value data to Splunk and ensure that data is available at the right time, in the right places and in the right structure.
  • SmartStore for Azure: You need the ability to access your data when you want it, but not all data is necessarily equal in value or usage.  A key capability for customers with self-managed deployments is SmartStore which lets customers scale compute and storage independently, thereby reducing costs. Using ideas.splunk.com, a customer requested that Splunk SmartStore work and be supported for Azure Blob Storage. I’m pleased to say that with Splunk Enterprise 9.0, we’ve expanded SmartStore’s cost-effective cold storage capabilities beyond Amazon Web Services and Google Cloud Platform to support Microsoft Azure. SmartStore for Azure can now be used to retain larger data sets for full fidelity analysis while reducing operating costs for self-managed Splunk deployments by up to 70 percent – effortlessly.
  • Dashboard Studio Enhancements: We're continuing to expand on interactivity capabilities and visualizations for Dashboard Studio. We've added the ability to use search results and job metadata as tokens and pass tokens through drill-downs to other dashboards. We have a new map visualization for cluster and marker maps and we've added more options to customize the Studio dashboard, which can now be set as your home dashboard.
  • Search Head Clustering in Enterprise Security: We've seen amazing customer adoption of Splunk Enterprise Security (ES) in Splunk Cloud Platform, and with that came an urgent need to support higher and higher search volumes for use cases like Risk Based Alerting (RBA), or even adopting new content from our Security Research team. We’re excited to be rolling out ES Search Head Clustering (SHC) for customers in Splunk Cloud that need that additional search concurrency.
  • Mac OS Unified Logging Data Input: Our customers needed a direct way to collect and send macOS system logs to Splunk instances, so we released support for Apple’s macOS Unified Logging (aka “logd”) capability. Customers can now set Universal Forwarder inputs for macOS logd sources which includes support for inclusion and exclusion settings similar to the Universal Forwarder features for other log sources. Now logd is supported natively for the macOS Universal Forwarder.
  • Automated Private Application Validation: We've consistently received feedback on private applications, particularly the ability to easily deploy and maintain them in Splunk Cloud Platform in a fully-self-service fashion. So to make the private app experience world-class, we rolled out Automated Private App Validation (APAV) to the Splunk Cloud fleet, for both our Classic and Victoria experiences. This new capability lets customers service their own apps without needing to go through a manual review queue. 


Fez-Wearers Are Fearless

Our customers are fanatical (in a good way), and I want to close by giving a shout-out to our faithful SplunkTrust, an elite group of Splunk users selected by peers for their dedication to the Splunk Community. As I walked the halls at .conf I stopped and talked with the SplunkTrust wearing their fezzes, pins and capes. The SplunkTrust also hosted a community booth to assist other users, demonstrated the power of Splunk's products and talked about the social impact they’re making. 

Being at .conf22 live was definitely worth the wait, and we think Splunk 9.0 was too, thanks in no small part to our customers. Keep your ideas coming via ideas.splunk.com – you can be sure we’re listening and turning your data into doing for all Splunk users.  

Garth Fort

Posted by


Show All Tags
Show Less Tags