Splunk Customers Turn Data Into Doing at .conf21

In my first three months as Splunk's chief product officer, I've had the opportunity to meet with customers ranging from global retail leaders looking to expand to new markets in Asia, to financial services companies, to international payment processors. 

Most of these meetings have been over Zoom because of the ongoing pandemic but I've had a chance to meet with a few of these amazing customers in person. I recently sat down with Koby Avital, the executive vice president of Walmart Global Tech Platforms — the No. 1 company on the Fortune 500 list — at Splunk’s twelfth annual user conference, .conf21

We were honored to have Koby deliver the customer keynote. Together, we talked about how his team stepped up and responded to the COVID-19 crisis. They adapted quickly to serve over 220M weekly customers both on-line and through their over 10,500 physical stores to ensure their customers had access to everything from basic food and clothing to automotive supplies and even to COVID-19 vaccines.

Koby is someone I call a data hero.

The theme of this year’s .conf was a week-long celebration of people like Koby, who work every day to turn their data into doing. 

Supporting heroes like Koby is where we’ve been as a company from the very start, and where our focus will remain going into the future. Over the past 12 months, we’ve managed to:

  • Close four acquisitions.
  • Deliver over 43 major releases and hundreds of smaller enhancements across our product portfolio.
  • Ship updates every six weeks for Splunk Cloud customers. And our goal is to snapshot those features and bring them to Splunk Enterprise customers every six months.

This is why we made a series of announcements to help our data heroes do their jobs even better.

No matter what type of data we’re looking at, we need to make sure it’s secure. That’s why we introduced several new features to enhance our industry-leading security portfolio. Here are some of the highlights that we covered in our keynote.

I was excited to show how customers can integrate and automate intelligence into every stage of the incident response process, as well as across an entire ecosystem of teams, tools, peers and partners. How? Splunk Intelligence Management (formerly known as TruSTAR), available to all Splunk Enterprise Security (ES) customers.

Splunk Intelligence Management brings our rapidly growing intelligence marketplace — featuring all types of open, commercial and community intelligence sources — to users everywhere. Now, you can create complex pipelines without ever having to worry about writing or maintaining scripts, along with delivering better risk scoring and more reliable alerts. 

We also made enhancements to our security orchestration, automation and response (SOAR) solution, Splunk SOAR. Splunk SOAR helps security teams eliminate the tedious work for analysts and resolve security incidents in record time, cutting their response from minutes (or hours) to mere seconds. 

Many of our customers rely on Splunk SOAR’s playbooks to automate security investigations and responses. To help build SOAR playbooks even faster — and to make it even easier to create, edit, implement and scale automated playbooks, as well as extend automation to even more use cases — we significantly updated the look and feel of our visual playbook editor. We added a new feature called “Input Playbooks” that provides a modular format for building smaller playbooks which can be plugged into many larger playbooks. This enables you to automate simple security tasks regardless of your level of expertise, and use them as part of larger, more complex workflows. 

The Splunk platform also powers best-in-class observability — and we had a series of announcements there. 

Your critical business services depend on a variety of applications and services — both legacy on-premise as well as cloud-native. 

With Splunk IT Service Intelligence (ITSI) comes content packs, managing your business services is easier than ever. Content packs are available for free on Splunkbase and provide out-of-the-box content to jumpstart your IT monitoring. They include pre-configured key performance indicator searches, service templates, saved glass tables and other commonly used objects that you can use as-is, or configured to your specific requirements. 

Last year we talked about a preview of the Splunk Service Intelligence for SAP, and we're excited that this is now generally available. Splunk Service Intelligence for SAP helps customers bridge infrastructure data with SAP data, and gain in-depth visibility into the health and performance of SAP-related business services. With Service Intelligence for SAP, customers are able to detect and respond to costly outages 80 to 90 percent faster than before. 

We added a content pack for Microsoft365, which gives you full visibility into cloud-based Microsoft services, including Exchange, SharePoint and PowerBI. We also announced a content pack for third-party APM to better manage the performance of all applications alongside the rest within an IT environment.

We recently launched the Splunk App for Content Packs — a one-stop shop for pre-packaged content, and out-of-the-box searches and dashboards for the most common IT monitoring sources. Customers no longer have to manually install, manage and update each app, or backup and update them individually. Splunk App for Content Packs does it all for you — including updating content packs together.

Application performance has become one of the most critical aspects of the customer experience. At Splunk, we’re constantly thinking about how to empower both back-end and front-end developers, so they can seamlessly work together and keep applications running smoothly. 

We extended the capabilities of our best-in-class APM solution with what we are calling AlwaysOn Profiling. Back-end developers now get granular visibility into the code-level performance of new and existing applications — all within the context of infrastructure and user performance data. 

This makes it easier for IT, DevOps and application developer teams to continuously monitor and analyze the performance of applications and services, and quickly address any performance bottlenecks. 

With Splunk APM, you’ve always had the ability to look at all the traffic and interactions between services. The addition of AlwaysOn Profiling provides visibility into both traditional and modern applications to complement the existing inter-service view.

Splunk APM can help server-side developers monitor and quickly isolate performance bottlenecks, alongside real user monitoring (RUM). Real user monitoring helps mobile developers improve the customer experience for applications across all devices. And since front-end engineers may be the first to spot performance issues, they need to be able to understand what makes or breaks the user experience on their mobile apps. 

Enter Splunk RUM for Mobile — an extension of Splunk’s real user monitoring (RUM) or RUM capabilities. Splunk RUM for Mobile brings distributed tracing to native iOS and Android mobile apps. It’s also the only solution that provides end-to-end tracing based on OpenTelemetry. You get out-of-the-box visibility into app lifecycle events, presentation transitions, your backend dependencies and more.

Now, both mobile app developers and on-call engineers have the benefits of a full-stack Splunk Observability Cloud, and can gain insights into their apps’ performance to drive optimizations and improve real user experience in production.

But do these announcements manifest in the real world? At this year’s.conf, we heard amazing stories about companies using data to answer their most difficult questions.  

The pandemic has changed the way we order food. For the U.S.-based burrito chain Chipotle, that meant digital sales that skyrocketed to $2 billion this year. Chipotle trusted Splunk to help monitor and mitigate any issues with their online ordering platform as hungry customers turned to touchless methods to get their favorite burritos.

We were also joined by the fastest Splunk customer on earth. Lando Norris, one of the Formula 1 drivers for the McLaren Racing Team, joined Splunk CEO Doug Merritt on stage to talk about how data gives him a competitive advantage. Lando’s F1 car has hundreds of sensors, that in near real-time, engineers process to take actions that can determine the difference between winning and losing a race. And in F1, milliseconds matter. 

This is just a sampling of some of what happened at .conf21. If you weren’t able to attend, we’ve got you covered with all the best stuff on-demand and available to watch for free — including session replays and product releases — at conf.splunk.com

Garth Fort

Posted by


Show All Tags
Show Less Tags