The State of Splunk Products: Delivering on Our Customer Promise

We've just posted some pretty remarkable earnings numbers and are busy executing on the year ahead.

One of the many pleasant surprises for me in my early days at Splunk was learning first hand how truly fanatical our customers are. Let me give you an example. I was visiting family in St. Louis and I texted a customer from Chicago to let him know I was in the area. We ended up driving more than 100 miles each to meet in a Starbucks in Springfield, Illinois on a Saturday morning for two hours of Splunk talk. I came away with invaluable feedback and insights that I couldn’t wait to share with my team.

My coffee buddy and other customers are excited by the breadth and depth of our capabilities, and that’s only going to grow over the next year. Our platform brings a powerful set of capabilities for our customers to get insights quickly and easily. It can do even more when you combine it with our Security and Observability solutions.

While world events are creating uncertainty, Splunk products are clearly enabling outstanding customer outcomes today and laying the foundation for future success. I’m amazed and proud of what we’ve accomplished. Here’s a look at some milestones by the numbers:

  • 1.75 PB data ingested in Splunk Cloud per day, up 73% year over year 
  • 170M searches per day, up 53% year over year
  • 16M synthetic tests per day, up 40% year over year
  • 50 significant releases across Platform, Security and Observability 

We are focused on customer outcomes and we delivered critical capabilities in all three of our core product areas: Security, Platform and Observability


As we’re experiencing, security continues to be threatened globally and at the core, security is a data problem. We helped a lot of customers solve their security data issues last year, fueled by an Enterprise Security product that grew more than four times faster than the overall Security Information and Event Management (SIEM) market. 

We acquired TruSTAR (now Splunk Intelligence Management) to fortify our threat intelligence management capabilities. Integrating intelligence from external and internal sources directly within Splunk Enterprise Security and Splunk SOAR provides the context and the confidence security teams need to accelerate detection and triage. 

We developed new capabilities to help our customers detect issues faster, respond more quickly and stay ahead of global security threats with the latest information. 

  • Faster detection — Risk-Based Alerting (RBA), a feature of Enterprise Security, correlates alerts to show the overall risk of a threat so that security teams can react quickly and effectively. 
  • Quicker response time — Splunk SOAR, with more than 380 third-party integrations, supports more than 2,100 response actions, accelerating response time by automating important but repetitive tasks, freeing your people to focus on the most important aspects of security. 
  • Anticipating global security threats — We launched SURGe, our team of security experts dedicated to understanding and tracking staying ahead of the most malicious global security threats and educating our field teams and customers about the threats and how to protect from them. SURGe was instrumental during the recent Log4Shell vulnerability providing content that helped customers operationalize detections in a rapidly changing environment. 


Customers have told us that it’s critical we support a hybrid, multi-cloud reality. One large retailer I spoke with recently has Splunk running in 10 thousand plus retail stores, in their own data centers, in a multi-cloud environment. They use Splunk to monitor operations all the way to edge computing, where they have apps running on every associate’s mobile phone. Embracing this hybrid world is enabling us to meet customers where they are today.   

  • We know that hybrid is a reality for the foreseeable future, so we stepped up our ability to provide clear support for hybrid cloud migration.
  • We’re also making it much easier for customers to optimize utilization and support traffic spikes. Our new Victoria Experience in the Splunk Cloud Platform provides greater elasticity by scaling dynamically to support traffic bursts. This makes it seamless for retailers, streaming services and other Splunk Cloud customers to support traffic seasonality. 
  • We added new data optimization capabilities to extract value from all data with edge preprocessing and routing, more flexible storage tiers, federated search and workload based pricing.
  • And we made it easier for customers to unlock innovation in any use case through increased extensibility and integrations.


Companies today must ensure their systems remain performant and resilient. But modern, complex architectures make it difficult to understand systems’ health end-to-end. Hybrid is a constant balancing act as customers operate on-premises and as they move workloads to the cloud, modernize applications and innovate to meet new customer demands. 

Splunk has one of the most comprehensive Observability offerings in the market and was recognized by leading analysts as #1 in ITOM, AIOps and Observability all in the last year.

We delivered a number of new Observability capabilities, but one that stands out is the deeper integration of Splunk Enterprise and Splunk Observability Cloud with Log Observer Connect. With Log Observer Connect, customers can integrate insights from their logs with the information they’ve gathered about their infrastructure and applications from Splunk Observability. For existing Splunk Platform customers, this is another way to get more value from their Splunk data and easily expand to Observability use cases.

Other Observability capabilities we recently released to enable effective monitoring and management across hybrid and multi-cloud environments include:

  • AutoDetect for Splunk Infrastructure Monitoring helps users start monitoring critical infrastructure components and services in minutes for immediate time to value. It automatically detects problems and alerts the right team in seconds to resolve outages faster. 
  • Database Visibility for SQL databases - Splunk APM now provides visibility into SQL, to help pinpoint the root cause of database-related performance bottlenecks without having to instrument them separately. 
  • Our customers are either creating new applications or modernizing existing ones. Splunk APM enables DevOps teams to accelerate their speed of application delivery and application performance response times. We also rolled out Splunk Real User Monitoring, or RUM, for Mobile. Splunk RUM for Mobile is the only solution that provides end-to-end tracing from the frontend client to the backend service based on OpenTelemetry, and makes it easy for mobile app developers and SREs to pinpoint and resolve customer issues on native iOS and Android apps.

Enthusiastic support by our passionate customers combined with Splunk innovation, made for an inspiring and incredible year. We’re keeping our foot on the accelerator this year with the exciting release of Splunk Enterprise 9.0. Features to look forward to include Flex Index, Smart Store support for Azure, Federated Search and many other capabilities that will make the platform even more powerful for all of our customers. See what we have in store this June at .conf22, our annual user conference.

For more about how Splunk can help you do more with your data and achieve better business outcomes, please talk to your sales representative or partner, or visit splunk.com.

Garth Fort

Posted by