Unlocking New Possibilities: Splunk and AWS Better Together

As the Splunk Partner Technical Manager dedicated to AWS in the EMEA region, I had the privilege of leading two transformative workshops that highlighted the innovative ways our organizations are collaborating to deliver enhanced security and AI/ML solutions for customers. This event reinforced a powerful truth: when two market leaders align, the possibilities expand exponentially.

Event Overview

At the recent Splunk Partner Virtual Team (PVT) event in Amsterdam—hosted October 28-30, 2025—over 100 hand-picked Splunk Partner Sales Engineers converged to explore a powerful solution: combining Splunk's real-time analytics with AWS to deliver enhanced security and AI/ML capabilities that maintain search power and flexibility..

A Decade of Innovation: The Splunk and AWS Partnership

For over a decade, Splunk and AWS have worked together at the forefront of data innovation. This isn't just a vendor relationship—it's a strategic alignment born from shared vision. In FY24 alone, Splunk achieved over US$1 billion in cloud bookings through AWS Marketplace, demonstrating the real-world impact of this collaboration.

Today, that partnership is accelerating further. Together, we're redefining what's possible for organizations seeking to maximize data value while maintaining security, speed, and scale.

Aha Moments

One of the biggest surprises at the Amsterdam event was discovering that approximately half of the attendees were already actively deploying Splunk's AI Toolkit in production environments. This wasn't a theoretical discussion about AI—these were hands-on practitioners, running anomaly detection, forecasting, and behavioral analytics models that were actively operational in their customers' security and observability ecosystems.

What struck me most was that this level of adoption directly challenged one of the most common misconceptions in the industry: that operationalizing machine learning is still an emerging practice. For these 50+ Partner Sales Engineers, it's already table stakes. Their customers aren't asking "if" they should implement AI/ML—they're asking "how" and "what use cases can we deploy first.

Workshop 1: Federated Search for S3—Expanding Analytics Horizons

One of the highlights of the event was our "Splunk Federated Search for S3" workshop, which explored how Splunk's powerful analytics capabilities can extend seamlessly into AWS's cloud-native infrastructure.

The Challenge Splunk Solves:

Splunk is renowned for real-time data analytics and intelligence. Federated search represents an evolutionary enhancement—it extends Splunk's analytical reach to data stored in Amazon S3, enabling organizations to query vast datasets using the same familiar SPL (Splunk Processing Language) without requiring data ingestion into Splunk itself.

How It Works:

Splunk's search head coordinates with AWS Glue's Data Catalog to identify relevant S3 objects based on your query. The key innovation: WHERE clause filtering is optimized to the S3 layer before streaming to Splunk, reducing data transfer overhead. This intelligent filtering is orchestrated through AWS Glue's metadata layer, which maintains schema and partition information.

The result? Organizations can now conduct sophisticated analytics across larger datasets while leveraging AWS's proven infrastructure for data storage and management.

Real-World Applications:

• Enhanced forensic investigations: Conduct detailed historical analysis across years of archived data, querying with full SPL power
• Compliance and audit automation: Execute sophisticated searches across massive datasets to satisfy regulatory requirements
• Data enrichment at scale: Join reference datasets from S3 with active Splunk data, enabling richer contextual analysis
• Advanced historical analytics: Perform statistical analysis on aged datasets for trend analysis and business intelligence

This federation capability transforms how organizations think about data accessibility—Splunk's analytics engine now reaches further, enabling teams to extract value from data that previously lived outside the platform's analytical scope.

But expanding analytical reach is only half the equation. The second workshop explored how AWS amplifies Splunk's AI/ML capabilities even further.

Workshop 2: AI/ML Acceleration with AWS SageMaker

The second workshop focused on how AWS SageMaker supercharges Splunk's already-powerful AI/ML capabilities.

Splunk's AI Foundation:

Splunk already leads in operationalizing AI through the Splunk Machine Learning Toolkit (MLTK), which offers pre-built models for security and observability use cases, including anomaly detection, forecasting, and behavioral analytics. At our Amsterdam event, we discovered that approximately half of the attendees were actively leveraging MLTK—a clear signal that AI is moving from innovation projects to operational necessity.

Enhancing with AWS SageMaker:

For organizations building custom models or working with particularly complex datasets, Amazon SageMaker complements Splunk's offerings with enterprise-grade ML infrastructure. Key capabilities include:​

• Unlimited compute scaling: Access GPU and distributed computing resources for training sophisticated models on large-scale datasets
• Advanced frameworks and algorithms: Leverage TensorFlow, PyTorch, scikit-learn, and proprietary AWS models
• No-code ML development: SageMaker Canvas empowers business analysts to build and deploy models without specialized data science expertise
• Foundation models and transfer learning: Access pre-trained models through Amazon Bedrock, accelerating development cycles

The Optimal Workflow:

The most powerful approach combines both platforms' strengths:

1. Develop on AWS: Use SageMaker's distributed computing to build and train models on large datasets
2. Export to ONNX: Convert models to the Open Neural Network Exchange standardized format
3. Deploy in Splunk: Import ONNX models into MLTK and apply them to real-time Splunk data streams

This architecture ensures that model inference runs where operational data lives—directly within Splunk—while training leverages AWS's unlimited computational resources.

Practical Impact:

Organizations can now:

• Build more sophisticated predictive models using deep learning and advanced algorithms
• Deploy AI-driven security detection and behavioral analytics at operational speed
• Enable business analysts (not just data scientists) to develop custom modelsScale model training without impacting production search environments

Training at Scale, Impact Across EMEA

Over 100 Partner Sales Engineers departed the Amsterdam event equipped with hands-on knowledge of:

• Federated search architecture and deployment patterns
• AWS SageMaker integration with Splunk MLTKAI/ML use cases specific to security and observability
• Data federation strategies for multi-cloud environments

These technical leaders are now positioned as trusted advisors, equipped to help customers implement federated search for historical data analysis and accelerate AI/ML model development using AWS SageMaker—creating measurable operational advantages in security and observability.

The Path Forward

The Splunk and AWS partnership represents a fundamental shift in how enterprises approach data. Rather than forcing all data into a single system, Splunk now intelligently classifies data and applies federated approaches to maximize value while optimizing cost and performance.​

For security teams, this means faster threat detection and investigation capabilities. For observability teams, it enables real-time insights across hybrid cloud environments. For data scientists and business analysts, it democratizes AI/ML model development and deployment.

Organizations seeking to accelerate their security, observability, and AI/ML initiatives should explore how Splunk and AWS together can expand their analytical capabilities and drive operational advantage.

Ready to expand your analytical reach and accelerate AI/ML deployment? Reach out to your Splunk partner for a demonstration of federated search for S3 or to explore how AWS SageMaker can accelerate your custom model development within Splunk.