Top 5 Reasons Why Splunk Is the Ideal Platform for Unified Security and Observability

Splunk embodies the top 5 principles of unified security and observability, and has been an expert in log management, security, and observability for years. While there are many point solutions for either security or observability, the world's leading brands — such as Papa John’s, Accenture, Zoom, Intel, Airbus, Honda, Heineken, McLaren, Dominos and more — trust Splunk to deliver a unified platform for not only security and observability, but also the ability to customize to meet their unique, enterprise-scale business needs.

Let’s explore each of the top five principles of unified security and observability and how Splunk helps customers succeed because of them.

Unified Platform

An ideal unified platform spans data from edge to the cloud (both private and public) and supports containers as well as monolithic apps, so customers do not have to spend time and money managing and upgrading hundreds of niche solutions. 

Splunk meets customers’ demands irrespective of where they are in their cloud transformation journey, whether they need visibility into data on-premises, on the edge, in the cloud, and across multiple cloud providers, while meeting customers’ unique data locality needs with deployment models available from pure SaaS to fully on-prem for air-gapped security environments. Many other vendors are restricted to one deployment model that cannot meet customer needs for a hybrid environment.

Customers such as Nasdaq have trusted Splunk to accelerate their journey to the cloud. Nasdaq began its cloud transformation in the 2000s, long before most organizations were considering the merits of cloud computing. Brad Peterson, executive vice president and chief technology and chief information officer at Nasdaq said that “the move to cloud is not just a lift and shift or a technical problem to be solved, it’s an overall change in business so when we decided to change the way we build products and move to a cloud and SaaS model, we kicked off a major cultural initiative. This involved training, updating processes across the business, and enlisting the help of strategic partners like Splunk.” So, while Nasdaq already relied on the Splunk platform for IT operations and security, the enterprise turned to Splunk to help pave the way for a successful cloud journey — while still maintaining visibility into its evolving hybrid environment.

Pervasive Across Use Cases

Continuing the need for reducing data fragmentation to make informed business decisions, a platform should be able to use the same data for various use cases so that customers do not have to ingest the same data multiple times and store it in different tools.

A number of vendors claim to support multiple use cases. However, most of these solutions are proficient in one use case, lacking maturity and customer proof points across other use cases. In contrast, a significant number of customers continue to choose Splunk for its ability to consolidate data and use it for different use cases and offer full-fidelity data for better remediation, prediction, and root cause analysis. Rather than offering discrete products for security and observability, Splunk offers an underlying platform for both and is actively integrating new innovations and acquisitions together to provide the richest capability set possible for customers. Earlier this year, we introduced Splunk Log Observer Connect to provide seamless integration across metrics, events, traces, and logs to allow customers to visualize all their data in one place, combining Splunk Cloud Platform and Splunk Observability and enabling site reliability engineers and DevOps engineers to access their metrics, traces, and Splunk Cloud logs in a single interface for faster, in-context debugging.

Our customers turn to Splunk to consolidate data across multiple sources and build centralized tools for visibility, management, and issue remediation.

USS Midway uses the Splunk platform to bolster security and infrastructure monitoring across the ship. Joe Gursky, Director of Information Technology at the USS Midway Museum, said that “I’ve been here seven years,” Gursky says. “This has been the first opportunity I’ve had to actually break silos.” With multiple departments across the Midway looking at the same data on the same platform, teams are now more informed, collaborative, and efficient, easily accessing and sharing information with both colleagues and executives.”


The customer’s platform should not only be extensible enough to support a multitude of use cases but also allow customers to build their own applications, integrate with a vast majority of commercial applications from the partner ecosystem, and leverage apps built by the community on the whole. This allows customers to stay within the confines of their platform and reap the benefits of a vast ecosystem.

And the ecosystem of apps and add-ons is a big part of what makes Splunk valuable and useful to so many of our customers. Splunk is constantly trying to make it easier to build applications and extend the platform to fit their use cases. We recently added the Splunk Cloud Developer Edition (preview) that lets developers easily create and test their applications, reducing time-to-value for enterprises building on, for, and with the Splunk Cloud Platform. Features such as the Automated Private App Validation (APAV) remove the requirement for manual review for all of our private apps, meaning customers can now fully self-service apps in Splunk Cloud Platform, no more support tickets, no more maintenance windows for installs and upgrades, no need to wait for the customer’s app to go through the manual review queue, negating claims that Splunk’s setup requires services intervention.

Heineken is one such customer who uses Splunk to consolidate data and improve visibility across its geographically disparate operations teams by building their own custom application for supply chain visibility and rapid issue remediation. Heineken’s digital integrations team stitches together data from all its disparate systems, enabling real-time data exchange between Heineken’s five middleware platforms and 4,500 applications. A single instance of downtime for one of Heineken’s five foundational integration platforms could halt production and distribution altogether. 

Guus Groeneweg, Global Product Owner for Digital Integrations, Heineken, said, “We needed to increase the transparency of the black box we call integration — so we turned to the Splunk platform to better understand our data and systems.” “With Splunk, we easily capture all log files and analytics for each of our 25 million monthly messages sent between applications. Splunk Cloud Platform translates all that raw data into transparent, actionable insights that teams across Heineken use to resolve operational issues and improve performance.”


Extending the point of extensibility further, the platform should also provide data portability across clouds. This lets customers store large amounts of data cost-effectively and reduces lock-in.

Splunk allows customers to do more with their data — and now offers more flexible streaming, storage, search, and workload-based pricing giving customers the freedom to choose how and where they manage their data. Features such as Ingest Actions, Flex Index (preview), Dynamic Data Active Archive, and Federated Search help customers store and access their data cost-effectively based on its value to their business, allowing them to focus on business outcomes rather than managing costs. This is because it is not only important to streamline costs but also to get value out of your investment.

Moreover, with these innovations, customer data doesn’t need to sit inside Splunk. We meet your data where it lives. Lesser lockin = lower cost = portable data skills = because it’s open! Additionally, Splunk is a significant proponent of open technologies, including OpenTelemetry and the Open Cybersecurity Schema Framework project (recently announced at Blackhat USA in collaboration with AWS, IBM, and 15 other leading security and technology companies).

BusinessWire reports, “Chief information security officers have grumbled about proprietary cyber products that force security teams to integrate data manually. More than three-quarters of 280 security professionals surveyed want to see vendors build open standards into their products to enable interoperability, according to research from the Information Systems Security Association and TechTarget Inc.’s analyst unit published in July.”

Customers such as have used Splunk to re-platform its monolithic architecture into microservices, improving visibility and time to value. “The observability that Splunk provided was key,” says Sean Schade, principal architect on’s core architecture team. “One of the first things we did was turn on tracing and telemetry to understand how the pieces of this giant puzzle fit together.”

Being an early adopter of OpenTelemetry gave a distinct advantage when tackling a project of this size and scope. “OpenTelemetry is one of the North Stars of our architecture because of the insight it provides,” says Schade. “We could bake OpenTelemetry into our architecture from day one because we have Splunk, who is the number-one contributor to OpenTelemetry and way ahead of the curve on this.”

Powerful Search Performance at Scale

There are several tools in the industry that use multiple methods such as sampling, schema on write, “indexless logging,” etc. to ingest, process,  and search data fast. A platform should not only be performant but should be able to digest data in any format and then search it at scale. When breaches or app outages occur, customers not only need fast results, but they need authoritative and trustworthy data that leads to accurate actions.

Mangesh Pimpalkhare, Vice President of Product Management, Splunk Platform, said, "Splunk is always on — a 100% hybrid, cloud-connected, autonomous control plane with deeper resilience and minimal disruption for upgrades and migrations." SPL can handle complex correlation searches AT SCALE — 8 billion searches in the last month alone, 1 million monthly active users, PBs of data ingested through our cloud data sources, growing at 93%.

Customers such as Tesco, the third-largest retailer in the world, are pushing several TBs of data into Splunk and leveraging it even more during their demand surges. When Tesco was affected by the COVID-19 surge, “the entire operations teams relied on Splunk dashboards to monitor every detail, from website performance to final delivery to the customer,” Olive, Josep Lead Technical Program Manager, Tesco. This was followed by Christmas. Demand was so fervent that Tesco became a topic of national conversation, trending on Twitter the entire day. “The pressure on our systems was unlike anything we’ve seen, and having Splunk to provide visibility into these systems was critical to fulfilling our customers’ needs,” said Olive. “During this Christmas surge, Splunk helped us improve our monitoring, observability, and entire software development environment.”

As stated in our previous blog, "The Convergence of Security and Observability: Top 5 Platform Principals," there are few platforms that can provide unified, pervasive, open, extensible performance at scale. Splunk consistently provides these capabilities and continues to innovate for our customers. But don’t just take our word for it — watch our .conf22 Platform Super Session to hear from leading customers how choosing a platform that aligns with these five principles helps them realize meaningful value.

Get started with a Splunk Cloud Platform trial today to explore further.

This blog was co-authored by Anna Mensing (Director of Product Marketing) and Sneha Ghosh (Principal Product Manager) with special thanks to Mustafa Ahamed (Sr. Director Product Management) for his significant contributions.

Sneha Ghosh
Posted by

Sneha Ghosh

Sneha Ghosh is a Principal Product Manager at Splunk. Her responsibility includes the delivery of competitive insights for our field and our product teams across key competitors.