Advanced Computing in the Age of AI | Tuesday, September 26, 2023

20 Years into the Future: Splunk Conference Showcases New AI and Edge Solutions 

At its .conf23 event in Las Vegas this week, Splunk unveiled a collection of new AI-powered tools across its portfolio of security and observability solutions.

Splunk is celebrating its 20th anniversary this year. Splunk CEO Gary Steele, who joined the company in March 2022, acknowledged in a keynote how much the digital world has changed since the company’s launch.

“If you go back in a time machine 20 years and think about what it was like when Splunk got founded, the cloud journey really hadn’t happened yet. There hadn’t been a big breach. The digital footprint for most organizations hadn’t been transformed yet,” he said on stage. “It was a really different time, and through that course of 20 years, Splunk has been with you and evolved and changed. One of the things that I’m excited about as I stand here today, roughly 15 months into my job, is the importance of driving Splunk forward over the next 20 years.”

Splunk AI

Like many companies right now, Splunk appears to be betting on AI as the next revolution in tech. The new suite of AI tools, dubbed Splunk AI, provides a series of intelligent assistants that help security operations, IT operations, and engineering teams be more productive and effective in their everyday work. The new release enables teams to automatically mine data, detect anomalies and prioritize critical decisions through intelligent assessment of risk, helping to minimize repetitive processes and human error, the company said.

Splunk is advancing its AI implementation using a strategy guided by three main principles: domain-specific customization for security and observability, a “human in the loop” approach to aid decision making in crucial digital systems, and an open and extensible model allowing integration with customer and partner systems for flexible solutions.

Splunk CTO Min Wang explained in a blog post how AI can help detect important events by automatically mining data to better surface key events and signals, and it can provide context and situational awareness with intelligent event summarization and interpretation while accelerating learning curves.

“Productivity and efficiency can drastically increase by freeing users from basic tasks and allowing them to focus on higher-value initiatives. We believe the benefits of AI far outweigh the downsides and are increasing our investments in taking our trusted AI capabilities even further,” wrote Wang.

One new release is the Splunk AI Assistant which the company says leverages generative AI to provide an interactive chat experience and helps users write in Splunk’s proprietary programming language, Splunk Processing Language (SPL), using natural language prompts. The AI chatbot can also write or explain custom SPL queries.

(Source: Splunk)

The company has also updated its IT Service Intelligence with a 4.17 release that includes features for outlier exclusion and adaptive thresholding. This helps to detect and omit irrelevant data points or outliers, such as insignificant network disruptions, to provide more accurate and actionable detection. A new machine learning-assisted thresholding capability in preview allows for dynamic thresholds based on historical data patterns.

Other new releases show that Splunk is bolstering its AI and ML offerings for anomaly detection and analytics. The Splunk Machine Learning Toolkit (MLTK) 5.4, which has garnered over 200k downloads on Splunkbase, provides users of all levels with guided access to ML technology, facilitating richer insights through predictive analytics and forecasting techniques, the company claims. The release builds on Splunk’s open and extensible AI model, allowing customers to incorporate externally trained models.

Additionally, the Splunk App for Data Science and Deep Learning (DSDL) 5.1, now available on Splunkbase, expands MLTK's capabilities by providing additional data science tools and integration options for advanced custom machine learning and deep learning systems. This latest version also includes two AI assistants to assist customers in utilizing LLMs for natural language processing, training models with domain-specific data.

“Splunk’s purpose is to build a safer, more resilient digital world, and this includes the transparent usage of AI,” said Wang in a statement. “Looking forward, we believe AI and ML will bring enormous value to security and observability by empowering organizations to automatically detect anomalies and focus their attention where it’s needed most. Our Splunk Al innovations provide domain-specific security and observability insights to accelerate detection, investigation and response while ensuring customers remain in control of how AI uses their data.”

Splunk Edge Hub

The Splunk conference also revealed a new solution for edge computing. The Splunk Edge Hub is a new offering for ingesting and analyzing data generated by sensors, IoT devices and industrial equipment. Splunk Edge Hub streams this hard-to-access data directly into the Splunk platform and is supported by different partner solutions to work with the platform’s predictive analytics capabilities.

Edge computing is helping companies bring data transfer and storage closer to the sources of data for improved response times and to save bandwidth, but sorting relevant data out of the mountain of data created by multiple physical and virtual sources can be complex and costly, Splunk says.

The Splunk Edge Hub is roughly the size of an Apple TV. (Source: Splunk)

The company is positioning the Splunk Edge Hub as a streamlined way to collect and analyze this edge data to break down data silos. Splunk says customers can use the device right out of the box, either placed in a physical environment or on top of existing OT hardware to immediately collect, collate and stream data to the Splunk platform.

In a press briefing, Splunk SVP of Products and Technology Tom Casey explained the new device’s significance: “Splunk edge hub is groundbreaking. It breaks down barriers in silos that historically made it difficult to extract and integrate data from your operating environment. And with some new abilities that it provides, it's much easier to access that data, integrate it, and gain visibility to it in a common way using the normal Splunk tools and dashboards that people have in their environments already.”

Casey went on to describe how the device monitors operational environment factors like temperature, humidity, vibration, and water damage to identify potential issues before production is impacted. The Splunk Edge Hub performs predictive analytics directly on the device to identify anomalies in the manufacturing process in real time, thus aiding in equipment maintenance to avoid outages. The Edge Hub will be immediately available in the US and the Americas, Casey said.

"Strategic Maintenance Solutions is thrilled to announce our partnership with Splunk to deliver the all-new Edge Hub,” said Jason Oney, President of Strategic Maintenance Solutions. “The Edge Hub enables us to provide our customers with an end-to-end solution for accessing industrial sensor, maintenance, and operations data at scale. With minimal configuration needed, data can now be seamlessly streamed into the Splunk Platform, allowing our customers to quickly start down the Industrial Transformation journey.”