The News: Splunk’s .conf conference was last week and the company announced the next generation of the Splunk Platform, including enhancements to Splunk Cloud Platform and the general availability of Splunk Enterprise 9.0. For more information see the full release from Splunk.
Splunk’s .conf Recap: Platform and Cloud Are the Future
Analyst Take: Splunk’s .conf conference was incoming CEO Gary Steele’s first major event appearance following his joining the company in early April of this year. After more than 19 years at Proofpoint, Steele has come in to take Splunk to the next level of its growth journey.
My colleague Daniel Newman recently interviewed Steele for the Six Five Summit so I won’t rehash their conversation here, rather I plan to focus on the pivot the business is making to the cloud and the focus on Platform both from an offering and strategy perspective.
Splunk’s .conf conference is a practitioner-focused event, the annual gathering of developers and data scientists who have powered the early chapters of the company’s growth. Like most events, the annual pilgrimage has been on hiatus for the last couple of years, and it was clear that everyone was glad to have the chance to be back in person.
Splunk Enterprise 9.0 and Cloud Platform
Splunk has largely built its impressive growth on managing on-premises infrastructure, with its customers deploying a Splunk premise within the confines of their own datacenters.
With the pervasiveness of the public cloud as the default model for many of Splunk’s customers, the company is making an unsurprising pivot to a public cloud-based model. However, Splunk’s pivot to the cloud is wider than just where the Splunk instance is deployed. The company is also looking to ingest new types of cloud data from AWS S3 images, in an attempt to make the software more pervasively deployed and used by its ever-growing client base.
Splunk is making this pivot to the cloud not only on a technology axis, but also through reimagining its pricing approach, transitioning from an ingestion-based model to one where pricing corresponds to the value of the data. The company is calling this still a relatively new approach to its commercial engagement with clients ‘workload pricing.’
As part of the Splunk .conf mainstage sessions, the company announced the general availability of Splunk Enterprise 9.0, which replaces the current 8.3 release. Speaking to the press and analyst community ahead of the event, Splunk senior vice president and chief product officer Garth Fort, who has also recently joined Splunk from AWS, described Splunk 9.0 as “the most significant release that we‘ve offered in a long time and we think it’s going to be significant for customers that run on-premises, as well as customers that will run in the cloud.”
Splunk Cloud Platform and Splunk Enterprise 9.0, is designed to allow customers to access more data sources easily, and find and operationalize insights faster, more securely. It’s also designed to help customers scale deployments both on-premises and across multiple cloud deployment models. The overarching theme coming out of Splunk .conf was that the company is striving to streamline administration for DevSecOps teams and provide the tools they need to quickly turn data insights into business outcomes.
Highlights of Splunk 9.0 Release
The highlights of the 40+ new features in the Splunk 9.0 release were:
Data Manager for Splunk Cloud Platform. This new feature set for Splunk Cloud Platform is designed to deliver a scalable data onboarding experience across AWS and Azure today, with GCP slated to be supported later this summer. The Data Manager functionality, demoed as part of the day’s main stage presentations, aims to provide an easy-to-manage hybrid cloud control plane of data flowing into Splunk within minutes. As customer deployments truly embrace a hybrid multi-cloud deployment model, the ability to quickly and easily manage this disparate environment will become more critical. This is a smart move on Splunk’s part — further investing to drive simplicity for clients — and we expect to see more cloud deployments come on stream in the quarters ahead as the focus on the big three proves its worth.
Splunk Log Observer Connect. Building on announcements made back in January, Splunk Log Observer Connect functionality is designed to enable customers to visualize all their data in one place by bringing together the value of Splunk Cloud Platform and Splunk Observability. Logs, in addition to metrics and traces, play a vital role in building observable systems. Typical deployment models would include Splunk Cloud/Enterprise for security, compliance, and investigations, or Splunk Observability Cloud for powerful in-context debugging and root-cause analysis of complex applications. This new simplified and combined interface approach enables SRE teams and DevOps engineers to access metrics, traces, and Splunk Cloud logs with a no code interface for faster, in-context debugging with deeper root analysis and overall architecture-wide observability.
Anomaly Detection Assistant. The sheer volume of attacks and the complexity of the threat surface area in a hybrid multi-cloud environment means that security teams need all the help they can get. The newly launched Anomaly Detection Assistant aims to simplify investigation and therefore helps security analysts, IT operations and DevOps engineers find potential problems by leveraging machine learning to structure a tuned query quicker and to identify anomalies in a time-series dataset.
Expanded data access and optimized storage. A key theme that was widely evident throughout the Splunk .conf event is that customer feedback, especially as it relates to the cost of solutions and the growing expense of deployments, is of paramount importance. While ‘expensive’ is always a relative term, Splunk is smart to focus on this concern before it becomes a pervasive issue. In this spirit, Ingest Actions was introduced. Ingest Actions is a new feature designed to help customers get data to the right places, in the right shape, and at the right time. It offers granular controls designed to take action on data through filtering, masking, and routing in motion at ingest time to Splunk Platform or to external Amazon S3 storage. Pricing based on ingest volumes has been a concern for Splunk customers, so any fine-tuning here will be surely welcomed. With Enterprise 9.0 Splunk extends cost-effective cold storage beyond AWS and GCP, to now include Azure with SmartStore for Azure, helping self-managed Splunk Enterprise customers reduce operating costs by up to 70%. Alongside workload pricing as an option, these two developments should make customers looking to manage and mitigate costs as happy as possible.
Federated Search. With the 9.0 release, Splunk also took the opportunity to improve search within its solution. The new Federated Search functionality within the Splunk platform will enhance and simplify security investigation and search operations across hybrid cloud environments by providing users and administrators with a comprehensive view of their entire Splunk deployment. The company has been talking about federated search for a while now, and the ability for Splunk customers to search across multiple Splunk indices from a single command line will be welcomed by many. Federated Search is now GA. The Splunk team shared that the functionality to search beyond your Splunk deployment from Splunk Cloud Platform to Amazon S3 is now available to customers in preview, with general availability coming soon. This is crucial, as the technology will enable users to extend the reach of the search tool into non-Splunk data sources for the first time.
Looking Ahead for Splunk
The .conf conference has always been practitioner-focused, so the fact that it was light on overall strategic vision wasn’t surprising, especially given Gary Steele’s relative short tenure with the company. The company also saw a major transformation over the past year that took the vast majority of its products to the cloud and shifted the consumption economics of the business, so some of that is also settling as customers migrate to its cloud and ARR technologies.
We like seeing Splunk’s focus on delivering on improving the security posture and resilience of its customers through the mantra of ‘See-Act-Extend’ and the excitement and passion of the Splunk customers was palpable. The fact that the company has such support among practitioners in Operations and Security is good. What remains for Gary Steele to tackle in the months ahead is the “why Splunk” messaging, positioning the company and its capabilities to the C-Suite as must-have when it comes to delivering on operational resilience and risk management. As organizations look to ensure that their hybrid multi-cloud architectures are managed consistently, deliver the performance required, and provide operational resilience, then Splunk is well placed to deliver. We look forward to watching Steele work some magic in the months ahead.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.
Other insights from Futurum Research:
Image Credit: Forbes