UPDATED 10:54 EST / OCTOBER 22 2021

BIG DATA

At Splunk .conf21, comprehensive change is fueled by data

Splunk Inc. returned this week to the online format of its blockbuster annual event, Splunk .conf21, with the broad theme of “Turning Data into Doing,” which seems appropriate given the massive security and observability data volumes the firm interprets into analytics and response actions for global companies.

What customers are doing with data

Sticking to the theme, Splunk positioned customer success stories from some of the world’s most innovative firms and institutions front and center, including Tesco PLC, Takeda Pharmaceutical Co. Ltd., Chipotle Mexican Grill Inc. and McLaren Automotive, which brought out its Formula 1 champion Lando Norris to discuss how the racing team leverages track data insights to win. (*Disclosure below.)

Of particular note, Koby Avital, executive vice president of Walmart Inc.’s global tech platform, discussed how the company deploys Kubernetes clusters onto regional “Triplets” of Azure, Google Cloud and private cloud resources to fulfill millions of daily omnichannel orders. Splunk is part of Walmart’s core data plane, providing performance and security event monitoring and observability to anticipate customer experience issues and help it set a posture for disaster recovery contingencies.

Indeed, Splunk Chief Executive Doug Merritt (pictured) pointed out in an interview with SiliconANGLE’s video studio theCUBE at .conf that “one second of latency can have a 10% drop-off in fulfillment of a transaction. For Walmart, that’s a billion dollars a week if you can’t get their system to perform at the level it needs to.”

Data in Splunk also figures prominently in assuring security. “Security is largely a human problem, but it’s represented by data,” Stephen Schmidt, chief information security officer of Amazon Web Services Inc., said in a keynote testimonial. “We produce more than 50 petabytes of security-related log information a day, and we ingest more than 500 terabytes of logs about the behavior of our corporate infrastructure and our employees into Splunk. That allows us to immediately begin the process of understanding what’s happening in our infrastructure, and taking action to ensure we’re protected.”

Reinforcing the platform

Splunk seems to be constantly streamlining its product naming strategy, with logs, metrics and traces flowing through the Splunk Platform, which contains all of its data ingest, streaming, indexing, inferencing and search capabilities, as well as their Security Cloud and Observability Cloud solutions.

With so many services and sources feeding their platform, the signal-to-noise ratio of interpreting all of that data, and the incidental customer cost of storage can become quite unpredictable. Splunk addressed these concerns with a new beta Ingest Actions feature that can route, modify and filter data within the upstream ingest path.

Teresa Carlson, Splunk’s recently hired president and chief growth officer, announced workload-based pricing for all Splunk Cloud customers. This pricing option allows customers to pay upon launching search and analytics workloads, rather than upon data ingest, so data cost does not need to provide a barrier to work.

A new enterprise-wide federated search capability for the platform will allow permissioned users to scope out trends and anomalies across multiple topology-agnostic cloud regions, enclaves and application domains.

Visualizing security and observability

Underneath the primary platform play, I saw a lot of attention being paid to improving visibility for developers, operators and even executives into system-wide security and performance concerns that may ultimately become boardroom-level concerns.

Of particular interest was Splunk’s new Dashboard Studio, which allows practitioners to visually control the representation of metrics, trends and alerts for an appealing multimodal user experience across different browsers and devices. As an occasional information architect myself, I had to drill into the breakout session to see how these dashboards can be constructed and reused.

Splunk’s acquisition of TruSTAR Technology Inc. for threat intelligence management, combined with new risk-based alerting and visual SOAR playbook editors, continued the trend of unifying many different security products under the platform’s common Security Cloud context. Customers can still run on-premises versions of Splunk, but by far most of the growth seems to be happening in its cloud offerings.

Similar tectonic moves were occurring under the Splunk Observability Cloud, which has fully merged the Omnition and SignalFX acquisitions of the last two years with its existing application performance monitoring capabilities, as well as the more recent Plumbr and Rigor tools for synthetic monitoring and real user monitoring. RUM demonstrations were shown tracking user experiences for native iOS and Android mobile apps as well as browser-based front ends.

Cloud-native practitioners can also take heart in the firm’s demonstrable contributions to Open Telemetry and other leading open source projects for future interoperability.

The Intellyx take

When you get to return to a vendor’s conference year after year, you start to expect a lot of replays of “greatest hits” content on tap. But the only thing recycled here was last year’s uniquely designed virtual conference platform with its games and messages.

Much has evolved at Splunk. New products and new faces within their E-Suite from AWS including Carlson, and Shawn Bice and Garth Fort on the product side, assured that the sessions were as fresh as the new experiences on display here.

Mark Hamill closed the event with a fascinating peek into his everyday life as the iconic “Star Wars” actor still interacting with his fans in the real world, more than 40 years after his debut as Luke Skywalker.

The saga doesn’t end here. We can’t predict what enterprises will be doing with data in the future, but maybe we’ll be meeting in person about it again in 2022.

Jason English (@bluefug) is a principal analyst at Intellyx, which advises business leaders and technology vendors on their digital transformation strategies. He wrote this article for SiliconANGLE. (* Disclosure: Splunk is a current Intellyx customer. None of the other vendors mentioned in this article is an Intellyx customer.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU