Big-data firm Splunk Inc. today announced a collection of artificial intelligence-based offerings under the new “Splunk AI” banner, including a new generative AI assistant that helps users interact with their underlying application observability data more easily.

Announced on day two of Splunk’s .conf23 event in Las Vegas, Splunk AI is a suite of offerings that aims to enhance human decision-making and threat response with assistive experiences. They’re aimed at security operations, information technology operations and engineering teams, and enable them to automatically mine observability data, detect anomalies and prioritize the most critical decisions they need to take by intelligently assessing the level of risk companies face. They were created using domain-specific large language models and machine learning algorithms trained on Splunk’s enormous cache of security and observability data.

The main offering is the new Splunk AI Assistant, which is a ChatGPT-style generative AI chatbot that enables users to interact with observability data in a more natural, conversational way, and squeeze insights out of it more easily, Splunk said. One advantage is that it enables users to create Splunk Processing Language-based queries by simply asking questions of their data in natural language. Users can ask questions and the chatbot will create the most appropriate SPL query to find the answers they need, the company explained. AI Assistant is available in preview from today, the company said.

The biggest advantage of Splunk AI Assistant is that it optimizes large language models with Splunk’s own security and observability data to improve accuracy, said Constellation Research Inc.’s vice president and principal analyst, Andy Thurai. As such, it could prove to be an extremely useful tool for support personnel, SecOps and even DevOps teams, helping them to find information for incident management much faster than they could before. “SIEM, log and other observability data is spread across many tools and many siloed implementations, so it is hard to get total visibility across enterprise-wide applications when there is a major outage,” Thurai said. “So it’s hard to find the needle in the haystack to pinpoint the root cause analysis with all the noise created by critical alerts.”

Splunk also announced new AI operations capabilities with the Splunk App for Anomaly Detection, which is available now. It’s aimed at SecOps, ITOps and engineering teams and provides a streamlined workflow to simplify and automate anomaly detection. Meanwhile, an update to the existing IT Service Intelligence offering provides greater threat detection accuracy by identifying abnormal data points or outliers such as network disruptions and outage spikes.

Also in preview now is a new machine learning-powered Assisted Thresholding tool, which uses historical data and patterns to create dynamic thresholds in a single click. With this, users will benefit from more accurate alerts relating to the health of their information technology environments.

“We believe AI and machine learning will bring enormous value to security and observability by empowering organizations to automatically detect anomalies and focus their attention where it’s needed most,” said Chief Technology Officer Min Wang.

Thurai said the anomaly detection and assisted thresholding tools can be useful for AIOps teams. The machine learning use cases based on deep learning models such as RNNs and CNNs can detect DNS data exfiltration, command exploits and other suspicious processes,” he said. “This can all be pretty powerful in detecting security issues before they happen.”

The announcements didn’t stop there, though. In addition, Splunk unveiled an updated Machine Learning Toolkit that provides guided access to machine learning technology to users of all levels. With today’s update, users can leverage techniques around forecasting and predictive analytics to unlock richer insights based on their observability data.

“Splunk MLTK is aimed at helping customers train LLMs on their own domain specific data,” Thurai explained. “Again, this can be quite powerful in terms of unearthing tribal knowledge that is hidden in many corners of the enterprise.”

Finally, the company announced a new edition of the Splunk App for Data Science and Deep Learning, which provides access to new data science tools for users looking to integrate customized machine learning and deep learning systems within Splunk. The release includes two AI assistants powered by large language models, which can be trained on customer’s own, domain-specific data to support natural language processing algorithms.

Futurum Group analyst Steven Dickens said AI and AIOps have become essential tools in the observability space, helping organizations to respond more quickly and more strategically to different threats. “The new offerings within Splunk AI enhance and accelerate human decision-making and response to threats, so organizations can ensure their digital systems remain secure and resilient,” the analyst said.

The new AI offerings were announced alongside a number of new security and observability tools unveiled today, including a new Splunk Attack Analyzer tool that automates the analysis of malware and credential phishing attacks. It also debuted a new, Unified Identity offering that enables users to access Splunk Cloud Platform and Splunk Observability Cloud with a single user ID.

Earlier, on day one of .conf23, the company announced a new platform called Splunk Edge Hub that makes it simpler for organizations to ingest the difficult-to-access data generated by sensors, internet of things devices and industrial equipment.

Image: Splunk