Splunk .conf23: Everything you need to know from this year’s event

by Riversafe

As the dust settles on another .conf, this year’s event was, as expected, packed full of announcements and new features and developments.  From cutting-edge security advancements to revolutionary AI integrations, the stage is set for a new era of data-driven excellence.

In this blog our team of Splunk experts explore the latest developments and highlight what they feel are the most exciting announcements to come from .conf 23. Let’s dive in!

Security Updates

Splunk Mission Control

Splunk’s new and improved Mission Control console is a game changer for threat detection, investigation, and response. Bringing SIEM, SOAR, threat intelligence, and analytics together in a single work surface, security professionals can streamline workflows, automate manual tasks, and conduct (and close) event investigations faster.

Splunk Attack Analyzer

A new integration for Splunk SOAR, Attack Analyzer allows security professionals to unpack sophisticated techniques used to attack their systems while evading detection.

Formerly known as TwinWave, the tool uses new functionality to automate the analysis of malware and credential phishing attacks. This automated threat forensics add-on will help improve the speed and accuracy of investigations, allowing security teams to detect potential threats while cutting down time spent on manual inquiries.

Splunk AI Assistant

Just launched in preview, Splunk AI Assistant is the next step on Splunk’s extensive roadmap of AI investments. The tool will infuse AI functionality across the platform and help users access what they need more easily.

Using the chatbot-style AI Assistant, users will be able to search their data using plain English prompts which the assistant will then translate into search queries to help them find what they’re looking for.

Allowing users to gather insights in a more conversational way, and removing the need to manually create Search Processing Language queries, the AI Assistant will lower the often-considerable learning curve involved in making the most of Splunk.

Discussing the importance of AI to future Splunk developments, Chief Technology Officer Min Wang said: “We believe AI and machine learning will bring enormous value to security and observability by empowering organizations to automatically detect anomalies and focus their attention where it’s needed most.”

Splunk App for Anomaly Detection

Bringing automation and AI to SecOps, the Splunk App for Anomaly Detection simplifies and automates the discovery of abnormalities in time-series datasets.

Designed to help SecOps teams manage and operationalise anomaly detection workflows, the app detects seasonal patterns and automatically determines optimal parameters using machine learning, without the need for manual inputs.

Any time-series data that can be ingested into Splunk can be scanned with the Splunk App for Anomaly Detection.

Splunk Machine Learning Toolkit (MLTK) 5.4

Providing guided access to machine learning technology, the Splunk Machine Learning Toolkit is a popular resource with over 200,000 downloads from the Splunkbase app store.

The latest version of the MLTK rolls out several new features and improvements, including the introduction of the Multivariate Outlier Detection algorithm, and the option to import pre-trained ONNX models.

It also includes updated versions of the Python for Scientific Computing (PSC) add-on, and makes changes to what anonymised data the SMLT transfers to Splunk Inc.

Observability Updates

OpenTelemetry as Technical Add-on

Aiming to improve the functionality of Splunk Observability Cloud and Splunk Cloud Platform integrations, OpenTelemetry is now available to be deployed alongside existing forwarders used to capture metrics and traces.

Demonstrating Splunk’s commitment to the OpenTelemetry project, the introduction of the add-on will make transmission of data less complex and more flexible for users.

This new feature gives users a unified view of infrastructure and services, reducing the hassle previously involved in deploying and managing two agents simultaneously.

Outlier Exclusion for Adaptive Thresholding for ITSI

There are improvements to monitoring and troubleshooting functionality too, with speed-boosting enhancements for Splunk IT Service Intelligence (ITSI) including Outlier Exclusion in Adaptive Thresholds.

As well as an improved user interface, the ML-driven outlier detection feature now allows users to detect and omit historical outliers from calculations, resulting in better detection accuracy. And with the Content Pack for Monitoring and Alerting, users can perform side-by-side analysis and tuning of KPI thresholds and historical views.

New ML-Assisted Thresholding for ITSI

Another smart solution announced at the event was the new machine learning-powered Assisted Thresholding tool.

Using historical data and recognised patterns, Assisted Thresholding allows users to create dynamic thresholds with a single click, giving them more accurate alerts about the health of their environment.

APM Service Centric Views

Currently in private preview and coming soon to a Splunk instance near you, APM Service Centric Views are new dashboards that give engineers a single, in-depth view of service performance.

Covering all services in one centralised panel, engineers can identify any errors or bottlenecks in service infrastructure that are causing performance issues.

Users will also be able to see visualisations of the health of all third-party dependencies.

Platform Updates

Ingest Actions

Updates to Splunk Enterprise 9.1 and Splunk Cloud Platform will deliver greater visibility and better data visualisations, so users will have all the information they need to scale up with minimal disruption.

Among these updates is Ingest Actions, which brings expanded routing capabilities that enable data to be channelled into multiple, distinct Amazon S3 buckets and equips users more granularity when managing their data.

Federated Search for Amazon S3

Another handy upgrade for AWS customers, Federated Search for Amazon S3 provides a unified search experience of any data at rest stored in S3 buckets as well as other third-party data lakes, and across Splunk instances without having to ingest that data into Splunk.

Users can now search data at rest through the integration while avoiding latency and data transfer charges.

Edge Processor featuring SPL2

Edge Processor is a powerful data processing tool that enables users to efficiently manage data at the edge of their network. Offering users more flexibility (and convenience) in their data management tasks, Edge Processor now supports the ingestion and export of data to and from Splunk using HTTP Event Collector (HEC). Other new additions include the ability to set default destinations per Edge Processor to give users more flexibility and capacity to meet their various data sovereignty and compliance needs.

According to Splunk, these updates are all about fostering closer collaboration and building greater resilience. “Real-time cross-team collaboration is essential for a digitally resilient business,” said Splunk SVP & GM of Products and Technology, Tom Casey. “And SecOps, ITOps and engineering teams all share a need to detect, investigate and respond.

“At Splunk, we’re excited to announce our latest innovations that empower these teams with shared data context, more unified experiences and the only integrated Security and Observability Platform powered by Splunk AI, so they can work together to make their systems secure and reliable.”

Is your Splunk instance up to scratch?

As a Splunk Accredited Professional Services Provider RiverSafe has the experience and know-how to help you do more with Splunk.

Find out if your Splunk instance is delivering maximum protection and value with our Splunk Health Check.

Get your free Splunk Health Check


By Riversafe

Experts in DevOps, Cyber Security and Data Operations