With Expanded Machine Learning Capabilities Across Portfolio, Splunk Unveils New Use Cases

During its annual user conference, .conf2017, Splunk revealed major updates to across it’s entire product portfolio – with a special focus on machine learning. IDN looks at why Splunk says machine learning ‘is crucial’ to helping customers meet the next wave of requirements.

Tags: analytics, cloud, machine learning, Splunk, UBA,

Splunk is making a major commitment to machine learning, adding rich capabilities across virtually every part of its product portfolio. The goal, execs said, is to better help organizations generate deeper insights and discover new patterns in data – as quickly and easily as possible. 


During its annual user conference, .conf2017, Splunk revealed major updates to Splunk Enterprise 7.0; Splunk IT Service Intelligence (ITSI) 3.0; Splunk User Behavior Analytics (UBA) 4.0; and the latest improvements to Splunk Cloud that can apply analytics and machine learning to fraud and cloud monitoring use cases.


“Machine learning is critical to customer success and to the evolution of Splunk.  [Our] machine learning advances enable users to collect, prepare, transform, explore, visualize and publish data insights,” Splunk’s chief product officer Richard Campione said in a statement.  “With the new enhancements, customers can use the Splunk platform to predict future IT, security and business outcomes through integrated machine learning techniques backed by powerful, extensible algorithms,” he added.

Inside Splunk’s Machine Learning-Driven Upgrades

Advanced machine learning capabilities were added across all major Splunk products.  IDN takes a look at some of the highlights.

Splunk Enterprise 7.0 and Splunk Cloud. The addition of machine learning to each of these aim to let customers better monitor, investigate and gain intelligence with their data – and at the same time help improve performance and scale. “Support for metrics accelerates monitoring and alerting by at least 20x, and optimizations to core search technology deliver 3x speed improvement,” Campione noted.


Splunk IT Service Intelligence (ITSI) 3.0: The latest version of Splunk ITSI revolutionizes event monitoring by combining service context with machine learning to help identify existing and potential issues, prioritize restoration of business-critical services and deliver analytics-driven IT operations. Splunk ITSI 3.0 applies service context, including dependencies, to events and employs machine learning to reduce the noise of alert fatigue and surface only the most critical information.


Splunk User Behavior Analytics (UBA) 4.0: The new version of Splunk UBA enables customers to create and load their own machine learning models to identify custom anomalies and threats via Splunk UBA’s new software development kit (SDK). This first-of-its kind capability opens up Splunk UBA to the world, giving users more power to detect insider attacks and automate correlation of anomalous behavior into high fidelity threats.


Machine Learning Toolkit (MLTK): Available at no charge to any customer, Splunk MLTK is a data science application that anyone can use to predict future IT, security and business outcomes. Recent updates include machine learning model management, which integrates user permissions via an intuitive user interface. In addition, the MLTK now includes public machine learning APIs for open source and proprietary algorithms, and a data prep module to help customers prepare and clean their data before initiating machine learning modeling.

With these major upgrades, Splunk aims to open up machine learning to everyone, Campione said, and enable customers to better predict future outcomes and more effectively analyze their data.  


In a blog post, Splunk’s Philipp Drieger, a senior sales engineer, drilled into the types of anomalies that can be detected with the help of machine learning:

Obviously anomaly detection is an important topic in all core use case areas of Splunk, but each one has different requirements and data, so unfortunately there is not always an easy button. In IT Operations you want to detect systems outages before they actually occur and proactively keep your depending services up and running to meet your business needs. In Security you want to detect anomalous behavior of entities to detect potential indicators for breaches before they occur. In Business Analytics you might want to spot customer churn or find patterns that indicate severe business impacts. In IoT you may want to find devices that suddenly turn into an unhealthy state or detect anomalies in sensor data that indicate potentially bad product usage.

“Data is a strategic advantage and organizations are looking for the fastest, most efficient way to turn data into answers,” Campione said.  By adding machine learning and metrics advancements that anyone can use, Splunk’s latest updates aim to deliver mission-critical answers faster and easier than ever before, he added.


More announcements from .conf2017

The vendor also announced new and updated products, solutions and programs at its annual conference.


Premium-packaged solutions unveiled include: 

  • Splunk Enterprise Security (ES) Content Update, a new subscription service that offers pre-packaged security content to customers.
  • Splunk Security Essentials for Fraud Detection, a free Splunk app that guides customers on how to use Splunk to identify and investigate different types of fraud.
  • Splunk Insights for AWS Cloud Monitoring, an analytics-based approach to cloud monitoring.
  • Splunk Insights for Ransomware, a solution that provides organizations with real-time insights for proactive assessment and rapid investigation of potential ransomware threats.
  • Booz Allen Hamilton Cyber4Sight for Splunk, a solution which empowers security analysts and threat hunters with actionable threat intelligence.


Splunk also previewed two new future technologies:

  • Splunk Project Waitomo: A new infrastructure monitoring solution that unifies logs and metrics, delivering integrated machine learning for alerts, trends and investigation.
  • Splunk Project Nova: An API-based logging-as-a-service solution, targeting developers and DevOps practitioners.


The vendor also announced at the conference that it is helping military veterans and youth train for careers in technology through its Splunk4Good initiative and partnerships with nonprofit organizations NPower, Wounded Warrior Project (WWP) and Year Up as well as AWS re:Start.


Also revealed were new, flexible pricing programs tailored to ensure that organizations realize maximum value for their Splunk software investment across every stage of their data journey.