Applications os News

Splunk Doubles Down On Security, Observability With 9.0 Release

Rick Whiting

New functionality in Splunk Enterprise and the Splunk Cloud Platform provide advanced data ingestion, data management and federated search.


Data platform developer Splunk has debuted the next generation of its core on-premises and cloud systems, offering up a wave of new capabilities and features that will help customers collect, manage and search increasingly huge volumes of machine data.

The general availability of Splunk Enterprise 9.0, which replaces the current 8.3 release, and enhancements to Splunk Cloud Platform are being unveiled today at the company’s .conf22 event in Las Vegas. Some 12,500 attendees are expected at the conference – the company’s first in-person conference since 2019.

For many Splunk customers and partners, the event also marks their introduction to Gary Steele (pictured), the founding CEO of security vendor Proofpoint who took over as Splunk president and CEO in April and will deliver the conference keynote.

[Related: Splunk CEO Gary Steele On Channel Opportunities, Management Stability And Splunk CEO Gary Steele On Channel Opportunities, Management Stability And Introducing Himself At .Conf22Introducing Himself At .Conf22]

For the first time Splunk is combining its .conf customer event with the company’s Global Partner Summit with more than 1,800 partners expected to attend. The company will make a number of announcements around its Partnerverse program including access to the Splunk Cloud Sandbox for developers and a new funded partner training benefit.

The new capabilities introduced in Splunk’s technology portfolio this week, including new data ingest, federated search and cloud data management functionality, come as Splunk continues to target applications in data observability and IT security.

“Splunk is absolutely mission critical in helping organizations truly achieve their missions,” Steele said in his .conf22 opening keynote Tuesday.

“Today we’re delivering the world’s leading platform for unified security and observability,” Steele said. “We’re central to the SOC [security operations center]. We’re central to your IT organization and your DevOps teams. We are at the heart of your business operations. We see the lines between security and IT beginning to blur because those teams all need access to the same data.”

“Splunk 9.0 is the most significant release that we‘ve offered in a long time and we think it’s going to be significant for customers that run on premises, as well as customers that will run in the cloud,” said Garth Fort, Splunk senior vice president and chief product officer, in a press pre-briefing last week on the upcoming product announcements.

“The latest innovations in the Splunk Platform enable customers to address the complexities of multi-cloud and hybrid environments, rapidly identify signals from noise, and turn data insights into business outcomes,” said Fort, who is demonstrating some of the software’s new capabilities during the .conf22 opening session.

A number of the new features provide end-to-end visibility through expanded data access and optimized data storage, according to the company. Data Manager for Splunk Cloud Platform helps customers onboard Splunk across Amazon Web services and Microsoft Azure, providing a hybrid cloud control plane for data flowing into Splunk. (Support for Google Cloud Platform is set for later this summer.)

The new Ingest Actions functionality provides granular controls for filtering, masking and routing of data in motion within the Splunk Platform or to external AWS S3 storage.

“What this effectively lets customers do is perform operations on data at the edge before it gets ingested into Splunk, so you can redact, filter and route different information from your logs before they actually get ingested,” Fort said.

New Data Storage And Search Capabilities

Splunk Enterprise 9.0 also extends data “cold storage” beyond AWS and GCP to Azure with the new SmartStore for Azure, a capability the company said can help self-managed Splunk Enterprise customers reduce operating costs by up to 70 percent.

Splunk has also expanded the Federated Search functionality within its platform, which will enhance and simplify security investigation and search operations across hybrid cloud environments by providing users and administrators with a comprehensive view of their entire Splunk ecosystem.

“We‘ve talked about federated search for a while, which allows you – from a single command line – to search across multiple Splunk indices,” Fort said. While Federated Search is now generally available, the company is also previewing Federated Search for AWS S3, technology that allows users to extend the reach of the search tool into non-Splunk data sources.

Also now generally available is Splunk Assist, a fully managed cloud service within Splunk 9.0 that leverages cloud deployment data to provide businesses and organizations with insights about their security environments.

Splunk For DevOps

Splunk also launched Splunk Log Observer Connect, which makes it possible to visualize all data in a single place using the capabilities of the Splunk Cloud Platform and Splunk Observability. The company said the new technology enables site reliability and DevOps engineers to access metric, trace and Splunk Cloud log data in a single interface.

Also making their debut at the .conf22 event are Anomaly Detection Assistant, which helps security analysts, IT operations managers and DevOps engineers use machine learning to investigate potential problems; new risk-based alerting capabilities in Splunk Enterprise Security for enforcing zero trust security policies and prioritizing incidents; and Splunk Incident Intelligence, currently in preview, which helps DevOps teams investigate system performance incidents.

While Splunk is particularly focused on security and observability applications for its data platform, the Splunk technology portfolio can be used for a wide variety of data-centric use cases. The company said it continues to enhance its Splunkbase site with more than 2,500 purpose-built applications and integrations – many from the company’s 2,400 channel partners – that work with the Splunk system.

Splunk is also previewing Splunk Cloud Developer Edition, a developer tool set that will help developers more easily build and test applications for the Splunk Cloud Platform.