Splunk unveiled many enhancements to its core platforms along with more comprehensive visibility from edge to cloud and improved admin controls at its .conf23 event happening on July 17-20th in Las Vegas. 

Splunk Enterprise 9.1 and Splunk Cloud Platform enhancements

The recent enhancements in these two platforms empower SecOps, ITOps, and engineering teams to gain visual insights into data flows throughout their entire technology stack. This enhanced visibility promotes greater collaboration among teams, allowing organizations to quickly scale their operations and effectively respond to minimize disruptions.

Ingest Actions now expands capabilities for routing data to multiple, distinct Amazon S3 buckets, enabling greater granularity in data management.  

The new Federated Search for Amazon S3 preview feature provides a unified search experience for data stored in Amazon S3 buckets. With this feature, users can search and access the data without needing to ingest it into Splunk. Additionally, the integration with Ingest Actions and Edge Processor enhances data movement across Splunk instances and third-party data lakes. This capability allows customers to avoid latency issues and unnecessary charges while effectively searching and utilizing their data.

Also, Edge Processor featuring SPL2 now enables data ingestion and export to Splunk using HTTP Event Collector (HEC), making it easier to manage data. In addition, to complement data sovereignty and compliance needs, users can set default destinations per Edge Processor for more flexibility in routing.

Splunk focuses on comprehensive visibility for better detection from edge to cloud

New innovations in the Splunk platform provide deeper, more flexible data management capabilities that give SecOps, ITOps, and engineering teams control over the shape, volume, and destination of data. 

To achieve greater visibility from the edge, Splunk has partnered with Edge Hub Central and introduced the Splunk Edge Hub. This solution captures data from sensors, industrial equipment, and IoT devices in physical environments and streams it to the Splunk platform for analysis.

The Splunk platform has introduced enhancements that make accessing and organizing data at the edge more convenient, leading to a reduction in data noise. 

One notable improvement is that Splunk’s cloud-based data pre-processing capability, introduced in Q1 2023 on Splunk Cloud Platform, now supports data ingestion and export using HTTP Event Collector (HEC).

Enhancements to Ingest Actions are available on both Splunk Enterprise 9.1 and Splunk Cloud Platform, and these enhancements allow for more granular data management during ingestion. Users now have additional options for routing specific data sets to multiple Amazon S3 buckets. Furthermore, they can preview a near-live stream of data while creating rulesets.

These advancements enable users to effectively manage and optimize data processing at the edge, leading to improved data organization and reduced noise in their data sets.

Splunk announces Improvements to existing admin tools

Splunk Admins will have early access to a preview feature called Cross-Region Disaster Recovery, specifically designed to enhance business continuity and resilience. 

This feature will be available for Splunk Cloud Platform on US-East AWS stacks. It enables users to failover to standby regions in the event of an active region failure in AWS. By leveraging this capability, customers can ensure the continuous monitoring of mission-critical services and avoid non-compliance penalties, thereby enhancing their digital resilience.

Splunk has made additional enhancements to existing Admin tools, aiming to reduce troubleshooting efforts and improve investigation speed with enhanced accuracy. 

The introduction of health and maintenance dashboards allows for better monitoring and management of performance in your Splunk Cloud Platform deployment. Splunk Assist can easily identify outdated apps that may pose security risks using Splunk Assist, streamlining app management. Access Control and Permissions gained new options for sharing searches as a job or query.

Additional details on all of the new features are available here.