Splunk Advances Machine Learning Capabilities

Splunk is expanding machine learning capabilities across its product portfolio with the release of Splunk Enterprise 7.0, Splunk IT Service Intelligence (ITSI) 3.0, Splunk User Behavior Analytics (UBA) 4.0 and updates to Splunk Cloud.

Splunk has also introduced an updated suite of solutions that apply analytics and machine learning to fraud and cloud monitoring use cases. The announcements were made at .conf2017: the 8th Annual Splunk Conference.

Data today is understood to provide a strategic advantage and organizations are looking for the fastest, most efficient way to turn data into answers, said Richard Campione, chief product officer, Splunk.  With machine learning and metrics advancements that can be used by a wide variety of individuals and roles, Splunk Enterprise 7.0 and Splunk Cloud deliver mission-critical answers faster and more easily than ever before, he added.

According to Splunk, support for metrics accelerates monitoring and alerting by at least 20x, and optimizations to core search technology deliver 3x speed improvement. With these enhancements, customers can use the Splunk platform to predict future IT, security and business outcomes through integrated machine learning techniques backed by powerful, extensible algorithms. These machine learning advances enable users to collect, prepare, transform, explore, visualize and publish data insights.

Splunk also announced new machine learning capabilities for its existing premium-packaged solutions, including:

Splunk ITSI 3.0 which applies service context, including dependencies, to events and employs machine learning to reduce the noise of alert fatigue and surface only the most critical information; Splunk UBA 4.0 which enables customers to create and load their own machine learning models to identify custom anomalies and threats via Splunk UBA’s new software development kit (SDK);and an updated Machine Learning Toolkit that is free to any customer.

With increased demand for premium-packaged solutions, Splunk is also announcing new and updated solutions to tackle specific customer security needs in security and IT operations. These include Splunk Enterprise (ES) Content Update, a new subscription service that offers pre-packaged security content to Splunk ES customers; Security Essentials for Fraud Detection, a free Splunk app that guides customers on how to use Splunk to identify and investigate different types of fraud, including healthcare, payment card and transactional fraud;  Splunk Insights for AWS Cloud Monitoring, also available in the Amazon Marketplace, which provides organizations with an analytics-based approach to cloud monitoring; Splunk Insights for Ransomware, a solution priced per user that provides organizations with real-time insights for proactive assessment and rapid investigation of potential ransomware threats; and Booz Allen Hamilton Cyber4Sight for Splunk, a solution that gives security analysts and threat hunters actionable threat intelligence.

Splunk is also previewing two new future technologies at  its .conf2017: Splunk Project Waitomo, a new infrastructure monitoring solution that unifies logs and metrics, delivering integrated machine learning for alerts, trends and investigation; and Splunk Project Nova: An API-based logging-as-a-service solution, targeting developers and DevOps practitioners.

The company wants to continue helping IT improve its responsiveness and ability to drive sound decisions, explained Priya Balakrishnan, director of product marketing and IT Markets at Splunk. Splunk's goal is to have IT use ITSI as the central hub for monitoring.

"We want to help reduce their incidient turn around time, we want to help them really eliminate some of the repititve and manual data cleansing, streamline the automation and recovery of some of the issues and problems they have," Balakrishnan said. "These are some of the things we want to help IT organizations with." 

Splunk Enterprise 7.0 is currently available with Splunk ITSI 3.0 and UBA 4.0 available in October. The new version of Splunk Cloud will be available by January 2018.

For more information, go to