Splunk, the leading data analytics and monitoring platform, has unveiled Splunk AI during its recent .conf23 event. This suite of AI-driven solutions aims to enhance the company’s unified security and observability platform, making it easier for organizations to detect and respond to threats while maintaining control over AI implementation.
The centerpiece of Splunk AI is the Splunk AI Assistant, which utilizes generative AI to provide users with an interactive chat experience using natural language. Through this interface, users can create queries using the Splunk Processing Language (SPL) and expand their understanding of the platform.
The AI Assistant is designed to optimize time-to-value and increase accessibility to SPL, democratizing an organization’s access to valuable data insights. It empowers teams such as SecOps, ITOps, and engineering by automating data mining, anomaly detection, and risk assessment. This frees up time for more strategic tasks and reduces errors.
Min Wang, CTO at Splunk, emphasizes that Splunk AI innovations combine automation with human-in-the-loop experiences. The goal is to strengthen human decision-making by increasing speed and effectiveness, rather than replacing it. The AI offerings within Splunk AI surface recommendations based on large amounts of information to enhance and accelerate human decision-making in areas such as detection, investigation, and response.
Splunk AI leverages domain-specific large language models (LLMs) and machine learning (ML) algorithms to improve productivity and cost efficiency. The platform allows organizations to integrate their own AI models or third-party tools, demonstrating Splunk’s commitment to openness and extensibility.
As technology infrastructures become more complex and distributed, and talent shortages persist, organizations need tools that enable swift and efficient action without overwhelming their teams. Splunk AI aims to make the jobs of SecOps, ITOps, and engineering teams easier, allowing them to focus on more strategic work and ensure the resilience of their systems.
To enhance alerting speed and accuracy, Splunk has introduced several AI-powered capabilities. The app for anomaly detection streamlines and automates the entire operational workflow for anomaly detection. IT Service Intelligence 4.17 service introduces outlier exclusion for adaptive thresholding, which identifies and excludes abnormal data points. ML-assisted thresholding generates dynamic thresholds that mirror the expected workload, reducing false positives and improving alerting accuracy.
The Splunk Machine Learning Toolkit (MLTK) 5.4 provides guided access to ML technology, enabling users of all skill levels to leverage forecasting and predictive analytics. MLTK can be deployed on top of Splunk Enterprise or Cloud platform, extending its capabilities for outlier and anomaly detection, predictive analytics, and clustering.
To further enhance the integration of advanced custom machine learning and deep learning systems, Splunk has introduced the Splunk App for Data Science and Deep Learning (DSDL) 5.1. This offering allows data scientists and machine learning engineers to leverage GPU computing for compute-intensive training tasks and deploy models on CPU or GPU-enabled containers.
Splunk’s AI-powered offerings optimize domain-specific insights derived from real-world experience, ensuring the most effective models tailored to specific use cases. While generative AI tools are valuable for learning curves and generating new insights, deep learning tools are better suited for embedding purpose-built complex anomaly detection algorithms into security offerings.
With Splunk AI, organizations can harness the power of AI to strengthen their security and observability capabilities. By combining automation with human decision-making, Splunk is paving the way for more efficient and effective threat detection, investigation, and response.
