Major Announcements From Splunk .conf22 Bring Observability and Security to the Forefront

Observability and security have come to the forefront of IT service delivery, a convergence that was long overdue. This was the urgent theme of the 2022 Splunk conference in Las Vegas.

I had the privilege of attending the Splunk .conf22 as an analyst. Below are some noteworthy announcements and their potential impact for enterprises. My apologies for the delayed capture here: It has been a busy event season, and I have been parsing the big themes and trends for prospects and buyers.

Like Peanut Butter and Jelly, Observability and Security Go Together

When a service goes down, it takes time to figure out when it went wrong, what went wrong, why it went wrong, and what to do to fix it. This is where observability practices and solutions help DevOps/ IT support/site reliability engineers (SREs) to figure out the when, what, and why, and incident management helps to fix it. If it is an operational incident, then DevOps, SREs, support teams, and incident response teams need to engage to quickly mitigate the situation and get IT running normally for the business as soon as possible. If it is a security event, then security teams need to engage to protect vital data and system assets.


Observability, AIOps, and Incident Management all play a major part in identifying and fixing an incident as soon as or sometimes even before it happens. I recently analyzed 11 vendors that provide offerings in this area called Incident Management in the Cloud Era Market Overview report, which can be found here


Observability depends on full fidelity, high-quality data

Splunk has been in the Observability space for many years now. What is different compared to some of the other vendors is that Splunk realizes data need to be consumed the way the customer provides it. Some of the announcements about full-fidelity data, never losing any IT operations data ever, federated search across hybrid and cloud locations and usage of cheap storage options such as Amazon S3 were all major announcements that set Splunk apart.


Splunk realizes data will not live in a single location and is taking steps to cope with distributed data. The vendor put together a compelling infrastructure operations strategy to help large customers— highly scalable, high-fidelity data; data shareability across teams (both operations and security); automatable incident intelligence; and so forth. With the combination of SignalFx, Omnition, SplunkInfrastructure Monitoring, Splunk APM, Splunk Real User Monitoring (RUM), Splunk Log Observer, Splunk On-Call, Splunk Observability Cloud, Rigor, and Plumbr, the vendor has assembled a solid set of tools. This combination can appeal to security operations center (SOC), network operations center (NOC), DevOps, IT service management (ITSM), DevSecOps, and SRE teams and potentially can enable them to all work together.


Splunk offers a decent set of AIOps use case implementations such as forecasting, predictive analytics, outlier detection, and event clustering. I would like to see a lot more AIOps use cases as Splunk continues to mature. You can find a full set of AIOps use cases in my recent report A CIO’s Guide to AIOps.


The Bottom Line: Customers Are One Incident Away From Bankruptcy

Fast-moving innovation comes with reliability problems for any digital enterprise. As I have written before, enterprises should be more prepared than they are to deal with major incidents. It is only a matter of time before an incident happens. Splunk is one of the few vendors that serve both the innovation and the reliability sides of the equation. By providing high-fidelity observability data, along with removing the barriers between findings and action, the vendor helps customers achieve faster digital innovation.


Splunk, with its large ecosystem and implementation partners, is a company to watch. If you are in the market for observability, AIOps, and incident management solutions, Splunk definitely is worthy of consideration.


To get my full view of all their major announcements and my deep analysis can be found in this 12-page report here (Free for Constellation subscribers).

Random Musings from the conference

  • I kept hearing .com constantly, which reminded me of circa 2000 until I figured out that they were losing the “f” from .conf!
  • Those opening dancers with light, song, and dance sequence was one of the most mesmerizing dance sequences that I have ever seen. I was really in awe after watching the show. It took me a while to recover from tweeting and taking pictures of it 😊 Light Balance is a Ukrainian LED dance troupe and an America Got Talent 2017 performer. Watch them at the link here, they are impressive!!!

  • I was told Splunk restricted the in-person attendance to about 5k (though it felt like more) and apparently, virtually 20K people attended.
  • As with many events, these in-person events seem to be Covid super spreaders so please exercise caution and safety if you attend in person!
  • As a foodie, I love Vegas events as I get to pig out! Even though I walked 10,000+ steps every day, it still seems to catch up after multiple trips. Need to lose some weight.
  • Splunk has this enviable acronym for their employees/users/practitioners as “Splunkers” which kinda sounds cool!
  • The T-shirt bit from their chief T-shirt officer, Shelly, from Splunk T-shirt co., was a great bit. Splunk if you are listening, I want one of those Invisibili-T shirts!!!
  • Interesting to see the amount of money spent on Formula 1 racing by technology companies - Splunk, Oracle, Dell, HPE, Alteryx, Datarobot, …..the list goes on. The amount of money spent on these is mind-boggling. I don’t get it, but oh well.