© 2019 SPLUNK INC.

Splunk Cloud and

Splunk Enterprise 7.2
Turn Data Into Business Outcomes
 © 2019 SPLUNK INC.

Forward-Looking Statements
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.

The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward-looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved.
 © 2019 SPLUNK INC.

Splunk delivers a holistic approach to turning data

into business outcomes
Any User, Anywhere

IT Security IoT Business Users Developers

Powered by AI and ML

On-Premises
Cloud
Access to Expanding Data Universe
 © 2019 SPLUNK INC.

ANNOUNCING

Splunk Cloud and Splunk Enterprise 7.2

Easily Move any Data to Boost Performance, Scale Limitless Investigation

and from Splunk and Manageability and Exploration

Artificial Intelligence and Machine Learning Powering Splunk Platform

 © 2019 SPLUNK INC.

Splunk Cloud AND Splunk Enterprise 7.2

Analyze Any Data Kinesis Firehose AI & ML Across the Platform
Breakthrough performance, Integration
scale and manageability
508 Accessibility Kfold Validation
Splunk Machine
Splunk Connect Limitless Learning Toolkit
for Docker Investigation and
Exploration
Rolling
Data
Upgrade SmartStore Onboarding
More users
& Workload Logs to Metrics
Password Policy & less SPL
Management Management Splunk Connect for
Kubernetes
& Metrics
Workspace Experiment
Management
PCI and HIPAA Framework
Compliance

Event Annotation

Dynamic Data:
Active Archive
 © 2019 SPLUNK INC.

Splunk Enterprise 7.2

Under the Hood
 © 2019 SPLUNK INC.

Access to Expanding Data Universe

 © 2019 SPLUNK INC.
7.1

Expansive and Integrated Ecosystem

OSS and cloud native technology integrations increase the value of your investment

Online Web
Active Directory Smartphones Intrusion Shopping Cart Clickstreams
Storage and Devices
RSS Prevention

Online
Containers GPS Electric Car Desktops
Servers Services
Location

Energy Call Detail RFID

Packaged Telecoms Firewall Meters Records
Networks
Applications

Custom
Web POS Card
Databases Applications Messaging
Services Reader Twitter

Firehose

Schema on
4+ PB/Day Real Time Mission Critical
Read
 © 2019 SPLUNK INC.
7.2

Guided Data Onboarding

Intuitive interface for getting data into Splunk

► Helps users understand the crucial concepts

related to getting data into Splunk

► Addresses most common data sources:

networking, OS, security (e.g. firewall)

► Data onboarding methodologies tailored to

users’ specific Splunk architecture: single
instance, single search head with clustered
indexers, or Splunk Cloud
 © 2019 SPLUNK INC.
7.0

Metrics and Events

Taking the meh out of metrics
Metrics
Events
• Set of numbers describing a particular process or activity
• Immutable record of discrete events that happen over time
• Measured over intervals of time – i.e., time series data
• Come in three forms: plain text, structured, binary
• Unlike log generation and storage, metrics generation
• Omnipresent–attached to every packet that enters or
and storage has a constant overhead – cost doesn’t
increase with system activities that could result in a leaves a network interface card
sharp uptick in data observability (e.g., user traffic) • Common event sources:
• Common metrics sources: • System and server logs (syslog, journald)
• System metrics (CPU, disk memory) • HEC
• Infrastructure metrics (AWS CloudWatch) • APIs (Twitter, Wunderground)
• Web tracking scripts (Google Analytics) • Application, platform and server logs (log4j, log4net,
Apache, MySQL, AWS)
• IoT Sensors (temperature readings)
Equivalent to
1 metric value

Sample Metric Sample Log

1481050800 os.cpu.user 42.12345 hq:us-west-1
[29/Aug/2017 08:47:05:316503] "POST /cart.do?uid=84e8d742-a31d69&action=remove&&product_id=BS-
2&JSESSIONID=SD6SAL4FF1ADFF9 HTTP 1.1" 200 2569 "http://www.buttercupenterprises.com/product.screen?
product_id=BS-2" "Mozilla/5.0 (Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko)
Timestamp Metric Name Value Dimensions Chrome/57.0.2957.0 Safari/537.36" 98
 © 2019 SPLUNK INC.
7.1

Metrics in Splunk Enterprise

Lightning-fast performance when searching on metrics

► Up to 2,000x speed improvement on the

same log search (workload) versus
Splunk Enterprise 6.6

► All Splunk platform benefits apply:

• Visualizations and alerting
• Role-based access controls
• Data onboarding
• Clustering, scaling and alerting
• Leverage open source for existing sourcetypes
(statsd, collectd)
 © 2019 SPLUNK INC.
7.2

Logs to Metrics
Take advantage of metrics performance by converting your logs to metrics

► Intuitive interface for converting

log events to metrics

► Take advantage near-real-time

performance when searching and alerting on
metrics, as well as the new Splunk Metrics
Workspace
 © 2019 SPLUNK INC.

Breakthrough Performance,
Manageability and Scale
 © 2019 SPLUNK INC.
7.2

SmartStore
Maintain performance and availability while lowering TCO

► Independently scale up/down compute

(CPUs) and data storage based on business
demands
Search

► Automatically evaluates users’ data

access patterns (via app-aware cache) –
placing actively accessed data in local Indexers Storage

storage for real-time analytics; inactive data

moved to low-cost, remote storage
(any S3-compatible environment)
 © 2019 SPLUNK INC.

Classical Architecture

Hot/Warm Cold Frozen

Storage Storage Storage
 © 2019 SPLUNK INC.

Smart Store Architecture

Upload
Eviction Removal
Download

Frozen Hot/Cache Remote Storage

Storage Storage [remotePath]
[coldToFrozen*] [homePath]
 © 2019 SPLUNK INC.

Smart Store Architecture

Upload
Eviction Removal
Download

Frozen Hot/Cache Remote Storage

Storage Storage [remotePath]
[coldToFrozen*] [homePath]
 © 2019 SPLUNK INC.

Smart Store Architecture

Hot/Cache Hot/Cache
Storage Storage
Remote Storage
 © 2019 SPLUNK INC.
7.2

Workload Management
Prioritize analytics workloads based on organizational demands

► Policy-based and admin-controlled

mechanism to reserve system resources
used for ingestion and search

► Ensures most critical indexes, searches

and alerts are completed first (e.g. analytics
on latest product launches)
 © 2019 SPLUNK INC.
7.2

Splunk on Docker
Fast deployments. Easily expandable. Lower TCO.

► Official Splunk Support for Enterprise 7.2

deployments in Docker containers

► All the benefits of Docker…

► Fast deployments

► Easily expand (or contract) Splunk footprint;

onboard new teams and users

► Lower TCO via decreased hardware, OS and

hypervisor requirements
 © 2019 SPLUNK INC.

Empowering More Users

 © 2019 SPLUNK INC.
7.2

Splunk Metrics Workspace

Easily visualize metrics without using Splunk Search Processing Language (SPL)

► Major update within the Search and

Reporting SplunkbaseTM app; compatible
with Splunk Enterprise and Splunk Cloud
release 7.1 and beyond

► Drag-and-drop interface to explore large

volumes of incoming metrics data and
create advanced alerts

► Dashboard panels can be saved and

displayed in your existing Splunk
dashboards
 © 2019 SPLUNK INC.
7.2

Health Report
Real-time health monitoring of your Splunk deployment

► Quickly understand the overall health

status of your Splunk environments

► Customizable, allowing users to set their

own thresholds

► REST-based endpoints easily integrate

with other systems

► Provides a reason, context, and tips to

resolve a unhealthy state
 © 2019 SPLUNK INC.
7.2

Splunk Accessibility Enhancements

Enabling disabled users to get more value out of their data

► Screen reader-friendly UI

► Mouse not required–easily navigate Splunk

with just a keyboard

► Enhanced visual contrast in Splunk UI for

visually impaired users

► Addresses US Federal Government Section

508 standard and Web Content Accessibility
Guidelines (WCAG) for electronic and
information technology accessibility
 © 2019 SPLUNK INC.
7.1

Refreshed User Interface

Crisp and consistent UI spanning Splunk products and Splunk.com
 © 2019 SPLUNK INC.
7.2

Dashboard Dark Mode

One click-way to heighten visual contrast and optimize for NOC/SOC environments
 © 2019 SPLUNK INC.

Accelerate Business Value Through

Artificial Intelligence
 © 2019 SPLUNK INC.

Artificial Intelligence and Machine Learning

Splunk platform is designed for expansive and customizable AI and ML use cases

AIOps Analytics-driven Security Machine Learning

Machine Learning Toolkit

(MLTK)

• Designed for IT and security practitioners • Codeless, step-by-step machine learning

• Machine learning-embedded within products; • Integrates with open source algorithms
users select data sets and adjust the model • Launch inside any Splunk search or query
• Does not require a data scientist • Requires Splunk and analytics expertise

Splunk Premium Solutions Splunk Platform

Out-of-the-box AI and ML experience for specific use cases Customizable AI and ML for all use cases
 © 2019 SPLUNK INC.

1. Splunk Community for MLTK Algorithms on

GitHub enables Splunk MLTK users to share
code and custom algorithms, and get feedback
and tips from fellow Splunk MLTK users, the
Splunk team, and other GitHub community
members.
New with
MLTK 4.0 2. Splunk MLTK Container for TensorFlow
extends the value of Splunk MLTK with additional
contributions and functionality provided by
TensorFlow, the OSS library for high performance
numerical computation.

3. Splunk Machine Learning Toolkit Connector

for Apache Spark allows users to leverage their
own Spark clusters for fitting models on large
datasets using Spark infrastructure vs. the Splunk
Search Head, delivering faster compute on
certain algorithms, easier scaling and high
elasticity. New Spark and Splunk configuration UI
facilitates testing of the Spark connection and set
up. Support for additional MLlib algorithms out-of-
the-box.
 © 2019 SPLUNK INC.

Splunk Cloud 7.2 release

Under the Hood
 © 2019 SPLUNK INC.

The benefits of Splunk as a service

Fastest time Eliminates Maximizes value

to value infrastructure from limited
requirements resources
 © 2019 SPLUNK INC.

Splunk Cloud
The benefits of Splunk as a service
Splunk Cloud delivers the benefits of Splunk Enterprise—the easiest way to aggregate, analyze and get
answers from your machine data—deployed and managed securely, reliably, and scalably as a service

● Go-live fast–In a matter of days, not weeks

Fastest time to value
● Minimize delays and change management processes for upgrades

Eliminates infrastructure ● Expand your Splunk deployment quickly—1TB incremental capacity

requirements available within two days

● Operate premium Splunk solutions—including Splunk ITSI and

ES—at the highest-level of maturity and availability within weeks
Maximizes value from
limited resources
 © 2019 SPLUNK INC.

Splunk Cloud
The benefits of Splunk as a service
Splunk Cloud delivers the benefits of Splunk Enterprise—the easiest way to aggregate, analyze and get
answers from your machine data—deployed and managed securely, reliably, and scalably as a service

● No need to purchase, deploy, and manage infrastructure—you save

Fastest time to value
Eliminates infrastructure
requirements
money (or time) on servers, storage and people
● Redundant environments mean you can feel assured that critical
operations are maintained when you need them
● Adheres to most rigorous security standards
○ Dedicated cloud environment for each customer (single tenant infrastructure for
compute, but not for storage)

Maximizes value from ○ ISO 27001, SOC 2 Type 2, PCI and HIPAA-certified
limited resources ○ Includes encryption in-transit—any data traveling over a network is SSL encrypted by
default

○ Optional encryption at rest—stored data can be encrypted at incremental cost (+15%

increase to Splunk Cloud list price)
 © 2019 SPLUNK INC.

Splunk Cloud
The benefits of Splunk as a service
Splunk Cloud delivers the benefits of Splunk Enterprise—the easiest way to aggregate, analyze and get
answers from your machine data—deployed and managed securely, reliably, and scalably as a service

● Splunk manages about 75% of typical infrastructure management and

Fastest time to value admin tasks so you can transition your teams to doing higher-value
business functions

Eliminates infrastructure ● Low total cost of ownership (TCO), often less than cost of running your
requirements own software

● 600+ Splunkbase apps ready for Splunk Cloud deployments—ready-to-

use analytics, alerts, dashboards, and visualizations
Maximizes value from
limited resources
 © 2019 SPLUNK INC.

Dynamic Data
Retain infrequently accessed data to meet compliance requirements.
Easily resurrect to search when required.
Dynamic Data: Active Archive

• New with Splunk Cloud release 7.2

• Move less-frequently accessed data
to cost-effective, Splunk-managed Splunk Cloud:
Active Searchable Dynamic Data:
data archive Active Archive Dynamic Data: deleted data
• Easily restore data into Splunk Cloud Self-Storage
Index 1 30-day retention

Index 1 3 years
Dynamic Data: Self-Storage
Index 2 90-day retention
• Introduced with Splunk Cloud
release 7.1
• Tiered data storage service Index 3 365-day retention
empowers you to move data from Index 3 permanent
Splunk Cloud to your own Amazon
S3 environment
• Data no longer accessible via
Splunk Cloud
 © 2019 SPLUNK INC.

Splunk Cloud Regulatory Compliance

Confidently navigate sensitive data while maintaining compliance, without the
overhead
► New Splunk Cloud SKU featuring:
• Splunk Cloud subscription with HIPAA or
PCI compliance
• Encryption at Rest
• Splunk Standard Success Plan
► Assurance Splunk Cloud will manage customer data in
accordance with strict regulations:
• Health Insurance Portability and Accountability Act (HIPAA),
the standard for US-based organizations that deal with
sensitive patient data
• Payment Card Industry Data Security Standard (PCI DSS),
standards designed to ensure organizations that accept,
process, store or transmit credit card information maintain a
secure environment
 © 2019 SPLUNK INC.

Customer Support and Professional Services

More flexibility for mission critical use cases
From baseline to
mission-critical,
Premium
Splunk offers a variety of
support and services
levels to address
evolving business needs Standard

Base

Splunk Professional Services Splunk Customer Success Splunk Support

Professional Service levels
Consistency across designed to provide increasing
Splunk Services service, from adoption
assistance and acceleration to
onsite implementation
Customer Success levels
aligned with the degree of
consultation customers require
to configure their unique
Splunk environments
Scaling up to support mission critical
workloads with multiple support
levels featuring varying response
time guarantees, and a range of
direct access commitments to
Splunk Support professionals
 © 2019 SPLUNK INC.

ANNOUNCING

Splunk Mobile
Secure Encrypted Push Notification Push-Button Event
Access to All Data Alerts Remediation
 © 2019 SPLUNK INC.

Cloud Firewall
Gateway
Service

Splunk
Cloud
Gateway
Mobile TLS + E2E On-Prem
Encryption Mobile Cloud
Gateway Connect
 © 2019 SPLUNK INC.

Splunk Augmented Reality

 © 2019 SPLUNK INC.

DEMO
Experience Splunk Cloud and Splunk Enterprise 7.2
 © 2019 SPLUNK INC.

Thank You.