Splunk expands its AI Assistant in observability, security push

A screen showing the three kinds of Splunk AI Assistant live onstage at Splunk .conf24.
(Image credit: Future/Rory Bathgate)

Splunk has announced a series of new generative AI Assistants within its security and observability portfolios aimed at simplifying data analysis and helping customers boost resilience across through natural language queries.

The new AI assistants, unveiled live at .conf24 in Las Vegas, sit within Splunk’s Observability Cloud and Security platforms. The assistants can be used to leverage insights on data through natural language processing (NLP), as well as provide recommendations for improving variables within a user’s environment or alleviating errors.

In a demonstration during the day-two product keynote, attendees were shown an admin asking the AI Assistant in Observability why an error was showing up on their Splunk Cloud console. In response, the chatbot identified a specific Kubernetes cluster and provided a recommendation for fixing the issue.

The firm linked this to its newly published research on downtime, which found that outages cost the top 2,000 firms $200 million per year on average but that those who invest more into observability and AI suffer far less than their counterparts.

Splunk AI Assistant in Security can summarize security alerts, perform security searches based on natural language inputs, and produce incident reports to save analysts time in the wake of a cyber incident.

“We all know analysts hate writing up these reports of all the steps that they took, what were the findings, etc,” said Mike Horn, SVP and GM of security at Splunk at the day-two product keynote.

“So that auto-generation is going to save a ton of time on work that they don't like to do.”

While the AI Assistant in Observability Cloud is available now in private preview, the AI Assistant in Security will only become available in private preview in August.

Bringing natural language to Splunk

James Hodge, GVP and chief strategic advisor EMEA at Splunk, told ITPro that the firm sees “a massive benefit to natural language”, as it allows users to “translate intent from language into an analytical query”.

He added that this improved user experience is needed to keep humans in the loop by design and down the line could help address cyber security skills shortages.

“Transformation doesn’t happen when an executive stands on stage and says ‘Here’s my 2030 vision’. Transformation happens on the frontline, with people making micro-decisions every day,” Hodge said, noting that AI can help standardize decision-making and lower the barrier to entry for security and observability.

Audra Streetman, security strategist at Splunk, told ITPro that conversational AI models can already play an important role in reducing the strain on security teams and allowing them to focus on more important tasks. For example, in her experience shadowing Splunk’s Security Operations Center (SOC) team, Streetman said she saw the usefulness of internal AI use firsthand.

“A lot of them mention the ability to summarize reports as something that they would really appreciate because that takes up a lot of their time and mental energy,” she said.

“But I also noticed that today, they're using our AI Assistants quite a bit to help with their queries to make them more efficient, or to document their queries so that if anyone else is looking at a detection, they can see what does this do because they just comment out each line of the, of the query to say, ‘this is what this line does’. 

“It's really helpful, especially if you're not quite as familiar with the command or a method of searching within Splunk, and I see them use that quite a bit.”

A screen on stage at .conf24 showing AI Assistant in Enterprise Security, with a visual breakdown of the features of the AI Assistant.

(Image credit: Future/Rory Bathgate)

Splunk first unveiled its AI Assistant at .conf23, with the chatbot able to produce commands in Splunk Search Processing Language (SPL), which is used to run searches across its platform. The new upgrade further removes the need for manual user processing by turning prompts directly into results.

To achieve these new features, Splunk has moved on from its Text-To-Text Transfer Transformer (T5) model which has powered the Splunk AI Assistant since it was first announced.

“One of the things we were after as a benchmark for ourselves was to prove that we could take the domain knowledge we have and usage through the preview program of the Splunk AI Assistant to increase the training efficacy and improve the set of algorithms we used underneath,” said Casey, in response to an ITPro question.

“I'm really pleased to say that the new AI platform and the updates that we've made now make that higher efficacy response around the generation of SPL and the execution of analytic searches in Splunk than you can do with GPT-4. That's done with the combination of algorithms that are sitting underneath.”

Splunk confirmed to ITPro that Splunk AI Assistant for SPL supports English, French, Japanese, and Spanish at present, while the AI Assistants in Splunk Observability Cloud and Security only support English.

Splunk’s AI trajectory under Cisco

Many of Splunk’s new announcements on AI lean on its newfound integration with Cisco’s product platform. But Splunk has repeatedly emphasized that this will not impact on its existing AI plans such as its vendor-agnostic approach to models.

“I think we’ve made remarkably fast progress on integration of AI and that’s only possible because we have a shared purpose, a shared vision, and a shared culture,” said Tom Casey, SVP and GM of products and technology at Splunk, in response to an ITPro question in front of assembled media.

“Users need the general chat experience through the Cisco AI Assistant to help them with their everyday work wherever they are. You might be sitting in a Webex session and we're having a conversation and you're worried about something, how a service is performing. We should be able to ask the Cisco AI Assistant and it should be able to tell us."

Moving forward, Casey said that Splunk’s approach to AI would expand rather than change under Cisco.

“The strategy doesn’t change with Cisco, it just gets better, because we can extend ourselves into the collaboration context of people working in Webex or into the admin console and the experience of a network administrator.”

Casey pointed to new AI Assistant capabilities for AppDynamics, which now ties into Splunk’s platform via Log Observer Connect. Gary Steele, president of Go-to-Market at Cisco and GM at Splunk, told ITPro at Cisco Live 2024 that Splunk will be pivotal to Cisco’s AI plans through this kind of integration.

“The difference in Splunk’s strategy and approach to AI is we think domain-centric AI is important,” said Casey, adding, “we think when you’re dealing with incidents, it’s really about security and observability”.

Casey noted that going forward, Splunk is committed to staying the course on AI that it had charted prior to the acquisition, with added Cisco integrations expanding rather than diverting its prospects. 

This was echoed by Hodge, who told ITPro that Cisco’s acquisition of Splunk would “accelerate” its AI strategy, pointing to big moves the former has already made such as its $1 billion investment in AI firms and its commitment to ‘AI by design’.

“So what you saw with Hypershield was starting on, what do we want to achieve and how can we use AI little ground up rather than retrospectively putting AI on top of it?’. One of the reasons why you're seeing quite a lot of harmony between Splunk and Cisco at Cisco Live and this week is we're both focusing on digital resilience as the outcome.

“We're trying to drive for our customers. We have complementary portfolios, Cisco with that breadth and connectivity and some collaboration, us on more of the operation centers on top.”

A slide showing Advanced AI in Splunk's IT Service Intelligence (ITSI) offering live on stage at Splunk .conf24 in Las Vegas.

(Image credit: Future/Rory Bathgate)

More intelligent, domain-specific AIOps

As part of its wider AI announcements, Splunk also revealed new AI and machine learning (ML) capabilities for Splunk IT Service Intelligence (ITSI), its AIOps and infrastructure monitoring platform.

Customers can tailor AI alerts to be as sensitive or lenient as they wish. Splunk gave the example of a firm using adaptive thresholding 

Hodge said that this in turn can feed into a firm’s broader adoption of AI, helping leaders to assess the risks based on their risk appetite and tolerance for anomalous activity.

“The risk for a gambling company, to a bank, to a healthcare company, to defense is very different for the exact same problem,” he said.

“You can constantly reassess your risk profile and how you’re dealing with it as you implement AI going forwards. So am I getting closer and closer to that threshold but it doesn’t trip? Or do I need to adjust the threshold just below?”

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.