by Thor Olavsrud

Splunk puts machine learning at center of operational intelligence portfolio

Sep 27, 2016
AnalyticsHigh-Performance ComputingTechnology Industry

Splunk is making machine learning capabilities a core capability of its real-time operational intelligence platforms to help companies use predictive analytics to optimize IT, security and business operations.

predictive analytics
Credit: Thinkstock

Splunk, a specialist in collecting and indexing massive volumes of machine-generated data, is integrating machine learning as a core capability of its portfolio of operational intelligence platforms.

“Digital transformation has changed the way that organizations work,” Doug Merritt, president and CEO of Splunk, said in a statement Tuesday. The big secret is that all of the change is underpinned by machine data. Machine learning enables organizations to get deeper insights from their machine data and ultimately increases the opportunity our customers can gain from digital transformation. The enterprise machine data fabric is the foundation for managing and deriving insights from that data at scale — and only Splunk provides the end-to-end analytics platform and ecosystem to support it.”

On Tuesday at .conf2016, the seventh annual Splunk Worldwide User Conference, Splunk announced new versions of Splunk Enterprise, Splunk IT Service Intelligence (ITSI), Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UBA) that leverage machine learning to help companies use predictive analytics to optimize IT, security and business operations.

Splunk says the new capabilities will help operationalize machine data in use cases including:

  • Focused investigation. Identifying and resolving IT and security incidents by automatically detecting anomalies and patterns in data
  • Intelligent alerting. Reducing alert fatigue by identifying normal patterns for specific sets of circumstances
  • Predictive actions. Anticipating and reacting to circumstances such as proactive maintenance that might otherwise disrupt operations or revenue
  • Business optimization. Forecasting demand, managing inventory and reacting to changing conditions through analysis of historical data and models

Splunk Cloud and Splunk Enterprise 6.5, both now generally available, provide custom machine learning for data analysis and preparation. Splunk says customers can use Splunk Enterprise 6.5 to:

  • Harness the power of machine learning with advanced analytics delivered by a rich set of commands and a guided workbench to create custom machine learning models for IT, security and business use cases
  • Simplify data preparation and expand data analysis to a wider range of users through a new user interface and table data views designed for both specialists and occasional users
  • Lower on-premises total cost of ownership through tighter integration with Hadoop, allowing organizations to roll historical data to Hadoop and utilize hybrid search to analyze all their data in Splunk

Meanwhile, Splunk ITSI 2.4, also generally available now, applies machine learning to event data to help organizations find root cause faster and lower the mean-time-to-resolution. Splunk says the ITSI can help organizations:

    • Improve service operations with pre-built machine learning by baselining normal operational patterns to dynamically adapt thresholds, thus reducing alert fatigue, improving analysis and increasing reliability
    • Present real-time service insights and drive decision making by prioritizing incidents through even analytics, like multivariate anomaly detection, supported with business and services context
    • Gain a single view of operations with an intuitive interface

Finally, Splunk says Splunk ES 4.5 and Splunk UBA 3.0 will be generally available by October 31. Splunk ES 4.5 provides a common interface for automating retrieval, sharing and response in multi-vendor environments. And Splunk UBA 3.0 delivers new machine learning models, additional data sources and content updates of use cases. Splunk says the updates will help customers:

      • Improve detection, investigation and remediation times by centrally automating retrieval, sharing and response through Adaptive Response and analytics-driven decision making in Splunk ES
      • Simplify analysis by understanding the impact of security metrics within a logical or physical Glass Table view in Splunk ES
      • Improve threat detection with use case updates in Splunk UBA, and gain targeted detection by prioritizing outcomes generated by packaged machine learning-based anomaly detection

“Splunk supports pre-packaged content and visualizations for a wide variety of use cases, including IT operations, security and business analytics,” Jason Stamper, data platforms and analytics analyst at 451 Research, said in a statement Tuesday. “This is making Splunk-based analytics available to an increasing variety of IT and business users. With a broad integration of machine learning, Splunk provides a comprehensive answer to one of the biggest challenges facing modern organizations: how to harness diverse, prevalent and increasingly profuse amounts of data to gain valuable business insights.”