3 min

Splunk is adding AI assistants to its Observability Cloud and security offerings. It is also coming out with an assistant for the Splunk Search Processing Language (SPL), the set of commands and functions that make up its own language.

A new week, a new event with new announcements, largely about generative AI. At Splunk .conf in Las Vegas, the company, officially part of Cisco since March 18, is also making a push. Last week during Cisco Live, it already did some “regular” AI news with the Configuration Assistant for Splunk IT Service Intelligence (ITSI). That assistant allows IT admins at organizations to gain insight into the status and health of ITSI objects such as services, KPIs and entities. The idea is that you can use the Configuration Assistant to set the right thresholds and optimize if desired.

The above AI Assistant uses statistical AI/ML. This week at .conf, it’s all about generative AI (GenAI) when it comes to AI. Splunk announces an AI assistant for Observability Cloud, for its security offering and for its own SPL. We briefly outline these below.

AI Assistant for Observability and Security

The new AI Assistant for Splunk’s Observability Cloud gives employees such as Site Reliability Engineers (SREs) and software developers an easy way to detect and investigate issues in their own environments, according to Splunk. Employees can ask questions in natural language, after which the assistant picks through metrics, traces and logs. It then offers the necessary insights that have emerged from this search. Splunk promises that this will help employees solve problems faster and easier. The assistant is also more accessible thanks to the use of NLP in the interface. That means it can be used by more employees because it requires less knowledge.

Like the one for the Observability Cloud, the AI Assistant that deals with security uses GenAI. It does something similar (i.e. provide insights), but is intended for security teams and SOC analysts. It should help these employees with their investigations, including summarizing data from an incident. This assistant also generates security-specific Splunk Search Processing Language (SPL) based on the findings. All this to speed up investigation and ultimately response time.

Splunk AI Assistant for SPL

The last AI assistant we want to talk about in this article is the one for SPL. This should make Splunk’s own language that includes all the commands and specific functions more accessible to customers. In fact, they can ask questions to it in natural language. It allows analysts to perform fairly complex analyses without having to do the query in SPL. In addition, this AI assistant makes existing SPL more manageable for analysts. A link to meaningful documentation provides answers to questions they may have.

This last AI assistant is the most fundamental of the three because it interacts directly with SPL. This closes the gap between human and machine should allow analysts to become more productive and make better decisions faster. That, in turn, should better prepare organizations for the future.

However, the same organizations are gaining a substantial number of AI assistants from a whole host of vendors. We can imagine that this could cause some confusion in the long run. Especially in the field of observability and security, we see more and more overlap or at least interaction. There is a chance that the same people will eventually have to work with both assistants. Down the road, some consolidation of AI assistants is desirable. Ideally, Splunk would build a single AI assistant that can do everything. That’s a lot more manageable and will eventually happen, we expect. Until then, organizations will have to keep a good overview themselves.

Availability

The AI Assistant for Observability Cloud is now available in private preview. The AI Assistant for Security will be available in private preview this August. The Splunk AI Assistant for SPL is generally available to Splunk Cloud Platform customers with AWS starting today.