Splunk expands Observability portfolio

Get a free Techzine subscription!

New capabilities in Splunk’s Observability offering should give developers (among other personas) even greater insight into application performance and any issues that need to be resolved.

DevOps teams have been a little busier in the past few years than they were before that. Having a good understanding of the performance and challenges posed by applications and related processes has only become more important. That’s what Splunk is focusing on with its relatively new Observability Cloud. To ensure that new (and existing) applications function optimally, from the front-end to the back-end, and thus provide an optimal user experience, insight is necessary. This goes beyond classical monitoring and APM, where you often don’t get the finesse you need.

You could see observability as the basis for modern monitoring. Without all the components being well understood, you can’t monitor effectively. You use all sorts of data to achieve this. Besides logs you can also think of traces and metrics, including OpenTelemetry data. Observability means that you get insights into what that data actually says about the performance of applications.

New observability features

Splunk’s Observability portfolio doesn’t just focus on new code that DevOps teams are working on. Existing applications also get the necessary attention. One example is the new AlwaysOn Profiling for Splunk APM, introduced today at .conf21. This allows you to gain insight into the performance of an existing (monolithic) application at the code level. The idea is that it allows you to track and resolve any bottlenecks. In addition, you can use it to see if there are opportunities in the area of optimization and cost savings. Staying with Splunk APM for a moment, we also see an improved Database Visibility component. This allows you to detect slow queries to databases fully automatically.

Splunk RUM for Mobile Applications focuses on how end users use an application in practice. In this case, as the name implies, it is about mobile applications. This new feature was already in preview, but is now generally available. It provides performance monitoring and troubleshooting for mobile applications on iOS and Android. With the general availability of Splunk Observability Cloud for Mobile, engineers and developers can respond to incidents from a mobile device.

More integrations

Splunk obviously has more business components than just observability. Linking observability to those parts can also add the necessary value. Hence Splunk’s announcement of an integration between Splunk Log Observer and Splunk Enterprise. This new feature is currently in preview. The idea behind it is that you can now use the Observer interface to explore and troubleshoot all logs in the Splunk platform. As a customer, you can now centrally work with your log data and make important connections that you might have missed before.

In the end, what Splunk does is not just about collecting data, but mainly about quickly turning this data into insights and actions. Hence Splunk comes with new out-of-the-box dashboards. You can get started right away after initial installation. With Splunk Infrastructure Monitoring AutoDetect you can also immediately detect deviations in your infrastructure. This also speeds up the on-boarding of the Splunk platform if all goes well. The Splunk App for Content Packs further provides users with the tools they need to get started quickly. The app includes searches and dashboards for commonly used IT infrastructure, apps and services. Examples include Microsoft 365 and third-party APM tools.

All in all, quite a lot of new stuff in the observability area, then. What is interesting to us is that Splunk is already looking past observability within the code of applications. A feature like Splunk Infrastructure Monitoring AutoDetect indicates that the software can do more. Ultimately, that’s what customers expect. Since Splunk can access the data anyway, it’s pretty logical and probably not extremely complex to add this kind of functionality. Of course, it also makes Splunk as a whole more relevant to customers. And that’s obviously what the company wants most of all.