25 August 2023

12 Hot New Splunk Features and Updates from .conf 23!


The annual Splunk .conf in Las Vegas was a warm one with temperatures over 50 degrees in places. Despite the heat, we were there at the event to take in all the great talks, classes and demonstrations and discuss and share everything Splunk.

As anticipated, this year was packed with a plethora of ground-breaking announcements and exciting new features in the world of cyber security and DevSecOps. From enhancing security to infusing AI/ML capabilities, Splunk has added some new features and updates that will greatly help organisations that have a focus on digital resilience and observability.

Although there is much to cover in more detail, in this post we are going to summarise the 12 best updates from conf, highlighting the most impressive and impactful announcements that are poised to improve how businesses tackle cyber threats and gain valuable insights from their data.

Observability Updates:

  1. OpenTelemetry as Technical Add-on: Demonstrating Splunk’s commitment to open-source standards, the addition of OpenTelemetry as a Technical Add-on improves the functionality of Splunk Observability Cloud and Splunk Cloud Platform integrations. This development simplifies data transmission and offers users a unified view of infrastructure and services, streamlining the process of capturing metrics and traces. Industries that rely heavily on robust data analysis and insights, such as e-commerce and logistics, can significantly benefit from this seamless integration.
  1. Outlier Exclusion for Adaptive Thresholding for ITSI: The latest enhancements in Splunk IT Service Intelligence (ITSI) offer significant improvements to monitoring and troubleshooting functionality. The ML-driven outlier detection feature now allows users to detect and omit historical outliers from calculations, resulting in better detection accuracy. With the Content Pack for Monitoring and Alerting, users can perform side-by-side analysis and tuning of KPI (Key Performance Indicator) thresholds and historical views. This improvement ensures that industries reliant on stable and reliable systems, like finance and telecommunications, can proactively address performance issues.
  1. New ML-Assisted Thresholding for ITSI: To empower IT teams with a more intelligent approach to monitoring and alerting, Splunk introduces the new machine learning-powered Assisted Thresholding tool. Leveraging historical data and recognising patterns, this tool enables users to create dynamic thresholds with a single click, ensuring accurate alerts regarding the health of their environment. As a result, organisations in sectors like healthcare and online services can enjoy enhanced system health monitoring, minimising downtime and ensuring optimal performance.
  1. APM Service Centric Views: As businesses increasingly rely on the seamless performance of their applications, the APM (Application Performance Monitoring) Service Centric Views feature emerges as a critical tool for engineers. Currently in private preview and soon to be available in a Splunk instance near you, these new dashboards offer engineers a comprehensive, centralised view of service performance. By covering all services in one place, engineers can quickly identify errors or bottlenecks in service infrastructure that may cause performance issues. In addition, visualisations of the health of all third-party dependencies provide a holistic view of application performance. Industries dependent on app performance, such as software development and online services, stand to gain the most from these insights.

Security Updates:

  1. Splunk Mission Control: The introduction of the new and improved Mission Control console marks a major milestone for threat detection, investigation, and response. Bringing together SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), threat intelligence, and analytics, this all-encompassing platform equips security professionals with a single worksurface to streamline workflows, automate manual tasks, and conduct event investigations more efficiently. For industries that prioritise rapid threat detection and incident response, such as finance and healthcare, Splunk Mission Control could prove to be a game-changer.
  1. Splunk Attack Analyzer: This newly integrated tool for Splunk SOAR, formerly known as TwinWave, revolutionises the way security professionals combat sophisticated cyber threats. Attack Analyzer utilises cutting-edge functionality to automate the analysis of malware and credential phishing attacks, enhancing the speed and accuracy of investigations. By rapidly unpacking and understanding the techniques employed by attackers while evading detection, security teams can stay one step ahead in industries with high-value assets or sensitive data.
  1. Splunk AI Assistant: In a preview launch, Splunk’s AI Assistant showcases the next step in their extensive AI roadmap. This innovative feature infuses AI functionality across the platform, making data access and analysis more intuitive. With the AI Assistant, users can interact using plain English prompts, which the assistant then translates into search queries, providing a more conversational and user-friendly approach to data exploration. This empowers organisations to leverage the full potential of Splunk without the need for extensive technical expertise, thereby reducing the learning curve involved in data-driven decision-making.
  1. Splunk App for Anomaly Detection: For SecOps teams, the Splunk App for Anomaly Detection is a boon. By simplifying and automating anomaly detection workflows, this app helps teams better manage and operationalise the discovery of abnormalities in time-series datasets. Its ability to detect seasonal patterns and automatically determine optimal parameters using machine learning, without requiring manual inputs, makes it an indispensable tool for industries dealing with complex and time-sensitive data, such as manufacturing and IoT.
  1. Splunk Machine Learning Toolkit (MLTK) 5.4: The latest version of MLTK enhances guided access to machine learning technology. With features like the introduction of the Multivariate Outlier Detection algorithm and the option to import pre-trained ONNX models, organisations across diverse sectors can harness the power of machine learning for data-driven decision-making. Whether it’s identifying anomalies, predicting future trends, or optimising operations, MLTK 5.4 empowers users with valuable insights and opens new opportunities for innovation.

Platform Updates:

  1. Edge Processor featuring SPL2: Recognising the importance of efficient data management at the edge of networks, the Edge Processor introduces new capabilities. Supporting the ingestion and export of data to and from Splunk using HTTP Event Collector (HEC), this powerful data processing tool provides users with greater flexibility and convenience in their data management tasks. Additionally, the ability to set default destinations per Edge Processor empowers users with the flexibility to meet various data sovereignty and compliance needs. Industries with remote operations can capitalise on these features to optimise their data management at the network edge.
  1. Ingest Actions: To meet the ever-increasing demand for greater data visibility and visualisation, updates to Splunk Enterprise 9.1 and Splunk Cloud Platform bring significant enhancements. Among these updates is Ingest Actions, a feature that expands routing capabilities, enabling data to be channelled into multiple distinct Amazon S3 buckets. This enhancement empowers users with greater granularity when managing their data, making it easier to scale up with minimal disruption. For start-ups and digital marketing companies experiencing rapid growth and handling large volumes of data, Ingest Actions is a crucial tool for maintaining a seamless data management process.
  1. Federated Search for Amazon S3: Designed to cater to AWS customers, Federated Search for Amazon S3 delivers a unified search experience for data at rest stored in S3 buckets and other third-party data lakes. This feature enables users to access and search data at rest through the integration without incurring latency or data transfer charges. As businesses increasingly rely on multiple data storage systems, this upgrade offers significant benefits, especially for industries that deal with diverse and vast datasets, such as research institutions and cloud-based services.


In conclusion, the advancements unveiled at .conf 23 demonstrate Splunk’s commitment to fostering closer collaboration and building greater digital resilience for tech teams, no matter how complex or unique the use case. Splunk’s integrated Security and Observability Platform, powered by Splunk AI, empowers teams to work together and make their systems secure and reliable.

Are you ready to explore these new features and discuss how they can elevate your Splunk environment? Get in touch with Apto Solutions today to learn more and discover the potential of these updates for your business and how we can help you do more with your data.

Stay updated with the latest from Apto

Subscribe now to receive monthly updates on all things SIEM.

We'll never send spam or sell your data, see our privacy policy

See how we can build your digital capability,
call us on +44(0)845 226 3351 or send us an email…