Splunk Dives Deeper into Streaming Data Analytics

Splunk today extended its reach into the realm of streaming data analytics via updates to a portfolio of tools and services that collectively enable organizations to more efficiently and securely process and analyze data in real-time.

The latest release of the Splunk Data Stream Processor (DSP) adds the ability to collect data in a single unified location to provide better visibility. DSP 1.1 also now allows organizations to mask customer or sensitive information on the stream and then route data to different locations within their organization while being able to guarantee that data has not been viewed, for example, by an application developer.

See also: Continuous Intelligence to Benefit from Streaming Analytics Boom

At the same time, Splunk has updated the Splunk Machine Learning Toolkit (MLTK) to provide a simplified, customizable interface that is more accessible to less technical users, says Josh Klahr, vice president of core products for Splunk.

Version 5.2 of MLTK provides visualization capabilities along with a family of Smart Assistants that users can employ to create workflows and commands for machine learning algorithms.  This toolkit enables users to more easily build models to address, for example, forecasting, clustering, and outlier detection.

Splunk has also updated its mobile application portfolio to add support for mobile device management (MDM) platforms from MobileIron and AirWatch. Known as Splunk Connected Experiences, these applications are becoming more critical to IT organizations that now need to be able to access Splunk applications remotely, notes Klahr.

Finally, Splunk has made available Splunk IT Service Intelligence (ITSI) 4.5 for Splunk Cloud to centralize monitoring and is now making Splunk Cloud available on the Google Cloud Platform (GCP).

Adoption of DSP is on the rise because organizations are finding that IT teams and end-users alike need to be able to analyze and react to events in near real-time, says Klahr. There’s not always enough time to index data.

“Data doesn’t always live in a Splunk index,” says Klahr.

DSP at its core is a collection of open-source Apache tools such as Kafka, Flink, and Pulsar that Splunk has curated to create a unified platform that enterprise IT teams can more easily consume, notes Klahr. That platform has become more important in the wake of the economic downturn brought on by the COVID-19 pandemic as organizations begin to more aggressively deploy digital business applications to engage end customers that are likely to be working from home whenever possible. In fact, in many cases, no one is quite sure if employees might ever be returning to a traditional physical office.

Whatever the path forward, the one thing that is certain is increasingly large amounts of data will need to be analyzed and acted upon at speeds that are not possible for humans to do on their own. As that transition accelerates, reliance on legacy batch-oriented applications to analyze historical data should decline as more analytics capabilities are embedded within event-driven applications. That doesn’t mean batch-oriented applications will disappear. There will always be a need to analyze historical data. However, the bulk of that data that drives a digital business every day will clearly need to be increasingly processed in real-time to drive meaningful customer interactions.