Splunk has launched new AI tools for its security and observability platform as well as its new Edge Hub for more streamlined edge data analytics.
The Splunk AI Assistant - now in preview - is designed to assist users with the authoring of Splunk Processing Language (SPL) queries.
Generative AI is leveraged via an AI chatbot to write or explain SPL, something the company says will improve time to value and make SPL more accessible.
Mark Woods, chief technical advisor EMEA at Splunk, told ITPro that training for the model behind the generative AI was based on the company’s own knowledgebase and that the limited release preview had been based on the company’s own internal experts.
AI and cyber security
Understand why AI/ML is crucial to cyber security, and its best use cases
Woods’ words stand to reassure customers concerned that sensitive data might turn up in the AI.
He said: “We wouldn’t have any visibility of the actual query that you’re putting in place, nor of any of the data that you are taking”.
As well as the Generative AI tooling, Splunk also previewed ML-Assisted Thresholding to use historical data and patterns to create dynamic thresholds.
Its IT Service Intelligence also features greater detection accuracy, with the Outlier Exclusion for Adaptive Thresholding aimed at detecting and omitting abnormal data points and outliers.
A preview of the OpenTelemetry Collector was also announced, aimed at providing a unified view of an enterprise’s infrastructure and services.
Splunk Edge Hub
The new Edge Hub device was also shown off and is aimed at simplifying the ingestion of data into Splunk’s analytics platform.
The compact device weighs in at just over 600g and designed to be mounted in a variety of customer environments. Splunk envisages customers simply plugging it in and using the device to stream environmental data back for analysis.
Onboard sensors comprise temperature, humidity, light, and sound. The device also features an accelerometer and gyroscope, and it can monitor air pressure and air quality. Typical applications of the latter sensor - according to its manufacturer, Bosch - include spotting unusual gases - indicating a possible leak - and spoiled food detection.
The device also features a screen with a dashboard showing the current sensor readings and can be connected via WiFi, Bluetooth, LTE, or Ethernet. Power is supplied by either USB-C or Power-Over-Ethernet.
The Cortex-based processor within the device - a Verdin IMX8M+ Quad with 8GB of RAM - has sufficient power for collection and collation of data from the sensor suite.
Woods said to ITPro that he expected the device would open customers’ eyes to the data in their OT and IoT environments: “They suddenly start to see the data that they already have all around them”.
“All those functional domain-specific environments, they become really tangible and valuable to customers.”
Who is Splunk’s Edge Hub for?
Woods identified three main user groups for the device. Compared to fitting out an environment with sensors, Splunk feels the Edge Hub represents a relatively low barrier to entry, so the first user group targeted is the one that has yet to use sensors and the data does not exist.
The second group, according to Woods, might have some sensors installed, but the systems are closed and Splunk’s device represents a useful bridge.
Finally, there is the group that is already equipped with sensors in their environment - (Woods cited Mars as an example - and the Edge Hub provides additional resilience or a way to experiment without adding a toll to an operation system.
Splunk said that data from the device could be used as part of its predictive analytics platform to spot anomalies in manufacturing processes as well as detect, investigate and remediate physical threats from a single platform.
The Splunk Edge Hub is US-only for now - although the company plans to roll it out in EMEA and APAC. It is also only available through the company’s partners.
