Skip to main content

Splunk .conf23: All the announcements from the product keynote

Live coverage of Splunk's product keynote at .conf23

Splunk logo on a laptop with a bright pink background in a dark room
(Image: © Getty Images)

Welcome to our coverage of Splunk's product keynote at .conf23, which is due to start at 8:30am PT.

Today's theme is "Let's Build Digital Resilience" and we're expecting customers and leaders to show off the latest innovations from Splunk.


Today's keynote is due to kick off in the next five minutes.

While we're waiting for things to get going, check out our coverage of Splunk's Edge Hub, AI and Machine Learning tools and stay tuned for more updates coming from Splunk's big show... 

And we're off! Taking to the stage after the introductory music video is Tom Casey, Senior Vice President & General Manager, Products & Technology to cheers from a Las Vegas audience, happy to be inside and out of the heat!

Tom tells the audience they have tough jobs keeping IT running and "Splunk is your trusted partner".

The theme is very much building digital resilience with Splunk.

"Security and observability is at the core of our business - it's what we do."

Image from Splunk keynote at .conf23 showing the unified security observability platform building on Security and Observability

(Image credit: Future)

Splunk's Unified Security and Observability platform is on show.

We are fifteen minutes in, and the AI slide has appeared. Splunk is investing in AI and adding to its leadership, according to Tom.

Now Dr Min Wang, Chief Technology Officer, Products & Technology has taken to the stage to applause from the audience and is here to talk AI...

Dr Min Wang on stage at .conf23 with an AI slide in the background

(Image credit: Future)

"We believe that a generative AI can be transformative."

Min Wang: Large Language Models are showing promise, but have limitations in helping users in their day to day job.

The preview version of the Splunk AI assistant is now being announced.

The AI assistant is just the beginning - more is on the way. 

Splunk would like to embed the AI assistant throughout the workflow from summarizing an incident, through querying the data to with natural language to find significant events and suggesting reactions.

Yes, it looks like a slideshow, but this type of assistance would be invaluable. And the human remains in the loop.

Dr Min Wang leaves the stage, Tom is back and has promised live demos (brave!) and introduces Mike Horn, Senior Vice President & General Manager, Security at Splunk.

Mike Horn is here to talk alert fatigue - what is a false positive and what is a real threat.

Mike's theme is Detect - Investigate - Respond.

Mike introduces some upcoming products including a return of the timeline in the incident review page along with auto-refresh to cheers from the audience.

Splunk will be building Logic Loops into SOAR meaning more robust playbooks.

Splunk Attack Analyzer is announced - this is the result of the TwinWave acquisition that brought Mike Horn into the company. 

Mike Horn introduces Mission Control "built from the ground up" to unify SecOps from a single work surface. Cloud only at the moment - on premises coming later in 2023.

Matt Snyder Program Lead – Advanced Security Analytics at VMware and Kavita Varadarajan, Principal Product Manager, Security at Splunk take to the stage to talk how VMware is using Splunk's products.

Time for some on-stage performance showing an unfortunate employee getting phished. Matt is showing off a dashboard showing the attack unfolding.

Matt is showing off SOAR to deal with the incident.

Matt Snyder on Splunk: "Helps us deliver on our goal of being proactive".

Kavita Varadarajan is now showing off how the new tools could increase the productivity of Matt's team. Mission Control is on screen to show the benefits of the single surface approach.

Mission Control includes a free six month SOAR trial.

Kavita introduces Arijit Mukherji Distinguished Architect, Observability at Splunk - this is his fifth .conf.

Arijit is here to talk observability and how to keep systems running 24/7. "To do that you need complete visibility".

A familiar story regarding incidents where your boss, or your boss's boss "helps" a situation by demanding constant updates. We've all been there!

"This is why On Call is an absolute nightmare."

Can Splunk offer some relief?

Arijit Mukherji standing in front of a slide titled "Less On-Call Chaos, Happier Customers" to illustrate Splunk innovations at .conf23

(Image credit: Future)

Arijit is now talking about unified identity and the OpenTelemetry connector - with zero configuration.

Arijit is now announcing the GA of Outlier Detection and the preview of Machine Learning Assistive Adaptive Thresholds.

"It's a mouthful, but will save you a ton of time."

Finally, Arijit is showing off RUM Session Replay to reconstruct end user experiences to understand user issues.

Arijit is now introducing Magnus Lord, Functional Expert, Observability at Inter IKEA for another customer case study. He is joined by Kara Gillis, Senior Director, Product Management at Splunk.

Magnus talks about Splunk Security and the expansion into Splunk observability cloud. He is at pains to point out that Inter IKEA is not the same entity as the retailer with which we're probably all very familiar.

Inter IKEA has never had any downtime (according to Magnus), and uses observability tools to know when and how to scale.

Now for a demonstration of how IKEA spots issues using Splunk Observability Cloud, the hybrid integration platform and detectors to give context to alerts.

Magnus takes the role of an engineer who pushes something to production just before going home for the evening. Who would do such a thing?

The demo shows the change failing and a high-severity "episode" being generated - consisting of hundreds of alerts. Thanks, engineer that went home after pushing that change!  

The demo concludes with deployment being rolled back via a playbook operation and Magnus dealing with the issue the following morning.

Splunk has some good on-stage demos - now try them with conference WiFi!

Kara introduces Faya Peng, Vice President Product Management at Splunk to talk about the Splunk platform.

Faya Peng standing in front of a slide showing an 85% overlap between security and observability at Splunk .conf23

(Image credit: Future)

Faya reminds the audience of the launch of Edge Processor earlier this year to deal with the shape, volume and destination of data.

Federated search for S3 is due to go to GA next quarter (already in preview).

Faya is showing off the Splunk Edge Hub hardware and also the Splunk App for Anomaly Detection.

Faya also announces the private preview of cross-region disaster recovery before introducing a final case study from Carnival Cruises.

Reliability is rather important when it comes to cruise ships!

Alex Tabares, Senior Director, Threat Intelligence, Michelle Garcia, Director, Information Security and Compliance and Ruel Waite Senior Manager, Site Reliability Engineering are now on stage. All are from Carnival.

They are joined by Lizzy Li, Principal Product Manager at Splunk.

After praising the Carnival Cruise experience, we get to the nuts and bolts of how Splunk is used to keep things stable and seamless onboard. Time for another on-stage performance, kicking off a demo on resolving incidents using the Splunk platform.

Again, another set of demos showing the successful usage of Splunk's platform to detect, identify and resolve issues. 

The people lying on loungers on-stage to simulate a cruise look much more relaxed than the presenters.

Carnival's demo ends with the sound of a ship's foghorn. Maybe that could be connected to Splunk's observability platform when a really severe incident occurs.

Tom returns to the stage to round-out the keynote, dressed in a summer shirt with a beach ball. Lizzy is apparently to become the company's new Chief Fun Officer and presented with the beach ball. 

And that's it from the Splunk product keynote. Thanks for following along.

AI and Machine Learning are very much the flavor of the month or even the year at Splunk, although customers will also be pleased to see the return and enhancements of old favorites sprinkled among the new products.

The audience is filing out to attend sessions and hopefully dodging temperatures that Mark Woods, Chief Technical Advisor at Splunk, told ITPro were "trainer melting hot".