SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key use cases for Security, Observability, Industries, AI, and Cisco. We also host valuable data source and data type libraries, Getting Started Guides for all major products, tips on managing data more effectively within the Splunk platform, and many more expert-written guides to help you achieve more with Splunk. 

In this month’s blog we're featuring three topic areas that have seen major new content drops. First, we're exploring the power of SPL2 with a trio of new articles that show you practical ways to put this evolved search language to work. Next, we're diving into new content on integrating Splunk AppDynamics into your observability strategy. And finally, we're sharing a pair of articles that take the pain out of SAML authentication configuration and troubleshooting. Plus, as always, there's plenty more new use cases to explore. Let's get into it! 

Putting SPL2 to Work 

SPL2 represents the next generation of Splunk's search processing language, and we know many of you are eager to understand how it can solve real problems in your environment. This month, we've published three articles that go beyond syntax tutorials to show you SPL2 in action across different scenarios. 

• Using SPL2 to improve incident investigation and root cause analysis addresses a pain point familiar to many security analysts: juggling too many tabs, struggling to collaborate, and dealing with fragmented workflows. This article introduces SPL2's modules - centralized investigative notebooks that let you organize multiple searches in one place, chain them based on results, add notes for context, and share them with colleagues. 

• Using SPL2 for role-based access on indexed data tackles a tricky governance problem: how do you give different teams the data they need from a shared index without exposing PII, and without costly double-indexing? This article shows how SPL2's views let you filter, mask, and permission data at a granular level, so the right people see the right fields without touching the underlying index. 
• Using SPL2 to conduct data quality analysis and validation addresses the challenge of corrupt events and unexpected data degrading your analysis. This article shows how SPL2's data types let you define strict format and value expectations. You can share these definitions across your organization and apply them throughout your data pipeline to catch quality issues at the point of ingestion. 

Whether you're just starting your SPL2 journey or looking for new ways to apply it, these articles provide hands-on guidance you can put into practice today. Let us know in the comments below what other SPL2 scenarios you'd like us to cover! 

Better Observability with AppDynamics 

For organizations running both Splunk AppDynamics and Splunk Observability Cloud, understanding how these tools work together is essential. This month, we've published two articles that address this from different angles. 

Evolving your agent ecosystem between Splunk AppDynamics and Splunk Observability Cloud introduces the AppDynamics Combined Agent - a single package bundling both AppDynamics and Splunk OpenTelemetry agent code. It lets you choose from three modes: AppD mode, dual mode (for side-by-side evaluation), or Splunk mode (for full migration). This eliminates the traditional "rip and replace" risk, giving you a low-disruption path to evaluate or transition between platforms at your own pace. 

Integrating Splunk ITSI with Splunk AppDynamics for unified business performance monitoring tackles the problem of too many disconnected monitoring tools, which creates alert fatigue and extended root cause analysis times. This article walks you through consolidating AppDynamics alerts into ITSI episodes, using service metrics to identify issues by severity, and using deep links to drill directly from ITSI into the relevant AppDynamics entity down to the code-level call graph where you can pinpoint the exact bottleneck. 

Together, these articles provide practical paths for getting the most out of your combined Splunk and AppDynamics investments. Drop a comment below if you’d like to see more articles covering these integrations! 

SAML Made Simple 

SAML authentication (single sign-on) is a critical component of most enterprise Splunk deployments, but getting the configuration right, or diagnosing issues when something goes wrong, can be frustrating. This month we've published two articles that walk you through the entire process from start to finish. 

Configuring SAML authentication for the Splunk platform provides a complete, step-by-step guide to integrating the Splunk platform with Microsoft Entra ID (formerly Azure AD). While it uses Entra ID as an example, the general principles shown in the article can apply to any identity provider. 

Troubleshooting SAML authentication for the Splunk platform picks up where the configuration article leaves off. If you're experiencing authentication errors, this article provides a systematic approach to diagnosing and fixing the problem with a methodical troubleshooting process that saves you from guesswork. 

These two articles give you a great basis for implementing SAML smoothly, from initial setup to resolving the most common issues. Let us know in the comments below if there are other authentication topics you'd like us to cover! 

What Else is New? 

Beyond our featured topics, we've published several more articles to help you with security, data management, and industry-specific challenges: 

• Understanding team-based queues in Splunk Enterprise Security 

• Querying payment rail logs in natural language using Splunk DSDL's LLM-powered chat UI 

• Analyzing nested manufacturing QA data 

• Analyzing nested JSON manufacturing QA data 

• Analyzing nested XML manufacturing QA data 

One more thing: To help us keep improving, please take a moment to complete the on-site survey that pops up after you’ve been browsing Lantern for a couple of minutes. Your feedback directly shapes the content we build! 

We hope these new resources help you tackle your toughest data challenges this month. Thanks for reading! 

- Kaye Chapman, Senior Lantern Content Specialist for Splunk Lantern