Community Blog
Get the latest updates on the Splunk Community, including member experiences, product education, events, and more!
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

The Future of Splunk Search is Here - See What’s New!

NickG
Splunk Employee
Splunk Employee
‎10-16-2024 12:02 PM

We’re excited to introduce two powerful new search features, now generally available for Splunk Cloud Platform customers globally.

Federated Search for Amazon S3 and the Splunk AI Assistant for SPL app are Splunk’s latest innovations to enhance search functionality, streamline data access, and drive more effective insights. 

Let’s dive in!

Federated Search for Amazon S3 


Federated Search for Amazon S3 lets you search data stored in Amazon S3 directly from Splunk Cloud Platform without the need to ingest it first. You can now access large amounts of historical data cost-effectively and efficiently, making it easier to gain insights from your data faster.

Key Benefits

adepp_1-1726598603461.png

  • Reduced Storage Costs: Instead of ingesting all your data into Splunk, Federated Search lets you access data stored in Amazon S3 directly.This enables you to save significantly on storage costs by keeping your data in cost-effective Amazon S3 buckets while still allowing Splunk to query it. 
  • Improved Time-to-Detection: Perform investigations directly on historical data stored in Amazon S3, without the time-consuming process of rehydrating or transferring it into Splunk. This allows for quicker detection and response, especially for archival or low-value data that may not need to be stored in Splunk continuously.
  • Enhanced Compliance: Federated Search lets you keep your data where it is for investigations that require as-needed access to historical, archival, or low-value data and achieve better control over compliance and security. 

Additional Resources

  • Review the Federated Search for S3 Tech Brief to learn more.
  • Watch this webinar recording to see how these features can transform your Splunk workflows. Learn how to set up Federated Search for Amazon S3, when to use it, and experience a live demo. 
  • Take a look at this Lantern article to learn how to use Federated Search for Amazon S3 with Edge Processor

Ready to get started? Federated Search for Amazon S3 requires a Data Scan Units license for your Splunk Cloud Platform stack. Contact your Splunk sales representative to learn more. 

Splunk AI Assistant for SPL App

uc-ai-assistants.png
The Splunk AI Assistant for SPL app allows you to generate and explain Splunk Search Processing Language (SPL) queries using natural language.

Leverage the power of generative AI to write, learn, and understand SPL more efficiently. New to Splunk? You can now onboard and learn Splunk quickly while reducing the burden on Splunk Admins to answer questions. Experienced user? You can get a head start by leveraging the power of generative AI to get your job done even faster. 

Key Features (watch it in action)

  • Quickly generate SPL from natural language: The AI Assistant translates your natural language prompts into working SPL queries, drastically reducing the time needed to write queries. 
  • Understand SPL with ease: Struggling to understand an SPL query? Break it down into easy steps with a detailed explanation of how the query works, what it does, and the results it generates.
  • Interactive help with Splunk Docs integration: Ask questions and explain concepts about SPL features and concepts directly in the app, with responses powered by AI and Splunk Docs integration.

Ready to get started? Simply complete the user agreement here to get provisioned for the app, then head to Splunkbase to download the app and install it on your activated cloud stack.

Please reach out to mlsupport@splunk.com with any questions or feedback.

Upcoming Search Events


Check out the event below and register now to secure your spot! Ask the experts

  • Office Hours: Splunk Search & New SPL Innovations | Wed, Nov 21, 2024 at 1pm PT: Ask the Experts in this special session where experts will begin by showcasing the latest innovations in search. Join us to ask questions and get live, personalized guidance from technical Splunk experts.
  • Tech Talk: Generative AI for SPL - Faster Results| Tues, Oct 29, 2024 at 11am PT: Join this technical deep dive webinar to learn about Splunk’s differentiating approach to GenAI, get a technical review of the LLM under the hood, watch a live demo of the AI Assistant, and learn how to activate it.

Happy Splunking!

The Splunk Search Team

Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...