Q: What is happening to the Splunk App for Anomaly Detection?
A: Splunk is officially announcing the end-of-life (EOL) for the Splunk App for Anomaly Detection. The app will reach its end-of-life on June 30, 2025.
Q: Why is Splunk announcing EOL for this app?
A: We have decided to focus our investment on the best solutions for our customers when it comes to anomaly detection. As we consider the future experience for anomaly detection across our portfolio, we intend on simplifying the app ecosystem and bolstering anomaly detection in MLTK, which already has a rich history of enabling our customers to detect anomalies. See, for example, recent announcements in MLTK 5.5 where we introduced simpler methods for scaling anomaly detection with our most popular algorithm.
Q: What alternatives are available to replace this app?
A: Customers are encouraged to transition their anomaly detection workloads to Splunk’s Machine Learning Toolkit (MLTK). MLTK provides robust, scalable, and highly efficient anomaly detection capabilities, such as the widely-used DensityFunction algorithm, enabling improved results and performance.
Q: How does MLTK’s DensityFunction improve anomaly detection?
A: The DensityFunction algorithm in MLTK delivers enhanced anomaly detection by dynamically choosing optimal statistical distributions (auto, normal, exponential, Gaussian KDE, etc.) tailored to data patterns, resulting in more accurate detection compared to the Splunk App for Anomaly Detection.
Q: What steps should I take to transition to MLTK?
A: We recommend customers:
- Identify current anomaly detection analytics in the Splunk App for Anomaly Detection.
- Recreate anomaly detection tasks using MLTK’s interface and algorithms.
- Examples of how to create anomaly detection analytics can be found in our docs or in our blogs.
Q: What happens if I continue using the Splunk App for Anomaly Detection post EOL?
A: After June 30, 2025, the Splunk App for Anomaly Detection will no longer be supported. No new updates, security patches, or technical support will be provided, which may lead to operational and security risks. Additionally, there will be breaking changes to the Splunk App for Anomaly Detection in upcoming releases of Splunk Enterprise and Splunk Cloud Platform.
