Streamlining Data Onboarding: Announcing the Alpha Release of AI-Assisted Auto-Schematization For many Splunk administrators and security analysts, the path from raw data ingestion to actionable insight is often hindered by the complexity of data normalization. Manually building Technology Add-ons (TAs), writing complex regular expressions, and ensuring alignment with the Common Information Model (CIM) can take days, or even weeks, of focused effort.  Effective threat detection and high‑performance analytics depend on consistently structured data. By reducing the manual toil required to achieve “CIM‑compliance,” we can unlock faster time‑to‑value for security use cases. Key Takeaways AI-Driven Normalization: Automatically maps sample data to appropriate CIM data models using Large Language Models. Automated Extraction: Generates necessary extraction rules and regular expressions, significantly reducing manual regex authoring. Flexible Deployment: Produces both Technology Add-on (TA) packages for search-time mapping and SPL2 pipelines for ingest-time processing. Today, we are pleased to announce a significant step forward in simplifying this process: Alpha release of Auto-schematization in Data Management - an AI‑assisted workflow that accelerates CIM‑aligned onboarding while keeping humans in control.  The Challenge: Overcoming the Onboarding Bottleneck Effective threat detection and high-performance analytics depend on consistently structured data. However, the manual labor required to achieve "CIM-compliance" often delays time-to-value for new data sources. Our goal is to transform this experience from a manual, multi-tool mapping process into a streamlined, AI-assisted workflow.    The Solution: Automated Data Schematization  By leveraging Large Language Models, our new custom integration workflow automates the end-to-end schematization process. Whether you are dealing with structured logs or unique formats, the system provides:  Intelligent Data Model Mapping: The AI analyzes your sample data to automatically suggest the most appropriate CIM data models, ensuring your data is ready for CIM-normalized security detections.  Automated Field Extraction & Calculation: The system generates the necessary extraction rules and regular expressions, significantly reducing the need for manual regex authoring.  Flexible Deployment Artifacts: Depending on your data strategy, the tool generates either Technology Add-on (TA) packages for search-time mapping (schema-on-read) or SPL2 pipelines for ingest-time processing (schema-on-write).    How It Works: The Guided Workflow The guided workflow is designed to be intuitive and transparent:  Provide Sample Data: Upload or paste representative events.  Intelligent Analysis: The system clusters similar events and recommends CIM mappings.  Preview: You preview AI‑generated extractions and mappings.  Download and Deploy: Download generated artifacts for self-deployment to Splunk environment.  Why Auto-Schematization Matters This initiative is a core component of Splunk’s broader Cisco Data Fabric strategy, an architecture built to unify your data. By reducing admin toil and accelerating onboarding time from weeks to minutes, enabling your team to focus on high-value security operations rather than configuration maintenance.    Join the Alpha Cohort Want to accelerate your onboarding? Join the broader Guided Onboarding experience and reach out directly to our Splunk experts. Customer feedback will be instrumental in shaping the future of data management at Splunk,  as we continue to build a more intelligent and efficient data onboarding experience.    Oskar Patnaik   Product Management, Splunk Data Management  ... View more

Hello Splunk Community,    We're thrilled to share an exciting update that will help you manage your data more efficiently and drive even greater value from your Splunk deployments. As part of our ongoing commitment to streamline data onboarding and transformation, we're rolling out a fresh batch of prebuilt SPL2 pipeline templates for both the Splunk Edge Processor and Ingest Processor solutions. The new batch is now available on Splunk Cloud and coming soon to Splunk Enterprise.    What Are SPL2 Pipeline Templates SPL2 pipeline templates are ready-to-use building blocks designed to accelerate your data processing at the edge or during ingestion. These templates offer out-of-the-box logic for data transformation, volume reduction, and conversion of logs to metrics for a variety of popular source types.    Key Capabilities Reduce Data Volume: Minimize log size before indexing, saving storage and reducing costs, without sacrificing critical insights.  Quick Start: Deploy pipelines in minutes using templates for common data sources and use cases.  Customization: Templates are fully customizable to fit your unique organizational needs.  Compatibility: Designed to work with Splunk-supported Technology Add-ons (TAs), ensure compatibility with the Enterprise Security Content (ESCU), and Splunk Common Information Model (CIM), depending on the template type.    Types of Available Templates Our growing library currently includes 47 SPL2 pipeline templates, supporting a broad range of transformation and optimization scenarios. Key template types include:  Generic Templates: For quick data transformation needs across various sources.  Logs-to-Metrics Templates: Convert log data to metrics. Log size reduction for security & compliance: Reduce log volume while automatically maintaining CIM compliance and compatibility with Enterprise Security Content (ESCU), ensuring seamless integration with your downstream security monitoring tools    For a full list of templates and supported use cases, see the SPL2 Pipeline Templates Reference.    How to Use the Templates  Log in to your Edge Processor or Ingest Processor tenant.   Navigate to the Pipelines page.   Select the Templates tab to view all available SPL2 pipeline templates.  Select a template suited to your data source or use case and create a pipeline from it. Adjust the template to meet your organization's data requirements.  Apply the pipeline to your data flows and start realizing value immediately.    Explore a Practical Example Check out this step-by-step guide on reducing Palo Alto Networks log volume with SPL2 templates.  Best Practices & Further Resources  To maximize the benefits of SPL2 pipeline templates, explore our best practices guide.  Ready to streamline your Splunk data pipelines?  Visit docs.splunk.com, select your preferred SPL2 pipeline template, and start transforming your data today!     If you have questions or want to share feedback, please comment below or reach out to the me.    Happy Splunking!    Want updates like this sent straight to you? Learn how to subscribe to this blog (and follow Labels you care about) in our quick guide.  ... View more