Splunk .conf24 live: All the news and announcements from the day-two keynote in Las Vegas
ITPro is live on the ground for day two of Splunk .conf24 – stay tuned for all the latest from the product keynote and more
Welcome back to ITPro's live coverage of Splunk .conf24 in Las Vegas. It's day-two here and we have another busy morning ahead of us with the product innovation keynote.
This morning's session will take a deep dive into how Splunk and Cisco are collaborating with customers to bolster digital resilience. Splunk SVP and GM of products and technology, Tom Casey, will lead the session, giving us a glimpse into how Splunk and Cisco are aligning closely to support enterprise customers.
Casey will be joined by Jeetu Patel, Cisco EVP and GM of security and collaboration, to give us an overview of Cisco's now-combined portfolio following the Splunk acquisition.
Splunk is now a Cisco company and this week's announcements come hot off the heels of Cisco Live 2024, held from 2-6 June in Las Vegas. Throughout its event Cisco emphasized the value of AI and its acquisition of Splunk, while Gary Steele talked about how both companies have benefited from the $28 billion deal.
Highlights of ITPro's Cisco Live 2024 coverage can be found below:
- Why AI matters so much for where Cisco goes next
- Exclusive: Splunk will play a key role in Cisco's AI plans, claims former CEO
- Cisco: “AI is changing everything” – including security
- Cisco unveils first product integrations since Splunk acquisition
- Cisco just launched a $1 billion investment fund for AI startups — and it's already backing Mistral, Cohere, and Scale AI
- Cisco CEO Chuck Robbins thinks AI adoption is going to be like the cloud transition “on steroids”
Cisco and Splunk's joint approach for the channel
Ahead of tonight's keynote, ITPro got a chance to catch the Global Partner Summit keynote. It's a popular event frequented by Splunk and Cisco partners both new and old – this year's talk was so full that we sat on the ground alongside other keen attendees.
"No matter how you engage with your customers, we want our partner programs to help you on that journey," said Gretchen O’Hara, channel chief at Splunk. O'Hara welcomed Rodney Clark, SVP partnerships and small & medium businesses at Cisco, who praised Splunk's innovation and partner approach and said Cisco's partner-led approach would blend well with Splunk's strategy to date.
Cisco is running a pilot program in which some of its large Cisco partners which hadn't previously been invested in Splunk are becoming integrated in the platform, which Clark said is intended to signal to its customers that Cisco is invested in Splunk in the long-term through continued investment.
O'Hara noted that around 75% of Splunk partners were already Cisco partners.
"It's on us to make this move as seamless as possible," said Clark. "We've got teams of people that are working together, I mentioned that earlier, and dedicated in every way, shape, and form to back-end systems and tools on how we rebate and ultimately go to market together."
Teasing AI innovation for Splunk's partners
We also heard from Tom Casey, SVP products and technology at Splunk, who teased “more announcements than we can possibly cover on the main stage” for partners and a unified approach toward AI in collaboration with Cisco.
The bulk of these announcements are under embargo – ITPro will be bringing you all of them as they're formally announced on the keynote stage.
All across the event, attendees are reassured that Cisco and Splunk will benefit each other and that the acquisition is the start of a bright new future for the both of them. Prior to the .conf24, I wrote that the event is Splunk's pivotal moment to explain where it sits as a Cisco company and how this modifies its strategy going forward.
Under 20 minutes until the evening keynote now – the ballroom at Caesars Forum is filling up quickly.
The keynote is set to begin very shortly and crowd are still pouring in. Las Vegas is experiencing a heatwave right now but you wouldn't know it in this air conditioned, mood-lit keynote hall.
And we're off, with an atmospheric video montage of the kind you'd expect at a high-profile keynote like this. Splunk has taken a step away from the normal with the addition of dancers clad in LED lights.
"Bring on the skills, bring on the connections, bring on the future", the screen reads, and with that we're welcoming Gary Steele, president of Go-to-Market at Cisco and GM at Splunk to kick us off.
Advancements in the past year
"We're going to give you the skills to help you drive digital resilience within your organization," Steele promises the crowd, before telling us that tomorrow's product keynote will go into more detail on the specific announcements at this year's event.
Steele pays tribute to the advancements over the past year, which he says are in no small part down to customers like those assembled in the crowd. But for all the advancements in genetics, or VR and AR, he notes that there have been steps forward in the threat landscape that put everyone at risk.
There's a balance here, he notes, and nowhere is this more true than in AI – which Steele describes as "probably the most transformative technology that we will see in our lifetimes".
"The speed with which we're seeing things is fundamentally changing," Steele says, adding that he firmly believes it will improve work, "make your job that much more fulfilling".
While there are risks associated with AI, Steele says, "I do believe that AI will be an amazing catalyst for good and growth for all of us".
Rejecting siloed security
While the security community has worked hard to deliver point solutions to customers, Steele says that this has led companies down the wrong path and into siloed workloads.
Steele references Splunk's new report The Hidden Cost of Downtime, which found that $400 billion per year is lost among just the top 2000 firms due to downtime and lack of resilience.
"Without comprehensive visibility, trying to ensure the digital resilience of your entire digital footprint is a guessing game".
In response, Steele says, Splunk has committed itself to delivering digital resilience across its customers' entire digital footprints. He points to the fact that Splunk is the only company to be in Gartner's magic quadrant for both SIEM and observability, and has been for 10 consecutive rankings.
Splunk + Cisco as a recipe for success
We've just been shown a short video on the benefits of Splunk and Cisco working together, with a promise that Splunk's high-quality observability platform and Cisco's prestige with security and networking are a surefire recipe for success.
We're now welcoming Chuck Robbins chair and CEO at Cisco to explain more alongside Steele.
"Our job is not to screw up anything you do really well today," says Robbins, drawing applause from the audience.
Robbins says Cisco sees 400 billion security events per day, with massive oversight of its networks with ThousandEyes and sees "everything going on on the internet, everywhere".
"We can actually predict where there are going to be outages. So when you talk about digital resilience and you take all the insights that we have, that Cisco had before and we feed it into what you already do with Splunk... That just makes it better."
Robbins promises that in addition to innovating on its core technologies such as networking, Cisco is investing in AI and infrastructure to accelerate innovation.
"We've been building a pretty meaningful software business, we have a software business in excess of $20 billion."
He also points to Cisco's first enterprise stack for AI alongside a partnership with Nvidia, announced at Cisco Live 2024, as well as its investment across its portfolio from the data center to collaboration.
Robbins also highlights some of Cisco's most recent innovations including Hypershield, a security architecture that can detect anomalous activity to drive zero-trust changes in an enterprise's network.
Steele notes that there are "a lot" of connections already in place between Splunk and Cisco, such as between Cisco's XDR platform and Splunk Enterprise as well as its new observability portfolio tied to Cisco's AppDynamics platform.
“What do you want people to remember?” Steele asks.
“We want to be the Splunk you love, only better,” Robbins replies, pledging that customers will feel better about Splunk in a year’s time than they do today.
On what else isn’t changing, Steele notes that Splunk is staying on course with its roadmaps and that “brand stays”. Splunk may be a Cisco company, Steele seems to be saying, but that doesn’t mean it’s watering down what it already has.
A flexible but consistent roadmap
In line with its commitment to flexibility, Steele announces the private preview of Splunk native to Azure.
Moving quickly, Steel also announces federated access to Amazon S3 and notes that this falls under the umbrella of ‘GDI’: ‘get data in’.
All of this falls under four main points for investment and development, he says:
Striving for the best with security and observability
Steele is whipping through his slides and notes, taking in AI, security, and observability. He says that Splunk wants to create the best security and observability platforms possible, grounded in its experience and newfound connections through Cisco.
"We want you to have a single platform for threat detection, investigation, and response and make the person that's sitting in the SOC, make their time that much more effective.
"You're going to see the automation and advancements that we've made from an AI perspective. We still believe in human in the loop, meaning humans ultimately make that final decision, but can we make it that much easier by reducing noise and driving a AI into the fundamental workloads?"
This cuts across Splunk's observability strategy too, Steele says, pointing to its federated data approach, Cisco's "best in class" traditional application management, and Splunk's Observability Cloud for modern applications.
"No one else on the planet can deliver the Insight that we can," he adds, including on AI which Splunk wants to use to drive customer outcomes even faster than before.
Steele says he wakes up every day seeking to serve customers, ensuring they're being delivered for and not adversely impacted by Splunk changes. He points to Splunk's 20 year legacy and predicts "the years ahead will be even better".
"That's a challenge for us and I'm excited to take on that challenge. So, let's bring on the future together," Steele finishes, introducing Hao Yang, VP of AI at Splunk.
Splunk's AI advancements
“Many of you don’t know me yet,” Yang says, explaining that he joined Splunk last year having previously led the AI team at Visa and on teams at Google and IBM
Yang says that Cisco and Splunk joining forces will give customers a “unique” approach to AI and empower them to solve their issues. He adds it’s the result of a year of development. He says together, customers can enjoy “unparalleled access” to the data enterprises need, as well as expertise on AI and critical security and privacy for AI.
Today, Splunk is announcing three new AI systems:
- Splunk AI Assistant for SPL
- Splunk AI Assistant in Observability Cloud (now in preview)
- Splunk AI Assistant in Security (available for preview later this year)
Together, the tools will enable users to write SPL queries using natural language, receive insights on security posture explained in understandable language, or kick off observability analysis based on contextual data.
We're shown a demonstration in which Sonal Pardeshi, senior director of product management AI at Splunk, uses the Splunk AI Assistant in Observability investigates an error with Kubernetes nodes, with recommended steps for fixing the issue.
It's not all generative AI, Yang notes. Today Splunk is also announcing Advanced AI in its IT Service Intelligence (ITSI) offering. Additions include machine learning (ML) assisted thresholding within the system, as well as a new configuration assistant which can monitor the health of established thresholds.
People at the back of the arena just screamed and shouted in excitement at the AI in ITSI announcement – “There you go,” laughs Yang.
A customer security story with Splunk
Splunk has made a lot of noise about its commitment to customers during the keynote to this point, but we've not heard from any directly. That's about to change, as we welcome Stephanie Franklin-Thomas VP and chief information security officer (CISO), Medtronic and Patrick Coughlin, SVP of Global Technical Sales at Splunk.
Franklin-Thomas says that understanding her risk as a CISO is her number one priority, followed quickly by convincing all 95,000 of Medtronic's people to be the firm's front-line of defense.
"It's really making ourselves available to everyone," Franklin-Thomas notes, adding that the phrase "never let a hack go to waste" can be put to good use. For example, leaders with their eye on the mistakes other firms are making can pass this information onto their employees to provide real-world examples of why being security-conscious is so important.
"If you're a security person out here and you haven't spent time with your infrastructure side... you need to be having coffee with those people," Franklin-Thomas adds.
Medtronic uses Splunk to look for anomalies, as well as understand its global supply chain, but Franklin-Thomas says the "coolest" thing it uses Splunk for is real-time dashboards that help it balance labor to deliver its products and "save lives".
Prompted on the potential benefits of AI by Coughlin, Franklin-Thomas suggests that AI could be used for early detection of illnesses. Medtronic is already using AI for incident response and for a chatbot for business functions though not with Splunk – room for another partnership down the line, she suggests.
The Splunkies
It's time for The Splunkies, Splunk's annual awards show. Our hosts for this evening are Toni Pablovich, CCO at Splunk, and Alexandra Turbitt, GVP of alliance and channels at Splunk.
The awards come in five categories: 'The Visionary', 'The Inventor', 'The Builder', 'The Champion', 'The Change Agent'.
The hosts are joined onstage by Buttercup, Splunk's horse mascot.
This year's winners are:
- The Visionary: Chloe Foulkes, HSBC.
- The Inventor: Benjamin Maes, technology solutions manager as SaskTel.
- The Builder: Harold Murn, senior systems engineer at Atlassian.
- The Champion: Craig Woolley, CIO at Louisiana State University.
- The Change Agent: Marin Todorov, director of IT at HelpMeSee.
Everything you need to know about day-one at Splunk .conf24
Yesterday's keynote session was a rapid-fire experience for all involved.
Former Splunk CEO Gary Steele and Cisco chief exec Chuck Robbins took to the stage to give attendees a run down on all the latest product developments post-acquisition.
We heard extensively from both at Cisco Live 2024 last week on how the two companies are combining their shared expertise to provide a more comprehensive portfolio of solutions for enterprise customers, and yesterday we were given yet more details.
Robbins promised attendees that while Cisco plans to continue ramping up investment in core technologies such as networking, the tech giant is drawing upon Splunk's extensive data expertise to accelerate AI and infrastructure innovation.
It seems that Splunk and Cisco are very much a match made in heaven. The duo showed a short video to attendees outlining a lot of the work that's ongoing at Cisco since the acquisition.
Observability is critical in the age of AI
Something that stuck out for attendees yesterday was the sharpened focus on observability. Steele told the crowd that while the security sector continues to provide intuitive solutions for enterprises, many have fallen into the trap of building siloed workloads, which is having a negative impact on operational cyber resilience.
Splunk's report The Hidden Cost of Downtime, published this week, found that around $400 billion per year is lost to downtime among the top 2,000 firms globally. A key factor in this is a lack of resilience, the report concluded.
"Without comprehensive visibility, trying to ensure the digital resilience of your entire digital footprint is a guessing game," Steele said yesterday.
ITPro caught up with Splunk execs to discuss the findings of this recent study, and what enterprises can do to prevent costly downtime events - which you can find below.
Splunk product announcements from day-one
We also had a slew of product announcements from Splunk yesterday, and as you might've guessed, they were very much centered around its current work in generative AI.
Three new AI systems were unveiled by the firm, including:
• Splunk AI Assistant for SPL
• Splunk AI Assistant in Observability Cloud (which is now in preview)
• Splunk AI Assistant in Security (available for preview later this year)
Splunk said these tools will enable users to write SPL queries using natural language, and gain detailed - yet easily digestible - insights on their security posture.
Attendees were shown a demonstration in which Sonal Pardeshi, senior director of product management AI at Splunk, used the Splunk AI Assistant in Observability to probe an error with Kubernetes nodes, with recommended steps for fixing the issue.
The product keynote will kick off in less than one hour and Caesars Forum is already buzzing with attendees. This is a bumper keynote session running for 90 minutes and will unpack all the latest announcements in detail.
There's a small fleet of minibuses running to and from the Venetian, where the rest of the conference is taking place, as it's too hot to walk the distance between the two. At 7:40am, it's already 30°C (86°F) in Las Vegas and set to hit a high of 107°F (42°C) today.
Attendees have been greeted with a giant version of Buttercup, Splunk's pony mascot. Those who wander the .conf24 show floor will see other representations of Buttercup, along with Splunk brand shirts, hoodies, capes, and even fezzes.
As this year's event is taking place during Pride Month, many attendees are also wearing pride pins. In December, Splunk received its fourth perfect score of 100 on the Human Rights Campaign Foundation’s 2023-2024 Corporate Equality Index (CEI), which assesses LGBTQ+ workplace equality in US workplaces.
We're just minutes away from the start of today's keynote – the ballroom is almost full. The talk is running slightly behind, but we've been told it's about to begin.
Greater resilience as a mission
And we're off, beginning with the same video montage as yesterday themed around the phrase "Bring on the ____" with the blank filled with words like "innovation" or "future".
Here to kick us off is Tom Casey, SVP and GM of products and technology at Splunk. He's straight into musing on the opportunities and challenges of AI.
"We need to catch the issues when they're small so we can focus on our work. We need stronger analytics so we can find new opportunties as well.
Casey gives the example of HSBC, which is currently processing more than 60 billiopn events per day across 150 data sources using Splunk. He also notes that customers such as Intel and BMW are using Splunk for observability and resilience.
Casey says that true digital resilience only comes from seeing the full picture, rather than just managing one surface, as incidents could arise internally, from third parties, from CSPs, or from the public internet."
"Today, you're going to hear how we're changing the game around how you manage your data with Splunk, how we're bringing together metrics, logs, traces, so that it's more manageable for you in an increasingly federated and distributed environment."
With Cisco, Casey says, Splunk can use "networking leadership" in the form of Cisco's services and products such as endpoint visibility. Here to explain more about how Splunk and Cisco can deliver the SOC of the future is Jeetu Patel EVP and GM, security and collaboration at Cisco.
It's Patel's first time at .conf and he jokes that he's got extra pressure as his wife is in the audience. Casey and Patel acknowledge that Cisco and Splunk have worked hard together to
Cisco's new approach to security began two years ago, Patel says, with a focus on an integrated approach to security.
"The one who has the most amount of data that's the most effecitvely correlated is the one that can best detect breaches and threats and keep the world safe."
Patel says Cisco's threat intelligence service Talos processes around 550 billion security events per day, and Cisco has been keen to plug it into Splunk data to make these even more relevant to its customer base.
Cisco Talos will become fully integrarted within Splunk, Patel announces, with "all of the data enriched so that you can have a far better ability to go out and do detections and compress the time to investigation."
Casey and Patel touch on the issue of telemetry to catch lateral attacks within networks, which is impractical to converge into a single location. Its solution is to use Cisco's XDR to filter the signals and connect this with Splunk for more targeted detections.
Moving on, Patel highlights the issue of identifying vulnerabilities. Cisco Hypershield, which can detect vulnerabilities, roll out patches, and run analytics across a highly segmented and distributed portfolio. Casey describes it as a "fabric rather than a fence, noting that you can bring security to your workloads rather than the reverse.
Patching a vulnerability can take up to three days across verticals, but Hypershield can cut this down to "days and hours", says Patel.
"Great products get created by companies, but movements get created by communities," Patel says to round off. "We are not going to screw up Splunk, and more importantly we are going to nurture this community because it's all of you that should be proud of what you've created."
'Changing the game' for data management
Casey says that data is the real differentiator for enterprises and that Splunk recognizes it needs to continually innovate in this area.
To this end, Casey announces new Splunk Unified Data Ingestion. This will enable customers to ingest data across their metrics and feed it into Enterprise Security, the Splunk Observability Cloud, and in Cisco AppDynamics in the future.
Splunk's mission for data is based on three main points:
- Access the right data
- Apply the right analytics
- Accelerate the right actions
"Ultimately, all of this is designed to help you be reactive when you need to be but to be efficient and effective in doing so. It gives you more time to find new value to and to differentiate your company in the kind of services that you provide to customers and your employees."
Here to give us a more practical example of how this can be realized is Faya Peng, VP of Platform Product Management at Splunk and Nimesh Bernard, head of observability at Fannie Mae.
Bernard says Fannie Mae set out to make its data more available for stakeholders through Splunk, having struggled with contextualization and data resiliency.
Using Splunk, Fannie Mae has been able to consolidate its tools "without compromising on the capabilities," says Bernard. He adds that it has already achieved a return on investment with its licensing cost.
"At the end of the day, it's all about the business," says Bernard. "If a security issue happens, how do you connect that to the business impact? If latency is happening or cloud services ae down, how do you connect that to a business impact?"
In the future, Bernard says Fannie Mae will be pursuing AI through Splunk for adaptive thresholding, remediation recommendations, and proactive alerting.
Data management for resiliency
We're moving through announcements quickly. Peng acknowledges that data management is an exponential issue and can be especially overhwleming and chaotic across different cloud providers and legacy systems.
Peng says that customers can use Federated Analytics to power enterprise security detection, or for monitoring to improve performance.
Here to show us more is Lizzy Li, principal product manager at Splunk.
Li shows us an example in which an admin can use Splunk Data Management and Federation to optimize where its data lies. Using Ingest Processor, Splunk's cloud data processing solution, the admin can look at their virtual machines hosted in AWS, and choose which data should reside in Splunk and which can be sent to a long-term storage option such as Amazon S3.
Through Federated Analytics, the admin is shown a Windows Defender security alert noting that a user's account has bee compromised. Using Splunk Enterprise Security, the admin can see that MFA has been disabled and the user's IP originates in China. They can then use Splunk's SOAR capabilities to disable the account to address the incident.
Splunk's security focus
It's Splunk's tenth year as a Gartner Magic Quadrant leader for security and here to tell us more about security is Mike Horn SVP and GM of security at Splunk.
Horn says that SOCs face hundreds if not thousands of points to investigate and track, with the data landscape constantly getting more complex with more silos and cyber security skills in short supply.
"What if you could empower your teams to have a streamlined investigation experience to more auickly and easily find the threats that matter? We call that the SOC of the future and we're omn a mission to help your teams navigate the overwhelming volume of alerts you face every day and help you find and mitigate those threats.
To give firsthand experience, Horn welcomes Sean Mason, MD, Cyber Defense at United Airlines.
Mason says he's facing the 'usual suspects' of state-backed attacks from Russia and China as well as ransomware units, along with more unexpected attacks such as from paparazzi trying to figure out where notable people are flying to or from.
Mason says that using Splunk, United has been able to customize its security posture and already uses products like Splunk Attack Analyzer to detect phishing and malware, describing it as "amazing".
He adds that United is already seeing AI attacks in the wild and that it's one of the things that "keeps me up at night".
"Honestly, I think that space is very nascent from a defender standpoint. So we're trying to figure out how we can combat this stuff but on the flip side how can I enable my defenders to use this stuff to be stronger, faster, more efficient?"
New security products
Horn segues from Mason's praise of Splunk products to announce some new security products. First up is Splunk SOAR 6.3, which automates common analyst tasks.
Splunk Attack Analyzer, which is generally available, can be integrated with ES and SOAR to enable end-to-end threat response and analytics, Horn says, noting that it's already very popular with customers.
Another new product available in early access is Asset and Risk Intelligence, which can speed up security investigation rooted in the context of specific assets. Once the tool has identified an asset it continually updates it with information such as its IP address.
"We've all heard the old adage that you can't protect what you don't know about," Horn says.
As a final security announcement, Horn unveils Splunk Enterprise Security 8.0, which rolls the Mission Control investigation feature directly into the platform.
Horn welcomes Katie Brown, director, Technical Interlock at Splunk, to show us an example of Enterprise Security 8.0 in practice.
Brown says Enterprise Security 8.0 can reduce incident response down significantly, to as little as “a matter of minutes”.
New risk-based alerts trigger whenever it detects risks that exceed a specific threshold within an environment. From the Enterprise Security 8.0 dashboard, the user in Brown’s demo can see details such as related dashboards to the finding, adaptive response actions, and the finding’s owner.
From the same page, the user can analyze the PowerShell string associated with the finding to confirm that it’s a true positive, or in other words has been identified as malicious. “This is really, really powerful,” Brown says.
The system can rate the risk based on real-time information, and new detection capabilities in Enterprise Security 8.0 allow users to check when findings have been modified – in the example, the security analyst can flag a finding to be checked by detection engineers.
Horn rounds his section off by announcing that the new integrations for Cisco Talos in Splunk, which he says will "automatically enrich information" for customers with indicators of compromise. It will be available for customers who already have Enterprise Security and SOAR at no extra charge.
We're now moving onto observability, the second plank of today's keynote – here to run us through it is Patrick Lin, SVP and GM of observability at Splunk.
The complexity of observability
Lin opens by saying that complexity is not going away for customers, as enterprises look to repatriate cloud workloads and hybrid workloads have to be overseen.
"There are endpoints, applications, third-party resources you tap into, infrastructure residing in your data center or in the cloud – and what happens when that doesn't work?"
Across all this, Lin says, companies have to maintain observability to know what's working and what's not. At Splunk, he says, there's a "better way" to eliminate stress from a single point of access.
"We are the first company to deliver observability for the entire enterprise," he adds. "Splunk, now supercharged by Cisco, is bringing you full-stack observability that you need to see across your digital foorprint."
Customers know Splunk for log analytics, microservices through APM cloud, and infrastructure monitoring but Lin says that combined with Cisco, Splunk can "redefine the game" and extend this observability to traditional applications.
We're being shown a customer testimonial now, with word from insurance firm Progressive on how Splunk observability has helped the firm. Here to tell us more is Jonathan Moore, domain architect at Progressive and Mimi Shalash, observability strategist at Splunk.
"People are prepared for what's predictable because you measure what's easy," says Shalash, noting that while Splunk knows "a little data can go a long way", it's also keen to show that context can go even further.
Moore says that when Progressive's customers have an accident, it's imperative that they have the least stressful experience possible. Using Splunk Synthetic Monitoring, Progressive ensures its customers can access the digital services they need, when they need them without downtime or network issues.
We're shown an example in which a user can see errors through the Splunk Cloud dashboard, which they can then check in more detail through the APM overview to see the upstream and downstream consequences of the error in question.
All of this is rooted in OpenTelemetry, which can be used for free out of the box.
In the example, the user can confirm that despite the error customers are still able to make transactions despite the error. To investigate it in more detail, APM can get more granular to surface the Kubernetes cluster causing the issue.
A color coded visualization of the node shows that the issue lies with memory pressure, caused by a single pod consuming too much memory. From here, Moore says, "I have everything I need. I have to go reach out to these teams that can remediate this issue quickly and efficiently".
Moving onto AppDynamics, Moore says that the tool is impressive in the speed and standardization that it gives to developers.
"It gives us a new power that we didn't have before, to get that context to reallt understand what's going on fast."
Moore adds that with AI Assistant for Observability, architects can use these tools with confidence and easily run processes such as input lookups.
Lin is back onstage and notes that observability isn't just about keeping your eye on one silo but making sure you know what's going on everywhere to mitigate emerging problems.
Splunk is committed to innovating based on customer feedback, Lin says. He gives an example of checking the Splunk Cloud dashboard in the evening and seeing a whole list of errors. Using Splunk Observability Cloud, Lin can see metric and trace data directly within the dashboard next to logs.
We're getting more detail on Splunk AI Assistant in Observability Cloud, which Lin says can deliver insights to users based on natural language input. For example, a user can identify a Kubernetes cluster that's down and ask the system why – in the given example, it quickly provides the same answer discovered manually in the earlier demo.
"This is just one of the many things we're doing around AI and in this case, we're allowing you to just chat with your data and from there surfgace insights about what's going on, service correlations that might be very helpful to you."
To round it off, Lin says that if the audience remembers one thing from his section it's that "observability is critical to your organization's security resilience".
Casey's back on stage to end the keynote, calling for a round of applause for all of the product development teams who worked on the day's announcements and the customers who shared their stories onstage.
"Let's keep learning and developing greater resilience together," he says.
And with that, the day-two keynote is complete! Stay tuned for more detail on all the latest products and updates from the rest of the event.