At.conf23, we announced the preview release of Splunk AI Assistant - Splunk's first offering powered by generative AI. This app offers an intuitive and easy-to-use chat experience to help you translate a natural language prompt into SPL query that you can execute or build on, all within a familiar Splunk interface. Splunk AI Assistant also explains what a given SPL query is doing in plain English with a summary as well as a detailed breakdown of the query.

Although microservices and cloud architectures are the new norm for modern applications, cloud cost optimization could run high in observability. High costs are largely due to the number of components involved in cloud architectures. According to Cloud Data Insights in a recent report, around 71% of IT companies say that cloud observability logs are growing at an alarming rate— a driving factor for rising observability costs.

Preventing data loss for data in motion is a challenge that Cribl Stream Persistent Queues (PQ) can help prevent when the downstream Destination is unreachable. In this blog post, we’ll talk about how to configure and calculate PQ sizing to avoid disruption while the Destination is unreachable for a few minutes or a few hours. The example follows a real-world architecture, in which we have.

Much of the log data we handle doesn’t offer substantial insight and can be conveniently removed from your logs, helping us reduce costs. What may seem like a small adjustment, like deleting an attribute, can have significant implications when scaled up. A typical case involves fields in your logs presenting empty values or housing data considered irrelevant. Below we’ll take a look at a few examples of what this looks like and how you can take action in BindPlane OP.

The process of adding new data to operations and security analytics tools is familiar to admins. New data onboarding can be a tiresome process that takes up too much time and delays getting value from the new data. The process typically begins with the admin engaging the data source owner, getting the wrong data sample, and then having to try again.

Adaptive thresholding is a term used in computer science and — more specifically — across IT Service Intelligence (ITSI), for analyzing historical data to determine key performance indicators (KPIs) in your IT environment. Among other things, it’s used to govern KPI outliers in an effort to foster more meaningful and trusted performance monitoring alerts.

When you need to troubleshoot faster, rich out-of-the-box content lets you easily monitor the tools in your technology stack. Dashboards are key to our customers’ success — offering you deep insights at a glance and the ability to drill into the details most important to you. A couple years ago, we debuted a new style of dashboards, built on top of a scalable, flexible and extensible charting system.

On the heels of an exciting GA in March and the April announcement of its regional expansion, we are excited to share the latest updates to Splunk Edge Processor that will make it even easier for customers to have more flexibility and control over just the data you want, nothing more nothing less.

If you’re new to logging, you might be tempted to collect all the data you possibly can. More information means more insights; at least, those NBC “the more you know” public services announcements told you it would help. Unfortunately, you can create new problems if you do too much logging. To streamline your log collection, you can apply some filtering of messages directly from the log source. However, to parse the data, you may need to use a Grok pattern.