Splunk’s new AI tools aim to ease security, observability tasks

The AI tools introduced at the company’s .conf2023 include the Splunk AI Assistant, Splunk Machine Learning Toolkit 5.4, Splunk App for Anomaly Detection, and the Splunk App for Data Science and Deep Learning 5.1.

group programmers team workers collaboration
BalanceFormCreative/Shutterstock

In order to help enterprise customers perform security and observability tasks faster, Splunk is launching a new generative AI assistant as part of its Splunk AI collection of offerings, which now includes an updated Splunk App for Anomaly Detection, the Splunk Machine Learning Toolkit 5.4, and a new version of its application for data science and deep learning.

Dubbed the Splunk AI Assistant — an earlier version was known as Splunk Processing Language (SPL) Copilot — the application can be used by enterprise users to write or explain customized SPL (Splunk) queries, the company said, adding that it uses Google’s Text-to-Text Transfer Transformer model, also called T5.

The T5 model, according to Splunk, was fine-tuned using a combination of manually created and synthetically generated data extracted from Splunk docs, forums, training materials, and other company resources. 

“Enterprise users may have to engineer prompts to get the right answer. In the preview version, users can also choose to share their prompts with us to help us train the model further,” a company spokesperson said, adding that the company was planning to continue training the model with Splunk resources.

In its current format, the model behind the Splunk AI Assistant tries to read user prompts and come up with the most probable answer based on what it has learned during its training, according to the company.

Other Splunk AI tools

Splunk AI’s other offerings include a new Splunk App for Anomaly Detection that the company said is expected to support security operations, IT operations, and engineering teams by providing a streamlined operational workflow to automate anomaly detection.

The company has also updated its AIOps offering, dubbed IT Service Intelligence 4.17. The new version comes with the company's generally available Outlier Exclusion for Adaptive Thresholding and the new ML-Assisted Thresholding, which is currently in preview.

While Outlier Exclusion for Adaptive Thresholding detects and omits abnormal data points or outliers for more precise dynamic thresholds to drive accurate detection, the new ML-Assisted Thresholding uses historical data and patterns to create dynamic thresholds with just one click in order to provide more accurate alerts on the health of an enterprise’s technology environment.

Thresholds in cybersecurity are data points that are used to create decision points and operational control limits so that security software can trigger management action and response escalation.

In addition, Splunk is offering the Machine Learning Toolkit (MLTK) 5.4 and Splunk App for Data Science and Deep Learning 5.1 as part of Splunk AI.

The updated app for data science and deep learning includes two new AI assistants designed to allow enterprises to leverage large language models (LLMs) to build and train models with their domain specific data to support natural language processing.

Both the applications, which are generally available, can be downloaded from Splunk’s marketplace, dubbed Splunkbase.

Copyright © 2023 IDG Communications, Inc.