Splunk Observability Cloud Unifies Monitoring, Management with Deep Data at Scale

Splunk aims to reimage enterprise-class observability by bringing together diverse data for APM, infrastructure monitoring, incident response and more. IDN talks with Patrick Lin to learn how Splunk Observability Cloud connect-the-dots for a next-gen solution.

Tags: analytics, APM, apps, cloud, DevOps, infrastructure, monitoring, observability, Splunk,

Patrick Lin, Splunk
Patrick Lin
vp product management

"Splunk Observability
Cloud is a fundamental reimagining of what  observability should be."

Intelligent Data

Analytics, Apps & Data for Success in the Digital Enterprise

July 22, 2021
Virtual Summit

Splunk is moving to unify diverse data from apps and infrastructure, as well as improve observability for IT and DevOps teams.  


The Splunk Observability Cloud is a full-stack, analytics-powered solution to help enterprise IT and DevOps professionals quickly resolve business-critical incidents, according to Patrick Lin, Splunk’s vice president for product management for observability. 


Under the covers, the entire Splunk Observability Cloud brings together a collection of Splunk solutions, spanning infrastructure monitoring, application performance management, real user monitoring, synthetic monitoring, log investigation and incident response. 


Lin said that to deliver more valuable insights, Splunk Observability Cloud makes that data available throughout the platform components. 


“The approach not only rounds out our capabilities for monitoring, troubleshooting, investigation and resolution but also does so in a modern, updated UI with seamless workflows across your full stack. This is a fundamental reimagining of what an observability offering should be,” he said. 


In specific, the Splunk Observability Cloud unifies new and updated Splunk technologies, including 

Splunk uses its NoSample full-fidelity data ingestion technology to bring data together across these components, alongside real-time streaming analytics and scalability. “We’ve pulled all of that data and more into a backend that’s capable of ingesting and processing it at scale, with full fidelity, to deliver on analytics-driven insights in real-time,” Lin added. 


Splunk Observability Cloud also has gone “all in” on OpenTelemetry, Lin told IDN. 


“OpenTelemetry is the open source standard for not just collecting metrics, traces and logs with a single collector, but also ensuring common metadata across that data. In doing so, it allows you to correlate those different data types and know, for example, which Kubernetes pods are underpinning a service instance on which you have an alert, or which error logs are coming from that service,” he said. 


Because Splunk Observability Cloud is now OpenTelemetry-native, users can unify data ingestion without vendor lock-in and reduce resource consumption with the lightweight, open-source OpenTelemetry instrumentation, Lin added.  

Splunk Observability Platform – Vision and Value Proposition 

Lin explained to IDN the thinking behind its approach to Splunk Observability Cloud

One of the truisms of the application and infrastructure monitoring space is that you can never have enough tools, and at the same time, you always have too many tools. 


In other words, at any given point in time, there is almost always something new in your environment that you don’t have good visibility into; and yet, as you add more tools to cover those gaps, you also add to the disconnected data silos — one per tool — that only provide you with narrow windows into how one thing is performing. The problem, of course, is that data from one silo is not easily correlatable with another and that the mean time to resolution (MTTR) for service incidents is lengthened unacceptably because of it.

Another critical aspect of Splunk Observability Cloud is to remove operational complexity for both IT and DevOps teams. This is especially valuable to IT teams as companies focus more on building apps for hybrid and cloud platforms. 


Spiros Xanthos, Splunk’s vice president of product management, observability and IT operations, pointed to how difficult it is for DevOps/IT professionals to get a unified view with their current set of disconnected tooling. 


“Until now, the tools that IT and DevOps teams rely on to monitor and manage applications and infrastructure have been disconnected, often separated into two or three different platforms,” Xanthos noted. “The Splunk Observability Cloud brings all the needed Observability solutions together in a unified interface designed to help customers gain a comprehensive view across all their data and operate at enterprise scale.”


Lin shared other advantages to Splunk Observability Cloud, bringing design time and runtime teams closer together to work on issues. 

Splunk can import and export data using APIs between APM and AIOps. Many of our customers are looking for a single, unified solution that has consistent UI and that’s exactly what the Splunk Observability Cloud offers. It includes Splunk APM and built-in AIOps to detect anomalies, provide automation, correlate events, metrics, traces and logs, and uniquely enables root-cause identification at a glance.


Splunk’s capability to ingest data in any structure and broad ecosystem provide insight into every stage in a CI/CD pipeline. We are also seeing an industry-wide adoption of OpenTelemetry for data collection, such as the Jenkins OpenTelemetry Plugin. 


With integrations such as with Jira, GitHub and Gitlab, Jenkins, Puppet, public clouds and on-premises virtualization, DevOps teams can better understand how their applications are being developed, identify issues in the process and fix potential problems before code is deployed. Once the application is deployed, Splunk APM automatically detects any new release, analyzes its performance and can alert the right teams of any issues in production.

Splunk’s Approach To Boost Observability for Cloud-Centric DevOps, IT

Lin also detailed how Splunk’s latest release improves visibility for cloud-native and cloud-facing projects and even helps and simplify essential tasks.  

As companies continue to embrace cloud-native technologies and approaches, their DevOps and IT teams are facing increased complexity.


Part of this comes from the adoption of microservices, a way of architecting applications that enables better scalability and developer velocity. Once the number of those services exceeds a relatively low count (say, 10 or so services), though it becomes difficult for any one person to have an accurate mental model as to how the applications as a whole are functioning and where problems are occurring. 


Another part of the complexity comes from the use of on-demand cloud infrastructure, whether that comes in the form of VM instances, containers, or serverless functions. Among other things, these resources enable you to scale a service up or down in ever-more granular units so that you can match your computing spend to the actual demand on your application. However, they come at the cost of additional layers of abstraction you have to understand and also the complexity that comes from ephemerality — that they may be here one minute and gone the next.


A third factor in the increase in complexity comes from the active involvement of developers in on-call rotations — the manifestation of the mantra, ‘you build it, you own it.’ Troubleshooting has become even more of a team sport than it ever was before and the tooling that DevOps and IT teams use need to be built for this kind of collaboration.


Finally, the vast majority of the companies we’ve spoken with aren’t delivering digital experiences to their end customers with a single stack but are instead making use of multiple vintages of technology — perhaps some cloud PaaS offerings, alongside a database they’ve lifted and shifted into the cloud, with some custom services running on top of containers — that is then surfaced to the end users through a variety of channels like a web app, a mobile app or a kiosk terminal somewhere.
We designed the Splunk Observability Cloud to address all of these new levels of complexity. By combining infrastructure monitoring with the wide coverage of our APM and Digital Experience Monitoring, we expand operational insights without loss of data and while offering AI/ML assistance to pinpoint and identify issues in real-time. Going one step further, the Splunk Observability Cloud correlates the data between those dimensions, allowing us to bring clarity back into this complex environment.

Before the rollout of the Splunk Observability Platform, many Splunk technologies were available independently. So, we asked Lin what value-add can customers expect integrated features in the Splunk Observability Platform.  


One example arises from DevOps use cases, Lin noted. 


Splunk Log Observer brings the power of Splunk logging to SREs, DevOps engineers and developers that need a troubleshooting-oriented logging experience. Splunk RUM provides the fastest troubleshooting and most comprehensive view of web browser performance.


Together, Splunk APM and Splunk RUM provide end-to-end, full-fidelity visibility across the entire user transaction. Splunk Synthetic Monitoring is a new solution powered by the technology from the acquisition of Rigor, and is now integrated across most Splunk products. This best-in-class synthetic monitoring solution improves uptime and performance of APIs, service endpoints, business transactions, and user flows.


Lin also shared other examples: 

We’ve pulled all of that data and more into a backend that’s capable of ingesting and processing it at scale, with full fidelity, to deliver on analytics-driven insights in real time. 


And we’re making that data available through a variety of applications — updated versions to our existing Infrastructure Monitoring and APM products, plus a new developer-centric log exploration UI (Splunk Log Observer) and a new real user monitoring product (Splunk RUM) — that not only round out our capabilities for monitoring, troubleshooting, investigation and resolution, but also do so in a modern, updated UI with seamless workflows across your full stack. This is a fundamental reimagining of what an observability offering should be.

Customers also find value in Splunk Observability Cloud to eliminate data silos, reduce tool sprawl, simplify user experience workflows, and consolidate tools from different vendors to a single vendor, he added.


Existing Splunk customers using any combination of existing products in Splunk Observability Cloud “can easily upgrade” to any edition of the Splunk Observability Cloud, Lin told IDN.  


“A customer that is only using Splunk Infrastructure Monitoring, metrics only, may choose to upgrade to the Splunk Observability Cloud Standard Edition in order to get full-stack visibility across their entire environment — infrastructure, applications and business flows — across all their data (metrics, traces and logs), Lin told IDN. 


“This helps with the aforementioned reasons and ultimately helps our customers find and fix issues faster to improve system performance and reliability, reduce mean-time-to-resolution (MTTR) and deliver better end-customer experiences.” 

Splunk Security Cloud’s Data-Centric Approach To Modernize SOCs

In late June, Splunk also launched a comprehensive security operations solutions to help customers get maximum value from their data.


Splunk Security Cloud takes a data-centric approach to security, helping teams drive better decisions with a modernized Security Operations Center (SOC).  The solution accelerates data-driven outcomes with several critical capabilities, including:

Advanced Security Analytics includes machine learning-powered analytics to detect and deliver key insights into multi-cloud environments.

Automated Security Operations drives faster time to detection, investigation and response; alerts that used to take 30 minutes, now can take as little as 30 seconds.

Threat Intelligence that automatically collects, prioritizes and integrates all sources of intelligence driving faster detections.

Open Ecosystem helps correlate data across all security tools, regardless of the vendor, for increased visibility and apply prescriptive detections and guidance to detect threats faster.

“Splunk Security Cloud combines advanced security analytics, streamlined security operations and an open and thriving ecosystem, bringing together Splunk’s and our partners’ industry leading security solutions to help our customers securely embrace digital transformation and SOC modernization,” said Jane Wong, Splunk’s vice president of product management, security.