Melpomene - Fotolia

Splunk Observability integrates acquisitions, boosts AIOps

Splunk opened the product update floodgates this week with a new Observability Suite that integrates recent acquisitions, enhanced AIOps and the purchase of two more companies.

Splunk observability tools released this week integrate technology from multiple recent acquisitions that will advance AIOps automation for cloud customers.

Enterprise IT pros at Splunk's .Conf virtual event this week said these updates, which infuse real-time metrics and analytics throughout Splunk's product portfolio, will be key to AIOps infrastructure automation that can automatically identify the root causes of IT incidents, and, in some cases, resolve them without human intervention.

"Having real-time metrics … [means] that we can automate things like failover when a problem is detected," said James La Spada, senior manager of software engineering at Capital One, in a conference panel session this week. "We can use this data to assist in more preventative things like appropriately sizing our infrastructure … [and] setting scaling policies."

Observability has been a common trend among mainstream IT monitoring vendors, including Sumo Logic, Oracle and New Relic, during the past year. Observability tools detect signals within large sets of varied IT telemetry data, including logs, metrics and traces, and support flexible queries for troubleshooting. The rise of observability comes as enterprises manage increasingly complex microservices infrastructures that require finer-grained real-time monitoring to feed AIOps-driven IT automation.

Splunk's new Observability Suite combines products it acquired with SignalFx last September with tools from VictorOps, which it bought in 2018. As part of this product realignment, Splunk rebranded SignalFx Infrastructure Monitoring as Splunk Infrastructure Monitoring, SignalFx Microservices Application Performance Monitoring became Splunk APM, and VictorOps is now Splunk On-Call.

These products will be integrated with new tools, released this week in beta, that include a new cloud-based log analytics interface for the Observability Suite called Log Observer, and Splunk Real User Monitoring (RUM), which offers real-time streaming data capture based on OpenTelemetry and AI analysis of customers' digital experiences.

A new Splunk Infrastructure Monitoring Add-On ties SignalFx real-time metrics in with Splunk Enterprise log analytics on premises.

Splunk's Observability suite
Splunk's Observability suite integrates logs, metrics, and trace data, with real-time analytics in the cloud.

Plumbr, Rigor add muscle to Splunk APM

Splunk also completed the acquisition of Plumbr, which makes APM and RUM software that can automatically instrument Java, PHP, Python and .Net applications, including databases.

In addition, Splunk intends to acquire Rigor, which specializes in digital experience monitoring, including synthetic monitoring techniques that simulate transactions to test system performance and resiliency under load. Plumbr and Rigor's tools will eventually merge with Observability Suite.

We can use this data to assist in more preventative things like appropriately sizing our infrastructure … [and] setting scaling policies.
James La SpadaSenior manager of software engineering, Capital One

"I've heard … Plumbr is really good at root cause analysis on the fly," said Steve Koelpin, lead Splunk engineer at a Fortune 1,000 company in the Midwest, in an interview. In fact, Plumbr can pinpoint the root cause of issues within a specific line of application code, according to its website. "It also [seems to] scale well."

Splunk quickly assembled IP from its SignalFx, VictorOps and Omnition acquisitions into Observability Suite, and users should expect the same regarding Plumbr and Rigor, said KellyAnn Fitzpatrick, an analyst at RedMonk. These acquisitions will also help strengthen Splunk's tooling competitively against rivals such as New Relic, AppDynamics and Dynatrace, which have roots in APM. Moreover, Splunk Cloud can now match the new features Sumo Logic made available with its AWS Observability Solution SaaS last month.

However, the challenge for users of traditional Splunk log analytics tools will be figuring out where the new Observability Suite offerings fit into their environments, Fitzpatrick said.

"That's a question some existing customers are still trying to piece together," she said.

Users navigate Splunk pricing changes and cloud transition

As Splunk began to broaden the scope of its tools last year, some customers expressed concern that collecting more data might raise costs, given the company traditionally charged for each gigabyte of data ingested.

However, Splunk introduced new pricing plans meant to help customers expand how much data they ingest while managing data storage costs. These included a predictive pricing program that advises users on the costs they can expect as data grows, as well as infrastructure-based pricing, a new option that is calculated according to the compute resources needed to analyze data.

Still, whether infrastructure-based pricing yields savings depends on the data set, IT environment and workload involved. For some large on-premises users of Splunk Enterprise, infrastructure-based pricing hasn't yielded savings.

"[Infrastructure] pricing would benefit companies who use Splunk as a pure analytics tool and want to increase their ingest and pick what they want to measure," Koelpin said. "We want to monitor everything in [real] time. [Infrastructure] pricing would cost [us] a fortune."

As with other vendors such as Atlassian that are increasing their focus on cloud-based products, customers that want to stay on premises will in some cases start paying a higher price. Koelpin said he's most concerned with Splunk's transition, beginning last November, to term-based licensing and away from perpetual licenses for on-premises products. Koelpin's company is still in negotiations with Splunk for its next license renewal, but term-based licensing could mean a manifold increase in costs over the next three years.

Still, Koelpin said he has considered alternatives and concluded that Splunk is ultimately worth a higher cost, especially since his IT teams have become experts in using Splunk.

"The power of Splunk is, it allows us to have an on-prem install with flexibility of data formats [and] a universal platform with a schema-on-the-fly setup," he said. "Splunk also has a huge amount of out-of-the-box integrations."

Next Steps

Splunk AI update adds specialized models for SecOps tasks

Cisco lays out security, observability plans for Splunk

Dig Deeper on IT systems management and monitoring

Software Quality
App Architecture
Cloud Computing
Data Center