PSUG 3 - 2024-07-15 - Splunk & AI with Philipp Drieger

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101

© 2023 SPLUNK INC.
Prague Splunk
User Group #3
15/7/2024
Splunk & AI with Philipp Drieger
Tomáš Moser
Ingrid Němečková
Michał Skorczewski
Radek Filip

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
16:00 - 16:30(30 min)Check-in
16:30 - 16:40(10 min)Introduction
16:40 - 17:25(45 min) Part 1: Introduction to Splunk AI
17:25 - 18:00(35 min)Coffee Break :-)
18:00- 18:45(45 min) Part 2: Splunk AI demos and “Ask Me Anything” session
18:45 - 19:00(15 min)Wrap-Up
19:00 - 22:00(3 hod) Dinner - “Kozlovna U Paukerta” - across the street
Agenda

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Splunk User Group Community
From Splunkers To Splunkers

✓No sales
✓No marketing
✓It’s about YOU!
✓Ask!

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Who Are We?
Tomáš
Moser
Sr. Solutions
Engineer - GSS,
Splunk

[email protected]
Technical Support
Engineer, Splunk

[email protected]
Ingrid
Nemečková
Splunk Consultant,
ALEF NULA

[email protected]
Radek Filip
Michał
Skórczewski
Sr. Solutions Engineer,
Splunk

[email protected]

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Because …
1.I Love Splunk
2.I am curious about Splunk
3.I want to listen to Philipp
4.Splunk joined Cisco
5.AI hype
6.AI with Splunk

© 2023 SPLUNK INC.
Philipp Drieger
Splunk Global Principal Machine
Learning Architect
Drives Splunk adoption by customers
Translating business challenges to Splunk technology
applying AI specifically

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Part 1: Introduction to
Splunk AI

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
The Next 10
Years Will
Be Defined
By AI
Adoption

AI in Splunk:
Digital Resilience
Accelerator

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
The Unified
Security and
Observability
Platform

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Splunk
has been
innovating
with AI
since 2015

Embedded capabilities
within products
Customizable
ML, deep
learning, and
data science
tools
AI libraries and
APIs for
developers
Generative
AI chatbots
Guided
assistive
workflows
AI
Tools

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Focused on Security
and Observability
Human-assisted and
trusted AI for detection,
investigation, and
response
Easily integrated with
third party frameworks
Our AI Product Philosophy

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Where are we investing?
Accelerate detection, investigation and response
Make sense of the signal in vast amounts of data
Synthesize signal to improve user productivity and
outcomes
Generative AI
Advanced AI

© 2024 SPLUNK INC.
Splunk AI
Capabilities
& Tools
Overview

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Powered by Splunk AI
Product Overview
Free Assistive
and
Customizable
Apps & Tools
Machine Learning
Toolkit
Data Science and
Deep Learning
Anomaly DetectionAI Assistant for SPL
Assistive Intelligence Experiences Customizable ML
SECURITY OBSERVABILITY
Enterprise Security with Enterprise
Security Content Updates (ESCU)
User Behavior Analytics
IT Service Intelligence
Application Performance Monitoring
Infrastructure Monitoring
AI Assistant
AI Assistant
Included
Embedded
AI/ML
Capabilities
THE SPLUNK PLATFORM
Splunk Cloud Platform Splunk Enterprise

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
Get your job done faster
using natural language
Chat with your data to drill
down to deeper insights
Accelerate your learning
journey as the expert

New:

Now Generally Available in
Splunk Cloud
New

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute Better detection
Better detection | Faster investigation | Accelerated actions
Demo at .conf Preview at .conf24 Preview at .conf24

Splunk Corporate Template | TMPLT-FY25-101
© 2024 SPLUNK INC.
Splunk IT Service Intelligence (ITSI)
Splunk’s AIOps Solution

Splunk ITSI applies machine learning to
proactively prevent outages by correlating and
reducing alerts, monitoring service health, and
streamlining incident management.
❏Clustering & aggregation to reduce alert noise
❏Adaptive (dynamic) thresholds incorporate seasonality
❏Anomaly and outlier detection
❏Actionable additional context
❏Assisted root cause investigation
❏Predict service health to prevent outages
New updates!
❏Outlier Exclusion in Adaptive Thresholds
❏ML-Assisted Thresholding (Preview)

.conf23

Splunk Corporate Template | TMPLT-FY25-101
© 2024 SPLUNK INC.
Splunk Application and Infrastructure
Monitoring: Autodetect
Use machine learning to improve accuracy
and reduce manual effort across
infrastructure and service alerting
●Establish performance baselines across every
service
●Automate alerting by receiving
recommendations for the biggest spikes in
latency, errors, and resource utilization
●Easily customize alert thresholds and
subscribe to notifications for specific services
or teams
More accurate and efficient alerting for your infrastructure and services

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Splunk Enterprise Security
with AI/ML-Powered Content Updates from the Splunk Machine Learning for Security Team
Study Threats
Identify emerging threats and understand how they operate

Create Datasets
Collect data and use Splunk to parse the data and identify patterns that can be used to detect the threat

Build ML-Powered Detections
Build a model based on data in order to make predictions or decisions; enable systems to learn from data, identify patterns,
and make decisions with minimal human intervention; and craft rules or queries designed to identify specific activity associated
with threats

Test Detections
Run queries against a dataset that simulates attacker behavior to improve accuracy and reduce false positives

Release
Package detections to deliver timely and effective protections against emerging threats to Splunk customers

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101

AI & ML -Powered Detections for Security
Find the Obscure and Unknown Threats Buried Deep in Your Data
Deviation from past behavior

Resource Utilization
Error Rate Deviation
Access Pattern Baselining

Behavioral Analytics

Identify Traffic
Classify Behaviors
Anomaly detection Predictive Analytics Clustering
Future state prediction
Classification/regression

Predict storage requirements
Identify patterns leading to failure

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
analytics maturity
rules aren’t all bad...
Rule
based
analytics
Statistics
based
analytics
ML / DL
based
analytics
Gen-AI
based
analytics

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Correlation
searches and
use cases
Ready to operationalize
and surface notable events
in ES.
Source:
https://www.splunk.com/en_us/blog/tag/machine-l
earning-security.html

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Pre-trained ML
& DL Models
in ESCU
Ready to operationalize
and surface notable events
in ES.
Source:
https://www.splunk.com/en_us/blog/tag/machine-l
earning-security.html

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
Machine Learning Toolkit 5.4

Designed for Splunk users at all levels
•ML-Powered Splunk Searches: Apply techniques like anomaly
detection and predictions within search to power dashboards &
insights
•Showcase and Experiments: Simple low-code experience to
guide model building, testing, and deployment
•Extensible out of the box: 80+ built-in scikit-learn algorithms,
and API support to plug in new runtimes
New updates!
•Ability to upload externally pre-trained ONNX models with a
simple UI and then use the model with your Splunk data
with no modification to your existing workflows
•Extended user anomaly detection capabilities with a new
algorithm for multivariate outlier detection

Extend Splunk to Operationalize Machine Learning Use Cases Within Search
Splunk Enterprise 9.1, Splunk Cloud Platform

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
Splunk Data Science and Deep Learning 5.1

Built for Data Scientists
‒35+ Code Examples: Guided model building, testing, and
deployment of data science and deep learning frameworks
‒Container Management: Models can be productionized for
scalability & optimization of resources, e.g. CPU & GPU
‒State of the art AI frameworks and tools: Jupyter Lab,
MLflow, PyTorch, TensorFlow, SpaCy, DASK, Rapids, Spark, …
‒Flexible deployments and open source: deploy on-prem,
hybrid or in the cloud. Github repository for customization.
New updates in version 5.1!
‒Two AI assistants to leverage LLMs to build and train
models for text summarization and text classification use
cases
‒Customizable for adapting to own domain specific data

●
Extension for MLTK to operationalize advanced custom AI / ML use cases
Splunk Enterprise 9.1, Splunk Cloud Platform

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
Where can I
learn more?

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
https://www.splunk.com/en_us/form/splunk-machine-learning-for-observability-use-case-guide.html

https://www.splunk.com/en_us/form/security-use-case-enhanced-by-ai-and-ml.html

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
Outlook

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute
More Splunk-speciﬁc,
trusted Generative AI
Additional
embedded AI
Run ML at Scale Extensible ML for
Splunk developers
Integrate more AI into users’
everyday workflows in
Splunk products and build
more assistive experiences
Develop a robust runtime to
power large-scale ML
model training and
deployment
Build an SDK to
empower developers to
create ML powered
experiences
Improve our generative AI in
Splunk AI Assistant and
expand into other use cases
and products
Where are we going with AI?
Uniﬁed experience across Splunk with a scalable backend to power them
We are moving from toolkit capabilities to end-to-end AI guidance for data in Splunk

Splunk Corporate Template | TMPLT-FY25-SKO-101
© 2024 SPLUNK INC. | Splunk Conﬁdential and Internal - Do Not
Distribute

power and protect the AI revolution.
Networking and
compute solutions
for training AI
models at scale.
Massive breadth
and depth of data
across domains is
the foundation for
AI models.
Observability
supports
trustworthy,
performant, and
reliable AI
deployment.
AI solutions
improve efficiency,
efficacy, and
economics of
defending against
security threats.
Cisco’s Identity
Intelligence and
User Protection
and Splunk’s
analytics help
protect enterprises
in their use of AI
from within.
Infrastructure
for AI
Data
for AI
Observability
for AI
AI
for Security
Security
for AI

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Powered by Splunk AI
Product Overview
Free Assistive
and
Customizable
Apps & Tools
Machine Learning
Toolkit
Data Science and
Deep Learning
Anomaly DetectionAI Assistant for SPL
Assistive Intelligence Experiences Customizable ML
SECURITY OBSERVABILITY
Enterprise Security with Enterprise
Security Content Updates (ESCU)
User Behavior Analytics
IT Service Intelligence
Application Performance Monitoring
Infrastructure Monitoring
AI Assistant
AI Assistant
Included
Embedded
AI/ML
Capabilities
THE SPLUNK PLATFORM
Splunk Cloud Platform Splunk Enterprise

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
Wrap-Up
●Did you like it?
●Please fill in the post-event survey!
●Slides and recording will be shared on SUG #3 event page
●Talk to us :-)

Slack
Register and subscribe to #prague-sug channel
Email
[email protected]
[email protected]
[email protected]
[email protected]
LinkedIn
https://www.linkedin.com/groups/9544692/

© 2023 SPLUNK INC.
Splunk Corporate Template | TMPLT-FY24-101
16:00 - 16:30(30 min)Check-in
16:30 - 16:40(10 min)Introduction
16:40 - 17:25(45 min) Part 1: Introduction to Splunk AI
17:25 - 18:00(35 min)Coffee Break :-)
18:00- 18:45(45 min) Part 2: Splunk AI demos and “Ask Me Anything” session
18:45 - 19:00(15 min)Wrap-Up
19:00 - 22:00(3 hod) Dinner - “Kozlovna U Paukerta” - across the street
Agenda

PSUG 3 - 2024-07-15 - Splunk & AI with Philipp Drieger

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

PSUG 3 - 2024-07-15 - Splunk &amp; AI with Philipp Drieger

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx

PSUG 3 - 2024-07-15 - Splunk & AI with Philipp Drieger