Splunk .conf23: Introducing S3SPL and App Updates

Splunk .conf23 is here and we are excited to share our latest innovations and updates with the community. This year, we are introducing a brand-new product and announcing significant updates to two of our existing applications.

Introducing S3SPL

We are proud to introduce S3SPL, a new Splunk application that allows you to query data stored in Amazon S3 directly from Splunk using S3 Select.

S3SPL bridges the gap between your S3 data lake and Splunk, enabling you to run queries against CSV, JSON, and Parquet files stored in S3 without ingesting them into Splunk. This is particularly useful for:

• Cost optimization: Query cold or archived data without re-ingesting it
• Data exploration: Quickly explore large datasets stored in S3
• Hybrid analysis: Combine S3 data with Splunk-indexed data in a single search

S3SPL leverages the power of S3 Select to push down query filters to S3, minimizing the amount of data transferred and improving query performance.

Alert Manager Enterprise 1.2

AME receives a significant update at .conf23:

• Tags: Organize and categorize events using a flexible tagging system. Tags can be applied manually or automatically through rules.
• Notification Channels: A new notification framework that allows you to define reusable notification channels for email, webhook, and other notification types.

These features further enhance AME's capabilities as the leading event management solution for Splunk.

ElasticSPL 1.2

ElasticSPL also receives an update with the following improvements:

• Permission Model: A new permission model that allows fine-grained access control to Elasticsearch connections and queries based on Splunk roles.
• Workbench Improvements: The Workbench continues to evolve with better query visualization, improved field discovery, and enhanced usability.

Visit us at .conf23 to learn more about S3SPL, AME 1.2, and ElasticSPL 1.2!