Replays of the .conf25 Global Broadcast sessions, including the Welcome Keynote, Product Keynote, and various sessions covering topics like AI, security, observability, and Splunk platform updates.
.conf25 offers hundreds of sessions led by industry experts designed to enhance your career. The event is scheduled for September 8-11, 2025 in Boston, Massachusetts.
This Splunk Lantern article outlines the steps to monitor Gen AI applications with Splunk Observability Cloud, covering setup with OpenTelemetry, NVIDIA GPU metrics, Python instrumentation, and OpenLIT integration to monitor GenAI applications built with technologies like Python, LLMs (OpenAI's GPT-4o, Anthropic's Claude 3.5 Haiku, Meta’s Llama), NVIDIA GPUs, Langchain, and vector databases (Pinecone, Chroma) using Splunk Observability Cloud. It outlines a six-step process:
1. **Access Splunk Observability Cloud:** Sign up for a free trial if needed.
2. **Deploy Splunk Distribution of OpenTelemetry Collector:** Use a Helm chart to install the collector in Kubernetes.
3. **Capture NVIDIA GPU Metrics:** Utilize the NVIDIA GPU Operator and Prometheus receiver in the OpenTelemetry Collector.
4. **Instrument Python Applications:** Use the Splunk Distribution of OpenTelemetry Python agent for automatic instrumentation and enable Always On Profiling.
5. **Enhance with OpenLIT:** Install and initialize OpenLIT to capture detailed trace data, including LLM calls and interactions with vector databases (with options to disable PII capture).
6. **Start Using the Data:** Leverage the collected metrics and traces, including features like Tag Spotlight, to identify and resolve performance issues (example given: OpenAI rate limits).
The article emphasizes OpenTelemetry's role in GenAI observability and highlights how Splunk Observability Cloud facilitates monitoring these complex applications, providing insights into performance, cost, and potential bottlenecks. It also points to resources for help and further information on specific aspects of the process.
1. **Access Splunk Observability Cloud:** Sign up for a free trial if needed.
2. **Deploy Splunk Distribution of OpenTelemetry Collector:** Use a Helm chart to install the collector in Kubernetes.
3. **Capture NVIDIA GPU Metrics:** Utilize the NVIDIA GPU Operator and Prometheus receiver in the OpenTelemetry Collector.
4. **Instrument Python Applications:** Use the Splunk Distribution of OpenTelemetry Python agent for automatic instrumentation and enable Always On Profiling.
5. **Enhance with OpenLIT:** Install and initialize OpenLIT to capture detailed trace data, including LLM calls and interactions with vector databases (with options to disable PII capture).
6. **Start Using the Data:** Leverage the collected metrics and traces, including features like Tag Spotlight, to identify and resolve performance issues (example given: OpenAI rate limits).
The article emphasizes OpenTelemetry's role in GenAI observability and highlights how Splunk Observability Cloud facilitates monitoring these complex applications, providing insights into performance, cost, and potential bottlenecks. It also points to resources for help and further information on specific aspects of the process.
Sawmills AI has introduced a smart telemetry data management platform aimed at reducing costs and improving data quality for enterprise observability. By acting as a middleware layer that uses AI and ML to optimize telemetry data before it reaches vendors like Datadog and Splunk, Sawmills helps companies manage data efficiently, retain data sovereignty, and reduce unnecessary data processing costs.
OpenTelemetry, a Cloud Native Computing Foundation incubating project, helps software engineers collect and analyze data about system and application performance. Created from the merger of OpenTracing and OpenCensus in 2019, it addresses the challenges of observability in large-scale systems, especially with the rise of Kubernetes. The article discusses its rapid adoption, current challenges, and future innovations like profiling signals.
This Splunk Lantern blog post highlights new articles on instrumenting LLMs with Splunk, leveraging Kubernetes for Splunk, and using Splunk Asset and Risk Intelligence.
SIEM market is undergoing significant changes, with many vendors included in Gartner's latest Magic Quadrant report. However, amid the cloud transformation, vendor consolidation, and competition and integration with extended detection and response (XDR), the future is uncertain. The recent acquisition of Splunk by Cisco and IBM selling its QRadar software-as-a-service (SaaS) assets to Palo Alto Networks indicate that some big players are shifting strategies. Gartner Distinguished VP Analyst Peter Firstbrook suggests that IBM is giving up on SIEM and SOAR markets in favor of XDR, while Cisco is trying to figure out how to integrate Splunk with its XDR strategy. Many existing SIEM vendors will either be acquired, shift toward niche markets, or go out of business. Over the next 10 years, the SIEM market will transition to a few dominant players offering integrated platforms supplemented by specialized partner solutions.
OpenTelemetry offers a standardized process for observability, but its functionality is a work in progress. Its usefulness depends on the observability tools and platforms used in conjunction with OpenTelemetry.
Create standalone with Splunk Free license
Splunk Free is the totally free version of Splunk software. The Free license lets you index up to 500 MB per day and will never expire.
Execute the following to bring up a Splunk Free standalone environment:
$ docker run --name so1 --hostname so1 -p 8000:8000
-e "SPLUNK_PASSWORD=<password>"
-e "SPLUNK_START_ARGS=--accept-license"
-e "SPLUNK_LICENSE_URI=Free"
-it splunk/splunk:latest
Splunk Free is the totally free version of Splunk software. The Free license lets you index up to 500 MB per day and will never expire.
Execute the following to bring up a Splunk Free standalone environment:
$ docker run --name so1 --hostname so1 -p 8000:8000
-e "SPLUNK_PASSWORD=<password>"
-e "SPLUNK_START_ARGS=--accept-license"
-e "SPLUNK_LICENSE_URI=Free"
-it splunk/splunk:latest
