Splunk’s annual conference took place in Orlando, Florida this year, and JDS was there to soak up sun and the tech on offer.

Three days went by quickly, with exciting announcements (dark mode anyone?), interesting discussion and the chance to mingle with customers and Splunkers alike. We also enjoyed the chance to meet up with the US distributors of PowerConnect, and time spent with the uberAgent team.

Splunk CEO Doug Merritt kicked off the keynote, announcing a raft of features to Splunk 7.2 along with advancements released in beta – dubbed Splunk Next (but more of that to come, so stay tuned). Here’s a rundown of what’s new to 7.2:

  • SmartStore– some smarts behind using S3 for storage, allowing you to scale your indexer compute and storage separately. Great news if you want to expand your indexers, but don’t want the associated costs of SSD storage. SmartStore also gives you access to the impressive durability and availability of S3, simplifying your backup requirements.
  • Metrics Workspace– a new GUI interface for exploring metrics. You can drag and drop both standard events and metrics to create graphs over time and easily save them directly to dashboards.
  • Dark Mode– as simple as it sounds, with the crowd going wild for this one. You can now have your NOC display dark themed dashboards at the click of a mouse.
  • Official Docker support– Splunk Enterprise 7.2 now officially supports Docker containers, letting you quickly scale up and down based on user demands.
  • Machine Learning Tool Kit 4.0– now easier to train, test and validate your Machine Learning use cases. Includes the announcement of GitHub based solutions to share with fellow Splunkers.
  • ITSI 4.0– this latest version includes predictive KPIs, so your glass tables can show the current state, and the predicted state 30 minutes in the future. There’s also predictive cause analysis – to drill down and find out what will likely cause issues in the future. Metrics can now also feed into KPIs, allowing for closer integration with Splunk Insights for Infrastructure.
  • ES 5.1.1– introduces event sequencing to help with investigations, a Use Case Library to help with adoption, and the Investigation Workbench for incident investigation.
  • Health Report– in addition to the monitoring console, the health report shows the health of the platform, including disk, CPU, memory, and Splunk specific checks. It’s accessible via a new icon next to your login name.
  • Guided Data Onboarding– guides now available to help you onboard data, like those you can find in Enterprise Security. They include diagrams, high-level steps, and documentation links to help set up and configure your data source.
  • Logs to Metrics– a new GUI feature to help configure and convert logs into metric indexes.
  • Workload Management– prioritise users’ searches based on your own criteria – like a QoS for Searching.


If you weren’t lucky enough to go in person, or want to catch up on a missed presentation, the sessions are now available online:


Find out more

Interested to know more about these new Splunk capabilities? We’d love to hear from you. Whether it’s ChatOps, driving operational insight with ITSI, or leveraging Machine Learning - our team can take you through new ways of getting the most out of your data.

Our team on the case

Work smarter, not harder. (I didn't even come up with that. That's smart.)

Daniel Spavin

Performance Test Lead

Length of Time at JDS

7 years


IT: HPE Load Runner, HPE Performance Center, HPE SiteScope, HPE BSM, Splunk

Personal: Problem solving, Analytical thinking

Workplace Solutions

I care about quality and helping organisations get the best performance out of their IT projects.

Organisations spend a great deal of time and resources developing IT solutions. You want IT speeding up the process, not holding it up. Ensuring performance is built in means you spend less time fixing your IT solutions, and more time on the problems they solve.

I solve problems in our customers’ solutions, so customers can use their solutions to solve problems.

Our Splunk stories