This summer, Splunk Ideas has been on fire! We continued our phenomenal momentum from the first quarter of the year into the second, garnering much attention around the organization, making a big splash at .conf 2023, and continuing to vehemently pursue the delivery of your Ideas. Splunk Ideas has been gaining prominence among product leaders in the organization and has experienced an elevated awareness across the organization. This is great news for our loyal and dedicated customers, as more eyes are being drawn to Splunk Ideas than ever before!

In our last blog post by our Senior Vice President and General Manager of Products and Technology, Tom Casey, titled “Thousands of Customer-Driven Splunk Ideas Help Accelerate Meaningful Innovation”, we made a commitment to a more transparent and communicative Splunk Ideas program. We are honoring that commitment by increasing the frequency of blog posts and general customer communications.

In this edition of our customer blog, we recap all of the Splunk Ideas coverage and engagement over .conf23, as well as listing all of your Ideas that were closed-out and shipped in the first half of the 2024 fiscal year. Without further ado, let’s take a trip to the arid desert of Nevada to recapitulate .conf23.

Splunk Ideas at .conf23

Splunk Ideas made a big splash this year at .conf23. Our annual user conference was back in full-force this year in the illustrious city of Las Vegas, sporting thousands of dedicated Splunkers and Splunk enthusiasts just like yourself. There were several notable moments for Splunk Ideas across the 3-day conference, including a shoutout on the mainstage keynote, announcements of user-driven Ideas making it into the product, and Splunk Ideas participating in the Community Zone, with specific breakout sessions for Splunk Ideas.

Hey Look Ma, I Made It!

During the Day 2 Keynote on the .conf mainstage, Mike Horn, Splunk Security GM, directly addressed some of the amazing requests coming out of Splunk Ideas that have been built into the product. Mike did not mince words, saying:

"So, if you want to see something in the product, we are listening. Make sure you go to Splunk Ideas, upvote or add your new features. We are definitely looking at Ideas and we want to make sure we are delivering for you what you need." - Mike Horn, General Manager, Splunk Security

And we can confirm, our product teams are highly engaged with Splunk Ideas. In fact, we have seen a 25% increase in Splunk Ideas traffic from our Product Managers and Engineers in the last quarter, along with a 38% year-over-year increase in Idea engagement. Our product teams want to hear your Ideas, so keep ‘em coming!

Your Ideas on the Mainstage of .conf23

Some of the biggest Ideas that garnered a lot of love and attention at .conf23 are:

1. ES Multiple Drill Down Searches
2. Timeline in Incident Review
3. Auto Refresh Incident Review
4. Outlier Exclusion for Adaptive Thresholding (ITSI)
5. SOAR Playbook Triggers
6. Copy-Paste Images to Notes

Connecting with the Community in the Nevada Desert

In addition to taking to the mainstage at .conf, Splunk Ideas was heavily present across the show floor and the Community Zone, which hosted many of our community driven programs. Malini Mahes, Sr. Product Manager – Splunk Ideas, twice presented to large audiences about both Splunk Ideas processes and how we use Splunk internally to better serve our product teams, allowing them to get the most value out of Splunk Ideas. The presentations were well received and many community members were appreciative about the transparency behind the Ideas process!

“It was great to see many Ideas users in person and put faces to usernames and have the ability to engage in person - it was truly invigorating to see all the passion from the Community around our products!” - Malini Mahes, Sr. Product Manager, Splunk Ideas

Amidst the sweltering heat, we received great feedback from the Community that we’re excited to implement over the coming months - stay tuned!

Shipped Ideas from H1

The Splunk Ideas team has been hard at work to make sure the program is healthy and vibrant. We are focused both on further driving the development of the program, as well as maintaining the quality of data within the program. In practice, what this means is that we are ensuring your Ideas are assigned to the right people, that the Product organization is highly aware of your Ideas, and that your Ideas are updated in a timely manner. We will be the first to tell you we don’t always get it right, but we are always striving to do better.

It has been an exceptional first half of the year for Splunk Ideas. We have been able to already mark 55 Ideas as shipped, which puts us in a great position to surpass our delivery for the entirety of 2022. That is a remarkable improvement in the traction that Splunk Ideas has across the organization, as well as in the overall health of the program. Below you will find a comprehensive list of all the Ideas that have shipped this year.

Splunk Ideas Shipped – Security:

1. Phantom Indicators: add a toggle to disable default indicator creation for new fields
2. Custom Threat Group Icons
3. Allow Custom Threat Intelligence Streams
4. Prompt - Datapath Input for User field
5. Scope toggle on VPE items to set the scope for data retrieval.
6. Support running Phantom in FIPS mode
7. Windows Defender ATP App to include additional investigative and response actions equilvant to other...
8. ThreatGrid App - Private Uploads
9. Phantom playbooks should have custom inputs, outputs and status indicators
10. OAUTH2 Authentication - HTTP App
11. Enhance the Parser app to be able to extract defang's URL's starting hxxp
12. Support the download of Threatgrid report in HTML format
13. Exchange EWS App - Add ability to ingest the actual email as a vault item.
14. Port Crowdstrike Falcon Host API actions to OAuth2 API app
15. Add additional actions into the Anomali App for Phantom
16. Add the submit file in sandbox function in the Zscaler application
17. Add support for newer Crowdstrike FalconX Sandbox APIs
18. Phantom playbooks and actions should operate in true parallel
19. Uplift Anomali ThreatStream App to include new actions
20. Add Optional Domain Field for G Suite for Gmail App
21. Add Message Trace to EWS for 365 Phantom App
22. Create Polyswam App for Phantom
23. Schedule Poll for MS Graph for Office 365
24. Add APIKey config parameter to HTTP app
25. Add app for McAfee Web Gateway
26. O365 SharePoint Online App
27. Improved UI for new correlation search
28. Add MITRE ATT&CK RBA visualizations to ES (from SOS demo)

Splunk Ideas Shipped – Observability:

1. Need to be able to "GroupBy" dimensions starting with "sf_" in Tables
2. It should be possible to exclude outliers for adaptive thresholding
3. Sparkline Display In ITSI "Dishonest"
4. Report the current time since the Unix epoch
5. Warn users of impending org token expiration
6. Allow ITSI to run normally during searchable index restarts
7. Add a refresh button on looking for traces
8. APM Trace View: start-time of Span
9. Ability to export Service Map via API
10. More flexibility for alerting/reporting with HTTP Status code
11. Metrics/attributes Dictionary within our public product documentation
12. getAll Segments API enhancement on existing getTraceById API
13. Support S390x and PPC64LE architectures on RHEL for the Smart Agent and OpenTelemetry Agent by provi...

Splunk Ideas Shipped – Platform:

1. DB Connect Support for multi-site HA
2. User Search History support in SH Clusters
3. Enhance the in-product capability to capitalize on user behavior data through the delivery of target...
4. Splunk Cloud public status page
5. Mac OS Unified Loging data input for audit log
6. Greatly reduce bottlenecks in the diagnostics process by integrating rapid diag functionality into t...
7. Splunk post-process searches (base searches) should allow the export / download option from the UI
8. Support for SmartStore in Azure Blob Storage
9. automate provisioning of apps, add-ons
10. Support for ingesting journald log events
11. Support for Linux CAP_DAC_READ_SEARCH capability
12. Supported Native CAC / PIV authentication
13. Windows Node support in Splunk Connect for Kubernetes
14. Optimize tstats for large clusters and data sets (aka please implement bloomfilters in tstats)

We remain committed and dedicated to providing excellent customer service to our world-class customers. We truly value the time and effort you all take from your busy lives to offer feedback that continually molds Splunk products into better, more usable forms. It is our top priority to ensure we continue to make you feel heard and valued. We are focused on the customer experience and are working diligently to reduce the amount of time taken to respond to your Ideas. In service of these goals, you can expect more communications efforts via user group communications and blog posts, and better engagement on the Splunk Ideas platform.

Thank you for all the feedback and support, and we look forward to continuing building products and features that meet your needs and exceed expectations.

Happy Splunking! 

Documentation & Links

• Splunk Ideas Portal
• Splunk Ideas Documentation
• Ideas for Splunk Ideas