In this demo first shown at Splunk.conf24, we look at the data-lake creation feature of Observo. Data is stored in the parquet format - a open columnar format. We also support searching the data-lake based on natural language search - under the hood this functionality uses LLM for text to SQL functionality. Use the rehydrate function to send any subset of data to the analytics platform of choice, on-demand. Consider keeping a smaller Splunk index, and use the lake for retention - retain more data, longer, for a lot less cost, all in a flexible format.

In this demo from Splunk.conf24, we look at a super voluminous source of data like flow logs and see how Observo pipeline’s Smart Summarization Engine helps reduce complexity and makes it much easier to find the needle in a haystack.

In this demo first aired at Splunk.conf24, we showed the flexible enrichment capabilities of the Observo AI pipeline. A common enrichment scenario for security teams is GeoIP enrichment - it involves adding geographical information to IP addresses. Among other things, GeoIP enrichment can be very useful for location based customization, threat analysis & network traffic pattern mining. Let us see how we do it.

In this demo, first shown at our Splunk.conf24 breakout session, we look at how easy it is to enforce data policies including PII obfuscation using Observo AI’s Smart Pipeline. Our data plane is written in Rust and supports extremely high performance scanning of patterns at wire speed. Let us see how we do it.

We take a look at the main dashboard of Observo AI and delve into concepts like Sources, Destinations, pipelines, and transforms. (set your quality to HD using the setting button below for more detail)

In this Observo AI demo from Splunk.conf24, we show how easy it is to drag and drop to create a pipeline from scratch and then we show how to transform data from Windows logs and XML into the Splunk CIM for easy ingestion to Splunk.

Observo sentiment analysis recognizes patterns of normal data and anomalies that need more investigation using our machine learning models. Alert fatigue happens when your teams are inundated with alerts that may have little to no important information in them. By using sentiment analysis, they can prioritize the alerts that need attention right away and which can be looked at later - resolve critical incidents faster before they spiral into a bigger problem. Our customers have reported 40% or more boost in incident resolution speeds.