Splunk’s Dhiraj Goklani on How Observability Fuels Digital Resilience in a Complex World – Part1

A key market player in security and observability solutions, Splunk announced a series of advancements to its observability platforms, including more seamless integration with Splunk AppDynamics and enhanced visibility into Kubernetes clusters. These enhancements are designed to streamline IT operations, providing teams with the tools they need to detect, investigate, and resolve issues in real-time. 

Founded in 2003, Splunk helps organizations explore and use the power of their data. Its unified security and observability platform enables teams to monitor, analyze, and act on real-time data, ensuring operational continuity and security. With the support of Cisco, following its acquisition in 2024, Splunk continues to innovate, supporting some of the largest and most complex organizations in the world. 

Dhiraj Goklani, the Area Vice President for South Asia, brings over 26 years of leadership experience to Splunk, guiding businesses in navigating the complexities of modern IT environments.

In this interview, Dhiraj sheds light on the evolving landscape of observability, the critical role it plays in ensuring digital resilience, and how organizations can adapt to the increasing challenges of cyber threats and operational complexity.

Splunk emphasizes “effective observability.” Can you break down what this means in a high-stakes environment and how it differs from traditional monitoring practices?

Traditional monitoring focuses on predefined metrics, offering snapshots of system performance. While valuable, it often operates reactively, identifying issues only after they arise. Observability, by contrast, represents a transformative shift—it enables teams to infer a system’s internal states from its external outputs, using telemetry data such as metrics, logs, and traces. This approach provides comprehensive insights in real-time, allowing organisations to proactively detect anomalies, diagnose root causes, and optimise system performance.

In practice, observability equips organizations to respond to cyber threats with agility and precision. For example, when a system exhibits unusual behavior, observability tools go beyond simply flagging the issue—they enable IT teams to ask exploratory questions, uncovering vulnerabilities that traditional monitoring might miss. This capability is especially critical given the stakes: a single downtime event can lead to a stock price drop of up to 9% and cause revenue losses of up to $49 million due to downtime.

Observability has firmly established itself as a critical component of modern IT operations. According to our latest State of Observability report, nearly half of survey respondents report using observability tools for two years or more, a notable increase from 36% just a year ago. Its benefits are well-established: reduced time spent troubleshooting, higher alert accuracy, faster issue detection, improved development velocity, and minimized downtime—to name just a few. 

By embedding observability into their defenses, organizations operating in high-risk environments can move from merely surviving attacks to outmaneuvering their adversaries, transforming systems into resilient, adaptive operations capable of addressing the unexpected.

The recent updates to Splunk’s observability portfolio aim to unify IT environments. How does this approach impact decision-making and collaboration across SecOps, ITOps, and development teams?

Many ITOps and engineering teams struggle with scattered visibility across their tech stack and lack insights into the performance issues impacting their business. 

Our expanded observability portfolio, now supercharged by AppDynamics, enables a seamless, unified experience that connects business and technical contexts across diverse environments, from three-tier architectures to microservices.

For decision-making, these innovations provide teams with deeper, actionable insights and automation. Enhanced features like Single Sign-On (SSO), deep linking, and improved dashboards streamline access to critical data, reducing mean time to detect (MTTD) and mean time to resolve (MTTR). By standardizing observability practices on a single platform, teams can quickly identify the root causes of issues—such as disrupted user transactions or supply chain outages—and take precise corrective actions.

Collaboration also improves as the unified observability platform bridges gaps between teams. For example, the Log Observer Connect allows users to transition seamlessly between dashboards and relevant logs, fostering smoother workflows. Enhanced Kubernetes monitoring further helps ITOps and engineering teams proactively address performance issues while integrating AI-driven features minimizes troubleshooting toil.

By breaking down silos and providing a shared operational view, Splunk empowers SecOps, ITOps, and development teams to work cohesively, bolstering organizational resilience in today’s complex tech landscape.

Observability is often seen as a cost-intensive strategy. How does Splunk ensure organizations achieve value without overspending on telemetry data processing?

Observability can indeed seem cost-intensive, but at Splunk, we’re focused on helping organizations maximize value without overspending. One of the ways we achieve this is through Metrics Pipeline Management (MPM), which we launched in 2023. It gives platform engineers the flexibility to control metrics data right at the point of ingest—without re-instrumentation. With MPM, teams can aggregate high-cardinality metrics into lower-cardinality ones, filter out unused data, and discard unnecessary metrics before storage. It’s all done through an intuitive interface or API, making it simple to implement and scale efficiently while keeping costs in check.

We’ve also introduced Archived Metrics, a low-cost storage solution that’s nearly 90% more affordable than our Real-Time Metrics tier. This lets organizations keep less critical data accessible for future troubleshooting while prioritizing high-value metrics for real-time analysis and alerts. Additional features like Route Exceptions also ensure teams can seamlessly move data between storage tiers based on their needs, so they always have the right data at the right time.

These tools work together to give organizations the control and flexibility they need to scale observability without sacrificing budget or service reliability. It’s about delivering value and empowering teams to focus on what matters most.

What role does AI play in combating false positives that contribute to burnout, as mentioned in your recent observability report?

AI plays a pivotal role in reducing false positives that contribute to burnout by enabling smarter, more efficient observability practices. Through AI-powered observability, particularly with AIOps, organizations can intelligently identify and address the root causes of incidents with greater automation, significantly reducing interminable noise and unnecessary alerts. This approach directly addresses the issue of alert fatigue, which 57% of respondents identified as problematic.

The impact is clear: 97% of organizations now rely on AI/ML systems to alleviate critical issues like talent fatigue, a dramatic rise from 66% last year. Leaders are seeing even greater benefits, with 85% reporting that AI and ML resolve half or more of their observability-related alerts monthly. 

By automating and streamlining alert resolution, AI not only reduces false positives but also empowers teams to focus on meaningful work, improving overall productivity and well-being.

How does Splunk’s AI-driven approach to anomaly detection improve the cybersecurity posture of organizations in the APAC region?

Splunk’s AI-driven anomaly detection strengthens the cybersecurity posture of organizations across the APAC region by tackling tool bloat and boosting operational efficiency.

According to Splunk’s 2024 State of Security Report, tool sprawl is a pervasive challenge, with 43% of organizations struggling to manage too many security tools and dashboards. In Japan, 35% of respondents report that their security stacks are overly complex, and 29% face difficulty analyzing all relevant security data. Similarly, Australian organizations face a higher prevalence of nation-state attacks (56% vs. 39% regional average), a challenge linked to insufficient visibility due to disparate tools.

Splunk’s AI-driven anomaly detection consolidates security insights into a unified platform, reducing reliance on multiple tools. By identifying data points and patterns that deviate from normal behavior—such as unusual network traffic or potential breaches—AI automates threat detection, mitigating the risk of dashboard overload and missed threats. This streamlined approach frees up staff bandwidth and enhances visibility, allowing teams to focus on investigating and responding to critical alerts.

Moreover, this reduction in tool sprawl minimizes operational and financial inefficiencies, such as duplicated data processing, license costs, and maintenance burdens. For organizations like those in Singapore (which use an average of 28 observability tools), Splunk’s AI solutions offer a path to greater productivity and more robust cybersecurity defenses. By leveraging AI for observability, APAC leaders can effectively future-proof their organizations against evolving threats in today’s tumultuous digital environment.

What are the key differences in cybersecurity observability practices across industries, such as aviation versus financial services, and how does Splunk adapt to these?

Cybersecurity observability practices vary across industries due to differing operational priorities, regulatory landscapes, and technology adoption rates. Splunk adapts its solutions to meet these unique needs by providing tailored observability capabilities that enhance visibility and efficiency across sectors.

In highly regulated industries like financial services, organizations leverage AIOps tools to consolidate data, achieving faster insights and exceptional ROI, with 67% surpassing their expectations. Splunk supports these capabilities by integrating with OpenTelemetry and offering solutions that provide granular control over data while ensuring compliance with stringent regulations. 

For example, The Bank of East Asia (BEA), a leading Hong Kong-based financial group, partnered with Splunk to standardize its security information and event management (SIEM) across international branches. By adopting the Splunk Cloud Platform, BEA gained full visibility into its global environment, reduced SIEM setup times from months to just one, and eliminated manual efforts in issue investigation. This centralization not only streamlined operations but also strengthened compliance and cybersecurity, enabling BEA to stay ahead in the ever-changing digital landscape.

On the other hand, industries like aviation—similar to manufacturing—often prioritize operational efficiency and reliability. Here, observability focuses on automating event grouping and leveraging AI for anomaly detection to improve system uptime. Splunk enables these practices by delivering real-time insights and predictive analytics, helping organizations detect and address anomalies before they escalate. 

Singapore Airlines, a Splunk customer, exemplifies this approach. Over the past five to seven years, they have transformed their internal culture to ensure all services are well-instrumented. This comprehensive instrumentation allows seamless integration between services—such as when users switch from the website to the mobile app to manage baggage. 

As a result, Singapore Airlines has achieved a 75% faster detection rate for emerging issues and reduced back-end service problems by more than 90%. Splunk’s solutions have enabled these improvements and empowered Singapore Airlines to deliver reliable and efficient services across its ecosystem.

Organizations continue to adapt to the complexities of modern IT environments and hence the insights shared by Dhiraj Goklani highlight the critical role that effective observability plays in building digital resilience. 

As businesses embrace these innovations, the importance of creating a strong observability strategy has never been clearer. Dhiraj emphasizes that the future of digital resilience lies in continuous adaptation, collaboration, and the proactive use of data to safeguard business operations.

This is part one of the interview, where Dhiraj talks about observability, its impact on organizational resilience, and the challenges businesses face in today’s environment. Stay tuned for part two, where we dive deeper into more insights and solutions.