Splunk and Snowflake bring federated search without the data-moving hangover - iTWire

Carl Perry from Snowflake discusses the company's new federated search integration with Splunk, announced at Splunk .conf 25 in Boston.

This collaboration enables organizations to search across both Splunk machine data and Snowflake business data simultaneously without centralizing or moving information. The integration allows teams to correlate operational incidents with business impacts through unified searches, maintaining data in its original location while providing a single interface for SecOps, ITOps, and engineering teams.

• Query Snowflake directly from Splunk using familiar SPL-like syntax while joining tables with Splunk indexes
• Built on open table formats, particularly Apache Iceberg, ensuring vendor-neutral flexibility and avoiding data lock-in
• Currently in design phase with plans to extend federated search capabilities to other platforms like Databricks and BigQuery
• Reduces costs and complexity by eliminating data movement while enabling cross-platform insights for better decision-making