Since releasing Imply Lumi in September 2025 as a decoupled data layer for observability, the Imply R&D team has been hard at work to make it easier and more economical to retain, query, and analyze observability data — without disrupting existing workflows.
This blog highlights recently delivered capabilities across ingestion, performance, and Splunk interoperability and previews what’s coming next.
Imply Lumi is designed to store and query observability data at a fraction of the cost of traditional platforms, without forcing teams to choose between retention and performance. You’ll soon be able to configure data deletion rules that automatically remove data based on filters and specific time periods to reduce costs and optimize query performance.
We’ve made a number of significant performance improvements to help you make your datasets queryable as quickly as possible. By optimizing historical data loading with date-based partitioning and a dedicated processing queue, you can now efficiently load and query your historical datasets while keeping real-time events a priority. To help you easily identify and resolve data collection issues, we’ve added a view to identify unparsable events that weren’t able to be collected. We’ll soon be releasing additional improvements that allow you to more easily manage and monitor data loading.
Our event collection systems have optimized autoscaling and reduced memory and CPU utilization, resulting in higher ingestion scalability, reduced storage size, and lower query latency.
Predefined pipelines enable you to process common data types. Pipelines apply standard parsing and enrichment rules so your data is ready to use as soon as it’s ingested. We’re continuously expanding our out-of-the-box dataset coverage. Support for VPC flow logs and Windows event logs is available now, with support for CrowdStrike Falcon Data Replicator, Wiz security and audit logs, and Palo Alto Networks logs coming soon.
Imply Lumi is built to extend Splunk, not replace it.
You can leverage a wide range of SPL commands to query Imply Lumi events from Splunk, including the core commands Splunk users rely on daily. Use stats to aggregate data, timechart and chart to visualize trends, and eval to create calculated fields. Filter results with search and where, extract patterns with rex, parse JSON with spath, and identify common values with top and rare. These commands give you the analytical power to explore Imply Lumi event data directly from your familiar Splunk interface.
You can easily update Splunk dashboards to point at Imply Lumi events. This Splunk dashboard shows site activity from Apache web logs, querying using Imply Lumi federated search:
We’ve been hard at work expanding our support for Splunk Knowledge Objects. Data models are now supported, allowing you to create a unified view of your data across both Imply Lumi and Splunk. Configure the data model integration in Imply Lumi to seamlessly analyze Imply Lumi events alongside your Splunk data without changing your existing queries or workflows. For example, use the Web data model to analyze Imply Lumi web server logs alongside your Splunk security events.
We’ll add support for lookups in an upcoming release, allowing you to enrich your Imply Lumi events with contextual data from reference tables like user details, asset information, and threat intelligence. This makes your data more actionable without requiring reingestion or restructuring.
Imply Lumi Enterprise is now available.
With Imply Lumi Enterprise, you can deploy Imply Lumi in your own AWS environment while retaining the benefits of the managed SaaS experience. Support for additional cloud providers is coming soon.
This deployment option enables:
We’re excited to continue to expand Imply Lumi’s performance, manageability, and ecosystem integrations as we build on its decoupled foundation for observability and security.
Check the docs for the latest updates as new capabilities and integrations become available.
The Most-Read Imply Blogs of 2025 (and what they signal for 2026)
Before we take on 2026, let’s rewind. 2025 was the year observability teams stopped asking, “How do we reduce data?” and started asking the real question: “How do we build an architecture that can keep...
Learn MoreThe Breaking Point for Observability Leaders
Observability is at a crossroads For years, observability has promised to give teams the visibility they need to keep digital services resilient. But as data volumes explode, many leaders are realizing the...
Learn MoreHow to Efficiently Scale Splunk with Imply Lumi
The Observability Warehouse that helps you keep more data, move faster, and spend less without changing how you work Observability Is Hitting Its Limits Splunk has long been the system of record for observability...
Learn More
Jill Osborne