Imply Lumi product update: what’s new

Since releasing Imply Lumi in September 2025 as a decoupled data layer for observability, the Imply R&D team has been hard at work to make it easier and more economical to retain, query, and analyze observability data — without disrupting existing workflows

This blog highlights recently delivered capabilities across ingestion, performance, and Splunk interoperability.

Ingest, retain, and access more observability data

Lumi is designed to store and query observability data at a fraction of the cost of traditional platforms, without forcing teams to choose between retention and performance.

We’ve made a number of significant performance improvements to help you make your datasets queryable as quickly as possible. By optimizing historical data loading with date-based partitioning and a dedicated processing queue, you can now efficiently load and query your historical datasets while keeping real-time events a priority. To help you easily identify and resolve data collection issues, we’ve added a view to identify unparsable events that weren’t able to be collected. 

Our event collection systems have optimized autoscaling and reduced memory and CPU utilization, resulting in higher ingestion scalability, reduced storage size, and lower query latency.

Predefined pipelines enable you to process common data types. Pipelines apply standard parsing and enrichment rules so your data is ready to use as soon as it’s ingested. We’re continuously expanding our out-of-the-box dataset coverage and support for VPC flow logs and Windows event logs is now available.

Operate with your existing workflows

Imply Lumi is built to extend Splunk, not replace it.

You can leverage  a wide range of SPL commands to query Lumi events from Splunk, including the core commands Splunk users rely on daily. Use stats to aggregate data, timechart and chart to visualize trends, and eval to create calculated fields. Filter results with search and where, extract patterns with rex, parse JSON with spath, and identify common values with top and rare. These commands give you the analytical power to explore Lumi event data directly from your familiar Splunk interface. 

You can easily update Splunk dashboards to point at Lumi events. This Splunk dashboard shows site activity from Apache web logs, querying using Lumi federated search:

We’ve been hard at work expanding our support for Splunk Knowledge Objects. Data models are now supported, allowing you to create a unified view of your data across both Lumi and Splunk. Configure the data model integration in Lumi to seamlessly analyze Lumi events alongside your Splunk data without changing your existing queries or workflows. For example, use the Web data model to analyze Lumi web server logs alongside your Splunk security events.

Lumi in your own cloud environment

Lumi Enterprise is now available. 

With Lumi Enterprise, you can deploy Lumi in your own AWS environment while retaining the benefits of the managed SaaS experience.

This deployment option enables:

• Greater control over data residency and compliance
• Deployment in regulated or restricted environments
• Seamless alignment with existing cloud infrastructure
  

What’s next

We’re excited to continue to expand  Imply Lumi’s performance, manageability, and ecosystem integrations as we build on its decoupled foundation for observability and security.
Check out the product preview blog and keep an eye on- the docs  for the latest updates as new capabilities and integrations become available.