Splunk expands federation, Imply Lumi extends it to observability

Splunk’s Snowflake partnership is the latest sign of federation’s rise. The pattern is clear: stop duplicating data, query it where it sits. That model works for business data, and with Imply Lumi it now extends to observability and security. 

At this year’s Splunk .conf, Splunk announced a new capability: federated search with Snowflake.

At first glance, it might sound like a breakthrough. But federation — the ability to query data where it lives without duplicating it — has been a core part of analytics for years. Platforms like Snowflake, BigQuery, and Redshift all support it, and BI tools like Tableau and Looker federate data across systems into a single view.

What’s notable here is Splunk putting federation at the center of its own story. By spotlighting Snowflake, Splunk is acknowledging what customers have said all along: they’re tired of duplicating data and paying ingest fees just to search it. They want to query data where it already sits.

That principle should sound familiar if you stopped by our booth at .conf, where we launched Imply Lumi — the industry’s first Observability Warehouse, built on true decoupling.

Federation: An Arc, Not a One-off

Splunk’s Snowflake announcement is the latest chapter in a broader federation journey:

• AWS S3 Federation → early moves to let customers query security data in S3 without pulling everything into Splunk.
• Security Data Lake integrations → enabling federated search across external security stores.
• Now Snowflake → extending federation into the business data warehouse, enriching operational insights with financial, customer, and supply chain context.

The throughline is clear: Splunk knows customers don’t want to duplicate data. They want to access it where it already lives.

This arc reinforces our point: federation is the future. And while Splunk is extending it to business and security data, Imply Lumi applies the same principle to observability data — the hardest, highest-velocity workloads of all.

Industry Validation

The Splunk-Snowflake announcement validates what we’ve said from day one: silos must go. As Splunk SVP Kamal Hathi put it:

“Splunk Federated Search for Snowflake makes it simple for customers to access and act on their data, uniting business and operational insights in one view.”

Snowflake reinforced the point:

“This makes it easier for organizations to harness business and operational data, enabling insights to flow to where they are needed most to power data insights and AI innovation at scale.” — Carl Perry, Head of Analytics, Snowflake

We couldn’t agree more. Federation is the future. The only question is: which data, for which purpose?

Different Use Cases, Different Goals

Splunk’s Snowflake federation is designed for business data — transactions, customer records, supply chain metrics. It enriches Splunk queries with business context.

Imply Lumi, by contrast, is designed for security and observability data — logs, metrics, and traces that are massive, messy, and ingested at high-speed. That’s the data that drives MTTR, troubleshooting, and operational visibility.

In short: different data, different workloads, different goals.

How Imply Lumi goes further

Where Splunk + Snowflake helps enrich business data, Imply Lumi is built for the unique demands of observability. That means:

• Store more, spend less → extend retention windows, affordably
• Faster queries → subsecond performance on high-cardinality, high-volume workloads
• Broad ecosystem support → works with Splunk, Grafana, Cribl, Tableau, and more
• Zero workflow changes → keep your dashboards, alerts, and processes exactly the same

Bottom Line

Splunk’s announcement doesn’t reinvent federation — but it does validate it. That’s good for customers, good for the ecosystem, and proof of the approach we pioneered with Imply Lumi.

There’s also fine print:

“For Splunk Cloud AWS commercial customers, Splunk Federated Search for Snowflake will become generally available globally in July 2026.”

In other words, this capability is narrowly scoped today and won’t be broadly available for almost a year. For customers who want federation now — especially for observability — Imply Lumi is ready today.

Why wait? If you stopped by our booth at .conf, you already saw it: true decoupling, available now, with cost-efficient storage, faster queries, and seamless compatibility with the tools you already use.