Splunk Phantom 4.10 introduced many new enhancements, including the ability to develop playbooks in Python 3. In fact, Python 3 is now the default for Splunk Phantom playbooks. In doing so, we needed to create two different “playbook runners” to ensure we could continue to support playbooks written in Python 2.7 while also supporting Python 3. This may all sound like a bunch of technical jargon, but this process yielded one key epiphany:
If we can support two playbook runners, then why not more!?
With the release of Splunk Phantom 4.10.1, that’s exactly what we did. We now allow you to configure the number of playbook runners, using Python 2 and Python 3. (We call it “vertical scaling.”) It helps you to scale automation at your organization. By configuring multiple playbook runners, a single Splunk Phantom instance can now handle, run and execute multiple actions from different playbooks simultaneously.
Previously, Splunk Phantom was able to kick off one action at a time, creating an artificial bottleneck that wasn’t directly related to system resource utilization. The only resolution for environments experiencing this bottleneck was to move to a cluster model (or add new nodes if they were already in a cluster). In a 4.10.1 world, additional playbook runners can now be used to share the load and ensure Splunk Phantom gets the most out of the resources available to it. Vertical scaling not only allows your playbooks to run concurrently, which saves time; it also enhances performance while reducing the need for managing additional costly hardware.
Ready to try it for yourself? Check out the 4.10.1 release notes or download Phantom 4.10.1 to take advantage of the latest updates.
----------------------------------------------------
Thanks!
Ian Forrest
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.