autoMETA.

About autoMETA

Data Engineering · Agentic AI · Observability at Scale

Fifteen years building data and observability infrastructure for some of the most demanding companies on the planet. Apple, Splunk, eBay, Disney, Sony, Kaiser Permanente, TIAA, Bridgewater, RBS. We bring that same engineering rigor to distributed agentic systems on Anthropic Claude.

Now

Distributed Agentic Systems on Anthropic Claude

autoMETA builds production distributed agentic systems on Anthropic Claude and integrates Claude Code into existing engineering workflows to boost developer productivity.

That means designing custom subagent architectures, wiring up Model Context Protocol (MCP)integrations with internal systems, and codifying team workflows as repo-local Claude skills. It's the same kind of agentic primitive that turns Claude Code into a force-multiplier for an engineering org rather than a novelty.

The consulting practice pairs fifteen years of data engineering and observability fundamentals with current agentic AI tooling. The bet is simple. Most companies don't need yet another LLM demo. They need a team that can ship the boring-but-load-bearing parts (data, contracts, error handling, evals, ops) so the agentic layer actually holds up in production.

Flagship

autoMETA Operator for Splunk

autoMETA Operator for Splunk is the most concrete demonstration of what a real agentic system looks like in a data-heavy environment. It's a Claude-driven ML investigation layer that hangs off of a production Splunk estate.

A scheduled search fires. A custom Alert Action ships the results to an Agent Gateway. A hook router picks the right Claude agent. Claude decides which statistical tests to run, calls Python functions to crunch the numbers, interprets the results, and writes structured findings back into Splunk via HEC. From there it's dashboards, alerts, or downstream automation.

Agent Gateway

A Docker-based FastAPI service that sits alongside Splunk. Scheduled searches fire a custom Alert Action that ships results to the gateway. A hook router dispatches to the right Claude agent. Claude then drives a full ML investigation: choosing which statistical tests to run, calling Python functions, interpreting results, and writing structured findings back into Splunk via HEC.

Claude does the thinking. Python does the math.

Multi-Agent ML System

Specialized agents for distinct analytical concerns: Drift Detection (KS, PSI, chi-squared, z-score, PELT, FFT, Jensen-Shannon, Wasserstein), Anomaly Detection (Isolation Forest, MAD, DBSCAN, LOF, optional PyTorch autoencoder + LSTM), Log Intelligence (Drain3, sentence-transformer embeddings, TF-IDF), and Causal Analysis (Granger, Bayesian networks, NetworkX with PageRank).

Custom Claude Subagents

Repo-local agents in .claude/agents/: dashboard-builder, dashboard-deploy, dashboard-optimizer, design-consultant, theme-builder, theme-color-palette, theme-design-trend, theme-layout-panels. Each is a specialized agent that owns one concern of the dashboard and UI workflow.

Custom Claude Skills

Repo-local skills like install-team-plugins codify team workflows as first-class agentic primitives. Onboarding new engineers and rolling out plugin updates become one-shot operations driven by Claude, not tribal-knowledge runbooks.

Production-Grade Agentic Loop

Each agent gets a fresh Claude session with a module-specific system prompt and tool set. An asyncio semaphore caps concurrent agents (default 3), so API rate limits stay out of the way under heavy alert load.

ML Library (~3,700 LOC)

14 modules spanning Core (numpy / scipy / scikit-learn), Deep Learning (torch + sentence-transformers), NLP (drain3), and Causal (networkx + pgmpy). Baselines roll forward in the Splunk KV Store so models adapt to the environment they live in.

2022 – 2026

Data Architecture, Apple Retail Technology

  • Subject Matter Expert for onboarding high-volume, multi-format data sources into Splunk.
  • Technical evangelism: internal best-practices, brown-bag workshops, and org-wide enablement.
  • Planned and executed the Splunk 9 → 10 upgrade across the entire estate.
  • Forked Splunk data to S3 via a custom Python collector and auto-ingested into Databricks bronze delta tables.
  • Led a Databricks POC and trained predictive XGBoost models in PySpark/SQL (frame-drop detection).
  • Built Splunk API integrations that backed real-time high-availability in-store retail applications, with retry + backoff + circuit-breaker behavior tuned to their failure modes.
  • Multi-tier git integration (dev/stg/prod) for every data collection and pipeline notebook.
  • Architected real-time interactive dashboards for proprietary retail systems.
  • Directed a multi-phase Splunk migration from on-prem to Apple's internal managed service with IaC and CI/CD. Zero data loss.

Sectors We Serve

Finance

Trading floors, securities & insurance, retail banking, retirement, fraud detection. High-volume, high-stakes data infrastructure.

  • TIAA · Multi-tier Splunk + custom apps + VMware integration (2012–2013)
  • Royal Bank of Scotland · Founding role on the Virtualization Technologies team; 0 → 40%+ virtualized in 2 years (2008–2011)
  • Bridgewater Associates · Virtual trading floor diagnostic + design (2011–2012)
  • Pacific Life · Splunk Enterprise Security + Phantom automation (2013–2020)
  • Intuit · AWS-based big-data security logging architecture (2013)
  • Nice Actimize · Prototype security big-data systems on Docker + Splunk + Druid + Apache Superset (2022)

Healthcare

HIPAA-adjacent observability and security analytics for hospital systems and large healthcare providers.

  • Kaiser Permanente · Splunk Enterprise Security, UBA, AWS premium apps (2013–2020)
  • Johnson Memorial Hospital · Splunk implementation and operational analytics

Energy

Observability and machine-data platforms for energy-sector operators: pipelines, plant ops, and SCADA-adjacent log telemetry.

  • Energy-sector engagements · AutoMeta LLC consulting (2013–2020)

Tech

Hyperscale retail, e-commerce, media, communications and developer tooling. Where data engineering meets product velocity.

  • Apple · Data Architecture, Retail Technology. Splunk SME, Databricks POC, S3 forking, XGBoost frame-drop models (2022–2026)
  • Splunk · Cloud Operations. Managed SplunkCloud on AWS via Ansible, modules orchestrating 300+ clouds (2014–2016)
  • eBay · Splunk architecture and premium apps via AutoMeta LLC
  • Disney · Enterprise Security + Phantom automation engagements via AutoMeta LLC
  • Sony Interactive · Splunk implementations 100GB → 20TB scale via AutoMeta LLC
  • Zoom · MITRE ATT&CK correlation searches, Phantom playbooks, ES tuning (2020–2021)
  • Getty Images · Custom TAs + Python modular inputs (Zoom, Prometheus, Site24x7, PagerDuty); pioneered metrics index (2020–2021)

Fifteen Years, Selected Engagements

Independent Splunk Practice, AutoMeta LLC

2013 – 2020

Our independent Splunk consulting practice served eBay, Pacific Life, Kaiser Permanente, Sony Interactive, and Disney. We implemented Enterprise Security, Phantom automation, and ES + UBA + AWS premium apps. Implementations ranged from 100GB to 20TB.

Cloud Operations, Splunk

2014 – 2016

Operated SplunkCloud on AWS via Ansible. The modules we wrote orchestrated 300+ “clouds”: provisioning, patching, scaling.

Splunk & Security, Zoom

2020 – 2021

MITRE ATT&CK correlation searches, Phantom playbooks, and Enterprise Security tuning during pandemic-era scale-up.

Splunk Engineering, Getty Images

2020 – 2021

Custom TAs and Python modular inputs for Zoom, Prometheus, Site24x7, and PagerDuty. We pioneered the platform's use of the Splunk metrics index.

Big-Data Prototyping, Nice Actimize

2022

Prototyped security big-data systems on Docker + Splunk + Druid + Apache Superset for a financial crime detection use case.

Security Architecture, Intuit

2013

Architected AWS-based big-data security logging in the early days of cloud-native SIEM, before the patterns were standard.

Splunk Architecture, TIAA-CREF

2012 – 2013

Multi-tier Splunk deployment with custom apps and VMware integration across the retirement-services estate.

Trading Floor Engineering, Bridgewater Associates

2011 – 2012

Virtual trading floor diagnostic and design. Observability and reliability for one of the most data-driven hedge funds in the world.

*NIX & Virtualization, Royal Bank of Scotland

2008 – 2011

*NIX solutions engineering and a founding role on the Virtualization Technologies team. Drove the estate from 0 to 40%+ virtualized in two years.

Companies We've Delivered For

Direct engagements across fifteen years. Every name here means real, hands-on delivery. Not slide-deck logos.

  • Apple
  • Disney
  • Sony
  • eBay
  • Zoom
  • Splunk
  • Intuit
  • Kaiser Permanente
  • TIAA
  • Bridgewater
  • Pacific Life
  • RBS
  • Getty Images
  • Nice Actimize

Let's talk

Free 30-minute discovery call. We'll talk through your data stack, where agentic AI could actually move the needle for your team, and whether it makes sense to work together.

Book a Discovery Call