SplunkTalk – #76 – Buzzword Bingo

August 11, 2016, 9:39 am

≫ Next: #splunkconf16 preview: Business Analytics, IoT & Industrial Data at .conf2016

≪ Previous: .conf2015 Highlight Series: City of LA and Splunk Cloud as a SIEM for Award-Winning Cybersecurity Collaboration

We’re getting the hang of this now?!? Maybe? Today’s episode we chat about some upcoming goodies like Hal’s Developer Lounge and Wilde’s Yoga Classes and much more at #Splunkconf16 at the Swan/Dolphin Hotel in Orlando. Clint has a new job at Splunk. Wilde celebrates his 10th year at Splunk and some funny stories about our bumpy time at 250 Brannan where we slowly took over that building — #pettingzoo. Splunk is in a fantastic new building next door, if you’re in SF, come for a visit #thereisalegoroom.

Episodes are recorded frequently. Live on the internet, on youtube! – Email us at splunktalk@splunk.com to ask questions and have them answered on air!

Audio:

Video:

Follow @michaelwilde

Follow @halr9000

Follow @clintsharp

↧

#splunkconf16 preview: Business Analytics, IoT & Industrial Data at .conf2016

August 30, 2016, 11:00 am

≫ Next: Splunk .conf2016 – the EMEA Angle!

≪ Previous: SplunkTalk – #76 – Buzzword Bingo

My favorite technology conference – Splunk .conf2016 is around the corner! Truth be told it feels more like a family reunion than an event. .conf2016 has grown leaps and bounds not only in terms of attendance, but also in terms of technical content, customer presentation, partners exhibiting, and just overall awesomeness!

.conf2016 promises to shine light on machine data like never before! Our amazing customers continue to push the boundaries of what is possible with Splunk, with their unique use cases and stories. No where is this more evident than our customers adopting Splunk for Business Analytics and IoT. If you plan to be at .conf2016, I would be sure to attend these sessions! These sessions will fuel your imagination, inspire you to look at machine data differently, and leverage Splunk in ways unimaginable before.

Splunk for Business Analytics

Tuesday, September 27:

10:30 AM – UniCredit Business Integrated Solutions S.C.p.A: Gaining New Insight Into the Payment Business Process. Speaker: Markus Sprunck.

11:35 AM – 2degrees: How Splunk Can Provide Real-Time Operational Insights to Drive Performance & Customer Excellence in a Call Center Environment. Speaker: Tracy Leighton.

11:35 AM – Shazam: Splunking the Systems that Support 120 Million Monthly Active Users. Speaker: Chris Kammermann

12:40 PM – Intelliflo: Business Analytics With Splunk – The Secret Behind our SaaS Growth Success. Speakers: Hamish Purdey. Robert Walton.

4:20 PM – BNW Consulting: Splunking SAP – Provide Instant Business Value by Unlocking SAP Data for IT, OT and Security Use Cases Across Your Enterprise. Speaker: Warwick Chai.

Wednesday, September 28:

11:00 AM – BBC: Splunk Cloud at BBC Worldwide: Operational and Business Analytics to Support a New Digital Service. Speaker: Zoe Bolton.

12:05 PM – UNLV: From IT Troubleshooting and Service Monitoring to Predicting Student Achievement: An Operations-Research Love Story. Speakers: Matthew Bernacki. Cam Johnson. Liz Whitaker-Freitas.

3:30 PM – MasterCard: Leveraging Splunk Analytics for Business Intelligence and DevOps: API Activity & Performance. Speaker: Tim Watkins.

4:35 PM – ICF Technology: Confidence in Conclusions: Leveraging Splunk for Data Driven Insights. Speaker: David Uslan.

Thursday, September 29:

10:15 AM – Gatwick Airport: – Gaining Business Analytics to build a data-driven airport – from vision to reality at Gatwick Airport. Speaker: Chris Howell.

10:15 AM – Splunk: Splunk at a Telco: Assessing Outages and Improving Customer Experience with Machine Learning. Speaker: Andrew Phillips.

11:20 AM – OTTO: Anomaly Detection on Business Items with Machine Learning Algorithms. Speakers: Andre Pietsch. Stefan Scholz.

11:20 AM – Splunk: Tracking Trading (FIX) Environments with Splunk. Speaker: Duncan Turnbull.

12:25 PM – Splunk: Monitor Your Business Transactions with Splunk to Gain Real-Time Insights Into Your Business Performance. Speakers: Romain Testu. Stephane Lapie.

2:35 PM – Dunkin’ Brands: Splunk for Donuts: Optimizing Donut Production at Dunkin with Splunk and Machine Learning. Speakers: Matthew Kraft. Brian Nash.

Splunk for IoT & Industrial Data

Tuesday, September 27:

10:30 AM – Infigen Energy: “Listen to the Wind, It Talks” – Monitoring Wind Energy Production from SCADA Systems with Splunk. Speaker: Victor Sanchez.

3:15 PM – Myriad Genetics: Monitoring Automated Genetic Diagnostic Laboratories. Speakers: Ben Miller. Larry Shatzer.

5:25 PM – Splunk: Splunk Improving Soldier’s Efficiency and Healthcare Logistics in the Battlefield. Speakers: Ramik Chopra. Justin Boucher.

Wednesday, September 28:

1:10 PM – DB Cargo AG: Internet of (Big Rolling) Things at DB Cargo’s European Rolling Stock: Increased Customer Satisfaction Through Higher Availability and Reliability. Speakers: Marcus Gössl. Mathias Sebastian Thomas.

2:15 PM – Shaw Industries Group Inc.: Splunk on the Shopfloor: Improving Plant Operations with Splunk. Speakers: Lin Stokes. Erika Swartz.

Thursday, September 29:

11:20 AM – Kinney Group: Analytics at Speed. Speaker: Laura Vetter.

12:25 PM – EnerNOC: – Monitoring the Industrial Internet of Things: A Guide to Application Performance Management with Splunk. Speaker: Chris Winkler.

1:30 PM – Enterprise Product Partners L.P: SCADA and Splunk – Soul Mates Forever. Speaker: Chris Duffy.

1:30 PM – Splunk: MQTT, AMQP and the other LMNOP’s of the IoT. Speaker: Brian Gilmore.

I can’t wait to see everyone there!

Manish Jiandani
Director, Solutions Marketing
Splunk Inc.

Follow @jiandani

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

There is still time to register!!

↧

Splunk .conf2016 – the EMEA Angle!

September 1, 2016, 1:52 am

≫ Next: #splunkconf16 preview: DevOps sessions you don’t want to miss

≪ Previous: #splunkconf16 preview: Business Analytics, IoT & Industrial Data at .conf2016

Hello everyone,
flight_emea Splunk .conf2016 is just 5 weeks away and we are excited that people from around the world will be heading to Orlando to make it our biggest event yet. To make your scheduling easier, I have summarized the sessions from EMEA customers at .conf2016, who are talking about how they
use Splunk for everything from transforming security, to successfully launching a new digital service. I have also added sessions from our channel partners who are joining from Europe.

wordcloud_emea_conf2016_c

This year, we are lucky enough to have Mike Stone, CIO at the UK Ministry of Defense, sp eaking as part of the security keynote on the Wednesday morning. He’ll be sharing his thoughts on digital transformation and how this impacts security.

Speakers	Title	Time	Session Focus
Markus Sprunck, Senior IT Architect, UniCredit Business Integrated Solutions S.C.p.A.	Gaining New Insight Into the Payment Business Process	Tuesday, September 27, 2016 \| 10:30 AM-11:15 AM	Business Analytics
Mika Borner, Management Consultant, LC Systems Christoph Dittmann, Senior Consultant, LC Systems	Superspeeding Transaction Monitoring with the kvtransaction Command	Tuesday, September 27, 2016 \| 11:35 AM-12:20 PM	Search Language
Chris Kammermann, Senior Infrastructure Engineer, Shazam	How the Splunk Platform Supports 120 Million Monthly Active Users	Tuesday, September 27, 2016 \| 11:35 AM-12:20 PM	Business Analytics
Nick Bleech, Head of Information Security, Travis Perkins	Real-world Advantages of Choosing a ‘Lean SOC’ Approach Over a ‘Legacy SOC’. Lessons Learned from the UK’s Largest Home Improvement Retailer.	Tuesday, September 27, 2016 \| 12:40 PM-1:25 PM	Security
Matthias Ilgen, Pre Sales Engineer, Robotron Datenbank-Software GmbH Kay Wuensche, Data Scientist, BMW Group	Using Data Anonymization Algorithms to Leverage Sensitive Data with Splunk	Tuesday, September 27, 2016 \| 12:40 PM-1:25 PM	Splunk Foundations
Hamish Purdey, Chief Executive, Intelliflo Robert Walton, COO, Intelliflo	Business Analytics With Splunk – The Secret Behind our SaaS Growth Success	Tuesday, September 27, 2016 \| 12:40 PM-1:25 PM	Business Analytics
Pal Mathisen, Senior Solutions Architect, Sopra Steria Halvar Myrmo, Senior Security Engineer, Telenor	Speeding Up Incident Response Using Splunk	Tuesday, September 27, 2016 \| 5:25 PM-6:10 PM	Security
Monzy Merza, Director of Cyber Research and Chief Security Evangelist, Splunk Inc. Haiyan Song, Senior Vice President, Security Markets, Splunk Inc. Mike Stone, CIO, UK Ministry of Defense	Transforming Security	Wednesday, September 28, 2016 \| 9:45 AM-10:30 AM	Security Keynote
Zoe Bolton, Head of Service Operations, BBC Worldwide	Splunk Cloud at BBC Worldwide: Operational and Business Analytics to Support a New Digital Service	Wednesday, September 28, 2016 \| 11:00 AM-11:45 AM	Business Analytics
Martin Muller, Consultant, Consist Software Solutions GmbH	Fields, Indexed Tokens and You	Wednesday, September 28, 2016 \| 11:00 AM-11:45 AM	Splunk Foundations
Marcus Gössl, Project Manager for TechLOK and Hybridization, DB Cargo AG Mathias Sebastian Thomas, Head of Asset and Technology Strategy, DB Cargo AG	Internet of (Big Rolling) Things at DB Cargo’s European Rolling Stock: Increased Customer Satisfaction Through Higher Availability and Reliability	Wednesday, September 28, 2016 \| 1:10 PM-1:55 PM	IoT Industrial Data
Gabriel Vasseur, Senior Cyber Security Analyst, Thales	Become a Regular Expressions Ninja and Unlock Your Splunk Potential	Wednesday, September 28, 2016 \| 2:15 PM-3:00 PM	Security
Chris Howell, Head of Business Systems, Gatwick Airport	Gaining Business Analytics to Build a Data-Driven Airport – from Vision to Reality at Gatwick Airport	Thursday, September 29, 2016 \| 10:15 AM-11:00 AM	Business Analytics
Dimitrios Margaritis, Team Leader, CERT-EU	Incident Detection and Response at CERT EU – Experiences From the Field	Thursday, September 29, 2016 \| 10:15 AM-11:00 AM	Threat Detection
Adegbenga Amusa, Calculation Engines, BNP Paribas Stephane Lapie, Sales Engineer, Splunk Inc.	From DevOps to BizOps	Thursday, September 29, 2016 \| 10:15 AM-11:00 AM	IT Operations
Andre Pietsch, Product Manager, OTTO (GmbH and Co. KG) Stefan Scholz, Senior Consultant Data Analytics, LC Systems GmbH	Anomaly Detection on Business Items with Machine Learning Algorithms	Thursday, September 29, 2016 \| 11:20 AM-12:05 PM	Business Analytics

Enjoy .conf2016,

Happy Splunking,

Matthias

↧

#splunkconf16 preview: DevOps sessions you don’t want to miss

September 1, 2016, 2:43 pm

≫ Next: #splunkconf16 sessions: Education

≪ Previous: Splunk .conf2016 – the EMEA Angle!

DevOps is hot and at our 7th Annual Splunk Users’ Conference .conf2016! in Orlando it will be sizzling! We have an entire sub-track dedicated just to DevOps. Our customers, technology partners, and Splunkers will be presenting a plethora of DevOps use cases suitable for newbies as well as DevOps ninjas. Below are some of the highlighted sessions.

Tuesday, September 27:

Biz-PMO-Dev-QA-Sec-Build-Stage-Ops-Biz: Shared Metrics as a Forcing Function for End-To-End Enterprise Collaboration (10:30am – 11:15am)
In his overview session, Andi Mann, Splunk’s Chief Technology Advocate will give a rundown of DevOps metrics that can be used enterprise-wide to enhance collaboration across a variety of teams including development, QA, security, Operations and more.

Building the Pipeline Presented by CSAA: Featuring DevOps and Splunk (12:40pm -1:25pm)
In this session, Doug Erkkila from CSAA Insurance Group and Domnick Eger, Splunk SE with prior developer experience will describe how CSAA uses Splunk software to manage their automated build pipeline. Spoiler alert! Star Wars fans will really love this session.

Splunk of War: Creating a Better Game Development Process Through Data Analytics (3:15pm – 4:00pm)
Join Phil Cousins, a principal engineer from Microsoft (The Coalition), in his exciting session where he will walk you through their unique “Gears of War 4” game development journey. You will see how this Microsoft team used Splunk software to unify all gaming data for improving their game quality and development process and ensuring ultimate gaming experience.

Puppet and Splunk: Better Together (4:20pm – 5:05pm)
Puppet CTO Deepak Giridharagopal will join me in presenting how a combination of two essential DevOps practices, automated configuration management, and proactive monitoring can boost your application delivery velocity. You will also learn about Puppet Enterprise App for Splunk and Puppet Enterprise Splunk module.

Wednesday, September 28:

Metrics-Driven DevOps with Jenkins and Splunk (11:00am – 11:45am)
If you have a popular CloudBees’ Jenkins platform, you cannot afford to miss this session! Brian Dawson, DevOps evangelist from CloudBees and Panos Papadopoulos, Product Management Director from Splunk will go over benefits of DevOps, continuous delivery and analyzing DevOps metrics. Panos will perform a live demo of how Splunk ITSI can be used to provide correlated DevOps insights from across your build toolchain including data from Jenkins, code repos, automation configuration and other important CI/CD data sources.

Data That Matters – A DevOps Expert Panel (1:10pm – 1:55pm)
Do not miss this live DevOps Expert panel where Hal Rottenberg, Splunk’s ITOA Staff Practitioner will host all-star speakers including Puppet CTO Deepak Giridharagopal, Splunk’s Chief Technology Advocate, Andi Mann, Microsoft’s Principal Software Engineer Phil Cousins,Intuit’s Sumit Nagal, Principal Engineer in Quality and CSAA Insurance Group PAS Capacity Analyst Doug Erkkila

Data-Driven DevOps (3:30pm – 4:15pm)
Join this session where our technology partner Ansible (Red Hat) and our customer Surescripts will be presenting on data-driven automation and how insights from Ansible Tower and Splunk software can help you increase quality and speed of your build pipeline. You will get an exclusive chance to see a live demo of Ansible Tower App for Splunk.

The Impossibles: A Story from A DevOps Team (4:35pm – 5:20pm)
Are you an Atlassian shop? Come and see how VeriStor helped their customers reduce app delivery cycles from 22-week to 30 minutes by integrating Splunk software with Atlassian data sources such as JIRA, HipChat, Jira Service Desk and others.

Thursday, September 29:

From DevOps to BizOps (10:15am – 11:00am)
Join BNP Paribas and Splunk where they will walk you through this bank DevOps journey and how they used Splunk software to shatter their organizational silos and increase business value.

Ultimately, your biggest problem will be which session to choose! Don’t worry – if you miss any live sessions or cannot join us in the happiest place on Earth, we will have sessions recorded and posted on our .conf2016 website.

I am looking forward to seeing you in Orlando.

Stela Udovicic
Sr. Product Marketing Manager
Splunk Inc.

Follow @stela_udo

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

There is still time to register!!

↧

#splunkconf16 sessions: Education

September 6, 2016, 8:20 am

≫ Next: #splunkconf16 sessions: Public Sector

≪ Previous: #splunkconf16 preview: DevOps sessions you don’t want to miss

SCL-Splunk-conf2016-preview-BigDataIdeas_twtr1-440x220 Here is a breakdown of all sessions at Splunk .conf2016 pertaining to education. You can read my breakdown of all Public Sector sessions here. I’ve separated them out by skill level.

Can’t wait to see you all in Orlando!

Best,
Ashok Sankar
Director, Solutions Strategy – Public Sector & Education
Splunk Inc.

Follow @ashoksankar

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

Good for all skill levels:

Best Practices & Better Practices for Admins
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices

Monitoring and Troubleshooting Docker Across Cloud and On-Prem Environments
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting

What’s New For Splunk Enterprise and Cloud
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Developer, CTO, CIO, Business Manager, Architect, Administrator | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: What’s New?!

Behind the Magnifying Glass: How Search Works
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Developer, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices

Writing Actionable Alerts
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Products: Splunk Enterprise | Role: Operations Manager, Administrator, Security Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices

Rebalancing Data Across an Indexer Cluster
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Administrator | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: What’s New?!

“Splunking” Your z/OS Mainframe
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Operations Manager, CIO, CISO, CTO | Track: IT Operations | Session Focus: Big Data Architecture | Other Topics: Big Data Architecture, Platform extensibility, Getting Data In, Logging Frameworks

An Ongoing Mission of Service Discovery
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Products: Splunk IT Service Intelligence | Role: Developer | Track: IT Operations | Session Focus: Service Monitoring

It’s 10PM – Do You Know Where Your Data Is?
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: Getting Data In, Best Practices

How to Run Splunk as a Docker Image?
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices, Big Data Architecture

Search Optimization
Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion, Data Scientist/Analyst, Administrator | Track: Splunk for Operational Intelligence | Session Focus: Search Language | Other Topics: What’s New?!, Best Practices

TCO Savings Through Storage Reduction
Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk for Operational Intelligence | Session Focus: Managing Splunk | Other Topics: Best Practices, Big Data Architecture

Beginner:

Biz-PMO-Dev-QA-Sec-Build-Stage-Ops-Biz: Shared Metrics as a Forcing Function for End-To-End Enterprise Collaboration
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Products: Splunk Enterprise, Splunk Cloud | Track: IT Operations | Session Focus: DevOps

Time After Time – Comparing Time Ranges in Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices

Puppet and Splunk: Better Together
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Splunk Enterprise, Other, Splunk Cloud | Track: IT Operations | Session Focus: DevOps

Splunk UBA – A Data Scientist in a Box
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Other | Track: Security / Compliance / Fraud

Exploring the Frameworks of Splunk Enterprise Security
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Products: Splunk Enterprise, Splunk Enterprise Security | Role: Administrator | Track: Security / Compliance / Fraud | Session Focus: Using Splunk | Other Topics: Best Practices

Splunking AWS for End-to-end Visibility
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: Cloud Strategies | Other Topics: Amazon Web Services, Customer Success Story

I’m a Windows Girl, In a Red Hat World: Reducing the Splunk Learning Curve
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Adopting Splunk

Enriching Your Data Using the Latest Features of Splunk DB Connect
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Architect, Developer | Track: Splunk for Operational Intelligence | Session Focus: Using Splunk | Other Topics: DB Connect, What’s New?!

Deploying Splunk Enterprise on Microsoft Azure Cloud
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Operations Manager, Architect | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Big Data Architecture, Best Practices, Customer Success Story

Easing into Clustering
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Big Data Architecture, Best Practices

Securing Splunk with Proxy SSO, SAML and Multi-Factor Authentication
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Products: Splunk Enterprise | Role: Security Analyst, Administrator, Splunk Technical Champion, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: What’s New?!

Making the Most of the Splunk Scheduler
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk Enterprise | Role: Data Scientist/Analyst, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices

Best Practices & Better Practices for Users
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Security Analyst, Administrator | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: Best Practices

Splunking your Mobile Apps
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Track: IT Operations | Session Focus: Mobile Intelligence | Other Topics: httpEventCollector

Search Head Clustering – Basics to Best Practices
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices, Big Data Architecture

Forwarder Management in Splunk Cloud
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Splunk Technical Champion, CIO | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices, Amazon Web Services, What’s New?!

Best Practices for Deploying Splunk on Amazon Web Services
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Operations Manager, Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Customer Success Story, Amazon Web Services, Best Practices

Intermediate:

Worst Practices… and How to Fix Them
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices

Faster Splunk App Certification with Splunk AppInspect
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Products: Splunk Enterprise, Other, Splunk Cloud | Role: Developer, Architect, Splunk Technical Champion | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Development Best Practices, Platform extensibility, What’s New?!, Best Practices, App Ecosystem

Ransomware Wrangling with Splunk
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Industries: Technology | Products: Splunk Enterprise Security, Splunk User Behavior Analytics | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Best Practices for Developing Splunk Apps and Add-ons
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Products: Splunk Cloud, Splunk Enterprise, Splunk IT Service Intelligence | Role: Architect, Splunk Technical Champion, Developer, Administrator | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Logging Frameworks, Platform extensibility, Getting Data In, Best Practices, App Ecosystem, Development Best Practices

Anatomy of a Successful Splunk IT Service Intelligence Deployment
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring

Dashboard Wizardry
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Developer, Administrator | Track: Splunk Foundations | Session Focus: Using Splunk

Anomaly Hunting with Splunk Software
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: hunting | Other Topics: Best Practices

Architecting Splunk for High Availability and Disaster Recovery
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Operations Manager, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices

What’s New – Custom Visualizations
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, CIO, Developer, Business Manager, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: customVisualizations

Jiffy Lube Quick Tune-up for Your Splunk Environment
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices

From IT Troubleshooting and Service Monitoring to Predicting Student Achievement: An Operations-Research Love Story
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Industries: Higher Education, Public Sector | Products: Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Architect | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Getting Data In

Splunk App Lifecycle Management – With More Peace, Love and Rock-n-Roll!
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Developer, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Development Best Practices, Dev Tools, Platform extensibility, What’s New?!

Splunk Data Collection Best Practices
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Products: Splunk Enterprise, Other | Role: Splunk Technical Champion, Architect, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Getting Data In, Best Practices

Best Practices for Working with Splunk Cloud
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Operations Manager, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Cloud Strategies | Other Topics: Best Practices

Dashboards, Alerting, Reporting and Visualization – What’s New
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Products: Splunk Cloud, Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Data Scientist/Analyst, Developer, Operations Manager, CIO, Administrator | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise What’s New | Other Topics: What’s New?!, customAlertActions, customVisualizations

How to Use Splunk to Detect and Defeat Fraud, Theft and Abuse
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Fraud | Other Topics: Best Practices

How to Use Splunk For Automated Regulatory Compliance
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk Enterprise, Splunk Enterprise Security, Other | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Compliance | Other Topics: Best Practices

Onboard Your Data Faster Using the Splunk Add-on Builder
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk Cloud, Splunk Enterprise, Splunk IT Service Intelligence, Splunk Enterprise Security | Role: Administrator, Developer, Splunk Technical Champion, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Logging Frameworks, What’s New?!, Getting Data In, Best Practices

Through the Security Looking Glass: Operationalizing Cloud Enterprise Security – an Adaptive Response Approach
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk User Behavior Analytics, Splunk Cloud, Splunk Enterprise, Splunk IT Service Intelligence, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

The Power of Data Normalization: A Look at CIM Under the Hood
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Industries: Other | Products: Splunk Enterprise | Role: Architect, Operations Manager, Developer, Splunk Technical Champion, Data Scientist/Analyst, Security Analyst, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices, Getting Data In

Advanced:

Building Splunk Visualizations with the New Custom Visualization API
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Developer, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Platform extensibility, custom Visualizations, What’s New?!

Integrating with Third-Party Tools using Splunk Alert Actions
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Products: Splunk IT Service Intelligence, Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion, Architect, Administrator, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: customAlertActions, Platform extensibility, What’s New?!, Dev Tools, Best Practices

Using the Splunk Machine Learning Toolkit to Create Your Own Custom Models
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Products: Splunk Enterprise, Splunk Cloud | Role: Operations Manager, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning, What’s New?!

Observations and Recommendations on Splunk Performance
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices

HTTP Event Collector in Splunk – More Super Powers!
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Products: Splunk Enterprise, Splunk Cloud | Role: Splunk Technical Champion, Developer, Architect, Administrator | Track: Developing | Session Focus: Splunk Enterprise Whats New | Other Topics: Logging Frameworks, Dev Tools, Platform extensibility, What’s New?!, Getting Data In, httpEventCollector

Put a Spark in your |
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Big Data Architecture | Other Topics: Platform extensibility

Search: Under the Hood
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Splunk Classics

Solve Big Problems with Machine Learning
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk User Behavior Analytics, Splunk Enterprise, Splunk Cloud, Splunk IT Service Intelligence, Other | Track: Splunk for Operational Intelligence | Other Topics: Machine Learning

Splunk IT Service Intelligence: Keep Your Boss and Their Bosses Informed and Happy (and Still Have Time to Sleep at Night)!
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring

↧

#splunkconf16 sessions: Public Sector

September 6, 2016, 8:23 am

≫ Next: #splunkconf16 preview: Public Sector & Education

≪ Previous: #splunkconf16 sessions: Education

SplunkGov Logo Here is a breakdown of all sessions at Splunk .conf2016 pertaining to Public Sector. You can read my breakdown of all Education sessions here. I’ve separated them out by skill level.

Can’t wait to see you all in Orlando!

Best,
Ashok Sankar
Director, Solutions Strategy – Public Sector & Education
Splunk Inc.

Follow @ashoksankar

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

Good for all skill levels:

Agency Chargeback Models to Enable Splunk Enterprise Deployments
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Products: Splunk Enterprise | Role: CIO, Splunk Technical Champion, Operations Manager, Business Manager, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices

Splunk Improving Soldier’s Efficiency and Healthcare Logistics in the Battlefield
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Products: Splunk Enterprise | Role: Architect, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Getting Data In, Machine Learning, customVisualizations, Thought Leadership

Buckets Full of Happy Tiers – Scale Out Enterprise Infrastructure and Splunk Apps for Deploying Massive and Efficient Splunk Environments
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Industries: Technology | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting

“Splunking” Your z/OS Mainframe
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Industries: Manufacturing, Retail, Other, Energy & Utilities, Communications, Healthcare, Financial Services, Higher Education | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Operations Manager, CIO, CISO, CTO | Track: IT Operations | Session Focus: Big Data Architecture | Other Topics: Big Data Architecture, Platform extensibility, Getting Data In, Logging Frameworks

Monitoring the Industrial Internet of Things: A Guide to Application Performance Management with Splunk
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk Enterprise | Role: Developer, Splunk Technical Champion, Operations Manager, Administrator, Architect | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Customer Success Story, Dev Tools, Best Practices, Development Best Practices

SCADA and Splunk – Soul Mates Forever
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk Enterprise | Role: Operations Manager, Security Analyst | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Platform extensibility, Customer Success Story, Getting Data In

Good for beginners:

Easing Into Clustering
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Big Data Architecture, Best Practices

Using Splunk to Create the First HIPAA Cloud Compliant Infrastructure at Harvard to Secure Clinical and Genetic Patient Data on AWS
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, CISO | Track: Splunk for Operational Intelligence | Session Focus: Compliance | Other Topics: Amazon Web Services, Customer Success Story, Thought Leadership

Splunk UBA – A Data Scientist in a Box
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Other | Track: Security / Compliance / Fraud

Calculated Risks: Continuous Diagnostics and Mitigation for the World’s Largest Enterprise
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Products: Splunk Enterprise Security, Splunk Enterprise | Track: Security / Compliance / Fraud

Modernizing Enterprise Monitoring at the World Bank Group Using Splunk IT Service Intelligence
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring

Keeping the Junk Out of Splunk – Maximizing the Value of Your Splunk License and Being Prepared for Floods of Data.
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices, Getting Data In

Building a Next-Gen Security Analytics Engine in the Cloud
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Global Enterprise Security Without Security Analysts…Yes You Can!
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Enterprise Security | Role: Administrator | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

The Practical Benefits of a Behavioral Solution for Enterprise Cybersecurity
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Products: Splunk User Behavior Analytics | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Universal Forwarder Security: Don’t Input More Than Data Into Your Splunk Environment
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Security Analyst, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices

Gaining Business Analytics to Build a Data-Driven Airport – from Vision to Reality at Gatwick Airport
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Products: Splunk Cloud | Role: CISO, CIO, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Platform extensibility

Intermediate:

Security Ninjutsu Part Three: Real-World Correlation Searches
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Products: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

“Listen to the Wind, It Talks” – Monitoring Wind Energy Production from SCADA Systems with Splunk
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Products: Splunk Enterprise | Role: Business Manager, Architect, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Getting Data In, Customer Success Story

Scaling Security Incident Investigations with Interactive Event Graphs and Spark
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Products: Splunk Enterprise, Splunk Cloud | Role: Business Manager, CIO, CISO, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, CTO, Architect | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: customVisualizations, Big Data Architecture, Platform extensibility

It Seemed Like a Good Idea at the Time…Architectural Anti-Patterns
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices

PowerShell Power Hell: Hunting for Malicious Use of PowerShell with Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Indexer Clustering Internals, Scaling, and Performance
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Big Data Architecture | Other Topics: Big Data Architecture

Harnessing Performance and Scalability with Parallelization
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: What’s New?!

What’s New: The Unification of Splunk Enterprise and Analytics on Hadoop
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Products: Other, Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator, Developer, Data Scientist/Analyst, Security Analyst | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: What’s New?!, Big Data Architecture, Getting Data In

Splunk App Lifecycle Management – With More Peace, Love and Rock-n-Roll!
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM

Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Developer, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Development Best Practices, Dev Tools, Platform extensibility, What’s New?!

Hunting Adversaries with Pictures – Splunk, OSINT and Visualization
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Demystifying Machine Learning and Anomaly Detection: Practical Applications in Splunk for Insider Threat Detection and Security Analytics
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

End-to-End Splunk Use Case Development: Requirements, Testing, and Execution
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

How to Scale: From _raw to tstats
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Products: Splunk Enterprise Security, Splunk Enterprise, Splunk IT Service Intelligence | Role: Architect, Data Scientist/Analyst, Administrator, Splunk Technical Champion, Security Analyst | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices

Lesser Known Search Commands
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Products: Splunk Enterprise | Role: Administrator, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices

Splunking the Endpoint: Hands On!
Wednesday, September 28, 2016 | 3:30 PM-5:00 PM
Thursday, September 29, 2016 | 12:25 PM-1:55 PM
Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Extending SPL with Custom Search Commands and the Splunk SDK for Python
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, Developer, Architect, Splunk Technical Champion | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Platform extensibility, Getting Data In, Best Practices

Incident Detection and Response at CERT EU – Experiences From the Field
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Anomaly Detection on Business Items with Machine Learning Algorithms
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Products: Other, Splunk Enterprise, Splunk IT Service Intelligence | Role: Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Machine Learning

Shop Smart at the KV Store: Best Value Tricks from the Splunk KV Store and REST API
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Products: Splunk Enterprise Security, Other, Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Security Analyst, Developer, Architect, Administrator | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: What’s New?!, Best Practices

Monitor Your Business Transactions with Splunk to Gain Real-Time Insights into Your Business Performance
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Architect | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Getting Data in, Thought Leadership

Onboard Your Data Faster Using the Splunk Add-on Builder
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
INTERMEDIATE | Products: Splunk Cloud, Splunk Enterprise, Splunk IT Service Intelligence, Splunk Enterprise Security | Role: Administrator, Developer, Splunk Technical Champion, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Logging Frameworks, What’s New?!, Getting Data In, Best Practices

Autonomous Threat Hunting with Niddel and Splunk Enterprise Security: Mars, Inc. Customer Case Study
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Products: Splunk Enterprise Security, Splunk Cloud | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Advanced:

Satellites, Choropleth Maps, and ITSI… oh my!
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Products: Splunk IT Service Intelligence | Role: Architect | Track: IT Operations | Session Focus: Service Monitoring

Splunk and Open Source Integrations with Spark, Solr, Hadoop and NoSQL Storage
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Enterprise | Track: Splunk for Operational Intelligence | Session Focus: Big Data Architecture | Other Topics: Thought Leadership, Platform extensibility, Big Data Architecture

“Finding Your Faults Before Mom” – Deploying Splunk for IT Troubleshooting and Capacity Planning on Large Scale Integrated Datacenter Infrastructure
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Products: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Deploying Splunk

Hunting the Known Unknowns: The Powershell Edition
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Industries: Other | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices

Advanced Machine Learning in SPL with the Machine Learning Toolkit
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk Enterprise, Other | Role: Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Machine Learning

The Truthiness of Wire Data: Using Splunk App for Stream for Performance Monitoring
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Products: Splunk IT Service Intelligence | Track: IT Operations

MQTT, CEP and the other LMNOP’s of the IoT
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Products: Splunk Cloud, Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Architect, Administrator, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Getting Data In, httpEventCollector, What’s New?!, Platform extensibility, Thought Leadership

↧

#splunkconf16 preview: Public Sector & Education

September 6, 2016, 1:12 pm

≫ Next: #splunkconf16 preview: IT Operations Track – Choose your own adventure!

≪ Previous: #splunkconf16 sessions: Public Sector

SCL-Splunk-conf2016-preview-BigDataIdeas_twtr1-440x220

Splunk .conf2016 is just around the corner. If you are still contemplating attendance or have never attended one before, I highly recommend you take a look at some highlights from .conf2015. When our customers attend either our SplunkLive! or Discovery Day events held across the country, they walk away with a ton of information on the value Splunk can offer and how it extends their investments in it further. Well, .conf is the super bowl of events for Splunk.

Between Sept 26 and 29, hosted at the Walt Disney Swan and Dolphin resorts in Orlando, FL, the event will bring 4,500+ professionals from across the globe for non-stop education, networking, and fun. It is an opportunity to see how customers in a variety of industries are leveraging Splunk, learn new features and how to use them, and network with your peers to collaborate and learn from each other.

With over 175 sessions featuring Splunk speakers, customers and partners, it can be a bit daunting to decide which sessions to attend to maximize your experience. We do have an agenda builder that I would highly recommend you avail. It will certainly enhance your experience. To make it even simpler, here are two ‘virtual session agendas’ – one for government and one for education – you can use as guidelines to choose specific sessions from. This agenda is specifically patterned with you in mind, so you can maximize your learning and experience.

Additionally, there are keynote presentations throughout the week that will be of interest to everyone in attendance.

If you have not already registered, I encourage you to do so. Because this year promises to be the best yet, especially if you are with a government agency or an educational institution. Why? Because these 3 days in September are packed with learning and extracurricular activities aimed at helping you solve your challenges, address your concerns and extend your investments in Splunk.

Hope to see you there!

Best,
Ashok Sankar
Director, Solutions Strategy – Public Sector & Education
Splunk Inc.

Follow @ashoksankar

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

↧

#splunkconf16 preview: IT Operations Track – Choose your own adventure!

September 7, 2016, 9:00 am

≫ Next: #splunkconf16 preview: The DNA of Big Data and Big Ideas in Healthcare at .conf2016

≪ Previous: #splunkconf16 preview: Public Sector & Education

Does anyone else remember the ‘choose your own adventure books’ from the 90s? I do, and this year’s #splunkconf16 has me almost as excited as getting a brand spankin’ new pile of books. Just kidding, 2016 user conference is going to be much, much better!

(No, this is not an ITSI Glass Table)

Splunk .conf2016 is coming up fast, and everyone on the Splunk team is excited to head down to the happiest place on earth for this year’s user conference. Check out some key details below about the great sessions that will be featured in the Splunk IT Operations track this year at .conf 2016. This year, we’ve made it easy for you by parsing the sessions into some easy-to-follow tracks. Session speakers will be covering everything from how to drive critical business decisions to maximizing operational efficiencies to Splunk for DevOps to smarter IT analytics with Splunk IT Service Intelligence. Below we sort through ~200 sessions to find a series to attend based on your interests. So go ahead, choose your own adventure!

ITSI Beginner:

For Customers who are new to our premium solution offering for IT professionals, IT Service Intelligence. These sessions will give you an overview of how you can leverage IT Service Intelligence in your organization to make better business decisions.

Introduction to Splunk IT Service Intelligence with Alok Bhide, Principal Product Manager, Splunk Inc. and David Millis, Staff Architect, IT Operations Analytics, Splunk Inc
- Tuesday, September 27, 2016 at 10:30am -11:15am AND Wednesday, September 28, 2016 at 1:10pm- 1:55pm
Earn a Seat at the Business Table with Splunk IT Service Intelligence with Erickson Delgado, Architect, Development Operations, Carnival Corporation and Juan Echeverry, Application Automation Engineer, Carnival Corporation, and Marc Franco, Manager, Web Operations, Carnival Corporation
- Tuesday, September 27, 2016 at 11:35am-12:20pm
How Anaplan Used Splunk Cloud and ITSI to Monitor Our Cloud Platform with Martin Hempstock, Monitoring and Metrics Architect, Anaplan
- Tuesday, September 27, 2016 at 3:15pm-4:00pm
Modernizing Enterprise Monitoring at the World Bank Group Using Splunk It Service Intelligence with Michael Makar, Sr Manager, Enterprise Monitoring, World Bank Group
- Tuesday, September 27, 2016 at 5:25pm-6:10pm
Splunk IT Service Intelligence: Keep Your Boss and Their Bosses Informed and Happy (and Still Have Time to Sleep at Night)! With Jonathan LeBaugh, ITOA Architect, Splunk
- Thursday, September 29, 2016 at 2:35pm-3:20pm

ITSI Advanced:

For customers who are familiar with our premium solution offering for IT Professionals, IT Service Intelligence. These sessions will go into greater detail into the why, what, and how to maximize the productivity of your current or future IT Service Intelligence deployment.

Machine learning and Anomaly Detection in Splunk IT Service Intelligence with Alex Cruise, Senior Dev. Manager/Architect, Splunk and Fred Zhang, Senior Data Scientist, Splunk
- Tuesday September 27, 2016 at 4:20pm- 5:05pm
An Ongoing Mission of Service Discovery with Michael Donnelly, ITOA Solutions Architect, Splunk and Ross Lazerowitz, Product Manager, Splunk
- Thursday, September 29, 2016 at 11:20am-12:05pm
Anatomy of a Successful Splunk IT Service Intelligence Deployment with Martin Wiser, ITOA Practitioner, Splunk
- Tuesday, September 27, 2016 at 12:40pm-1:25pm

IT Troubleshooting (and monitoring!):

For customers looking to learn more about Splunk for application management, Splunk to reduce costs and drive operational efficiencies, and how to get started with Splunk.

Splunk gone wild! Innovating a large Splunk solution at the speed of management with Kevin Dalian, Team Lead- Tools and Automation, Ford Motor Company and Glen Upreti, Professional Services Consultant, Sierra-Cedar
- Thursday, September 29, 2016 at 11:20am-12:05pm
How MD Anderson Cancer Center Uses Splunk to Deliver World Class Healthcare When Patients Need it the Most with Ed Gonzalez, Manager- Web Operations, MD Anderson Cancer Center, and Jeffrey Tacy, Senior Systems Analyst, MD Anderson Cancer Center
- Thursday, September 29, 2016 at 10:15am-11:00am
Splunking your Mobile Apps with Bill Emmett, Director, Solutions Marketing, Splunk, and Panagiotis Papadopoulos, Product Management Director, Splunk
- Thursday, September 29, 2016 at 12:25pm-1:10pm
Great, We Have Splunk at Yahoo!… Now What? With Dileep Eduri, Production Engineering, Yahoo and Indumathy Rajagopalan, Service Engineer, Yahoo and Francois Richard, Senior Engineering Director, Yahoo, and Tripati Kumar Subudhi, Senior DevOps, Yahoo
- Tuesday, September 27, 2016 at 11:35am-12:20pm
The Truthiness of Wire Data: Using Splunk App for Stream for Performance Monitoring with David Cavuto, Product Manager, Splunk
- Thursday, September 29, 2016 at 12:25pm-1:10pm

DevOps and Emerging Trends:

Check out these sessions to learn more about how you can leverage Splunk within your organization to move to continuous delivery and implement a DevOps culture shift.

Biz-PMO-Dev-QA-Sec-Build-Stage-Ops-Biz: Shared Metrics as a Forcing Function for End-to-End Enterprise Collaboration with Andi Mann, Chief Technology Advocate, Splunk Inc
- Tuesday, September 27, 2016 at 10:30am-11:15am
Splunks of War: Creating a better game development process through data analytics with Phil Cousins, Principal Software Engineer, The Coalition, Microsoft
- Tuesday, September 27, 2016 at 3:15pm-4:00pm
Puppet and Splunk: Better Together with CTO and Chief Architect, Puppet and Stela Udovicic, Senior Product Marketing Manager, Splunk
- Tuesday September 27, 2016 at 4:20pm-5:05pm
Splunking the User Experience: Going Beyond Application Logs with Doug Erkkila, PAS Capacity Management Analyst, CSAA Insurance Group
- Thursday, September 29, 2016 at 1:30pm-2:15pm
Data That Matters, A DevOps Expert Panel featuring Phil Cousins, Microsoft and Doug Erkkila, CSAA Insurance Group, and Deepak Giridharagopal, Puppet and Andi Mann, Splunk, and Sumit Nagal, Intuit, and Hal Rottenberg, Splunk
- Wednesday, September 28, 2016 at 1:10pm-1:55pm

Buttercup and pals in the Seattle office are pumped for .conf

On top of these awesome sessions we have lined up, we’ll have 3 days of Splunk University Training, 70 technology partners presenting, over 4,000 splunk enthusiasts, and the Splunk search party. It’s not too late to register for .conf2016 and head down to Disneyworld!

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

↧

#splunkconf16 preview: The DNA of Big Data and Big Ideas in Healthcare at .conf2016

September 8, 2016, 9:00 am

≫ Next: #splunkconf16 preview: Cisco + Splunk Drive Informed Decisions Across the Business

≪ Previous: #splunkconf16 preview: IT Operations Track – Choose your own adventure!

Splunk .conf2016 is just around the corner. We’re excited to share best practices, new ideas, and learn directly from the smartest people in the Splunk ecosystem. We have sessions in our healthcare track that include presentations by the following (in alphabetical order): Cerner Corporation, Harvard University, Kaiser Permanente, MD Anderson Cancer Center, Myriad Genetics, Practice Fusion, St. Jude Medical, and Surescripts. Some of our in-house Splunk experts will present on topics that include: new custom visualization API, improving soldier’s efficiency and healthcare logistics in the battlefield, use case of managing Type 1 diabetes, regulatory compliance, defeating fraud, and big data analytics for healthcare decision support. Come join us for these sessions:

Visit conf.splunk.com for more details around each of the sessions and other updates including scheduling of healthcare sessions not listed above.

Thanks,
Shirley Golen
Healthcare Solutions Marketing
Splunk Inc.

Follow @2impacthealth

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

↧

#splunkconf16 preview: Cisco + Splunk Drive Informed Decisions Across the Business

September 8, 2016, 10:00 am

≫ Next: #splunkconf16 preview: Automation, Machine Learning, Incident Response and Hunting are dominant themes for .conf2016

≪ Previous: #splunkconf16 preview: The DNA of Big Data and Big Ideas in Healthcare at .conf2016

Cisco and Spunk’s 8-year relationship reached a new peak this spring when Cisco recognized Splunk as it’s Global ISV Partner of the Year. Cisco Vice President Todd Meister recently shared his view on the breadth and power of our strategic relationship in this 3 minute video:

Together, Splunk and Cisco are delivering significant value for thousands of organizations around the globe including Cisco’s own IT, CSIRT, and other internal teams.

Cisco and Splunk-Better Together

“Together, Cisco and Splunk are far more relevant to our customers than we are individually … I strongly believe the Splunk and Cisco alliance is one of the most exciting collaborations happening today.”
– Todd Meister, Vice President, US Partner Organization, Americas Partner Organization, Cisco

But wait … there’s more! We’re counting down the days until Splunk ninjas from around the world converge at the happiest place on Earth … obviously, I’m talking about Splunk’s 7th Annual Splunk Worldwide Users’ Conference, at the Walt Disney World Swan & Dolphin Resorts in Florida.

A rock star team of Cisco experts and engineers will be joining us showcasing demos and best practices. They’ll also unveil a range of new use cases & integrations across Cisco’s industry-leading security, networking, data center, wireless, and collaboration portfolios. Check out Cisco Strategic Partner Marketing Manager Gary Serda’s post on the Cisco Data Center Blog, Cisco and Splunk Deliver IT and Security Analytics, for more details.

Friea Berg
Strategic Alliances
Splunk Inc.

Follow @friea

Follow all the conversations coming out of #splunkconf16!

Follow @jarodhillerman

↧

#splunkconf16 preview: Automation, Machine Learning, Incident Response and Hunting are dominant themes for .conf2016

September 9, 2016, 9:00 am

≫ Next: #splunkconf16 preview: What’s the next big thing in big data? Machine learning.

≪ Previous: #splunkconf16 preview: Cisco + Splunk Drive Informed Decisions Across the Business

It is that special time of the year for the Security Markets team at Splunk as we are few weeks away from .conf2016, Splunk’s annual user conference!

The security track has over 40 learning sessions and numerous hands-on activities.

It will be an incredible four days to interact with our passionate users, CISOs, CIOs, business leaders and learn about the innovative ways in which Splunk users solve their security needs.

You will hear how Splunk customers such as Accenture, Bloomberg, CAA, Aflac, Workday, CERT-EU, MITRE, Sony, Capital Group, Bechtel, Republic Services and more use Splunk to solve their security needs.

This year, we have more than twenty customer led security sessions where you can learn how our customers use Splunk Enterprise Security, Splunk UBA and Splunk to transform their security practices to solve their security challenges.

This year’s security track has sessions for all levels – beginner, intermediate and advanced levels and persona – Administrator, Analyst, Hunter and SOC Manager/lead.

A sample of the interesting sessions include:

Hands-On Session on “What’s new in Splunk endpoint monitoring”
If you are up for hands-on learning, we have a deep-dive with 3 scenarios covering endpoint data, hunting for IOCs / malicious behavior. I anticipate this to be a packed session, so register or get there early.

The interactive Birds of a Feather (BOF) sessions are a great opportunity to meet experts from the Splunk Product Management team and discuss topics not covered in the main sessions.

Take our Boss of the SOC challenge and win a prize and/be recognized!
This is a new 2-day competition to solve realistic, hands-on, fun security scenarios using Splunk. You will be able to test your knowledge of Splunk search commands, Splunk Enterprise Security, external data sources to solve realistic scenarios include such as 1) web site attack/hack 2) Ransomware detection

Hands-On Pavilion
Have 15-minutes? Visit this pavilion to learn about Splunk security products in a small theater setting.

Splunk Labs
Are you stumped on how to proceed with your security use cases? Are you looking for ideas to solve interoperability issues? Visit the Splunk Labs where you may pick several novel ideas.

Join me for my session on “How to replace your legacy SIEM using Splunk ES” or visit the Security showcase to view the latest innovations that Splunk will be announcing during .conf2016.

Hope to see you there!

Girish Bhat
Director, Security Product Marketing

Follow @GirishB

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

↧

#splunkconf16 preview: What’s the next big thing in big data? Machine learning.

September 13, 2016, 1:30 pm

≫ Next: #splunkconf16 preview: Splunk in the WWT ATC

≪ Previous: #splunkconf16 preview: Automation, Machine Learning, Incident Response and Hunting are dominant themes for .conf2016

SCL-Splunk-conf2016-preview-BigDataIdeas_twtr1-440x220 Big data, especially machine data, is fueling the latest machine learning (ML) trend and we’ve got you covered with 18 sessions at .conf2016. Cut through the hype and learn how to operationalize ML in your organization to prevent service outages, manage inventory, identify insider threats, or to simply manage your alerts better. Whether you’ve been using the ML Toolkit since it was introduced last year or you’re just curious what all the excitement is about, you can hear directly from Splunk product managers and developers and customers like Emerson, NTT Docomo, Dunkin’ Donuts, Zillow, and others.

Tuesday, September 27:

10:30a – Introduction to Splunk IT Service Intelligence, Alok Bhide, Principal Product Manager, Splunk Inc. / David Millis, Staff Architect, IT Operations Analytics, Splunk Inc.
11:35a – How the Splunk Platform Supports 120 Million Monthly Active Users, Chris Kammermann, Senior Infrastructure Engineer, Shazam
4:20p – Splunk UBA – A Data Scientist in a Box, Bob Pratt, Director, Product Management for UBA, Splunk Inc.
4:20p – Anomaly Hunting with Splunk Software, Macy Cronkrite, Professional Services, Splunk Inc. / Anthony Tellez, Sr. Consultant – Public Sector, Splunk Inc.
4:20p – Machine Learning and Anomaly Detection in Splunk IT Service Intelligence, Alex Cruise, Senior Dev. Manager / Architect, Splunk Inc. / Fred Zhang, Senior Data Scientist, Splunk Inc.

Wednesday, September 28:

11:00a – Using the Splunk Machine Learning Toolkit to Create Your Own Custom Models, Adam Oliner, Director of Engineering, Splunk Inc. / Manish Sainani, Principal Product Manager, Splunk Inc.
1:10p – Demystifying Machine Learning and Anomaly Detection: Practical Applications in Splunk for Insider Threat Detection and Security Analytics, Tobias Ryan, Manager, Behavioral Analytics, Emerson
1:10p – Machine Learning and Anomaly Detection in Splunk IT Service Intelligence, Alex Cruise, Senior Dev. Manager / Architect, Splunk Inc. / Fred Zhang, Senior Data Scientist, Splunk Inc.
2:15p – Machine Learning Using Splunk and R, Marianne Faro, Principal Consultant, Analytics Lead, Itility / Daniel Koops, MSc, Itility / Gijs Wobben, Data Scientist, Itility

Thursday, September 29:

10:15a – Splunk at a Telco: Assessing Outages and Improving Customer Experience with Machine Learning, Andrew Phillips, Senior Sales Engineer, Splunk Inc.
10:15a – Fast Time to Extraordinary Value: Quickly Add Powerful Machine Learning to Your Splunk Apps and Dashboards with Splunk’s New Machine Learning Toolkit, Mike Cormier, Managing Director, Concanon LLC / William Thackrey, Managing Director, Concanon LLC
11:20a – Anomaly Detection on Business Items with Machine Learning Algorithms, Andre Pietsch, Product Manager, OTTO (GmbH and Co. KG) / Stefan Scholz, Senior Consultant Data Analytics, LC Systems GmbH
1:30p – Solve Big Problems with Machine Learning, Wendy Andre, Staff Sales Engineer, Splunk Inc. / Tom LaGatta, Staff Sales Engineer, Splunk Inc.
2:35p – Splunk for Donuts: Optimizing Donut Production at Dunkin with Splunk and Machine Learning, Matthew Kraft, Director Consumer Technology and Mobile, Dunkin’ Brands /Brian Nash, Architect, Business Analytics and IoT, Splunk Inc.
2:35p – Predicting Incidents with Supervised and Unsupervised Machine Learning on Splunk, Shin-ichiro Takahashi, Managing Director, NTT DOCOMO

I’m looking forward to meeting customers from around the world at .conf2016 and hearing about the creative new ways you’re using Splunk.

See you there!

Thanks,
Theresa Vu
Director, Product Marketing
Splunk Inc.

Follow @teavu

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

↧

#splunkconf16 preview: Splunk in the WWT ATC

September 14, 2016, 10:15 am

≫ Next: You Bet Your Sweet SaaS, AWS will be at #splunkconf16!

≪ Previous: #splunkconf16 preview: What’s the next big thing in big data? Machine learning.

The following is a guest blog post by Christian Gunther, Consulting Solutions Architect, World Wide Technology.

World Wide Technology (WWT) is a global systems integrator headquartered in St. Louis, MO. WWT’s CEO and Co-Founder had the idea that thought leadership and technology integration could be planned, created, built, and tested in a lab environment. This idea launched WWT’s Advanced Technology Center (ATC). The ATC is where all the magic happens. Technology integrations, testing and evaluation, proof of concepts, demonstrations, and labs. All are possible because of the ATC and our CEO’s forward thinking.

WWT and Cisco have been partners from the very beginning, growing the relationship into #1 partner status for WWT. Cisco has benefited from the ATC and the ability to bring together customers, partners, and WWT resources to innovate and bring ideas to outcomes. This partnership is the foundation for other OEM relationships, with Splunk being a primary example.

The WWT/Splunk partnership has grown significantly over the last few years. The ATC has Splunk as a significant presence for security as well as data center, networking, storage, and big data. WWT has demonstrated the relationship between Cisco and Splunk through Cisco Validated Design for running Splunk on UCS. In addition, security integrations featuring data from firewalls, IPS, ISE, and Lancope (to name a few) being incorporated into Splunk for correlation, detection, and dashboard capabilities.

These examples are just the beginning to illustrate the innovative work between WWT, Splunk, Cisco, and many other partners to provide thought leadership to our mutual customers. So, come and take a tour of our WWT ATC and be amazed at the massive amounts of investment put forth in support of our mission to be the best technology integrator in the world.

Visit us at the Splunk .conf2016 to find out more about WWT and our Splunk capabilities including Splunk/Tanium/ASA/ISE integration, Splunk/Carbon Black/Phantom integration. We will be featuring live demos in our booth so please stop by!

Thanks,

Christian Gunther
Consulting Solutions Architect
World Wide Technology

Follow @wwt_inc

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

About Chrisian Gunther:
Christian has worked in the Security space for over 24 years. Christian started in the Air Force Reserves, became a Federal Contractor consulting in Security, built and led a CSIRT, and was a member of a team to build and operationalize a SIEM for telecommunications. Christian is now responsible for the care and feeding of SIEM operations in the ATC cyber analytics reference architecture (CARA) and providing support to the field.

↧

You Bet Your Sweet SaaS, AWS will be at #splunkconf16!

September 15, 2016, 10:38 am

≫ Next: #splunkconf16 preview: Cisco Likes Big Data (& .conf2016) and They Cannot Lie

≪ Previous: #splunkconf16 preview: Splunk in the WWT ATC

The following is a guest blog post by David Potes, AWS Solutions Architect:

SCL-Splunk-conf2016-preview-BigDataIdeas_twtr1-440x220 The end of September is one of my favorite times of the year, and not just because it’s finally Summer in San Francisco. It’s the time we attend Splunk .conf to talk about all of the things you can do with Amazon Web Services (AWS) and Splunk.

Here are a few .conf sessions highlighting the strong partnership between AWS and Splunk:

If you’re looking to learn how Adobe built a security monitoring system across hundreds of accounts, there’s a session for you.
Be sure to also check out how Experian migrated and monitored their 3-tier web application on AWS as well as how a university research department built a Hipaa-compliant cloud to protect patient data.
If you’re into logging and analytics as much as I am, then don’t miss my session on “Getting the Most out of AWS Logging.” We’ll be in Swan 5/6 on Tuesday September 27^th, from 11:35 am – 12:20 pm for deep dive on cloud logging strategies and best practices.
Mike Clayville, Vice President Worldwide Commerical Sales and Business Development for AWS will also be joining Spunk President and Chief Executive Office, Doug Merritt, onstage for the opening keynote on Tuesday, September 27^th at 8:45 AM.

We’ll be busy at the AWS booth too, #P2, which will be staffed with AWS solution architects throughout the week, so come on over and bring your questions about AWS, Splunk or both! You can demo the latest version of the Splunk App for AWS, which provides end-to-end visibility of your AWS accounts. We’ve also got a very cool wildfire demo, which showcases how easy it is to integrate IoT data with Splunk and AWS.

Checkout the below video featuring Splunk CEO, Doug Merrit, and AWS CEO, Andy Jassy to get up to speed in the mean time on how Splunk and AWS work together to drive customer success in the cloud.

AWS is a proud Peta sponsor of .conf and we’re excited be back again to share all of the great stuff we’ve cooked up over the past 12 months. We can’t wait to see you there!

Thanks,
David Potes
AWS Solutions Architect

Follow @davidpotes

Follow @awscloud

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

Web

↧

#splunkconf16 preview: Cisco Likes Big Data (& .conf2016) and They Cannot Lie

September 16, 2016, 9:30 am

≫ Next: Dell EMC Splunking It Up at #splunkconf16

≪ Previous: You Bet Your Sweet SaaS, AWS will be at #splunkconf16!

The following is a guest blog post by Robert Novak, Big Data Partner Consulting SE & Certified Cisco Big Data Hat Wearer…

Cisco and Splunk-Better Together

There’s never been a better time to check out the partnership between Cisco and Splunk!

You would be forgiven for thinking that line is a nod to Cisco’s marketing team and their catch phrase for this year. But sometimes even a catch phrase is valid, and there’s a lot going on in the relationship between Splunk and Cisco (and between Cisco and Splunk) that you can learn more about in person very soon.

Repping @mapr @ChrisWahl @MyServerMonkey @vBrownBag @platfora @splunk @cisco on the ipad #splunkconf via @ReneeYao1 pic.twitter.com/axG0TTHBYq

— Robert Novak (@gallifreyan) September 24, 2015

EVERYBODY NEAT AND PRETTY? THEN ON WITH THE SHOW!

.conf2016, the annual worldwide Splunk user conference, is taking over Walt Disney World’s Swan & Dolphin resorts the week of September 25-29, 2016. Cisco will have a big presence at .conf this year, and we’d like to invite you to join us.

WHAT’S THE DEAL WITH SPLUNK AND CISCO?

Cisco has been a Splunk customer for over 8 years, and we’ve had a strategic partnership between our technology groups and the Splunk teams for over 4 years. From the innovative Cisco Unified Compute System (UCS) platform, to wired and wireless networking including Application Centric Infrastructure (ACI) and Connected Mobile Experience (CMX), to numerous security platforms including Identity Services Engine, CloudLock, and Threatgrid, you can pull plenty of Cisco platforms together using Splunk Enterprise.

Cisco ACI for Splunk Enterprise: Comprehensive Visibility into Cisco Application Centric Infrastructure
Cisco ISE and Splunk Integration At-A-Glance

And of course, the UCS server platform provides a scalable, manageable, high-performance platform to deploy and grow your Splunk environment. Use cases and user involvement will grow virally, and data volume will expand exponentially, as your business learns just how powerful the combination of Cisco technology and Splunk software will be.

LET’S GET BACK TO .CONF2016!

Cisco will be a top level sponsor of .conf 2016, with booth presence in the “source=*Pavilion” expo hall around IT operations analytics, security analytics, OpenDNS, and an occasional surprise or two from other parts of Cisco. Stop by and meet the Cisco team and our speakers throughout the event, beginning with the Welcome Soiree on Monday night.

Cisco and Splunk technical folks will bring you “Finding Your Faults Before Mom” on Wednesday, Sept. 28, at 12:05pm, featuring live automated deployment of Splunk Enterprise on Cisco UCS with our UCS Director Express for Big Data offering, followed by live Splunk demonstration around application stack troubleshooting and capacity planning. Join my Cisco colleague Karthik Karupasamy, and my Splunk counterpart Wissam Ali-Ahmad, for this great demonstration.

Cisco Distinguished Engineer Matt Birkner and Director of Technical Support Ian Hasund will be joining me on stage Wednesday at 2:15pm for “Infrastructure Analytics: Driving Outcomes Through Practical Use Cases and Applied Data Science with Splunk.” We will discuss how Cisco’s services organization uses Splunk to solve real-world issues affecting our customers in terms of capacity planning, anomaly detection, compliance, and of course detecting and resolving problems in the network itself.

Cisco Security Solutions Architect Steven Carter will be presenting “Securing the Enterprise using Event-Driven SDN with Threat Intelligence,” showing how you can use Splunk to efficiently detect and respond to security incidents in a modern datacenter environment.

WHAT DO YOU HAVE THAT I DON’T HAVE TO SIT DOWN FOR?

With at least 20 apps and technology add-ons in Splunkbase today, Cisco isn’t standing still on the customer-facing innovation front either. We’ll have announcements of new Cisco-developed apps to follow the recent addition of a customer-developed Meraki TA and an August update to the very popular Cisco Security Suite.

https://splunkbase.splunk.com/app/3018/

https://splunkbase.splunk.com/app/525/

And finally, if there wasn’t enough already, we’re planning to release new reference architectures for Splunk on Cisco UCS, taking into account improvements in hardware, software, and networking in the time since the previous reference architectures were released. You’ll find guidance on 40 Gigabit Ethernet, the updated Cisco UCS C3260 dense storage server, and more… as well as the intersection of Pallet-To-Production and New-and-Improved… but stay tuned for more about that update soon.

AND WHERE DO WE GO FROM HERE?

I’m going to Disney World, of course. Hopefully you’ll be joining us at the most magical .conf ever (and I wonder where they’ll find a pair of mouse ears big enough for Buttercup), but if you can’t make it, keep an eye on the Splunk and Cisco blogs, and follow the Twitter handles and hashtag listed below!

Thanks,
Robert Novak
Big Data Partner Consulting SE
Cisco

Follow @gallifreyan

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

Follow @ciscodc

Web

↧

Dell EMC Splunking It Up at #splunkconf16

September 19, 2016, 9:41 am

≫ Next: Managing your Ingestion with the search bar

≪ Previous: #splunkconf16 preview: Cisco Likes Big Data (& .conf2016) and They Cannot Lie

Ninja_Dell_EMC The following is a guest blog post from Cory Minton, Principal Systems Engineer, Dell EMC…

Grab your hoodies, your witty black t-shirts, and maybe your capes…it’s time for another exciting Splunk .conf2016, the annual Splunk User Conference taking place at the Walt Disney Swan and Dolphin Resort September 26-29, 2016. All of us at EMC are excited to be sponsoring .conf for the third year in a row, and this year our presence will be bigger and better than ever before. Dell EMC will host two technical sessions this year, we’ll have more than 20 of the Dell EMC Splunk Ninjas running around learning, a large booth in the partner pavilion demonstrating our technology solutions, and we are pleased to have been nominated for this year’s Revolution Award.

For all the details, check out our EMC at Splunk .conf16 site.

This year marked the formal beginning of a great relationship between two awesome tech companies: Dell EMC and Splunk. We joined forces through a formal strategic alliance that started in February. This alliance enables Dell EMC and its partners to sell Splunk’s industry leading platform. It allows Dell EMC unique access to Splunk technical resources for solution design, testing, and validation. Most importantly, it creates a framework for these two technology powerhouses to collaborate more effectively for customer success.

Why Dell EMC for Splunk?

When we talk about customer success, we mean it in two distinct ways centered around Splunk on Dell EMC, using Splunk to derive value from your Dell EMC infrastructure.

First, we believe success is deploying Splunk on a flexible infrastructure that not only helps Splunk run fast and efficiently, but also one that can scale easily as the usage of Splunk evolves in a customer organization. We believe strongly that converged and hyper-converged technologies powered by Dell EMC’s robust portfolio of storage technologies delivers on this vision and provides additional enterprise capabilities:

Cost effective & Optimized Storage – Dell EMC delivers optimized and efficient storage by aligning the right storage to Splunk’s hot, warm, and cold data long retention and varying performance requirements.
Flexible & Scale-Out capacity consumption model – Scale-out infrastructure to meet capacity and compute requirements independently or as a single, converged platform as per your data growth.
Data Reduction & other data Powerful Enterprise Capabilities – including secure encryption, compression & deduplication of indexes, and fast, efficient zero-overhead copies for protection.
Bottom-less cold bucket – Scale-Out storage platforms, whether on premise or in the cloud, obviates the need for a frozen bucket by providing a PB-scale cold bucket solution, simplifying data management and making data always searchable.

DellEMCforSplunk

Splunk and Dell EMC engineering teams have engaged in a strategic collaboration to ensure that all Dell EMC platforms have been validated by Splunk to “meet or exceed Splunk’s published reference server hardware” guidelines. The Splunk team takes this validation process very seriously and customers can rest assured that if they are considering infrastructure for your Splunk deployment, we have done extensive testing. Whether you are looking at hyper-converged solutions like VXRail or VxRack, converged solutions like VBlock systems, or just storage from EMC like ScaleIO, XtremIO, VNX, Unity, Isilon, or ECS, you can be confident that the work has been done by both Splunk and Dell EMC to make sure it runs well.

Secondly, we believe Splunk is an incredibly powerful platform for capturing and deriving value from machine data. As it turns out, Dell EMC products spin off a massive amount of “digital exhaust” that can be captured easily and used to drive operational intelligence in IT. Dell EMC has made massive investments over the last few years to build apps for our platforms and make them available in Splunkbase for free. We’ve built apps for XtremIO, Isilon, VNX, vBlock and have many more in the works. These apps (along with the associated TAs for your Ninjas out there) make it simple to ingest data from Dell EMC platforms, and we offer useful, prebuilt reports and dashboards to make monitoring these assets simple. And it doesn’t stop there…once you have the data from your Dell EMC platforms, the underlying searches powering our reports or just the indexes themselves can be used in investigations across the entire IT service stack. One of my favorite things to hear from our customers is the exciting ways they use the apps beyond just simple reporting and I hope to hear many more stories this year at .conf2016.

Dell EMC @ .conf2016

It is this two-way value stream that I am excited to share at .conf with all of my fellow Ninjas. Dell EMC will have two great sessions that highlight some of the values Dell EMC delivers to Splunk customers outlined above. However, the main focus of our sessions are around the deep technical learnings of deploying Splunk at scale on Dell EMC platforms and exciting ways to leverage Dell EMC apps for Splunk in your IT operations and security use cases, including LIVE DEMOS! These sessions are being delivered by Dell EMC Principal Systems Engineers Dean Jackson and Cory Minton along with some super smart Splunk engineers, Jenny Hollfelder and Simon O’Brien.

Follow @dean_j_jackson

Follow @cory_minton

Follow @jennyhollfelder

Check out the abstracts for the sessions below:

Buckets Full of Happy Tiers – Scale-Out Enterprise Infrastructure and Splunk Apps for Deploying Massive and Efficient Splunk Environments

Tuesday, September 27, 2016 | 5:25 PM-6:10 PM / Room Dolphin A3
Jenny Hollfelder, Sales Engineer, Global Strategic Alliances, Splunk Inc.
Cory Minton, Principal SE, Dell EMC
Bring the tissues and be ready for buckets of happy tiers (of scale out infrastructure for Splunk, that is!). We are going to show you how to build efficient, high performance Splunk deployments on enterprise infrastructure. These deployments intelligently leverage Splunk designs for data management and allow you to Splunk all that infrastructure too…feels like we just made a full circle there. That’s kind of the point. We will show you the enterprise-class Splunk solutions EMC has built across its storage and converged platforms portfolios, give you a real-world demonstration on how to use the freely available EMC apps for Splunk Enterprise to troubleshoot and gain additional operational insight into your environment, AND give you some great best practices we’ve learned to make your Splunk and EMC environments perform at their very best. Seriously, come join us to find out more!

Bucket Diversity: Choosing Your Search Mate Wisely

Wednesday, September 28, 2016 | 11:00 AM -11:45 AM / Room Dolphin A1
Dean Jackson, Principal Systems Engineer, Dell EMC
Simon O’Brien, Staff Sales Engineer, Splunk
800 IOPs? How do I design for that? Splunk buckets now have so many infrastructure options (local or shared, “flashy” or not, and now even data reduction), that it can be a bit confusing. We will reveal the anatomy of a Splunk bucket from the storage perspective, discuss what kind of workload the Splunk platform truly generates between ingestion and search, and ultimately, arm you with the knowledge to size your buckets wisely.

As you can clearly see from the abstract, these sessions are the technical evidence to back up my previous statements:

1. Splunk just runs better on Dell EMC.
2. You should absolutely be Splunking (yes, that is a verb) your Dell EMC platforms for operational intelligence.

Dell EMC Splunk Ninjas

If you want more detail about either concept, we will have a host of the Dell EMC Splunk Ninja team at the show. The Dell EMC Splunk Ninja team is a group of more than 40 systems engineers from across Dell EMC who have been trained the same way Splunk trains its own systems engineers. The Ninjas hold certifications ranging from SE1 all the way to SE3, we’ve got skills across not only using Splunk, but administering and architecting it at scale. This is a global team not only available to talk to you at .conf, but also available in the field to have direct conversations with you when you head back to the office.

This Dell EMC Splunk Ninja team is so awesome, in fact, that we were nominated for the Splunk Partner Revolution Award. This award recognizes people and teams who use Splunk to drive transformation within their organization and we are pleased to have been nominated for the great work the Dell EMC Splunk Ninja Team does to drive a revolution inside Dell EMC.

Throughout .conf2016, the Ninja Team will be hanging out in the source=*Pavilion (that’s the Partner Pavilion for those of you who are new to Splunk) ready to demo our apps, talk about deploying Splunk at scale efficiently on Dell EMC’s enterprise-class platforms, or just have a conversation with you about why Splunk is so awesome…or about Ninja shoes and the weird need to separate that big toe. Join us in the great sessions and hang out with us in the Pavilion as we will have some really cool t-shirts to give away along with some great prizes (hint – finding Dell EMC Splunk Ninjas will be key to the best prizes…especially at Search Party). We will see you all in Orlando very soon, don’t make your plans without stopping at our .conf16 site.

Happy Splunking!

Thanks,
Cory Minton
Principal Systems Engineer
Dell EMC

Follow @cory_minton

Follow all the conversations coming out of #splunkconf16!

Follow @splunkconf

Follow @splunk

Follow @DellEMCIsilon

↧

Managing your Ingestion with the search bar

September 21, 2016, 11:00 am

≫ Next: Splunk Docs: let us make an example of you

≪ Previous: Dell EMC Splunking It Up at #splunkconf16

Many of our cloud customers have asked me how to better manage their data, e.g. determine volume by sourcetype, or volume by forwarder. This is typically available via the Distributed Management Console, but in some cases, a person’s role prevents them from getting full access to it. In the article below, I will guide you through several searches aimed to let anyone dive a bit deeper into their Splunk Cloud service.

Below are a few searches I find helpful

Total Ingestion Volume over time

index=_internal source="/opt/splunk/var/log/splunk/license_usage.log" type="RolloverSummary" | eval GB=b/2014/1024/1024 |timechart span= 1d sum(GB) as GB |

TotalLicUsage

Be sure to double check your time range selector here, I usually search over the past 7 days. If you want to look at hour by hour, simply adjust the search time. If you want to see what you’ve ingested over the past 30 days, you’ll need to adjust accordingly, and if you want to get fancy, be sure and set the earliest=-30d@d latest=-0d@d to ensure you’re using midnight to midnight as the markers for time range. You this search uses type="RolloverSummary", which indicates when the log rolled each day. You could also use the type “Usage” as well.

ProTip: Get even fancier and use | eval myLicense=XXX to see how close you are getting to your limit.

You can use the same search to look by various other input components, such as ingestion by sourcetype:

index=_internal source="/opt/splunk/var/log/splunk/license_usage.log" type=Usage | eval GB=b/2014/1024/1024 |timechart sum(GB) by st

VolBySourcetype

Or if you want to see ingestion by forwarder (or forwarder AND sourcetype) use the following:
index=_internal source="/opt/splunk/var/log/splunk/license_usage.log" type=Usage | eval GB=b/2014/1024/1024 | stats sum(GB) as GB by s host | sort - GB

Either way you want to slice it, Splunk automatically indexes its own internal logs, including the license log (license_usage.log).

Stay tuned for part 2 where we start to dive even deeper into managing your instance, straight from the search bar.

If you happen to be in Orlando next week, be sure to stop by and say “Hi” during the Cloud Adoption Team’s presentation of “Best Practices in Splunk Cloud”

↧

Splunk Docs: let us make an example of you

September 22, 2016, 9:43 pm

≫ Next: It’s a Family Affair…What’s up with the Family?

≪ Previous: Managing your Ingestion with the search bar

The Splunk doc team wants to improve our search command examples, and we need your help. Share your expertise! The best examples will be added to the Splunk documentation. If you submit a winning example, you will earn undying fame because we will credit you right in the docs.

Here are the search commands that would benefit from better, real-world examples.

abstract – Has only one basic example now.
addInfo – Has only one basic example now.
appendcols
bin/bucket
collect – This advanced command needs a great example.
dedup
delete – Are there other use case examples for this command besides what is there now?
eventstats
fields
foreach – Users find this complicated and hard to use, but this is a very useful command.
geom – Current examples have no descriptions.
inputcsv – We need a good, common use case for this command.
inputlookup
lookup – Has only one basic example now.
outputcsv – We need a good, common use case for this command. Has only one basic example now.
outputlookup
rangemap
regex
replace – When would you use this command versus using rex ?
rex
script – Has only one basic example now.
search
streamstats
tstats – This advanced command needs a great example.
untable – A little-known, but useful command. Has only one basic example now.
where

How does the contest work?

Contest starts Monday, September 26th and ends Friday, September 30th.
Send your examples to Laura Stewart (lstewart at splunk dot com), or turn them in at the Doc booth at .conf. You can also talk with Laura at the .conf session she is delivering with Patrick Pablo: “Help! How do I get help with all things Splunk?”
Winners announced in October.

Ideal examples

Use an open source data set, so users can try out the examples. If you don’t have a worthy open data source, use the Buttercup Games data from the Search Tutorial or the USGS open data catalog.
Provide a comprehensive description for what each part of the search string is doing. Please include a use case or scenario description with your example.
Use multiple commands, with functions, for a more comprehensive, detailed example.
Include screen shots of the data before and after running the search.

What to submit with your example

Your name
Your email address
Which command is your example for?
Example use case or scenario
Example search string

Thanks, and good luck!

↧

It’s a Family Affair…What’s up with the Family?

September 25, 2016, 4:18 pm

≫ Next: Splunk your Google Analytics

≪ Previous: Splunk Docs: let us make an example of you

“Its a Family Affair“ Whenever I sing that Sly and the FamilyStone song around the house the kids just roll their eyes with disgust. I laugh and tell them not to ’dis on an old great tune. While singing it I often wonder how Sly’s lyrics would be different today considering the technical challenges facing parents trying to monitor their teenager’s online activities.

Fortunately, there are many great methods both paid and free that are available to parents these days. The good news is that no matter what your parenting style there is a tool that you can probably use to monitor your children’s online behavior. The bad news is there are just too many tools to choose from and often times they don’t play nice together.

Being a geek at heart as well as a caring parent I decided to try a different approach. Could I monitor the family’s online actitivies and not have to invest in a lot of hardware and software? What if I wanted to include other house IoT monitoring as well? Could I build a system that even my less technical neighbor Bob could easily use as well. Well let’s see how far I got shall we?

Before I go any further I have to shout out to several fellow Splunkers and SE Interns that helped me on this journey. The amazing fellow Splunkers Joe Welsh for his setup advice and passion, Bryan Schaefer for his assistance with SophosUTM (gotta check out his Splunk for Sophos UTM App) and Interns Walter Pospick and John Desaulos for their tenacious hardware hacking.

Architecture

Here is an overview of the architecture I built. Many different devices are authenticating to my Access Point then all of the traffic is going through my Security Server that is running a web proxy and firewall. The web proxy and firewall data is forwarded via syslog to a Splunk Universal Forwarder (UF) running on a Raspberry Pi 3. The UF forwards the compressed syslog data via a guaranteed and secure TCP connection to the Splunk Light cloud service instance.

Security Server Setup

I have a pretty good ISP connection at home but the logging is not ideal. It does have a built-in firewall but just shows my port connection status (drop/allow). Kind of interesting from a security standpoint but not really what I was looking for in terms of understanding the family’s online activity. So I decided to look into a unified threat monitoring system that goes in between my ISP Modem and Wireless Access Point. There are many options to choose from here but I looked into a couple of all-in-one systems that are fairly inexpensive by Sophos UTM and pfSense.

Both Sophos and pfSense have solutions that can be used by the home user without breaking the bank. Sophos has a United Threat Monitor (UTM) home edition system that includes a firewall, web proxy, etc. and is free up to 50 IP addresses. It is an application that runs on a hardened version of Linux that can run in either a VM or a dedicated system. There are a number of small form-factor systems that you can purchase on Amazon (Intel Celeron J1900 Quad Core) or on New Egg (Zotac ZBOX C Series). Any system will do just make sure it has two network ports. I was looking for something small that can run on a desk without too much noise or heat. pfSense also sells an all-in-one hardware/software system that is quite affordable as well. It fits very nicely on the desk and doesn’t make a peep. There are software packages (firewall, web proxy, etc.) that can be easily enabled on the system depending on your requirements.

Sophos and Pfsense have many fans out there and between the official docs and blogs I would refer to these to optimize your setup. There are also a number of videos on setting up all aspects of the both systems. I enabled both the firewall and web proxy on the Sophos UTM and below is a logging example from the Firewall Live Log:

I want this data in Splunk so I can easily configure searches, alerts, reports and dashboards right? Let’s go over how easy that is to get configured.

Syslog Server Setup

The Sophos UTM has the ability to syslog the logging data to a remote server. Once you are logged in as the admin user then simply select the Logging & Reporting -> Log Settings then select the Remote Syslog Server tab. You will need to supply your syslog server ip address, port. Here is an excellent video that goes through the steps.

Next we need to setup our syslog server. The cheapest solution I could find that was reliable and didn’t take a lot of electricity to run is the Raspberry Pi 3. The new Pi 3 just came out this year and it has built-in wifi and Bluetooth plus four USB ports to connect devices. There is a NOOBs version of the OS that makes the install and configuration dead simple. I did have some issues using the default port of 514 for syslog so I used a different port above 1024 which I will go into further detail later. Another big reason I chose the Raspberry PI was because it is very easy to have it collect data from many other IoT devices that I can plug into the house. There are many different guides and books on how to setup a Raspberry Pi and the community is awesome too.

The NOOBs installer has the Raspbian OS bundled as an option. Once Raspbian is installed and the wifi configured to connect to the access point then the next step is to install a Spunk Universal Forwarder (UF) on the Raspberry Pi.

Splunk Universal Forwarder Install

The UF can be downloaded from the Splunk web-site by going here. Make sure that you select the 64-bit ARM version of the Linux UF. The UF can be installed with the following steps:

$ tar xvzf splunkforwarder-<...>-Linux-x86_64.tgz

or if you want to install it in the /opt directory then run the following command on the Raspberry Pi:

$ tar xvzf splunkforwarder-<...>-Linux-x86_64.tgz -C /opt

Verify that the UF is running with the following command:

$ /opt/splunkforwarder/bin/splunk status

We will come back to this configuration in a later.

Splunk Light in the Cloud

There are many options for the Splunk depending on your expertise and needs. You can run it on a server in your environment or there are very cost effective cloud solutions. I chose the Splunk Light cloud service because it is both easy to get data in and access it. Once again you want to select the green Free Splunk link on the Splunk Home Page and select the appropriate prompts to sign up for a 15 day trial of Splunk Light cloud service.

Once the instance is up and running you will need to login using your splunk.com credentials and select the My Account -> Instances menu option. To access your instance then simply select the “ACCESS INSTANCE” menu and you will be logged into Splunk Light.

Now you need to download the Splunk Universal Forwarder Credentials which has to be installed on your Universal Forwarder. The Universal Forwarder Credentials get installed on the Raspberry Pi. The Universal Forwarder Credentials makes sure that your data is encrypted and compressed before it is sent to the Splunk Light cloud service.

Select the graphic next to the splunk>light then select the Universal Forwarder link.

Next select the “Download Universal Forwarder Credentials” link and a file will be downloaded with an spl file extension. You will need to get this file over to the Raspberry Pi via sftp or sneaker net.

Universal Forwarder Credentials Install Steps

The Splunk UF is typically installed in the /opt/splunkforwarder directory and the splunk command is located in the bin directory. The credentials file is called splunkclouduf.spl. The steps to install are the following:

$ /opt/splunkforwarder/bin/splunk install app <full path to the splunkclouduf.spl> -auth <username>:<password> (defaults are admin:change).

$ /opt/splunkforwarder/bin/splunk restart

Link to the online Splunk Docs for this topic.

Sophos UTM Monitoring Data into SplunkLight Cloud Service

Steps Recap

Installed and configured a Sophos UTM Home edition with web proxy and firewall
Configured Sophos UTM to syslog data to a syslog server (in our case a Raspberry Pi)
Setup a Raspberry Pi as a Syslog Server
Downloaded and installed a Splunk UF on the Raspberry Pi
Signed up for the Splunk Light cloud service
Downloaded and installed the Splunk Light cloud service credentials App on our Raspberry Pi

Now we just need to configure the UF on the Raspberry Pi to listen for the syslog traffic from our Sophos UTM server. You will need to remember what port and which protocol (UDP or TCP) you selected in the Remote Syslog Server tab on your Sophos UTM server. I would suggest that you use UDP and a port above 1024. For our example we can use 20514/udp.

Log into your Raspberry Pi and run follow these steps:

$ cd /opt/splunkforwarder/etc/apps/search $ mkdir local $ cd local $ vi inputs.conf (use whatever file editor you are comfortable to create and edit a new file)

Put the following in the inputs.conf file:
[udp://20514] sourcetype=syslog connection_host=ip queueSize=1MB persistentQueueSize=5MB
Now restart the Splunk UF:
$ /opt/splunkforwarder/bin/splunk restart

Now we are not completely done yet. The last step is to enable in your Sophos UTM firewall to allow traffic from your Raspberry Pi running the Splunk UF to the Splunk Light cloud service. You will need to know the ip address of the Splunk Cloud server. The hostname is in the browser when you connect to the service or run the following command on your Raspberry Pi:
$ grep server /opt/splunkforwarder/etc/apps/splunkclouduf/default/outputs.conf
There are several methods for getting the ip address such as ping, nslookup and dig, i.e.:
$ ping <splunk cloud server name>
The next step is to create a firewall rule that will allow the UF on the Raspberry Pi to communicate with the Splunk Light cloud service server. Log into the Sophos UTM and navigate to Network Protection -> Firewall. There are two TCP ports that the UF uses. One is for sending data (9997) and the other is for management (8089). The last step is to log into your Splunk Light cloud service and data should be showing up. Once you are logged in then there should be the ip address or hostname of your Raspberry Pi with data coming in.

Getting Insight Using Splunk

Easy Searching All the data is organized by time. Interesting fields are on the left-side of the individual events
Top URLs Using the top command after the first pipe allows the visualization of the Top URLs per device.
When is Bed Time? The timechart command allows to gain insight to sleeping patterns of the kids
Let’s get Pro-Active Alerts can be created directly from search results. Think of an alert as a saved search run as a batch job.
Getting alerted Alert Actions such as emails can be sent to your phone when bad web-sites are being accessed
Home Dashboards Dashboards are built using the UI and are just searches under the covers. There is some very cool geolocation going on with the firewall data but it is not hard to set up.

Good luck and Happy Splunking!

↧

Splunk your Google Analytics

September 26, 2016, 5:00 am

≫ Next: Improve your DevOps-driven App Delivery with Ansible Data in Splunk

≪ Previous: It’s a Family Affair…What’s up with the Family?

Gain more insight into site performance and user activity by correlating Google Analytics data within Splunk.

A customer of mine recently wanted to understand more about the journey that retail consumers take when they arrive at its website. They recognized that consumers who have previously bought from the site will have more familiarity with the design and layout than those visiting the site for the first time. In addition, consumers who went directly to the site would have a greater brand engagement than those who were referred from an affiliate site.

If only we could implement a method to back up the data that gets submitted to Google Analytics, also sending it back to the local Apache web server logs and into Splunk.

Using the following change to the client side Google Analytics javascript code block already implemented on their site, we were able to start sending the Google Analytics payload back to the local site web server.

<script>

(function(i,s,o,g,r,a,m){i[‘GoogleAnalyticsObject’]=r;i[r]=i[r]||function(){

(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),

m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)

})(window,document,’script’,’//www.google-analytics.com/analytics.js’,’ga’);

ga(‘create’, ‘UA-XXXXX-YY’, ‘auto’);

// START local backup of GA data request for Splunk

ga(function(tracker) {

var originalSendHitTask = tracker.get(‘sendHitTask’);

tracker.set(‘sendHitTask’, function(model) {

var payLoad = model.get(‘hitPayload’);

originalSendHitTask(model);

var gifRequest = new XMLHttpRequest();

// Send __ua.gif to the local server

var gifPath = “/__ua.gif”;

gifRequest.open(‘get’, gifPath + ‘?’ + payLoad, true);

gifRequest.send();

});

});

// END local backup of GA data request for Splunk

ga(‘send’, ‘pageview’);

</script>

The code snippet simply sends an XMLHttpRequest containing the payload to a 1×1 pixel .gif file uploaded to the local web server. The .gif file simply acts as an endpoint to receive the requests so they get logged locally.

This method captures all of the GA tracking information configured on a site and any additional client side information unavailable to standard server side web logs i.e. Screen Resolution, Viewable Screen Size, Screen Colour Depth & User Language.

Leveraging the Client ID generated by the Google Analytics library also allows the identification of users even before they are logged into a site, giving easily providing previously unknown information about user behavior.

Although this gathers the same data as Google Analytics there was a discrepancy in the numbers between the numbers returned by Splunk and those in the Google Analytics ad hoc dashboards. Further research revealed that Google Analytics performs data sampling to provide satisfactory preformance for ad-hoc reporting.

https://support.google.com/analytics/answer/1042498?hl=en

Splunk has to do neither (unless you want it to) and gives un-sampled statistics on visitor activity. Additionally, Splunk with this additional tracking information, gives a more complete view of user interaction for a single user across multiple devices even for multiple users behind a proxy.

So what are you waiting for? Splunk your Google Analytics data to enrich and correlate data from your users intreaction with your web site!

↧