splunk forum frankfurt - 15th nov 2017 - .conf2017 update
TRANSCRIPT
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
NOVEMBER 15 | FRANKFURT
© 2017 SPLUNK INC.
.conf2017 Update
Dirk Nitschke | Senior Sales Engineer
NOVEMBER 15 | FRANKFURT
© 2017 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.
Forward-Looking Statements
THIS SLIDE IS REQUIRED FOR ALL 3 PARTY PRESENTATIONS.
© 2017 SPLUNK INC.
▶ .conf2017?
▶ Splunk Security Essentials for Fraud Detection
▶ Splunk ES Content Updates
▶ Splunk ITSI 3.0
▶ Splunk Enterprise 7.0
▶ .conf18!
Agenda
© 2017 SPLUNK INC.
.conf2017
© 2017 SPLUNK INC.
>7,100Splunk Enthusiasts
>300Technical Sessions
71Partner in the
source=*Pavilion
82,000Hours of Education
delivered
.conf2017 Experience in Numbershttps://conf.splunk.com/
© 2017 SPLUNK INC.
.conf2017 Fun!
© 2017 SPLUNK INC.
Splunk Security Essentials Appshttps://splunkbase.splunk.com/apps/#/search/Splunk%20Security%20Essentials/
© 2017 SPLUNK INC.
Splunk Security Essentials for Fraud Detectionhttps://splunkbase.splunk.com/app/3693/
© 2017 SPLUNK INC.
Splunk ES Content Updates
© 2017 SPLUNK INC.
Splunk ES Content Updates
© 2017 SPLUNK INC.
Splunk IT Service Intelligence 3.0
© 2017 SPLUNK INC.
The Tools You Have Don’t Work
Event overload | Silos of “monitoring” | Loss of data fidelity | Manual events interpretation
Custom integrations | Rules management overhead | Context and impact blindness
Alert Storm
Bloated
Products and
Features
Cumbersome
Rules
Management
Complex
Integrations
© 2017 SPLUNK INC.
Splunk ITSI for Event AnalyticsSimplify Your Operations With Artificial Intelligence and Service Context
Find and fix the most
important issues
Transform IT operations with
machine learningGet a full view of your IT
environment
Service Context Artificial Intelligence Scalable Platform
Reduce time-to-resolution on
business-critical services
Enable IT with intelligence for
data-driven decisions
Share customized insights across the
enterprise to enable business-centric IT
Contextualize and prioritizeSeparate valuable signal
in noise
Respond collaboratively
and simplify operations
10010010100010
01010011001101
0110010111000110
11010111010101100010011101011000
© 2017 SPLUNK INC.
Splunk Enterprise 7.0The easiest way to aggregate, analyze, and get answers from your machine data
Automate, collect, index,
and visualize your machine
data in real time.
Monitor
Discover insights from any
machine data–structured or
unstructured.
Investigate
Analyze, predict, and act
on outcomes from your
machine data.
Build Intelligence
© 2017 SPLUNK INC.
▶ Immutable record of discrete events that happen over time
▶ Come in different forms: unstructured, semi-structured, structured
▶ Common event sources:
• System and server logs (syslog, journald)
• Firewall and intrusion detection system logs
• Application, platform and server logs (log4j, log4net, Apache, MySQL, AWS)
Events…Two distinct machine data sources that have been hard to integrate…until now
[29/Aug/2017 08:47:05:316503] "POST /cart.do?uid=84e8d742-a31d69&action=remove&&product_id=BS-
2&JSESSIONID=SD6SAL4FF1ADFF9 HTTP 1.1" 200 2569 "http://www.buttercupenterprises.com/product.screen?
product_id=BS-2" "Mozilla/5.0 (Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/57.0.2957.0 Safari/537.36" 98
Sample Log
Equivalent to
1 metric value
Monitor
© 2017 SPLUNK INC.
▶ Numbers describing a particular process or activity
▶ Measured over intervals of time–i.e., time series data
▶ Common metrics sources:
• System metrics (CPU, memory, disk)
• Infrastructure metrics (AWS CloudWatch)
• Web tracking scripts (Google Analytics)
• Application agents (APM, error tracking)
… and MetricsTwo distinct machine data sources that have been hard to integrate…until now
Timestamp Metric Name Value Dimensions
1481050800 os.cpu.user 42.12345 hq:us-west-1
Sample Metric
Monitor
© 2017 SPLUNK INC.
▶ Performance improvement for monitoring and alerting using metrics data
▶ Sample use cases: CPU utilization, temperature, app downloads
▶ All Splunk Platform benefits apply:
• Visualizations and alerting
• Role-based access controls
• Data onboarding
• Clustering, Scaling, Alerting
• Leverage open source for existing sourcetypes (statsd, collectd)
Splunk MetricsTaking the meh out of metrics
Monitor
Metrics car telemetry dashboard–
example of high volume data, large # of
searches in one dashboard
© 2017 SPLUNK INC.
▶ Adds context to any time chart(e.g., line, column, area)
▶ Correlates logs and metrics in a single view
▶ Enables you to pull markers and labels from many sources(e.g., log data, lookup files, or external sources)
Splunk Event AnnotationSurfacing more visual insights from your data
Investigate
Metrics with
Event Annotation
© 2017 SPLUNK INC.
SPLUNK SEARCH PREMIUM SOLUTIONS MACHINE LEARNING TOOLKIT
Platform for Operational Intelligence
Platform for turning machine data into answers
Splunk Machine LearningLeading platform for analyzing, predicting, and acting on outcomes from machine
data
© 2017 SPLUNK INC.
▶ Model management fully integrated with Splunk's role-based access controls
▶ Out-of-the-box algorithms and parameter tuning added for forecasting time series data
▶ Re-factored API makes it easier to import custom algorithms, and export as SplunkbaseTM apps
Splunk Machine Learning Toolkit 3.0Guided and easy-to-use interface, modeling assistance and ready-to-use examples
Predict Numeric Fields Detect Numeric Outliers
Forecast Time Series Cluster Numeric Events
Build Intelligence
© 2017 SPLUNK INC.
Splunk Enterprise 7.0 Overview Apphttps://splunkbase.splunk.com/app/3691/
© 2017 SPLUNK INC.
▶ 9:45 – 10:15 Splunk und die neue EU-DSGVO
Business Track Technical Track
▶ 10:45 – 11:45 Der Mehrwert ausDaten-getriebener Service Intelligence (AI Ops)
▶ 11:45 – 12:45 Aufbau eines SOC mitSplunk
▶ 10:45 – 11:45 Threat Hunting mitMachine Learning
▶ 11:45 – 12:45 Machine Learning fürEvent Management
Wie geht es heute weiter?
© 2017 SPLUNK INC.
What About Florida in October?
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
THANK YOU
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
NOVEMBER 15 | FRANKFURT