Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Latest Updates to Splunk from .conf 2017 Announcements


Published on

Session detailing some of the best announcements from the recent Splunk users conference. Delivered at the Splunk User Group in Edinburgh on October 16, 2017.

Published in: Data & Analytics
  • Login to see the comments

Latest Updates to Splunk from .conf 2017 Announcements

  1. 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Splunk User Group Edinburgh
  2. 2. © 2017 SPLUNK INC. Introduction - Harry McLaren ● Alumnus of Edinburgh Napier (Now a Mentor) ● Senior Security Consultant at ECS ● Leader of the Splunk User Group Edinburgh
  3. 3. © 2017 SPLUNK INC. Introduction to ECS Elite Splunk Partner - UK – Type: Security / IT Operations / Managed Services (SOC / Splunk) – Awards: Splunk Revolution Award & Splunk Partner of the Year
  4. 4. © 2017 SPLUNK INC. Agenda • Housekeeping: Event Overview & House Rules • Splunk Enterprise (Core) Updates from .conf • Splunk Security & IT Ops Updates from .conf • Other Splunk Updates from .conf
  5. 5. © 2017 SPLUNK INC. Splunk [Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead Technical Discussions ● Sharing Environment ● Build Trust ● No Sales! ● We’re 1 year old, have 161 Members and this is our 7th event!
  6. 6. © 2017 SPLUNK INC. Splunk Enterprise Updates from .conf Harry McLaren
  7. 7. © 2017 SPLUNK INC. ▶ Metrics - which are sets of numerical, time series data are now treated as a first class data type bringing massive performance improvements such as up to 200x faster queries ▶ Event Annotation seamlessly unifies logs and metrics by overlaying multiple searches in a single time chart or graph ▶ Faster Data Model Acceleration through core search technology tweaks ▶ Self-Service App Management in the cloud has been updated to allow the installation of your organization’s own internal apps ▶ The latest Machine Learning Toolkit improves extensibility, scalability and ease of use through several new enhancements Splunk Enterprise Release 7.0 (Available Now)
  8. 8. © 2017 SPLUNK INC. Metrics and Events Two distinct machine data sources that have been hard to integrate…until now Metrics ▶ Numbers describing a particular process or activity ▶ Measured over intervals of time– i.e., time series data ▶ Common metrics sources: • System metrics (CPU, memory, disk) • Infrastructure metrics (AWS CloudWatch) • Web tracking scripts (Google Analytics) • Application agents (APM, error tracking) Events ▶ Immutable record of discrete events that happen over time ▶ Come in three forms: plain text, structured, binary ▶ Common event sources: • System and server logs (syslog, journald) • Firewall and intrusion detection system logs • Social media feeds (Twitter…) • Application, platform and server logs (log4j, log4net, Apache, MySQL, AWS) Timestamp Metric Name Value Dimensions 1481050800 os.cpu.user 42.12345 hq:us-west-1 Sample Metric [29/Aug/2017 08:47:05:316503] "POST / 2&JSESSIONID=SD6SAL4FF1ADFF9 HTTP 1.1" 200 2569 " product_id=BS-2" "Mozilla/5.0 (Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2957.0 Safari/537.36" 98 Sample Log Equivalent to 1 metric value Monitor
  9. 9. © 2017 SPLUNK INC. ▶ 20x and beyond performance improvement for monitoring and alerting using metrics data ▶ Sample use cases: CPU utilization, temperature fluctuations in devices, app downloads ▶ All Splunk Platform benefits apply: • Visualizations and alerting • Role-based access controls • Data onboarding • Clustering, Scaling, Alerting • Leverage open source for existing sourcetypes (statsd, collectd) • Supports SaaS apps + legacy/on-premises systems Splunk Metrics Taking the meh out of metrics Metrics car telemetry dashboard– example of high volume data, large # of searches in one dashboard Monitor
  10. 10. © 2017 SPLUNK INC. ▶ Adds context to any time chart (e.g., line, column, area) ▶ Correlates logs and metrics in a single view ▶ Enables you to pull markers and labels from many sources (e.g., log data, lookup files, or external sources) Splunk Event Annotation Surfacing more visual insights from your data Investigate Metrics with Event Annotation
  11. 11. © 2017 SPLUNK INC. Splunk Event Annotation Surfacing more visual insights from your data Investigate
  12. 12. © 2017 SPLUNK INC. Splunk Event Annotation Surfacing more visual insights from your data Investigate Metrics with Event Annotation
  13. 13. © 2017 SPLUNK INC. ▶ New app management page allows for easier management, app updates, self- service installation and resolution of dynamic app dependencies. ▶ Support for most Splunk certified and internally built New in 7.0! apps and add-ons ▶ More robust app deployment with self- service action retries, and better restart notifications Splunk Cloud App Management App Management Interface for Splunk Cloud
  14. 14. © 2017 SPLUNK INC. Splunk Security & IT Ops Updates from .conf Harry McLaren
  15. 15. © 2017 SPLUNK INC. Splunk Enterprise Security Content Update (ESCU)
  16. 16. © 2017 SPLUNK INC. Splunk Enterprise Security Content Update (ESCU)
  17. 17. © 2017 SPLUNK INC. Splunk Enterprise Security Content Update (ESCU) Details:
  18. 18. © 2017 SPLUNK INC. Splunk User Behavior Analytics (UBA) Release 4.0 Details:
  19. 19. © 2017 SPLUNK INC. ▶ Decrease event noise to produce human-scale actionable alerts. • Dynamically adapt thresholds to avoid being alerted on expected conditions. Use built-in statistical measurements to understand historical behavior, determine threshold variability patterns by hour, day, week or month, and baseline normal operations • Extract real-time correlations easily on your events and KPIs to reduce event clutter and complexity and overhead of managing rules • Detect abnormalities based on the learned normal operational patterns to highlight and alert on anomalies and outlier activity that need investigation and action ▶ Built-in integrations into your existing incident management and automation tools such as ServiceNow, BMC Remedy, Puppet, xMatters and PagerDuty. And you can build custom integrations easily with the power of the Splunk ITSI APIs. Splunk ITSI 3.0 Available 19th of October 2017 Details:
  20. 20. © 2017 SPLUNK INC. Manage the Incident, Not the Event Collect ALL data De-spam: Separate valuable signal from noise Add context: Prioritize resolution to ensure service availability Shared insights Collaborative response Data-enabled IT Intelligent operations SALES SSO CLAIMS
  21. 21. © 2017 SPLUNK INC. Splunk ITSI for Event Analytics Simplify Your Operations With Artificial Intelligence and Service Context Easy and Seamless Access to ALL Data at Scale • Collect any type of data, at any volume, from thousands of sources, in real time • Apply structure to data at search time for customizable pivots on your data • Identify issues before they impact the business Understand Your Business With Context • Model important services on relevant business and technical KPIs • Apply service context to events • Prioritize resolution of incidents that impact business service availability Derive Insights With Machine Learning • Detect patterns to determine normal vs. abnormal • Dynamically adapt thresholds and alerts on anomalous conditions • Group related events to highlight the ones that are most meaningful Enable Operational Efficiencies • Share understanding of issues across silos • Accelerate incident response and automation with built-in and custom integrations • Create custom dashboards for IT and business users on-the-fly and on demand Details:
  22. 22. © 2017 SPLUNK INC. Other Splunk Updates from .conf Harry McLaren
  23. 23. © 2017 SPLUNK INC. ▶ Model management fully integrated with Splunk's role-based access controls ▶ Out-of-the-box algorithms and parameter tuning added for forecasting time series data ▶ Re-factored API makes it easier to import custom algorithms, and export as SplunkbaseTM apps ▶ MLTK + Spark Integration for large-scale model training (beta) Splunk Machine Learning Toolkit 3.0 Guided and easy-to-use interface, modeling assistance and ready-to-use examples Build Intelligence Predict Numeric Fields Detect Numeric Outliers Forecast Time Series Cluster Numeric Events
  24. 24. © 2017 SPLUNK INC. Splunk Bucketlist
  25. 25. © 2017 SPLUNK INC. Splunk Security Essentials for Fraud Detection
  26. 26. © 2017 SPLUNK INC. Config Quest
  27. 27. © 2017 SPLUNK INC. Config Quest
  28. 28. © 2017 SPLUNK INC. Get Involved! ● Splunk User Group Edinburgh – – ● Splunk’s Slack Group – Register via – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | | @cyberharibu | ‣ ECS | | @ECS_IT |
  29. 29. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You