SlideShare a Scribd company logo

SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

Download as PPTX, PDF
Splunk
Splunk

Presented at SplunkLive! Munich 2018: - Splunk Overview - Using Splunk

Technology
1 of 64
SplunkLive! Dirk Beerbohm | Senior Sales Engineer München, 20. März 2018
Set Up Before You Can Play Download the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
Getting Started With Splunk Enterprise
© 2018 SPLUNK INC. 1. Splunk Overview 2. Using Splunk – Live Demonstration/Walk-Through • Installing & Onboarding Data • Searching • Field Extraction • Dashboards • Alerting • Analytics 3. Wrap-up/Q&A Agenda
Big Data Comes From Machines Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Splunk’s Mission: Make machine data accessible, usable, and valuable to everyone
What Does Machine Data Look Like? Order Processing Twitter Care IVR Middleware Error ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} SOURCES
Machine Data Contains Critical Insights Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID SOURCES
Machine Data Contains Critical Insights SOURCES Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID
Industry Leading Platform For Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source No back-end database Schema on-the-fly No need to filter data Quick time to value Agile reporting and analytics Real-time architecture
Installing and Using Splunk Live Demonstration & Walk-Through
Set Up Before You Can Play Get the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
▶ IMPORT THE ZIP FILE, not individual files within it: http://www.splunkbook.com (sample data is located under ‘related links’ section – *same tutorialdata.zip from first page) ▶ Log in to Splunk – http://127.0.0.1:8000 username=admin password=changeme ▶ To add the file to Splunk: • Click Add Data • Click Upload files from my computer • Drag and drop your sample data zip file • Review and finish Getting Data Into Splunk We will import sample web e-commerce store events
▶ License expired (already had older version installed) • Close browser, empty cache, open browser. If that doesn’t work: • Stop Splunk • Uninstall all Splunk versions • Windows Control Panel->Uninstall programs->Splunk • OS X. Finder->Applications->Right click Splunk, Move to trash • Reinstall • Start Splunk ▶ Can’t start Splunk • Windows, Search Control panel ->Services->Splunk start • Linux; cd <SPLUNK dir>/splunk/bin;./splunk start Common Problems at This Point
Let’s Dive In
© 2018 SPLUNK INC. ▶ See Slide Note at right about adding in step-by-step instructions here. Dashboard
▶ buttercupgames ▶ buttercupgames 400 ▶ buttercupgames 400 OR 500 ▶ buttercupgames status=400 OR status=500 ▶ buttercupgames status=400 OR status=500 | timechart count by status limit=10 ▶ buttercupgames status=* ▶ buttercupgames status=* | timechart count by status limit=10 ▶ buttercupgames status=* AND status!=200 | timechart count by status limit=10 ▶ index=* sourcetype=access_combined_wcookie Searches Used
▶ index=* sourcetype=access_combined_wcookie | top limit=20 browser_type (field extraction necessary) ▶ buttercupgames status!=200 ▶ buttercupgames status!=200 | stats count by status | where count > 100 ▶ buttercupgames status=* | iplocation clientip ▶ buttercupgames status=* | iplocation clientip | geostats count by action Searches Used (Continued)
▶ SplunkLive! Presentations • http://splunklive.splunk.com/presentations.html ▶ Documentation • http://www.splunk.com/base/Documentation ▶ Technical Support • http://www.splunk.com/support ▶ Videos • http://www.splunk.com/videos ▶ Education • http://www.splunk.com/view/education/SP- CAAAAH9 ▶ Community • http://answers.splunk.com ▶ Splunk Book • http://splunkbook.com Time to Start SPLUNKING!!! Where do I go for help?
Thriving Community dev.splunk.com 75,000+ questions and answers 1,000+ apps Local user groups and SplunkLive! events
▶Save the Date 2018 October 1-4, 2018 ▶ 8,750+ Splunk Enthusiasts ▶ 300+ Sessions ▶ 100+ Customer Speakers Plus Splunk University: ▶ Three Days: September 29-October 1, 2018 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP Walt Disney World Swan and Dolphin Resort in Orlando conf .splunk.com SAVE THE DATE!
Wrap-Up/Q&A
© 2018 SPLUNK INC. Don't forget to rate this session in the SplunkLive! mobile app Thank You
Appendix: Detailed Walk-Through
© 2018 SPLUNK INC. Download Splunk Enterprise for your OS and architecture.
© 2018 SPLUNK INC. Download tutorialdata.zip
© 2018 SPLUNK INC. With Firefox, Chrome or Safari – head to http://127.0.0.1:8000 User = admin Password = changeme
© 2018 SPLUNK INC. You’ve successfully installed Splunk and logged in! Let’s add the tutorialdata.zip via “Add Data.”
© 2018 SPLUNK INC. You can also “Add Data” from Settings at the top.
© 2018 SPLUNK INC. Click on upload.
© 2018 SPLUNK INC. Let’s drag tutorialdata.zip into “Drop your data file here.”
© 2018 SPLUNK INC. Click Next
© 2018 SPLUNK INC. Splunk can auto detect the source type. Let’s change host field to buttercup-web01, and then click Review.
© 2018 SPLUNK INC. Looks good, click Submit.
© 2018 SPLUNK INC. Let’s Start Searching our data.
© 2018 SPLUNK INC. We’re brought into a search with filters applied to search the data we just uploaded.
© 2018 SPLUNK INC. Let’s type “buttercupgames” in the search bar, and double-click into a bar on the histogram.
© 2018 SPLUNK INC. Notice the time picker changed with our drill into the histogram bar.
© 2018 SPLUNK INC. Given that this data is web access, let’s do a string search for 400, which is a “Bad Request” code. Notice that there are 188 events returned (number will vary for you).
© 2018 SPLUNK INC. Let’s also add 500 into the mix, and notice that my event count is higher now.
© 2018 SPLUNK INC. We can see the 400 and 500 status codes, but other status codes also show up in our results. That’s because the string search doesn’t explicitly search for status values – it’ll string match any event that contains “400” or “500.”
© 2018 SPLUNK INC. Let’s explicitly search for status codes equaling values we want to see returned.
© 2018 SPLUNK INC. Great, we’ve now returned all the events containing the two status codes we searched for. Click on “Top values by time,” which will build out a timechart for us.
© 2018 SPLUNK INC. Notice how our search query changed, there’s a | (pipe), and a timechart command added. The pipe followed by a command allows further operation on your filtered data set.
© 2018 SPLUNK INC. Let’s change our search to: buttercupgames status=* And – drill into one bar on the histogram.
© 2018 SPLUNK INC. Click on “top values by time” under the status field on the left, which will produce the timechart at right.
© 2018 SPLUNK INC. Let’s exclude 200 status codes by adding AND status!=200, and change Line to Column.
© 2018 SPLUNK INC. After changing from Line to Column, let’s Stack the results (middle stack under Stack Mode). Much better!
© 2018 SPLUNK INC. Let’s now save this to a dashboard, a place we can go to view this search without having to remember what we had just searched for. Click Save AS -> Dashboard Panel. Fill in, and click Save. Then, View dashboard.
© 2018 SPLUNK INC. Click on Search to get us back to our Search bar, and let’s key in: buttercupgames. Development wants to know what web browsers are being used to access the site, but no fields currently exist. No problem – let’s extract the browser field. Find an event that contains a value that you’re looking for, and click the “>” arrow just to the left of “Time.” The event will expand with a down arrow, and Extract Fields will be under Event Actions. Click Extract Fields.
© 2018 SPLUNK INC. Click Regular Expression (Splunk will build a regular expression to extract our fields), and click Next. Highlight the value of the field you’d like to create, and let’s name the field: browser_type Click Add Extraction.
© 2018 SPLUNK INC. Let’s verify that the extracted field contains values that are indeed types of browsers. Good, click Next to proceed. Now, open the permissions to “App,” which will allow users of the App the ability to leverage this extraction. Click Next.
© 2018 SPLUNK INC. Success! Let’s explore the fields just created in Search, by clicking the link.
© 2018 SPLUNK INC. You’ll now be taken to Search, with the filter set to the sourcetype that the field extraction has been applied to. Note – field extractions are coupled to a sourcetype. Click on “Top values.”
© 2018 SPLUNK INC. Notice how the search changed. And, instead of a bar graph, we want a pie chart, so drop down the “bar” option and change it to pie.
Let’s add this search to our dashboard, and then view the dashboard. Click Edit -> Edit Panels to drag the different panels to different positions.
© 2018 SPLUNK INC. Let’s go back to search, and search for buttercupgames AND status!=200 (we want to see events that aren’t successful). Add the stats and where clause above, to return when there are more than 100 unsuccessful status codes.
© 2018 SPLUNK INC. Let’s create an alert. Save As -> Alert. Fill out the Title, Scheduled, Earliest + Latest, and Cron Expression. Instead of 48, change to minutes a few ahead of your current time (i.e., if it’s 9:00 a.m., change to 05).
© 2018 SPLUNK INC. Add to Triggered Alerts and Save.
© 2018 SPLUNK INC. You should see an alert trigger once your scheduled search runs at the Cron expression you defined. * Note – it was mentioned that alerts wouldn’t work on a trial license. * Correction – alerts will work until the trial license expires.
© 2018 SPLUNK INC. Let’s go back to search and: buttercupgames status=* | iplocation clientip We want to look up the clientip values against the MaxMind database to pull in City, Country, State, Lat, Lon of the IPs.
© 2018 SPLUNK INC. Now, business is interested in seeing plots on a map of web users and what they’re doing with the website. Let’s append a geostats command that counts the events by the values of the action field. Pretty cool! This is definitely dashboard worthy Let’s add to dashboard.
© 2018 SPLUNK INC. Awesome! Now we have a single pane of glass that Operations, Development and Business all care about – from one data source! Talk about value!

Recommended

SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunk
 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
 
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
 

Recommended

SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunk
 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
 
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunk
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...Splunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunk
 
SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
 
SplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunk
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
 

More Related Content

What's hot

SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunk
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...Splunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunk
 
SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
 

What's hot (20)

SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
 
SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
 

Similar to SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

SplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunk
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Hortonworks
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunk
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunk
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneySplunk
 
Exploring and Using the Python Ecosystem
Exploring and Using the Python EcosystemExploring and Using the Python Ecosystem
Exploring and Using the Python EcosystemAdam Cook
 
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...Soroosh Khodami
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0Sungho Yoon
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocTiago Henriques
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsJared Greenhill
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding Splunk
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Coresl2square
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
Machine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for TestingMachine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for TestingTechWell
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Andrew Morris
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 

Similar to SplunkLive! Munich 2018: Getting Started with Splunk Enterprise (20)

SplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands On
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydney
 
Exploring and Using the Python Ecosystem
Exploring and Using the Python EcosystemExploring and Using the Python Ecosystem
Exploring and Using the Python Ecosystem
 
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havoc
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Machine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for TestingMachine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for Testing
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

  • 1. SplunkLive! Dirk Beerbohm | Senior Sales Engineer München, 20. März 2018
  • 2. Set Up Before You Can Play Download the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
  • 4. © 2018 SPLUNK INC. 1. Splunk Overview 2. Using Splunk – Live Demonstration/Walk-Through • Installing & Onboarding Data • Searching • Field Extraction • Dashboards • Alerting • Analytics 3. Wrap-up/Q&A Agenda
  • 5. Big Data Comes From Machines Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Splunk’s Mission: Make machine data accessible, usable, and valuable to everyone
  • 6. What Does Machine Data Look Like? Order Processing Twitter Care IVR Middleware Error ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} SOURCES
  • 7. Machine Data Contains Critical Insights Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID SOURCES
  • 8. Machine Data Contains Critical Insights SOURCES Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID
  • 9. Industry Leading Platform For Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source No back-end database Schema on-the-fly No need to filter data Quick time to value Agile reporting and analytics Real-time architecture
  • 10. Installing and Using Splunk Live Demonstration & Walk-Through
  • 11. Set Up Before You Can Play Get the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
  • 12. ▶ IMPORT THE ZIP FILE, not individual files within it: http://www.splunkbook.com (sample data is located under ‘related links’ section – *same tutorialdata.zip from first page) ▶ Log in to Splunk – http://127.0.0.1:8000 username=admin password=changeme ▶ To add the file to Splunk: • Click Add Data • Click Upload files from my computer • Drag and drop your sample data zip file • Review and finish Getting Data Into Splunk We will import sample web e-commerce store events
  • 13. ▶ License expired (already had older version installed) • Close browser, empty cache, open browser. If that doesn’t work: • Stop Splunk • Uninstall all Splunk versions • Windows Control Panel->Uninstall programs->Splunk • OS X. Finder->Applications->Right click Splunk, Move to trash • Reinstall • Start Splunk ▶ Can’t start Splunk • Windows, Search Control panel ->Services->Splunk start • Linux; cd <SPLUNK dir>/splunk/bin;./splunk start Common Problems at This Point
  • 15. © 2018 SPLUNK INC. ▶ See Slide Note at right about adding in step-by-step instructions here. Dashboard
  • 16. ▶ buttercupgames ▶ buttercupgames 400 ▶ buttercupgames 400 OR 500 ▶ buttercupgames status=400 OR status=500 ▶ buttercupgames status=400 OR status=500 | timechart count by status limit=10 ▶ buttercupgames status=* ▶ buttercupgames status=* | timechart count by status limit=10 ▶ buttercupgames status=* AND status!=200 | timechart count by status limit=10 ▶ index=* sourcetype=access_combined_wcookie Searches Used
  • 17.
  • 18. ▶ index=* sourcetype=access_combined_wcookie | top limit=20 browser_type (field extraction necessary) ▶ buttercupgames status!=200 ▶ buttercupgames status!=200 | stats count by status | where count > 100 ▶ buttercupgames status=* | iplocation clientip ▶ buttercupgames status=* | iplocation clientip | geostats count by action Searches Used (Continued)
  • 19. ▶ SplunkLive! Presentations • http://splunklive.splunk.com/presentations.html ▶ Documentation • http://www.splunk.com/base/Documentation ▶ Technical Support • http://www.splunk.com/support ▶ Videos • http://www.splunk.com/videos ▶ Education • http://www.splunk.com/view/education/SP- CAAAAH9 ▶ Community • http://answers.splunk.com ▶ Splunk Book • http://splunkbook.com Time to Start SPLUNKING!!! Where do I go for help?
  • 20. Thriving Community dev.splunk.com 75,000+ questions and answers 1,000+ apps Local user groups and SplunkLive! events
  • 21. ▶Save the Date 2018 October 1-4, 2018 ▶ 8,750+ Splunk Enthusiasts ▶ 300+ Sessions ▶ 100+ Customer Speakers Plus Splunk University: ▶ Three Days: September 29-October 1, 2018 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP Walt Disney World Swan and Dolphin Resort in Orlando conf .splunk.com SAVE THE DATE!
  • 23. © 2018 SPLUNK INC. Don't forget to rate this session in the SplunkLive! mobile app Thank You
  • 25.
  • 26. © 2018 SPLUNK INC. Download Splunk Enterprise for your OS and architecture.
  • 27. © 2018 SPLUNK INC. Download tutorialdata.zip
  • 28. © 2018 SPLUNK INC. With Firefox, Chrome or Safari – head to http://127.0.0.1:8000 User = admin Password = changeme
  • 29. © 2018 SPLUNK INC. You’ve successfully installed Splunk and logged in! Let’s add the tutorialdata.zip via “Add Data.”
  • 30. © 2018 SPLUNK INC. You can also “Add Data” from Settings at the top.
  • 31. © 2018 SPLUNK INC. Click on upload.
  • 32. © 2018 SPLUNK INC. Let’s drag tutorialdata.zip into “Drop your data file here.”
  • 33. © 2018 SPLUNK INC. Click Next
  • 34. © 2018 SPLUNK INC. Splunk can auto detect the source type. Let’s change host field to buttercup-web01, and then click Review.
  • 35. © 2018 SPLUNK INC. Looks good, click Submit.
  • 36. © 2018 SPLUNK INC. Let’s Start Searching our data.
  • 37. © 2018 SPLUNK INC. We’re brought into a search with filters applied to search the data we just uploaded.
  • 38. © 2018 SPLUNK INC. Let’s type “buttercupgames” in the search bar, and double-click into a bar on the histogram.
  • 39. © 2018 SPLUNK INC. Notice the time picker changed with our drill into the histogram bar.
  • 40. © 2018 SPLUNK INC. Given that this data is web access, let’s do a string search for 400, which is a “Bad Request” code. Notice that there are 188 events returned (number will vary for you).
  • 41. © 2018 SPLUNK INC. Let’s also add 500 into the mix, and notice that my event count is higher now.
  • 42. © 2018 SPLUNK INC. We can see the 400 and 500 status codes, but other status codes also show up in our results. That’s because the string search doesn’t explicitly search for status values – it’ll string match any event that contains “400” or “500.”
  • 43. © 2018 SPLUNK INC. Let’s explicitly search for status codes equaling values we want to see returned.
  • 44. © 2018 SPLUNK INC. Great, we’ve now returned all the events containing the two status codes we searched for. Click on “Top values by time,” which will build out a timechart for us.
  • 45. © 2018 SPLUNK INC. Notice how our search query changed, there’s a | (pipe), and a timechart command added. The pipe followed by a command allows further operation on your filtered data set.
  • 46. © 2018 SPLUNK INC. Let’s change our search to: buttercupgames status=* And – drill into one bar on the histogram.
  • 47. © 2018 SPLUNK INC. Click on “top values by time” under the status field on the left, which will produce the timechart at right.
  • 48. © 2018 SPLUNK INC. Let’s exclude 200 status codes by adding AND status!=200, and change Line to Column.
  • 49. © 2018 SPLUNK INC. After changing from Line to Column, let’s Stack the results (middle stack under Stack Mode). Much better!
  • 50. © 2018 SPLUNK INC. Let’s now save this to a dashboard, a place we can go to view this search without having to remember what we had just searched for. Click Save AS -> Dashboard Panel. Fill in, and click Save. Then, View dashboard.
  • 51. © 2018 SPLUNK INC. Click on Search to get us back to our Search bar, and let’s key in: buttercupgames. Development wants to know what web browsers are being used to access the site, but no fields currently exist. No problem – let’s extract the browser field. Find an event that contains a value that you’re looking for, and click the “>” arrow just to the left of “Time.” The event will expand with a down arrow, and Extract Fields will be under Event Actions. Click Extract Fields.
  • 52. © 2018 SPLUNK INC. Click Regular Expression (Splunk will build a regular expression to extract our fields), and click Next. Highlight the value of the field you’d like to create, and let’s name the field: browser_type Click Add Extraction.
  • 53. © 2018 SPLUNK INC. Let’s verify that the extracted field contains values that are indeed types of browsers. Good, click Next to proceed. Now, open the permissions to “App,” which will allow users of the App the ability to leverage this extraction. Click Next.
  • 54. © 2018 SPLUNK INC. Success! Let’s explore the fields just created in Search, by clicking the link.
  • 55. © 2018 SPLUNK INC. You’ll now be taken to Search, with the filter set to the sourcetype that the field extraction has been applied to. Note – field extractions are coupled to a sourcetype. Click on “Top values.”
  • 56. © 2018 SPLUNK INC. Notice how the search changed. And, instead of a bar graph, we want a pie chart, so drop down the “bar” option and change it to pie.
  • 57. Let’s add this search to our dashboard, and then view the dashboard. Click Edit -> Edit Panels to drag the different panels to different positions.
  • 58. © 2018 SPLUNK INC. Let’s go back to search, and search for buttercupgames AND status!=200 (we want to see events that aren’t successful). Add the stats and where clause above, to return when there are more than 100 unsuccessful status codes.
  • 59. © 2018 SPLUNK INC. Let’s create an alert. Save As -> Alert. Fill out the Title, Scheduled, Earliest + Latest, and Cron Expression. Instead of 48, change to minutes a few ahead of your current time (i.e., if it’s 9:00 a.m., change to 05).
  • 60. © 2018 SPLUNK INC. Add to Triggered Alerts and Save.
  • 61. © 2018 SPLUNK INC. You should see an alert trigger once your scheduled search runs at the Cron expression you defined. * Note – it was mentioned that alerts wouldn’t work on a trial license. * Correction – alerts will work until the trial license expires.
  • 62. © 2018 SPLUNK INC. Let’s go back to search and: buttercupgames status=* | iplocation clientip We want to look up the clientip values against the MaxMind database to pull in City, Country, State, Lat, Lon of the IPs.
  • 63. © 2018 SPLUNK INC. Now, business is interested in seeing plots on a map of web users and what they’re doing with the website. Let’s append a geostats command that counts the events by the values of the action field. Pretty cool! This is definitely dashboard worthy Let’s add to dashboard.
  • 64. © 2018 SPLUNK INC. Awesome! Now we have a single pane of glass that Operations, Development and Business all care about – from one data source! Talk about value!