Bare with me as i'm not an native english speaker, i'll try to make the coming 20 minutes a good waste of time ;-)
Marcus - father of two, skier, climber and splunker.
Jämtkraft is a municipality owned utilties company in what most people would call the north of sweden - infact it is much closer to the middle of sweden than north of it. (Jämtland, Österund, Åre, Krokom)
Our core business is to produce, distribute and sell both power and district heating to our 60 000 customers.
Totalt lenght of the powergrid is about 8600km, which is more than than 1000km more than the distansce between Ostersund and Ulan Bator (the capital of mongolia)
Renewable energy from water, wind and sun. 17 hydropower plants and 4 wind farms and currently building the second largets solar farm in sweden.
Early 2018 when facing the problems trying to understand GDPR with the rest of the world we realised we needed "something" that would help us to speed up incident reporting in compliance of the GDPR. Since we are under Swedish procurement legislation we needed to go out into the open market to find a suitable solution. After a grueling task of setting the tender requirements we went out into public procurrment and we got a bunch of tenders, after qualification and evaluation we found that – it was SecureLink who ha placed the best offer and we found ourself to be a company that just hade procurred a data analytics systems rather than a pure SIEM-system
Implementation took place in the beginning of 2019 we had the system up and running – and as opposite what many of you may have done back at home, our implemenation was a big bang rollout, everything in one blow everywhere.
<insert design> <talk about sizing>
Our system was sized for a 100gb/day dataflow, linux vm:s on vsphere ontop of vxrail Cold storage on Isilon – 15 months of retention on SIEM/OPS-data – unlimited storage on the comercial side. No big deal to push forwarders to all windows-hosts, as always problems with deployment to linux as not a linux-shop - infrastructure connected via redundant syslog and bussniss systems via dbConnect
The biggest internal task was to negotiate with the uninon that we would not use the system implemented to track users in a bad way but rather to use the system to prove that people was innocent of doing wrong.
In fact, it took us three month after startup before the negotiations were completed and we could start to analyse the data we had started collected at system startup.
Another obstacle was due to regorgansiation we did not have the manpower to run the system, but In augusti Johan (point to crowd) joined us and will be the core administrator of the system, so from now and forward there will be no more obstacles ;-)
After the obstacles were over – people were starting to wonder about, what is this splunk-thingy that we have? Thats one great thing about having a system with a odd name, people start to talk. So after a lot of talking to people we did some workshops together with simon from splunk where we focused on what kind of system and application data that could be analysied and started to bend the lines, what could people figure out? What kind of ideas would emerge? There was a huge interest out in the bussiness, a lote more interst than we hade manhours for…. So what would we do?
A PoC regarding using splunk as the central platform for analytics from our LORA-based IoT-network is planned to start this winter! Here we plan to use splunk as the analyitics engine together with sensors out in the field to prevent outages in the electricy grid, the same princip applies to the distric heating networks and other sensor networks integrated to hydropower dams things like that.
One thing is sure, power and heating will always be something that people want, and if splunk can add efficency to our network then the power deficit that everyone is talking about may not be so hard to overcome anyway!
SplunkLive! Stockholm 2019 - Customer presentation: Jamtkraft
emPowering GDPR with Splunk
Marcus Weman – Jämtkraft AB
• Municipality owned company since 1889
• Core business is
• Power Generation
• Electricity Grid
• District heating
• Social and Environmental responsibility
• GDPR in 2018
• Public Procurement
• Start Jan 19
• Finish Apr 19
• Multi Site
Site 1 Site 2
Search head Search head
RF 2 SF2
RF 2 SF2
Syslog + UF Windows Servers Linux Servers
Windows Servers Linux Servers
Syslog + UF