This document provides a summary of new features and enhancements in Splunk Enterprise & Cloud version 6.3. Key highlights include improved performance and scale through search and index parallelization, intelligent job scheduling, expanded support for DevOps and IoT through the new HTTP Event Collector, and enhanced analytics and visualization capabilities such as anomaly detection and geospatial mapping. The documentation was also redesigned to be more user-friendly.

1. Copyright © 2015 Splunk Inc.
Splunk Enterprise & Cloud
Version 6.3
Rosie Sennett
Staff Sales Engineer

2. 2

3. 3
Advanced Analysis &
Visualization
VISABILITY
Anomaly Detection
Super Powered Geospatial
Mapping
Amped Up Single Value Display
Breakthrough
Performance & Scale
PLATFORM
Search Parallelization
Index Parallelization
Intelligent Job Scheduling
Management and
Administration
Continued Distributed Environment
Awareness
Distributed Management Console
Expansion
GUI Assist for Custom Alerts w 3rd
Party Endpoints
Expanded Support
for DevOps and IoT
DEVELOPER
HTTP Event Collector
Developer API & SDK
3rd Party Integrations
Cool New Updated Book
ENTERPRISE

4. Copyright © 2015 Splunk Inc.
In just a moment…
Deep Dives
Please…

5. 5
“Those who wish users to RTFM,
must be diligent at the production
of a better FM.”
- Buddha

6. 6

7. 7
Go get ‘em
conf.splunk.com

8. 8

9. 9
Expanded Support
for DevOps and IOT
DEVELOPER
Management and
Administration
ENTERPRISE
Advanced Analysis &
Visualization
VISABILITY
Breakthrough
Performance & Scale
PLATFORM

10. 10
Vertical Scaling is super Speedy!
Maximizing use of underutilized CPU
Search Performance: 2x Increased Execution Speed
Indexing Speed: 2-4x Data Rate
Official Indexer Volume Per day? 300GB… yep.

11. 11
3 Tier Architecture

12. 12
Good Old Splunk Data Ingestion Pipeline

13. 13
Business as Usual

14. 14
Under Utilized Indexer

15. 15
Multiple Data Ingestion Pipelines

16. 16
Multiple Ingestion Pipelines over Network

17. 17
Search
Execution
Speed
2x
Forwarder
Efficiency
4x

18. 18
Get the rest
from
Buttercup’s
mouth…

19. 19

20. 20
We are Listening to You…
Making The Most Of The New Splunk Scheduler
Speakers
Paul Lucas, Sr. Software Engineer, Splunk
• Performance Improved by 25%
• Simplified and more effective Scheduling
• “Finish By” criteria added creating Scheduling
Windows
• Splunk profiles workloads and controls
scheduling Optimizing Resources

21. 21
Let it Wash Over You…

22. 22
Expanded Support
for DevOps and IOT
DEVELOPER
Management and
Administration
ENTERPRISE
Advanced Analysis &
Visualization
VISABILITY
Breakthrough
Performance & Scale
PLATFORM

23. 23
Pictures Good!

24. 24

25. 25
Single Value
As it Was Then As it Is Now

26. 26
Single Value
Small Space – High Information Density

27. 27
Hard to See

28. 28
Hard to Miss

29. 29
Pre 6.0
Community
Supported
Google Maps
Add-On
Splunk 6.0
Cluster Maps
Splunk Tiles
|geostats
Splunk 6.1
UI Integration
Format Editor

30. 30
Cloropleth Maps

31. 31
Polygons For YOU! (Any .KMZ file works)

32. 32

33. 33
Anomaly Detection
New SPL Command provides histogram-based anomaly detection
• Replaces existing Outlier and
AnomalousValue commands
• Offers zscore, histogram and iqr
options
• Net new Histogram-based approach
offers a more accurate detection
method
3

34. 34
Newest Command…

35. 35

36. 36
Expanded Support
for DevOps and IOT
DEVELOPER
Management and
Administration
ENTERPRISE
Advanced Analysis &
Visualization
VISABILITY
Breakthrough
Performance & Scale
PLATFORM

37. 37

38. 38

39. 39

40. 40

41. 41

42. 42
Alert Action Examples

43. 43

44. 44
HTTP Event Collector
Opens the door (but not too wide) for devs to send logs directly to Splunk
• New token based JSON API for
events
• Send events directly from
anywhere (server, mobile device,
IOT)
• Easy to configure – works out of
the box
• Easy to secure
• Highly performant, scalable and
available

45. 45

46. 46
Expanded Support
for DevOps and IOT
DEVELOPER
Management and
Administration
ENTERPRISE
Advanced Analysis &
Visualization
VISABILITY
Breakthrough
Performance & Scale
PLATFORM

47. 47
HTTP Event Collector
Supports DevOps and IoT Data Analysis Needs at Scale
1. Standard API and Logging Libraries send events directly to Splunk
2. Libraries integrated into popular platforms and services

48. 48
Additions to Logging Libraries

49. 49

50. 50
Expanded Support
for DevOps and IOT
DEVELOPER
Management and
Administration
ENTERPRISE
Advanced Analysis &
Visualization
VISABILITY
Breakthrough
Performance & Scale
PLATFORM
Beautiful FM to R
DOCUMENTATION

51. 51
Documentation
Redesign

52. 52
New Doc For 6.3
Looks good… tastes great

53. Copyright © 2015 Splunk Inc.
• September 26-29, 2016
• The Disney Swan and Dolphin, Orlando
• 5000+ IT & Business Professionals
• 3 days of technical content
• 165+ sessions
• 3 days of Splunk University
• Sept 24-26, 2016
• Get Splunk Certified for FREE!
• Get CPE credits for CISSP, CAP, SSCP
• Save thousands on Splunk education!
• 80+ Customer Speakers
• 35+ Apps in Splunk Apps Showcase
• 75+ Technology Partners
• 1:1 networking: Ask The Experts and
• Security Experts, Birds of a Feather and Chalk Talks
• NEW hands-on labs!
• Expanded show floor, Dashboards Control Room &
Clinic, and MORE!
.conf2016: The 7th Annual
Splunk Worldwide Users’ Conference

54. 54
We Want to Hear your Feedback!
After the Breakout Sessions conclude
Text Splunk to 20691
And be entered for a chance to win a $100 AMEX gift card!

55. Thank You