This session shows some of the tricks that make "cookiecutter" app creation a bit easier, reducing development time by admins / data scientists all while providing reusable "code base" for creating more dashboards and content. The presentation focuses on macros, "app virtualization," use of data models to provide an abstraction layer to data, and use of search commands *after* | pivot for more dashboarding win!
Julian Harty, Sr. Sales Engineer, Splunk reviews the internals of how a Splunk search is performed, use of job inspector, search log, and gives a review of where and when to use certain commands.
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as "map", "xyseries", "contingency" and others. This session also showcases tricks such as "eval host_{host} = Value" to dynamically create fields based on other field values, and searches that show concurrency based on start/end times within an event (using gentimes).
David Veuve, SE, Splunk, walks the audience through automated threat intelligence response, behavioral profiling, anomaly detection, and tracking an attack against the kill chain.
Ever want to know the status of a device, host, or ip as it currently stands even after the log data that it generates is already in Splunk? In this track, we'll show you how simple custom built search commands can interrogate your host or ip to get the current status for common tasks such as ping, http, telnet server availability, anonymous ftp, trace route, and finger. In this context, you'll be making your Splunk instance an active interrogator of your network to get the most up to date status and can even save the results into a Splunk index for historical or analytic purposes. You can even alert on the responses. We'll also show you the minimum on how to write a Splunk search command in Python to do this and provide examples.
Dawn Anderson's Brighton SEO deck from April 2014. Looks at crawlability issues on large sites and in particular to infinite URLs / infinite loops, dirty architecture and too many indexed URLs.
There is a blog post / article that I wrote for the Brighton SEO newspaper which covers the information in this deck in a lot more detail.
It is here:
http://bit.ly/Ss6Lf1
Slides from my presentation at the ECIR 2012 workshop on "Information Retrieval Over Query Sessions" (SIR2012) held in Barcelona, Spain.
Title: Exploring Session Search
Abstract:
Exploratory search is typically characterized by recall-oriented information needs and by uncertainty and evolution of the information need. As searchers interact with the system, their understanding of the topic evolves in response to found information. These two characteristics – uncertainty of information need and the desire to find multiple documents – drive the need to run multiple queries. Furthermore, these queries are not independent of each other because they often retrieve overlapping sets of documents. Yet traditional information retrieval systems often treat searchers’ queries in isolation, ignoring the evolution of a person’s understanding of the information need and the historical coupling among queries.
I this talk, I will describe some interface ideas we're exploring to help people incorporate their search history into their ongoing retrieval and sense-making tasks, and will touch on some issues related to retrieval algorithms and evaluation.
Julian Harty, Sr. Sales Engineer, Splunk reviews the internals of how a Splunk search is performed, use of job inspector, search log, and gives a review of where and when to use certain commands.
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as "map", "xyseries", "contingency" and others. This session also showcases tricks such as "eval host_{host} = Value" to dynamically create fields based on other field values, and searches that show concurrency based on start/end times within an event (using gentimes).
David Veuve, SE, Splunk, walks the audience through automated threat intelligence response, behavioral profiling, anomaly detection, and tracking an attack against the kill chain.
Ever want to know the status of a device, host, or ip as it currently stands even after the log data that it generates is already in Splunk? In this track, we'll show you how simple custom built search commands can interrogate your host or ip to get the current status for common tasks such as ping, http, telnet server availability, anonymous ftp, trace route, and finger. In this context, you'll be making your Splunk instance an active interrogator of your network to get the most up to date status and can even save the results into a Splunk index for historical or analytic purposes. You can even alert on the responses. We'll also show you the minimum on how to write a Splunk search command in Python to do this and provide examples.
Dawn Anderson's Brighton SEO deck from April 2014. Looks at crawlability issues on large sites and in particular to infinite URLs / infinite loops, dirty architecture and too many indexed URLs.
There is a blog post / article that I wrote for the Brighton SEO newspaper which covers the information in this deck in a lot more detail.
It is here:
http://bit.ly/Ss6Lf1
Slides from my presentation at the ECIR 2012 workshop on "Information Retrieval Over Query Sessions" (SIR2012) held in Barcelona, Spain.
Title: Exploring Session Search
Abstract:
Exploratory search is typically characterized by recall-oriented information needs and by uncertainty and evolution of the information need. As searchers interact with the system, their understanding of the topic evolves in response to found information. These two characteristics – uncertainty of information need and the desire to find multiple documents – drive the need to run multiple queries. Furthermore, these queries are not independent of each other because they often retrieve overlapping sets of documents. Yet traditional information retrieval systems often treat searchers’ queries in isolation, ignoring the evolution of a person’s understanding of the information need and the historical coupling among queries.
I this talk, I will describe some interface ideas we're exploring to help people incorporate their search history into their ongoing retrieval and sense-making tasks, and will touch on some issues related to retrieval algorithms and evaluation.
If you are looking to gain all the benefits of Splunk software with all the benefits of a cloud-service, this is a must-attend session. In this session learn why Splunk Cloud is the industry-leading SaaS platform for operational intelligence and hear how Splunk Cloud customers use Splunk software with zero operational overhead. You will also learn how Splunk Cloud offers the full feature set of Splunk Enterprise, access to 500+ apps and single pane-of-glass visibility across Splunk Cloud and Splunk Enterprise deployments.
이번주 해물 주제는 하루에 240만달러(한화로 25억쯤 되겠네요.)의 매출을 얻고 있는 슈퍼셀이라는 회사에 대해서 입니다. Clash of clans와 Hay day라는 단 2개의 앱서비스로 일궈낸 성과입니다. 요즘 필란드에서 Rovio(앵그리버드)와 함께 주목받고 있는 회사입니다. 하루에 25억이라니 ^^; 아이폰, 아이패드 버전으로만 말입니다.
Splunk for Security: Background & Customer Case StudyAndrew Gerber
Presented at SplunkLive! Denver on August 4, 2015; provides background on the Splunk value proposition for security use cases based on actual experience, a walkthrough of a Splunk engagement at a major national healthcare customer, and examples of three use cases that provided actionable value beyond what was possible with the previous SIEM solution.
This is the slide that Terry. T. Um gave a presentation at Kookmin University in 22 June, 2014. Feel free to share it and please let me know if there is some misconception or something.
(http://t-robotics.blogspot.com)
(http://terryum.io)
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
Collecting, interpreting and reporting on what Splunk is doing, especially in a distributed Splunk deployment can be challenging for the Splunk administrator. Where is the data that I'm indexing in Splunk coming from? What searches are taking up large amounts of system resources? How are the machines that Splunk is running on performing? This session covers new native tools in the Splunk platform for performing these and other administrative activities.
Insight into Application Design & Oracle Fusion Zabisco Digital
Gives an overview and some insight into what you can do whilst creating applications. Also, insight into Oracle Fusion & few points about Application Design.
Google Associate Android Developer CertificationMonir Zzaman
This presentation cover following topics:
1. Mock up the main screens and navigation flow of the application
2. Describe interactions between UI, background task, and data
persistence
3. Construct a layout using XML or Java code
4. Create an Activity that displays a layout resource
5. Fetch local data from disk using a Loader on a background t
thread
6. Propagate data changes through a Loader to the UI
Using Wordpress As An Application Platform -- #WCMKE 2014serversideup
This presentation was presented at Wordcamp Milwaukee in 2014 by @danpastori. The information covered allows you to discover the hidden capabilities of Wordpress and using Wordpress as an application platform.
This lecture provide a detail concepts of user interface development design and evaluation. This lecture have complete guideline toward UI development. The interesting thing about this lecture is Software User Interface Design trends.
Presentation to company division stakeholders about guidelines and best practices. The presentation was part of a series of presentations I made periodically on HCI and UX education and advocacy.
Four Principles of Accessibility UK Version Homer Gaines
"The Four Principles of Accessibility" is an informative presentation meant to shine a light on the benefits of building inclusive products and explain the four basic principles that serve as the foundation for accessibility. These four areas specifically target areas where users have the most trouble when accessing digital products and provide guidelines for understanding how to think and approach accessibility.
If you are looking to gain all the benefits of Splunk software with all the benefits of a cloud-service, this is a must-attend session. In this session learn why Splunk Cloud is the industry-leading SaaS platform for operational intelligence and hear how Splunk Cloud customers use Splunk software with zero operational overhead. You will also learn how Splunk Cloud offers the full feature set of Splunk Enterprise, access to 500+ apps and single pane-of-glass visibility across Splunk Cloud and Splunk Enterprise deployments.
이번주 해물 주제는 하루에 240만달러(한화로 25억쯤 되겠네요.)의 매출을 얻고 있는 슈퍼셀이라는 회사에 대해서 입니다. Clash of clans와 Hay day라는 단 2개의 앱서비스로 일궈낸 성과입니다. 요즘 필란드에서 Rovio(앵그리버드)와 함께 주목받고 있는 회사입니다. 하루에 25억이라니 ^^; 아이폰, 아이패드 버전으로만 말입니다.
Splunk for Security: Background & Customer Case StudyAndrew Gerber
Presented at SplunkLive! Denver on August 4, 2015; provides background on the Splunk value proposition for security use cases based on actual experience, a walkthrough of a Splunk engagement at a major national healthcare customer, and examples of three use cases that provided actionable value beyond what was possible with the previous SIEM solution.
This is the slide that Terry. T. Um gave a presentation at Kookmin University in 22 June, 2014. Feel free to share it and please let me know if there is some misconception or something.
(http://t-robotics.blogspot.com)
(http://terryum.io)
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
Collecting, interpreting and reporting on what Splunk is doing, especially in a distributed Splunk deployment can be challenging for the Splunk administrator. Where is the data that I'm indexing in Splunk coming from? What searches are taking up large amounts of system resources? How are the machines that Splunk is running on performing? This session covers new native tools in the Splunk platform for performing these and other administrative activities.
Insight into Application Design & Oracle Fusion Zabisco Digital
Gives an overview and some insight into what you can do whilst creating applications. Also, insight into Oracle Fusion & few points about Application Design.
Google Associate Android Developer CertificationMonir Zzaman
This presentation cover following topics:
1. Mock up the main screens and navigation flow of the application
2. Describe interactions between UI, background task, and data
persistence
3. Construct a layout using XML or Java code
4. Create an Activity that displays a layout resource
5. Fetch local data from disk using a Loader on a background t
thread
6. Propagate data changes through a Loader to the UI
Using Wordpress As An Application Platform -- #WCMKE 2014serversideup
This presentation was presented at Wordcamp Milwaukee in 2014 by @danpastori. The information covered allows you to discover the hidden capabilities of Wordpress and using Wordpress as an application platform.
This lecture provide a detail concepts of user interface development design and evaluation. This lecture have complete guideline toward UI development. The interesting thing about this lecture is Software User Interface Design trends.
Presentation to company division stakeholders about guidelines and best practices. The presentation was part of a series of presentations I made periodically on HCI and UX education and advocacy.
Four Principles of Accessibility UK Version Homer Gaines
"The Four Principles of Accessibility" is an informative presentation meant to shine a light on the benefits of building inclusive products and explain the four basic principles that serve as the foundation for accessibility. These four areas specifically target areas where users have the most trouble when accessing digital products and provide guidelines for understanding how to think and approach accessibility.
How to design and build great apps (with moderator notes)Andreas Weder
Mika and I look at what it takes to create great apps with Magnolia, and also present some of the new features of Magnolia 5.3.
This is the version also containing notes; the nicer looking, but less informative can be found over at Magnolia's official channel: http://de.slideshare.net/Magnolia_CMS/how-to-design-and-build-great-apps
Mika did quite some coding during our talk which isn't captured in the slides. Check out the video of the presentation to get it all: https://www.youtube.com/watch?v=hs4u5XNFi2g
User Study of the SADIe Transcoding EngineDarren Lunn
The World Wide Web (Web) is a visually complex, dynamic, multimedia system that can be inaccessible to people with visual impairments. SADIe addresses this problem by using Semantic Web technologies to explicate implicit visual structures through a combination of an upper and lower ontology. This is then used to apply transcoding to a range of Websites. This paper describes a user evaluation that was performed using the SADIe system. Four users were presented with a series of Web pages, some having been adapted using SADIe's transcoding functionality and others retaining in their original state. The results of the evaluation showed that providing answers to a fact based question could be achieved more quickly when the information on the page was exposed via SADIe's transcoding. The data obtained during the experiment was analysed and shown to be statistically significant. This suggests that the transcoding techniques offered by SADIe can assist visually impaired users accessing content on the Web.
Topics include:
Principles of user interface
UI design process
Design principles
Wireframe
Graphic icon, image and colour physiology
User experience and research
Similar to Splunk conf2014 - Curating User Experience (20)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
2. Disclaimer
2
During
the
course
of
this
presenta@on,
we
may
make
forward-‐looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cau@on
you
that
such
statements
reflect
our
current
expecta@ons
and
es@mates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐looking
statements
made
in
the
this
presenta@on
are
being
made
as
of
the
@me
and
date
of
its
live
presenta@on.
If
reviewed
aPer
its
live
presenta@on,
this
presenta@on
may
not
contain
current
or
accurate
informa@on.
We
do
not
assume
any
obliga@on
to
update
any
forward-‐looking
statements
we
may
make.
In
addi@on,
any
informa@on
about
our
roadmap
outlines
our
general
product
direc@on
and
is
subject
to
change
at
any
@me
without
no@ce.
It
is
for
informa@onal
purposes
only,
and
shall
not
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obliga@on
either
to
develop
the
features
or
func@onality
described
or
to
include
any
such
feature
or
func@onality
in
a
future
release.
3. Agenda
! Problem
Statement
! Controlling
What
Users
Can
See
! Corralling^W
Guiding
Users
to
Their
Data
! Smoothing
Workflow
! Profit!
3
5. Business
is
Good!
5
! Increased
adop@on
of
Splunk
has
brought
a
wider
variety
of
users
to
the
Splunk
UI
in
search
of
the
virtues
of
Big
Data
6. Why
Is
That
a
Problem?
6
! Poorly
wrien
searches
can
impair
other
user’s
ability
to
use
the
system
! Search
language
can
be
hard
to
pick
up
! These
“business”
users
may
not
have
the
@me
to
sort
through
events,
instead
they
want
to
see
results
– Splunk
centers
of
exper@se
may
be
burdened
with
dashboard/search
requests
by
users
7. How
to
Mi@gate
These
Factors?
7
! Use
roles
to
dis/allow
access
to
data
! Provide
some
curated
content
! Keep
users
in
a
walled
garden
11. Scenario
Descrip@on
11
! Windows
administrators
should
default
to
seeing
Windows
events
– Ok
to
see
msad
index,
but
not
by
default
– Windows
Infrastructure
app
installed
! Web
admins
should
default
to
seeing
web
events
– Some
summary
dashboards
and
forms
are
available
! Managers
should
ONLY
see
web
events
– Preferably
no
access
to
search
bar,
summary
dashboards
only
! Network
admins
need
to
search
bro,
msad,
and
firewall
indexes
by
default
– Network
admins
can
also
see
all
other
indexes
13. Roles
13
! Roles
are
a
handle
for
referring
to
a
user/group
of
users
! Access
permissions
applied
to
roles
! User
capabili@es
defined
by
roles
! Can
place
limits
on
a
user’s
use
of
resources
14. Making
Use
of
Roles
14
! Define
the
role
– Set
limits,
capabili@es
and
access
! Apply
access
rules
on
applica@on
content
! Note
that
most
roles
inherit
“user”,
which
has
ability
to
search
all
indexes!
! A
user’s
capabili@es
are
the
union
of
all
of
their
access
permissions
19. Validate
Accesses
19
! Who
can
see
what?
! |
rest
/services/authoriza@on/roles
! imported_srchIndexesAllowed
vs.
srchIndexesAllowed
! Check
out
governance
app
! hp://apps.splunk.com/app/1866
21. Fix
Inherited
Role
21
We
can
clone
the
user
role
and
base
the
capabili@es
off
of
that,
or
simply
adjust
it
so
that
it
doesn’t
confer
too
much
privilege
24. Constraining
Users
!=
Bad
! Guiding
users
to
the
content
they
want
is
not
a
bad
thing
–
saves
everybody
@me
! Simple
dashboards
and
form
searches
can
go
a
long
way
to
giving
users
what
they’re
looking
for
! “index=*”
on
a
constrained
set
is
not
going
to
overwhelm
indexers
(as
much)
! Consider
building
a
data
model,
allowing
users
to
pivot
25. “How
Do
I
Find…?”
25
! Start
a
search,
save
as
…
Dashboard
Panel
! Avoids
icky
search
–
admin
writes
a
reasonable
one,
reuses
for
user
content
26. “Now
What
About
…?”
26
! Instead
of
rewri@ng
searches,
allow
the
user
to
drive
with
input
! Convert
search
to
a
form
(Edit
Panels
-‐>
Add
Input)
Search
string
may
have
to
be
adjusted
to
account
for
use
of
tokens
27. “Where’s
That
Form…?”
27
! Modify
the
naviga@on
menu
to
make
custom
content
easier
for
users
to
find
! Sewngs
>
User
Interface
>
Naviga@on
Menus
29. Linking
Shared
Content
Together
29
! Create
a
separate
app
(namespace)
! Users
looking
for
this
content
can
find
it
all
in
one
place
(UI
nav)
! Apps
>
Manage
Apps
>
Create
app
30. Migrate
or
Create
Content
for
App
30
! Exis@ng
dashboards/views
can
be
relocated
to
the
new
app
! Other
content
can
be
moved
as
well
31. De-‐cluer
31
! App
menu
now
contains
new
content
! Apps
geared
towards
admins/
superusers
s@ll
visible
to
everyone
! Set
app
permissions
Your
applica@on
name
here
32. Control
App
Viewership
32
! Permissions
on
an
app
govern
whether
it
even
shows
up
! Many
apps
default
to
“Read
by
Everyone”
33. The
Walls
Go
Up….
33
! Reduce
confusion
– By
limi@ng
access
to
apps,
the
user
is
guided
to
their
content
– Some
apps
may
not
work
without
special
access
to
data,
so
dashboards
would
be
blank
! S@ll
requires
that
user
select
the
target
app
34. Welcome
to
the
Garden
34
! Role-‐based
way
to
set
“landing”
app?
! Saves
users
trouble
of
selec@ng
app
menu
– Some
sites
may
even
hide
the
app
menu,
making
direct
placement
into
the
app
key
! Set
at
role
level
! Sewngs
>
Access
Control
>
Roles
36. Mul@ple
Search
Heads
36
! Role
enforcement
is
done
by
the
search
head
– Trust
rela@onship
with
indexer
is
host-‐based!
! Keep
role
defini@ons
(and
membership)
consistent!
– Ensure
that
a
user
can’t
see
data
they
shouldn’t
simply
by
logging
in
to
a
different
search
head
! authorize.conf
contains
role
mappings,
share
with
DS
/
Puppet
/
Chef,
etc.
37. LDAP/AD
Integra@on
! Map
LDAP
/
AD
group
membership
to
Splunk
roles
– Creden@als
in
LDAP
! Another
way
to
keep
group
/
role
membership
consistent
! Documenta@on
– hp://docs.splunk.com/Documenta@on/Splunk/latest/admin/
Authen@ca@onconf
! Splunk
Blog
– hp://blogs.splunk.com/2009/08/13/ldap-‐auth-‐configura@on-‐@ps/
39. Wrapping
Up
! Restric@ng
access
to
data
requires
a
separate
index,
and
separate
roles
! Providing
a
basic
search
in
the
shape
of
a
form
helps
users
find
data
without
being
bogged
down
in
Splunk
search
language
– Can
insulate
against
“expensive”
searches
! Keeping
users
within
specific
apps
can
help
guide
them
to
data
more
quickly
– Less
confusion
about
what
app
to
select,
where
to
find
the
dashboard(s)
– Group
like
content
together,
set
as
default
app
41. Resource
–
Splunk
App
41
! (Data)
Governance
app
–
hp://apps.splunk.com/app/1866
– Who
can
see
which
indexes?
– What
capabili@es
do
users
have?
– What
apps
do
users
have
visibility
to?