SlideShare a Scribd company logo

Splunk conf2014 - Curating User Experience

Splunk
Splunk

This session shows some of the tricks that make "cookiecutter" app creation a bit easier, reducing development time by admins / data scientists all while providing reusable "code base" for creating more dashboards and content. The presentation focuses on macros, "app virtualization," use of data models to provide an abstraction layer to data, and use of search commands *after* | pivot for more dashboarding win!

Technology
1 of 42
Download to read offline
Copyright  ©  2014  Splunk  Inc.   Sanford  Owings   Principal  Consultant,  Splunk   Cura@ng  User   Experience  
Disclaimer   2   During  the  course  of  this  presenta@on,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cau@on  you  that  such  statements  reflect  our  current  expecta@ons  and   es@mates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presenta@on  are  being  made  as   of  the  @me  and  date  of  its  live  presenta@on.  If  reviewed  aPer  its  live  presenta@on,  this  presenta@on  may  not  contain   current  or  accurate  informa@on.  We  do  not  assume  any  obliga@on  to  update  any  forward-­‐looking  statements  we  may   make.  In  addi@on,  any  informa@on  about  our  roadmap  outlines  our  general  product  direc@on  and  is  subject  to  change   at  any  @me  without  no@ce.  It  is  for  informa@onal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obliga@on  either  to  develop  the  features  or  func@onality  described  or  to   include  any  such  feature  or  func@onality  in  a  future  release.  
Agenda   !   Problem  Statement   !   Controlling  What  Users  Can  See   !   Corralling^W  Guiding  Users  to  Their  Data   !   Smoothing  Workflow   !   Profit!     3  
What’s  the  Issue?   4  
Business  is  Good!   5   !   Increased  adop@on  of  Splunk  has  brought  a  wider  variety  of  users  to   the  Splunk  UI  in  search  of  the  virtues  of  Big  Data  
Why  Is  That  a  Problem?   6   !   Poorly  wrien  searches  can  impair  other  user’s  ability  to  use     the  system   !   Search  language  can  be  hard  to  pick  up   !   These  “business”  users  may  not  have  the  @me  to  sort  through   events,  instead  they  want  to  see  results   –  Splunk  centers  of  exper@se  may  be  burdened  with  dashboard/search   requests  by  users  
How  to  Mi@gate  These  Factors?   7   !   Use  roles  to  dis/allow  access  to  data   !   Provide  some  curated  content   !   Keep  users  in  a  walled  garden  
Scenario   8  
Sample  Environment   firewall   weblogs  Windows   bro   msad  
Sample  Environment   firewall   weblogs  Windows   bro   msad   Windows    Admins   Web  Admins   Network    Admins   Managers  
Scenario  Descrip@on   11   !   Windows  administrators  should  default  to  seeing  Windows  events   –  Ok  to  see  msad  index,  but  not  by  default   –  Windows  Infrastructure  app  installed   !   Web  admins  should  default  to  seeing  web  events   –  Some  summary  dashboards  and  forms  are  available   !   Managers  should  ONLY  see  web  events   –  Preferably  no  access  to  search  bar,  summary  dashboards  only   !   Network  admins  need  to  search  bro,  msad,  and  firewall  indexes  by   default   –  Network  admins  can  also  see  all  other  indexes  
Building  Blocks  –   Roles   12  
Roles   13   !   Roles  are  a  handle  for  referring  to  a  user/group  of  users   !   Access  permissions  applied  to  roles   !   User  capabili@es  defined  by  roles   !   Can  place  limits  on  a  user’s  use  of  resources  
Making  Use  of  Roles   14   !   Define  the  role   –  Set  limits,  capabili@es  and  access   !   Apply  access  rules  on  applica@on  content   !   Note  that  most  roles  inherit  “user”,  which  has  ability  to  search  all   indexes!   !   A  user’s  capabili@es  are  the  union  of  all  of  their  access  permissions  
Protec@ng  Data   15  
Sample  Environment   firewall   weblogs  Windows   bro   msad   Windows    Admins   Web  Admins   Network    Admins   Managers   win_admins   web_users   net_admins  
Splunk  UI  Role  Management  (Indexes)   17  
Scenario  Roles  (authorize.conf)   18   [role_win_admins]! importRoles = user! srchIndexesAllowed = windows;msad! srchIndexesDefault = windows! [role_net_admins]! importRoles = user! srchIndexesAllowed = *! srchIndexesDefault = bro;firewall;msad! [role_web_users]! importRoles = user! srchIndexesAllowed = weblogs! srchIndexesDefault = weblogs! Web  Admins   Managers   Windows    Admins   Network    Admins  
Validate  Accesses   19   !   Who  can  see  what?   !   |  rest  /services/authoriza@on/roles   !   imported_srchIndexesAllowed  vs.  srchIndexesAllowed   !   Check  out  governance  app   ! hp://apps.splunk.com/app/1866  
Search  Results  –  REST  API  (roles)   20  
Fix  Inherited  Role   21   We  can  clone  the  user  role  and  base  the  capabili@es  off  of  that,  or   simply  adjust  it  so  that  it  doesn’t  confer  too  much  privilege  
Desired  Constraints   22  
Cura@ng  Content   23  
Constraining  Users  !=  Bad   !   Guiding  users  to  the  content  they  want  is  not  a  bad  thing  –  saves   everybody  @me   !   Simple  dashboards  and  form  searches  can  go  a  long  way  to  giving   users  what  they’re  looking  for   !   “index=*”  on  a  constrained  set  is  not  going  to  overwhelm  indexers   (as  much)   !   Consider  building  a  data  model,  allowing  users  to  pivot  
“How  Do  I  Find…?”   25   !   Start  a  search,  save  as  …   Dashboard  Panel   !   Avoids  icky  search  –  admin   writes  a  reasonable  one,  reuses   for  user  content  
“Now  What  About  …?”   26   !   Instead  of  rewri@ng  searches,  allow  the  user  to  drive  with  input   !   Convert  search  to  a  form  (Edit  Panels  -­‐>  Add  Input)   Search  string  may  have  to  be   adjusted  to  account  for  use   of  tokens  
“Where’s  That  Form…?”   27   !   Modify  the  naviga@on  menu  to  make  custom  content  easier  for   users  to  find   !   Sewngs  >  User  Interface  >  Naviga@on  Menus  
Walled  Garden   Sowing  Content   28  
Linking  Shared  Content  Together   29   !   Create  a  separate  app  (namespace)   !   Users  looking  for  this  content  can  find   it  all  in  one  place  (UI  nav)   !   Apps  >  Manage  Apps  >  Create  app  
Migrate  or  Create  Content  for  App   30   !   Exis@ng  dashboards/views  can  be   relocated  to  the  new  app   !   Other  content  can  be  moved  as  well  
De-­‐cluer   31   !   App  menu  now  contains  new  content   !   Apps  geared  towards  admins/   superusers  s@ll  visible  to  everyone   !   Set  app  permissions   Your  applica@on  name  here  
Control  App  Viewership   32   !   Permissions  on  an  app  govern   whether  it  even  shows  up   !   Many  apps  default  to  “Read  by   Everyone”  
The  Walls  Go  Up….   33   !   Reduce  confusion   –  By  limi@ng  access  to  apps,  the  user  is  guided  to  their  content   –  Some  apps  may  not  work  without  special  access  to  data,  so  dashboards   would  be  blank   !   S@ll  requires  that  user  select  the  target  app  
Welcome  to  the  Garden   34   !   Role-­‐based  way  to  set  “landing”  app?   !   Saves  users  trouble  of  selec@ng  app  menu   –  Some  sites  may  even  hide  the  app  menu,  making  direct  placement  into  the   app  key   !   Set  at  role  level   !   Sewngs  >  Access  Control  >   Roles  
Advanced   Considera@ons   35  
Mul@ple  Search  Heads   36   !   Role  enforcement  is  done  by  the  search  head   –  Trust  rela@onship  with  indexer  is  host-­‐based!   !   Keep  role  defini@ons  (and  membership)  consistent!   –  Ensure  that  a  user  can’t  see  data  they  shouldn’t  simply  by  logging  in  to  a   different  search  head   !   authorize.conf  contains  role  mappings,  share  with  DS  /  Puppet  /   Chef,  etc.  
LDAP/AD  Integra@on   !   Map  LDAP  /  AD  group  membership  to  Splunk  roles   –  Creden@als  in  LDAP   !   Another  way  to  keep  group  /  role  membership  consistent   !   Documenta@on   –  hp://docs.splunk.com/Documenta@on/Splunk/latest/admin/ Authen@ca@onconf   !   Splunk  Blog   –  hp://blogs.splunk.com/2009/08/13/ldap-­‐auth-­‐configura@on-­‐@ps/  
Summary  
Wrapping  Up   !   Restric@ng  access  to  data  requires  a  separate  index,  and     separate  roles   !   Providing  a  basic  search  in  the  shape  of  a  form  helps  users  find  data   without  being  bogged  down  in  Splunk  search  language   –  Can  insulate  against  “expensive”  searches   !   Keeping  users  within  specific  apps  can  help  guide  them  to  data     more  quickly   –  Less  confusion  about  what  app  to  select,  where  to  find  the  dashboard(s)   –  Group  like  content  together,  set  as  default  app  
Resources  –  Splunk  Docs   40   ! hp://docs.splunk.com/Documenta@on/Splunk/latest/Admin/ Authorizeconf  (authorize.conf  –  roles)   ! hp://docs.splunk.com/Documenta@on/Splunk/latest/Admin/ Defaultmetaconf  (default.meta,  local.meta  –  permissions)   ! hp://docs.splunk.com/Documenta@on/Splunk/latest/Admin/ ConfigureSplunktoopeninanapp  (default  applica@on)  
Resource  –  Splunk  App   41   !   (Data)  Governance  app  –  hp://apps.splunk.com/app/1866   –  Who  can  see  which  indexes?   –  What  capabili@es  do  users  have?   –  What  apps  do  users  have  visibility  to?  
THANK  YOU  

Recommended

Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimization
Splunk
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk
 
Conf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuConf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsu
Splunk
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
Splunk
 
Getting Started Breakout Session
Getting Started Breakout Session Getting Started Breakout Session
Getting Started Breakout Session
Splunk
 
Infinite Loops Dirty Architecture And Too Many Indexed URLs
Infinite Loops Dirty Architecture And Too Many Indexed URLsInfinite Loops Dirty Architecture And Too Many Indexed URLs
Infinite Loops Dirty Architecture And Too Many Indexed URLs
Dawn Anderson MSc DigM
 
1-04: HTML Elements
1-04: HTML Elements1-04: HTML Elements
1-04: HTML Elementsapnwebdev
 
Exploring session search
Exploring session searchExploring session search
Exploring session search
Gene Golovchinsky
 

Recommended

Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimization
Splunk
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk
 
Conf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuConf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsu
Splunk
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
Splunk
 
Getting Started Breakout Session
Getting Started Breakout Session Getting Started Breakout Session
Getting Started Breakout Session
Splunk
 
Infinite Loops Dirty Architecture And Too Many Indexed URLs
Infinite Loops Dirty Architecture And Too Many Indexed URLsInfinite Loops Dirty Architecture And Too Many Indexed URLs
Infinite Loops Dirty Architecture And Too Many Indexed URLs
Dawn Anderson MSc DigM
 
1-04: HTML Elements
1-04: HTML Elements1-04: HTML Elements
1-04: HTML Elementsapnwebdev
 
Exploring session search
Exploring session searchExploring session search
Exploring session search
Gene Golovchinsky
 
Digital curation
Digital curationDigital curation
Digital curation
iron han
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Content curation service
Content curation serviceContent curation service
Content curation serviceEunhye Lee
 
Supercell, 하루에 25억을 버는 게임개발사
Supercell, 하루에 25억을 버는 게임개발사Supercell, 하루에 25억을 버는 게임개발사
Supercell, 하루에 25억을 버는 게임개발사
iron han
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
Andrew Gerber
 
Introduction to Machine Learning and Deep Learning
Introduction to Machine Learning and Deep LearningIntroduction to Machine Learning and Deep Learning
Introduction to Machine Learning and Deep Learning
Terry Taewoong Um
 
Project report
Project report Project report
Project report
MansiKulkarni18
 
AnnadaanPresentation_final.pptx
AnnadaanPresentation_final.pptxAnnadaanPresentation_final.pptx
AnnadaanPresentation_final.pptx
DineshDangi16
 
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk
 
Insight into Application Design & Oracle Fusion
Insight into Application Design & Oracle Fusion Insight into Application Design & Oracle Fusion
Insight into Application Design & Oracle Fusion
Zabisco Digital
 
The Art and Science of Requirements Gathering
The Art and Science of Requirements GatheringThe Art and Science of Requirements Gathering
The Art and Science of Requirements GatheringVanessa Turke
 
Creating Mobile Aps without Coding
Creating Mobile Aps without CodingCreating Mobile Aps without Coding
Creating Mobile Aps without CodingJack Molisani
 
Google Associate Android Developer Certification
Google Associate Android Developer CertificationGoogle Associate Android Developer Certification
Google Associate Android Developer Certification
Monir Zzaman
 
Using Wordpress As An Application Platform -- #WCMKE 2014
Using Wordpress As An Application Platform -- #WCMKE 2014Using Wordpress As An Application Platform -- #WCMKE 2014
Using Wordpress As An Application Platform -- #WCMKE 2014
serversideup
 
User Interface Analysis and Design
User Interface Analysis and Design User Interface Analysis and Design
User Interface Analysis and Design
Saqib Raza
 
UX Principles and Practice
UX Principles and PracticeUX Principles and Practice
UX Principles and Practice
IBM
 
WebE_chapter_16.ppt
WebE_chapter_16.pptWebE_chapter_16.ppt
WebE_chapter_16.ppt
UsamaPatel9
 
online blogging system
online blogging systemonline blogging system
online blogging system
001vaibhav
 
Four Principles of Accessibility UK Version
Four Principles of Accessibility UK Version Four Principles of Accessibility UK Version
Four Principles of Accessibility UK Version
Homer Gaines
 
Software requirement specification
Software requirement specificationSoftware requirement specification
Software requirement specification
Amit Gandhi
 
Workshop 04 android-development
Workshop 04 android-developmentWorkshop 04 android-development
Workshop 04 android-development
Aravindharamanan S
 
Clean Architecture
Clean ArchitectureClean Architecture
Clean Architecture
NSCoder Mexico
 

More Related Content

Viewers also liked

Digital curation
Digital curationDigital curation
Digital curation
iron han
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Content curation service
Content curation serviceContent curation service
Content curation serviceEunhye Lee
 
Supercell, 하루에 25억을 버는 게임개발사
Supercell, 하루에 25억을 버는 게임개발사Supercell, 하루에 25억을 버는 게임개발사
Supercell, 하루에 25억을 버는 게임개발사
iron han
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
Andrew Gerber
 
Introduction to Machine Learning and Deep Learning
Introduction to Machine Learning and Deep LearningIntroduction to Machine Learning and Deep Learning
Introduction to Machine Learning and Deep Learning
Terry Taewoong Um
 

Viewers also liked (6)

Digital curation
Digital curationDigital curation
Digital curation
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Content curation service
Content curation serviceContent curation service
Content curation service
 
Supercell, 하루에 25억을 버는 게임개발사
Supercell, 하루에 25억을 버는 게임개발사Supercell, 하루에 25억을 버는 게임개발사
Supercell, 하루에 25억을 버는 게임개발사
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Introduction to Machine Learning and Deep Learning
Introduction to Machine Learning and Deep LearningIntroduction to Machine Learning and Deep Learning
Introduction to Machine Learning and Deep Learning
 

Similar to Splunk conf2014 - Curating User Experience

Project report
Project report Project report
Project report
MansiKulkarni18
 
AnnadaanPresentation_final.pptx
AnnadaanPresentation_final.pptxAnnadaanPresentation_final.pptx
AnnadaanPresentation_final.pptx
DineshDangi16
 
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk
 
Insight into Application Design & Oracle Fusion
Insight into Application Design & Oracle Fusion Insight into Application Design & Oracle Fusion
Insight into Application Design & Oracle Fusion
Zabisco Digital
 
The Art and Science of Requirements Gathering
The Art and Science of Requirements GatheringThe Art and Science of Requirements Gathering
The Art and Science of Requirements GatheringVanessa Turke
 
Creating Mobile Aps without Coding
Creating Mobile Aps without CodingCreating Mobile Aps without Coding
Creating Mobile Aps without CodingJack Molisani
 
Google Associate Android Developer Certification
Google Associate Android Developer CertificationGoogle Associate Android Developer Certification
Google Associate Android Developer Certification
Monir Zzaman
 
Using Wordpress As An Application Platform -- #WCMKE 2014
Using Wordpress As An Application Platform -- #WCMKE 2014Using Wordpress As An Application Platform -- #WCMKE 2014
Using Wordpress As An Application Platform -- #WCMKE 2014
serversideup
 
User Interface Analysis and Design
User Interface Analysis and Design User Interface Analysis and Design
User Interface Analysis and Design
Saqib Raza
 
UX Principles and Practice
UX Principles and PracticeUX Principles and Practice
UX Principles and Practice
IBM
 
WebE_chapter_16.ppt
WebE_chapter_16.pptWebE_chapter_16.ppt
WebE_chapter_16.ppt
UsamaPatel9
 
online blogging system
online blogging systemonline blogging system
online blogging system
001vaibhav
 
Four Principles of Accessibility UK Version
Four Principles of Accessibility UK Version Four Principles of Accessibility UK Version
Four Principles of Accessibility UK Version
Homer Gaines
 
Software requirement specification
Software requirement specificationSoftware requirement specification
Software requirement specification
Amit Gandhi
 
Workshop 04 android-development
Workshop 04 android-developmentWorkshop 04 android-development
Workshop 04 android-development
Aravindharamanan S
 
Clean Architecture
Clean ArchitectureClean Architecture
Clean Architecture
NSCoder Mexico
 
How to design and build great apps (with moderator notes)
How to design and build great apps (with moderator notes)How to design and build great apps (with moderator notes)
How to design and build great apps (with moderator notes)
Andreas Weder
 
User Study of the SADIe Transcoding Engine
User Study of the SADIe Transcoding EngineUser Study of the SADIe Transcoding Engine
User Study of the SADIe Transcoding Engine
Darren Lunn
 
CSCI-383 Lecture 5-6-7: Object-Oriented Design
CSCI-383 Lecture 5-6-7: Object-Oriented DesignCSCI-383 Lecture 5-6-7: Object-Oriented Design
CSCI-383 Lecture 5-6-7: Object-Oriented DesignJI Ruan
 
Game interface design part 2
Game interface design part 2Game interface design part 2
Game interface design part 2
Durgesh Pandey
 

Similar to Splunk conf2014 - Curating User Experience (20)

Project report
Project report Project report
Project report
 
AnnadaanPresentation_final.pptx
AnnadaanPresentation_final.pptxAnnadaanPresentation_final.pptx
AnnadaanPresentation_final.pptx
 
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...
 
Insight into Application Design & Oracle Fusion
Insight into Application Design & Oracle Fusion Insight into Application Design & Oracle Fusion
Insight into Application Design & Oracle Fusion
 
The Art and Science of Requirements Gathering
The Art and Science of Requirements GatheringThe Art and Science of Requirements Gathering
The Art and Science of Requirements Gathering
 
Creating Mobile Aps without Coding
Creating Mobile Aps without CodingCreating Mobile Aps without Coding
Creating Mobile Aps without Coding
 
Google Associate Android Developer Certification
Google Associate Android Developer CertificationGoogle Associate Android Developer Certification
Google Associate Android Developer Certification
 
Using Wordpress As An Application Platform -- #WCMKE 2014
Using Wordpress As An Application Platform -- #WCMKE 2014Using Wordpress As An Application Platform -- #WCMKE 2014
Using Wordpress As An Application Platform -- #WCMKE 2014
 
User Interface Analysis and Design
User Interface Analysis and Design User Interface Analysis and Design
User Interface Analysis and Design
 
UX Principles and Practice
UX Principles and PracticeUX Principles and Practice
UX Principles and Practice
 
WebE_chapter_16.ppt
WebE_chapter_16.pptWebE_chapter_16.ppt
WebE_chapter_16.ppt
 
online blogging system
online blogging systemonline blogging system
online blogging system
 
Four Principles of Accessibility UK Version
Four Principles of Accessibility UK Version Four Principles of Accessibility UK Version
Four Principles of Accessibility UK Version
 
Software requirement specification
Software requirement specificationSoftware requirement specification
Software requirement specification
 
Workshop 04 android-development
Workshop 04 android-developmentWorkshop 04 android-development
Workshop 04 android-development
 
Clean Architecture
Clean ArchitectureClean Architecture
Clean Architecture
 
How to design and build great apps (with moderator notes)
How to design and build great apps (with moderator notes)How to design and build great apps (with moderator notes)
How to design and build great apps (with moderator notes)
 
User Study of the SADIe Transcoding Engine
User Study of the SADIe Transcoding EngineUser Study of the SADIe Transcoding Engine
User Study of the SADIe Transcoding Engine
 
CSCI-383 Lecture 5-6-7: Object-Oriented Design
CSCI-383 Lecture 5-6-7: Object-Oriented DesignCSCI-383 Lecture 5-6-7: Object-Oriented Design
CSCI-383 Lecture 5-6-7: Object-Oriented Design
 
Game interface design part 2
Game interface design part 2Game interface design part 2
Game interface design part 2
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

Splunk conf2014 - Curating User Experience

  • 1. Copyright  ©  2014  Splunk  Inc.   Sanford  Owings   Principal  Consultant,  Splunk   Cura@ng  User   Experience  
  • 2. Disclaimer   2   During  the  course  of  this  presenta@on,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cau@on  you  that  such  statements  reflect  our  current  expecta@ons  and   es@mates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presenta@on  are  being  made  as   of  the  @me  and  date  of  its  live  presenta@on.  If  reviewed  aPer  its  live  presenta@on,  this  presenta@on  may  not  contain   current  or  accurate  informa@on.  We  do  not  assume  any  obliga@on  to  update  any  forward-­‐looking  statements  we  may   make.  In  addi@on,  any  informa@on  about  our  roadmap  outlines  our  general  product  direc@on  and  is  subject  to  change   at  any  @me  without  no@ce.  It  is  for  informa@onal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obliga@on  either  to  develop  the  features  or  func@onality  described  or  to   include  any  such  feature  or  func@onality  in  a  future  release.  
  • 3. Agenda   !   Problem  Statement   !   Controlling  What  Users  Can  See   !   Corralling^W  Guiding  Users  to  Their  Data   !   Smoothing  Workflow   !   Profit!     3  
  • 5. Business  is  Good!   5   !   Increased  adop@on  of  Splunk  has  brought  a  wider  variety  of  users  to   the  Splunk  UI  in  search  of  the  virtues  of  Big  Data  
  • 6. Why  Is  That  a  Problem?   6   !   Poorly  wrien  searches  can  impair  other  user’s  ability  to  use     the  system   !   Search  language  can  be  hard  to  pick  up   !   These  “business”  users  may  not  have  the  @me  to  sort  through   events,  instead  they  want  to  see  results   –  Splunk  centers  of  exper@se  may  be  burdened  with  dashboard/search   requests  by  users  
  • 7. How  to  Mi@gate  These  Factors?   7   !   Use  roles  to  dis/allow  access  to  data   !   Provide  some  curated  content   !   Keep  users  in  a  walled  garden  
  • 9. Sample  Environment   firewall   weblogs  Windows   bro   msad  
  • 10. Sample  Environment   firewall   weblogs  Windows   bro   msad   Windows    Admins   Web  Admins   Network    Admins   Managers  
  • 11. Scenario  Descrip@on   11   !   Windows  administrators  should  default  to  seeing  Windows  events   –  Ok  to  see  msad  index,  but  not  by  default   –  Windows  Infrastructure  app  installed   !   Web  admins  should  default  to  seeing  web  events   –  Some  summary  dashboards  and  forms  are  available   !   Managers  should  ONLY  see  web  events   –  Preferably  no  access  to  search  bar,  summary  dashboards  only   !   Network  admins  need  to  search  bro,  msad,  and  firewall  indexes  by   default   –  Network  admins  can  also  see  all  other  indexes  
  • 12. Building  Blocks  –   Roles   12  
  • 13. Roles   13   !   Roles  are  a  handle  for  referring  to  a  user/group  of  users   !   Access  permissions  applied  to  roles   !   User  capabili@es  defined  by  roles   !   Can  place  limits  on  a  user’s  use  of  resources  
  • 14. Making  Use  of  Roles   14   !   Define  the  role   –  Set  limits,  capabili@es  and  access   !   Apply  access  rules  on  applica@on  content   !   Note  that  most  roles  inherit  “user”,  which  has  ability  to  search  all   indexes!   !   A  user’s  capabili@es  are  the  union  of  all  of  their  access  permissions  
  • 16. Sample  Environment   firewall   weblogs  Windows   bro   msad   Windows    Admins   Web  Admins   Network    Admins   Managers   win_admins   web_users   net_admins  
  • 17. Splunk  UI  Role  Management  (Indexes)   17  
  • 18. Scenario  Roles  (authorize.conf)   18   [role_win_admins]! importRoles = user! srchIndexesAllowed = windows;msad! srchIndexesDefault = windows! [role_net_admins]! importRoles = user! srchIndexesAllowed = *! srchIndexesDefault = bro;firewall;msad! [role_web_users]! importRoles = user! srchIndexesAllowed = weblogs! srchIndexesDefault = weblogs! Web  Admins   Managers   Windows    Admins   Network    Admins  
  • 19. Validate  Accesses   19   !   Who  can  see  what?   !   |  rest  /services/authoriza@on/roles   !   imported_srchIndexesAllowed  vs.  srchIndexesAllowed   !   Check  out  governance  app   ! hp://apps.splunk.com/app/1866  
  • 20. Search  Results  –  REST  API  (roles)   20  
  • 21. Fix  Inherited  Role   21   We  can  clone  the  user  role  and  base  the  capabili@es  off  of  that,  or   simply  adjust  it  so  that  it  doesn’t  confer  too  much  privilege  
  • 24. Constraining  Users  !=  Bad   !   Guiding  users  to  the  content  they  want  is  not  a  bad  thing  –  saves   everybody  @me   !   Simple  dashboards  and  form  searches  can  go  a  long  way  to  giving   users  what  they’re  looking  for   !   “index=*”  on  a  constrained  set  is  not  going  to  overwhelm  indexers   (as  much)   !   Consider  building  a  data  model,  allowing  users  to  pivot  
  • 25. “How  Do  I  Find…?”   25   !   Start  a  search,  save  as  …   Dashboard  Panel   !   Avoids  icky  search  –  admin   writes  a  reasonable  one,  reuses   for  user  content  
  • 26. “Now  What  About  …?”   26   !   Instead  of  rewri@ng  searches,  allow  the  user  to  drive  with  input   !   Convert  search  to  a  form  (Edit  Panels  -­‐>  Add  Input)   Search  string  may  have  to  be   adjusted  to  account  for  use   of  tokens  
  • 27. “Where’s  That  Form…?”   27   !   Modify  the  naviga@on  menu  to  make  custom  content  easier  for   users  to  find   !   Sewngs  >  User  Interface  >  Naviga@on  Menus  
  • 28. Walled  Garden   Sowing  Content   28  
  • 29. Linking  Shared  Content  Together   29   !   Create  a  separate  app  (namespace)   !   Users  looking  for  this  content  can  find   it  all  in  one  place  (UI  nav)   !   Apps  >  Manage  Apps  >  Create  app  
  • 30. Migrate  or  Create  Content  for  App   30   !   Exis@ng  dashboards/views  can  be   relocated  to  the  new  app   !   Other  content  can  be  moved  as  well  
  • 31. De-­‐cluer   31   !   App  menu  now  contains  new  content   !   Apps  geared  towards  admins/   superusers  s@ll  visible  to  everyone   !   Set  app  permissions   Your  applica@on  name  here  
  • 32. Control  App  Viewership   32   !   Permissions  on  an  app  govern   whether  it  even  shows  up   !   Many  apps  default  to  “Read  by   Everyone”  
  • 33. The  Walls  Go  Up….   33   !   Reduce  confusion   –  By  limi@ng  access  to  apps,  the  user  is  guided  to  their  content   –  Some  apps  may  not  work  without  special  access  to  data,  so  dashboards   would  be  blank   !   S@ll  requires  that  user  select  the  target  app  
  • 34. Welcome  to  the  Garden   34   !   Role-­‐based  way  to  set  “landing”  app?   !   Saves  users  trouble  of  selec@ng  app  menu   –  Some  sites  may  even  hide  the  app  menu,  making  direct  placement  into  the   app  key   !   Set  at  role  level   !   Sewngs  >  Access  Control  >   Roles  
  • 36. Mul@ple  Search  Heads   36   !   Role  enforcement  is  done  by  the  search  head   –  Trust  rela@onship  with  indexer  is  host-­‐based!   !   Keep  role  defini@ons  (and  membership)  consistent!   –  Ensure  that  a  user  can’t  see  data  they  shouldn’t  simply  by  logging  in  to  a   different  search  head   !   authorize.conf  contains  role  mappings,  share  with  DS  /  Puppet  /   Chef,  etc.  
  • 37. LDAP/AD  Integra@on   !   Map  LDAP  /  AD  group  membership  to  Splunk  roles   –  Creden@als  in  LDAP   !   Another  way  to  keep  group  /  role  membership  consistent   !   Documenta@on   –  hp://docs.splunk.com/Documenta@on/Splunk/latest/admin/ Authen@ca@onconf   !   Splunk  Blog   –  hp://blogs.splunk.com/2009/08/13/ldap-­‐auth-­‐configura@on-­‐@ps/  
  • 39. Wrapping  Up   !   Restric@ng  access  to  data  requires  a  separate  index,  and     separate  roles   !   Providing  a  basic  search  in  the  shape  of  a  form  helps  users  find  data   without  being  bogged  down  in  Splunk  search  language   –  Can  insulate  against  “expensive”  searches   !   Keeping  users  within  specific  apps  can  help  guide  them  to  data     more  quickly   –  Less  confusion  about  what  app  to  select,  where  to  find  the  dashboard(s)   –  Group  like  content  together,  set  as  default  app  
  • 40. Resources  –  Splunk  Docs   40   ! hp://docs.splunk.com/Documenta@on/Splunk/latest/Admin/ Authorizeconf  (authorize.conf  –  roles)   ! hp://docs.splunk.com/Documenta@on/Splunk/latest/Admin/ Defaultmetaconf  (default.meta,  local.meta  –  permissions)   ! hp://docs.splunk.com/Documenta@on/Splunk/latest/Admin/ ConfigureSplunktoopeninanapp  (default  applica@on)  
  • 41. Resource  –  Splunk  App   41   !   (Data)  Governance  app  –  hp://apps.splunk.com/app/1866   –  Who  can  see  which  indexes?   –  What  capabili@es  do  users  have?   –  What  apps  do  users  have  visibility  to?