Splunk has enabled a large regional bank to collect log data from many disparate systems, normalize the data, and generate reports to meet requirements for a commercial fraud prevention service. The bank can now identify fraud risks, meet audit guidelines, and increase fee revenue from credit card transactions. Splunk aggregates log data, runs searches to extract relevant fields, and uses APIs and custom code to reformat the data and transmit it to the fraud prevention vendor on a scheduled basis. This system processes up to 11 million events per hour and finds 6,000-10,000 potential fraud events during peak periods.
Detecting Opportunities and Threats with Complex Event Processing: Case St...Tim Bass
Detecting Opportunities and Threats with Complex Event Processing: Case Studies in Predictive Customer Interaction Management and Fraud Detection, February 27, 2007 FINAL DRAFT 2, 8th Annual Japan\'s International Banking & Securities System Forum, Tim Bass, CISSP, Principal Global Architect, Director
Splunk for Security: Background & Customer Case StudyAndrew Gerber
Presented at SplunkLive! Denver on August 4, 2015; provides background on the Splunk value proposition for security use cases based on actual experience, a walkthrough of a Splunk engagement at a major national healthcare customer, and examples of three use cases that provided actionable value beyond what was possible with the previous SIEM solution.
The Significant role of event driven apps in software development Shelly Megan
Event-driven app development is the latest trend dominating the software industry. Event-driven architecture focuses on the flow of events across the software system or app. Such architecture leads to the creation of apps/software systems that are agile, scalable, and responsive; and assists enterprises in real-time decision making.
Detecting Opportunities and Threats with Complex Event Processing: Case St...Tim Bass
Detecting Opportunities and Threats with Complex Event Processing: Case Studies in Predictive Customer Interaction Management and Fraud Detection, February 27, 2007 FINAL DRAFT 2, 8th Annual Japan\'s International Banking & Securities System Forum, Tim Bass, CISSP, Principal Global Architect, Director
Splunk for Security: Background & Customer Case StudyAndrew Gerber
Presented at SplunkLive! Denver on August 4, 2015; provides background on the Splunk value proposition for security use cases based on actual experience, a walkthrough of a Splunk engagement at a major national healthcare customer, and examples of three use cases that provided actionable value beyond what was possible with the previous SIEM solution.
The Significant role of event driven apps in software development Shelly Megan
Event-driven app development is the latest trend dominating the software industry. Event-driven architecture focuses on the flow of events across the software system or app. Such architecture leads to the creation of apps/software systems that are agile, scalable, and responsive; and assists enterprises in real-time decision making.
System Z Mainframe Security For An EnterpriseJim Porell
System z provides technology that makes it one of the most secure platforms available. It also has the capability to secure other platforms. This presentation provides a number of examples of Enterprise Security. Reduce your cost, your risk, improve your security and resilience with System z.
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
Get Certified as a Sumo Security Power User!
With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.
Microsegmentation from strategy to executionAlgoSec
Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take.
In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network.
Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy:
What is micro-segmentation.
Common pitfalls in micro-segmentation projects and how to avoid them.
The stages of a successful micro-segmentation project.
The role of policy change management and automation in micro-segmentation.
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 7 of 10
This Webinar focuses on SEIM Log Analysis
• Logging Sources & Servers
• What is a SIEM?
• Advantages of a SIEM?
• Using SIEM
• Detection of outbound sensitive information
• Data Collection
• Aggrefation, Normalization and Enrichment
• Reporting and Forensics
• Challenges in log management
Fusion of data from multiple sources is generating new information from existing data. Now users can access any information from inside or outside of the organization very easily. It helps to increase the user productivity and knowledge shared within the organization. But this leads to a new area of network security threat, “Inside Threat”. Now users can share critical information of organization to outside the organization if he/she has access to the information. The current network security tool cannot prevent the new threat. In this paper, we address this issue by “Building real time anomaly detection system based on users’ current behavior and previous behavior”.
DataWorks 2018: How Big Data and AI Saved the DayInterset
In this presentation titled "How Big Data and AI Saved the Day: Critical IP Almost Walked Out the Door," Interset Field Data Scientist Roy Wilds discussed real-world examples of how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment. This was presented at DataWorks Summit 2018.
How to build a highly secure fin tech applicationnimbleappgenie
Indeed, The FinTech industry is a specific sector where developing a successful mobile solution necessitates some extraordinary measures to capture clients’ loyalty. The takeaway is that a good FinTech app is more than simply an excellent companion.
Application Security session given as part of the Solvay Executive Master in IT Management.
Explaining application security challenges for web, mobile, cloud and internet of things.
Positioning OWASP SAMM as structural and measurable framework to get application security under control in the complete application lifecycle.
System Z Mainframe Security For An EnterpriseJim Porell
System z provides technology that makes it one of the most secure platforms available. It also has the capability to secure other platforms. This presentation provides a number of examples of Enterprise Security. Reduce your cost, your risk, improve your security and resilience with System z.
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
Get Certified as a Sumo Security Power User!
With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.
Microsegmentation from strategy to executionAlgoSec
Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take.
In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network.
Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy:
What is micro-segmentation.
Common pitfalls in micro-segmentation projects and how to avoid them.
The stages of a successful micro-segmentation project.
The role of policy change management and automation in micro-segmentation.
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 7 of 10
This Webinar focuses on SEIM Log Analysis
• Logging Sources & Servers
• What is a SIEM?
• Advantages of a SIEM?
• Using SIEM
• Detection of outbound sensitive information
• Data Collection
• Aggrefation, Normalization and Enrichment
• Reporting and Forensics
• Challenges in log management
Fusion of data from multiple sources is generating new information from existing data. Now users can access any information from inside or outside of the organization very easily. It helps to increase the user productivity and knowledge shared within the organization. But this leads to a new area of network security threat, “Inside Threat”. Now users can share critical information of organization to outside the organization if he/she has access to the information. The current network security tool cannot prevent the new threat. In this paper, we address this issue by “Building real time anomaly detection system based on users’ current behavior and previous behavior”.
DataWorks 2018: How Big Data and AI Saved the DayInterset
In this presentation titled "How Big Data and AI Saved the Day: Critical IP Almost Walked Out the Door," Interset Field Data Scientist Roy Wilds discussed real-world examples of how businesses can expand their threat analysis using security analytics powered by artificial intelligence in a big data environment. This was presented at DataWorks Summit 2018.
How to build a highly secure fin tech applicationnimbleappgenie
Indeed, The FinTech industry is a specific sector where developing a successful mobile solution necessitates some extraordinary measures to capture clients’ loyalty. The takeaway is that a good FinTech app is more than simply an excellent companion.
Application Security session given as part of the Solvay Executive Master in IT Management.
Explaining application security challenges for web, mobile, cloud and internet of things.
Positioning OWASP SAMM as structural and measurable framework to get application security under control in the complete application lifecycle.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
3. Sean White – Security Dude
• B.S. in Computer Science from University of Kansas 1994.
• Background in large telecom environments initially as a unix system
administrator and webmaster, SS7 network C&C and performance, engineering
and now information security.
• In the last 15 years, have worked information security for 3 of the top 4 US
wireless carriers (at the time).
• Previously on teams charged with things ranging from incident response, firewall
policy, IDS, vulnerability scanning, anti-virus, web proxy filtering, secure web
content delivery and enterprise unified logging among other things.
• Currently Information Security Engineer for a large regional bank.
• In short, I am awesome.
3
5. Use Case: Fraud Analysis / Detection / Prevention
Federal law allows a higher per-transaction fee collection when “fraud
prevention” mechanisms are in place.* IANAB…
• Even a jump from $0.22 to $0.23 per transaction is a >4.5% increase in fee-
based revenue. Yum for that BU!
Also, Fraud Prevention saves banks big .. “bank” by actually preventing
loss. Go figure. Let’s Do That!
Devil in details… * Citation needed…
• Collection from various layers of the stack…
• Collection from disparate application stacks or delivery mechanisms…
• Lots of 3rd party applications don’t log what you wish they would. (Go figure.)
• Time and context correlation is paramount!
• Retention considerations…
5
6. Customer Success – Bank Makes even MORE $$$ !
Splunk has become an enabling
technology for UMB in order to work
with partners to identify and manage
fraud risk and meet expected audit
guidelines, with direct bottom-line
effect.
Log collection able to receive from many disparate systems
Report output capable of providing required fields
Customer logo here API allows custom interaction and data gathering routines
6
8. Who / What / When
What and when went together for us:
• Purchased a commercial fraud prevention service and then told to “make it
work.” Typical.
• This service did not perform any log collection or normalization and specified
generic event types, to be formatted in their XML format.
• Everything else left as an exercise for the reader…
• We had to work out our own method of disparate system collection and
aggregation, normalization, and provide some kind of report mechanism
to be able to produce a flow of events, in chronological order and format
them in their XML.
• I said I had heard of a product that might do this…
8
9. Defining Event Types and Fields
• Event types are broken out by various
source systems and all required and
potential fields enumerated.
• Not *all* involved systems’ logs are
collected by Splunk…
• Disclaimer: You will not be able to stop
fraud on your financial network after
seeing this presentation.
• “Log Source” in this context is an
abstract application-level.
9
11. Pulling the Data –Secret Sauce, part 1
• This search gets the events, from specific sourcetypes, with added
caching lookups implemented in Python LDAP lookups.
• index=* ( sourcetype="NAM_idp_mfa_guardian" OR sourcetype="was_mfa_guardian" OR sourcetype="WAS_MPT_Guardian" OR sourcetype="WAS_MFAAdmin_Guardian" OR
sourcetype="WAS_ACHCustomer_Guardian" OR sourcetype="guardian_bt_extractor" OR ( ( sourcetype="NAM_AG_reverse" OR sourcetype="NAM_AG_ics_dyn" ) AND
g_eventName=* ) ) | lookup ldapUserLookupPrd cn OUTPUTNEW gcid as umbGcid, uid, guid as umbGuid, userType | lookup ldapUserLookupPrd guid as GUID OUTPUTNEW gcid as
umbGcid, cn, uid, guid as umbGuid, userType | lookup ldapUserLookupPrd guid as oboGuid OUTPUTNEW gcid as oboGcid, uid as oboUid, cn as oboCn, guid as oboGuid, userType as
oboUserType | lookup ldapUserLookupPrd guid as umbGuid OUTPUTNEW gcid as umbGcid, cn, uid, userType | lookup ldapUserLookupPrd cn as uid OUTPUTNEW gcid as umbGcid,
guid as umbGuid, cn, userType | search ( userType="Employee" OR userType="Contractor" OR userType="Vendor" OR userType="Temporary" OR userType="Commercial" ) | eval
eventName=coalesce(eventName,g_eventName,actType) | `guardian_field_filter` | reverse
• That search contains a macro to pull the specific fields:
• guardian_field_filter fields timestamp, eventName, uid, cn, umbGuid, umbGcid, sourceSystem, clientIp, clientUserAgent, clientPersistentId, contactInfoType,
oldEmailAddress, newEmailAddress, mfaOptionType, mfaLockoutType, mfaAuthenticationType, mfaResponseCorrect, activityChannel, accountType, accountNumber, transferType,
destinationType, amount, amountPrenote, destAcctNumber, destAcctRouting, destAcctType, sourceAcctNumber, sourceAcctRouting, fromAcctType, clientDeviceInfo, oboCn, oboGuid,
oboGcid, alertType, alertClass, alertLoadClass, alertEventId, alertRecipients, alertDate, documentType, documentId, searchCriteria, adminType, newName, newAddress, newPhone,
phoneType, roleName, roleDescription, batchId, batchType, bankCode, bankRouting, entryClass, entryDescription, originatingCompany, totalCreditsAmount, totalCredits,
totalDebitsAmount, totalDebits, totalPrenotesAmount, totalPrenotes, totalPrestart, totalExpired, totalHolds, totalZeroDollar, approvalNumber, itemId, itemType, achCompany,
serviceClassCode, transactionType, transactionCode, toCompanyName, toIndividualName, toIndividualId, companyId, companyName, companyFullName, debitAmount,
fromSerialNumber, toSerialNumber, statusDescription, status, errorDescription, totalErrors, totalIssues, totalIssuesAmount, totalRecordCount, totalVoids, checkNumber, ivFlag,
checkMemo, checkPayeeName, checkVoidDate, backOutFlag, childRecordCount, returnDecisions, paidDecisions, updateDecisions, bankReasonCode, clientReasonCode, decision, din,
issueAmount, paidAmount, issueDate, paidDate, processDate, updatedCheckNumber, updatedCheckAmount, adminFlag, userName, userGroup, functionCode, typeCode, actionMode,
entryMethod, restrictionType, restrictionColumn, dependencyColumn1, dependencyColumn2, dependencyColumn3, value1, value2, processOrder, reportId, action, achFileId,
immediateOriginId, totalItemCount, totalBatchCount, splunk_server, index, _cd, userType, oboUserType
11
12. Pushing the Data –Secret Sauce, part 2
An in-house-written java program* connects as an API user to Splunk on
a specified interval.
Runs that hellacious query, paginates and receives the results. Has other
logic to add smarts* (prevent attempt to query for too much data,
prevent multiple queries from running at once, keep state on which
records have / have not been pulled (by time), etc…)
Reformats that data in XML per the vendor’s guidelines* and spits out a
file* which gets transmitted* to the vendor.
* Some complexity omitted for clarity
12
13. Results and Performance
At peak times, we run approx 11 million events per hour. Query results
come to around 6-10,000 events of interest per hour at peak.
Querying for 15 minutes of data takes approx 3 minutes.
13