Sessions
.conf2017 | September 25-28, 2017 | Washington, DC

Already Registered for .conf2017? Schedule Your Sessions Now!

  • Products
    Premium Solutions

Keynote Sessions

.conf2017 Guest Keynote
Thursday, September 28, 2017 | 9:00 AM-10:00 AM
| | | | | | Session Type: Keynote Sessions |
Billy Beane, Executive Vice President, Baseball Operations for the Oakland A’s Subject of Moneyball
Featured Special Guest Speaker Billy Beane is considered one of the most progressive and talented baseball executives in the game today. Billy Beane has molded the Oakland Athletics into one of professional baseball's most consistent winners. Beane's innovative management style involves utilizing analytics to create and sustain a competitive advantage. By striking parallels between baseball and business, Beane inspires audiences across industries.
.conf2017 Technology Keynote
Wednesday, September 27, 2017 | 9:00 AM-10:30 AM
| | | | | | Session Type: Keynote Sessions |
Johnathon Cervelli, ITOA Products, Splunk
Kelly Kitagawa, Sales Engineer, Splunk Inc.
Divanny Lamas, Director Customer Success, Splunk
Monzy Merza, Head of Security Research, Splunk Inc.
Maritza Perez, Product Management Director, Splunk
The explosion of machine data presents a massive opportunity for companies able to use that to data meet and exceed the ever-increasing expectations of their customers and stakeholders. Find out what’s new, emerging and transformative across the Splunk platform and solutions to arm customers with the insights and intelligence needed to thrive in a digital marketplace.
.conf2017 Welcome Keynote
Tuesday, September 26, 2017 | 9:00 AM-10:30 AM
| | | | | | Session Type: Keynote Sessions |
Richard Campione, SVP/Chief Product Officer, Splunk
Michael Ibbitson, Executive Vice President, Technology& Infrastructure, Dubai Airports, Dubai Airports
Nate McKervey, Director of Community and Advocacy, Splunk
Doug Merritt, President & Chief Executive Officer, Splunk Inc.
Customer success is at the heart of everything we do at Splunk - from empowering data-driven business transformation at the world's largest companies to helping build the skills and careers of our passionate community advocates in SOCs, NOCs and data centers around the world. CEO Doug Merritt takes the stage to show how Splunk turns machine data into the answers our customers need to reimagine IT, security, the internet of things and business analytics. Special Guest Speaker Michael Ibbitson, Executive Vice President for Technology at Dubai Airports, will join Doug Merritt and Nate McKervey onstage.

Breakout Session

A CISO’s Perspective on User Behavior Analytics: Setting the Right Expectations for All Stakeholders
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk User Behavior Analytics | Role: Security Analyst, Administrator, CISO, CIO | Track: Security / Compliance / Fraud | | Other Topics: What's New, Security Use Case Development, Machine Learning, Adaptive Response | Session Type: Breakout Session | Solutions: Security & Fraud
Aaron Bishop, CISO, SAIC
This session will cover why it was critical for us to detect unknown threats and risky behavior in addition to known threats. We will highlight how we have integrated Splunk UBA as part of our defense-in-depth architecture and the ROI we are starting to see after deploying Splunk UBA. This includes the value of known and unknown threats coming together in a single pane of glass and also how SOC teams and insider threat teams can operate and collaborate using the same data. And at the end of all the automation and AI/ML, there is still a smart human to deliver the final judgment.
A Day in the Life of a GDPR Breach
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Non-Profit, Online Services, Healthcare, Higher Education, Travel & Transportation, Technology, Retail, Communications, Media & Entertainment, Energy & Utilities, Financial Services, Public Sector | Products: Splunk Cloud, Splunk Enterprise | Role: Operations Manager, CTO, CIO, CISO, Administrator, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Compliance and Regulations | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud
Freddy Dezeure, Former Head of the European Union Computer Emergency Response Team, Freddy Dezeure BVBA
James Hanlon, Director, Security Specialisation, Splunk Inc.
Matthias Maier, Director, Security Product Marketing EMEA, Splunk Inc.
You’re a CIO, CISO or IT Security Manager - and you wake up in the middle of the night to a call from your Data Privacy Officer. Your organization is in the headlines of national newspapers because personal data has been disclosed and the privacy of customers is at risk. What do you do next? Join this session to learn about GDPR (General Data Privacy Regulation) and go through a breach investigation and response scenario under the GDPR, which comes into effect in May 2018.
A Deep Dive Into Boss of the NOC With Splunk
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Technology, Online Services | | | Track: IT Operations | | | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud
Jon LeBaugh, ITOA Architect, Splunk
In this session, we will do a deep dive into some of the scenarios competitors faced in this week’s Boss of the NOC (BOTN) event. We’ll explore the methods used by some of the top scoring teams, as well as look at the scenarios through the lens of Splunk IT Service Intelligence to help you and your team become more proactive. We’ll also show you how to request a BOTN event for your organization!
A Journey to Awesome Without the Baggage: How Difficult Became Easy With Splunk at John Lewis
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Retail | Products: Splunk Enterprise | Role: Splunk Technical Champion, Business Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Paul Adams, Operational Intelligence Lead, John Lewis
If a company could ever be a National Treasure, John Lewis, a UK Retailer, might come close. But in its online store, the checkout funnel is where 150 years of hard-earned reputation could unravel. The company had to ask itself, “Should we care?” The answer: You bet. A lot. And in many different ways. Is the checkout process working? Is it confusing customers? Are third parties letting us down? Are there malevolent users? Orthodoxy tells you to use different tools and teams to explore these concerns separately. Convergence says, “Tear down the walls and let the facts speak freely.” In 2014, Splunk succeeded in visualizing flow paths down both happy and troubled checkout journeys. We’ll walk you through a trip that in just one week had the company shedding unnecessary baggage without having to rework cornerstone queries. “On the shoulders of Splunk, a flight of fancy suddenly became serious.
A Trip Through the Splunk Data Ingestion and Retrieval Pipeline
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Developer, Administrator | Track: Foundations | Session Focus: Splunk Internals | Other Topics: Logging Frameworks, Getting Data In, Search Language | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Harold Murn, Chaos Monkey, Atlassian
This presentation will attempt to give a better understanding of how the Splunk platform stores and retrieves data from disk. Concepts such as bloom filters, lexicons and data storage in TSIDX files will be demonstrated by "live coding" a Splunk-like search backend. We will also cover parts of the ingestion pipeline, such as input segmenting and index time field extractions. We will take a trip through the full search pipeline, bringing all the covered topics together and explaining how they impact the amount of data Splunk must read from disk. To conclude, we’ll discuss what you can do as a developer to provide logs that reduce the workload of the Splunk cluster, making your administrators happy and returning results faster.
APT Splunking: Searching for Adversaries with Quadrants (and other methods)
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Advanced
Industries: Financial Services, Aerospace & Defense, Public Sector, Energy & Utilities, Technology | Products: Splunk User Behavior Analytics, Splunk Enterprise Security, Splunk Enterprise | Role: CIO, Data Scientist/Analyst, Administrator, CISO, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Attack Scenarios, Security Use Case Development, Investigation, Analyzing Data Types | Session Type: Breakout Session | Solutions: Security & Fraud
David Doyle, IT Security Senior, Bechtel
Drew Hunt, Malware & Threat Intel Lead, Bechtel
As their name suggests, APT (advanced persistent threat) attacks are among the most pernicious and most damaging attacks an information environment can face.  Fortunately, Splunk is here to help.  Using real world examples and utilizing statistical analysis tools that are cooked into core Splunk, learn some tricks that you can leverage back home to help find these evildoers in your systems.
Accelerate Incident Investigation With RedSeal and Splunk Adaptive Response Actions
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Architect, Administrator, CISO, Security Analyst, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Automation / Adaptive Security | Other Topics: Analyzing Data Types, SecOps, Attack Scenarios, Security Use Case Development, Adaptive Response, Anomaly Detection | Session Type: Breakout Session | Solutions: Security & Fraud
Kurt Van Etten, CA, RedSeal
Prevention and detection solutions are vital but not sufficient--the ability to investigate rapidly and recover, in case of a security incident, is crucial. But, once an incident is detected, then what? Learn how RedSeal integrates within the Splunk Enterprise Security Adaptive Response framework to provide you with immediate answers to the following questions: -What is the compromised device? Where is it physically and logically located? -What other critical assets can it access? -Can an untrusted network reach the Indicator of Compromise? -What are the exact firewalls and rules you must modify to contain the IoC from reaching critical assets? RedSeal helps your organization become digitally resilient to cyber events and network interruptions.
Accelerating Risk Management Through Adaptive Response Strategies
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
| Products: Splunk Enterprise Security, Splunk Cloud, Splunk Enterprise | Role: Architect, Administrator, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Incident Response | Other Topics: Adaptive Response, Security Use Case Development, Investigate, SecOps, Investigation, Anomaly Detection | Session Type: Breakout Session | Solutions: IT Operations, Cloud Strategies, Security & Fraud, Big Data
Michael Woolfe, Director, Strategic Programs, Fortinet, Inc.
Enterprise leaders are increasingly feeling the pressures of staffing, distributed workloads, and compliance reporting, knowing that unmet requirements for Incident Response can lead to devastating situations.  In this talk, we will illustrate approaches to accelerate decisions at machine-to-machine speed to counter machine/code attacks or an influx in business, using the Fortinet vendor-neutral Security Fabric as an example. You'll see tangible ways to implement modern defense-in-depth strategies: where the technologies bond to tighten the gaps,  containment protocols are pushed to the lowest level possible, and empowering humans with prescribed responses leveraging Splunk's Adaptive Response. The objective is to realize the full benefit of your technology investments and reduce your managed risk.
Achieve Operational Efficiency in Car Manufacturing with Advanced Analytics
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Technology, Manufacturing | Products: Splunk Enterprise, Splunk Cloud | Role: Operations Manager, Architect, Business Manager, CIO, CTO, Splunk Technical Champion, Administrator | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Analyzing Network Data, Customer Success Story | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Philipp Drieger, Sr. Sales Engineer, Splunk Inc.
Sebastian Schmerl, Solution Manager Cyber Defense for Production and IoT, Computacenter
Car manufacturers are under enormous cost pressure and need to gain the highest operational efficiency to compete in the market. Getting data from heterogeneous Industry 4.0 environments is a challenge and current analytical approaches still involve pencil and paper. In this session, you will learn how passively captured, low-level data from industrial assets can be collected with Production Data Extractor from production network traffic. The extracted data is analyzed along with traditional data from manufacturing execution systems and data historians. Advanced analytics on this heterogeneous dataset yields significant increases in production efficiency.
Acute Care Telemetry: Datastream Process Monitoring, Visualization, and Search with Splunk
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Healthcare, Technology, Non-Profit | Products: Splunk Cloud, Splunk Enterprise | Role: CIO, Business Manager, Developer, CTO, Operations Manager, Splunk Technical Champion | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story | Session Type: Breakout Session | Solutions: Application Delivery, IoT & Industrial Data, Cloud Strategies, Big Data
Leo Kobayashi, Attending Physician, Alpert Medical School of Brown University / Rhode Island Hospital
Derek Merck, Director of the 3D Lab, Rhode Island Hospital
Healthcare researchers study emergency department (ED) patients' live physiologic data streams to understand, prevent and mitigate unsafe conditions that lead to medical error. However, medical device alarm fatigue is a pervasive problem that has been shown to cause patient harm, even as the underlying technology issues have not been fully investigated. In order to enable the acquisition and examination of high-resolution, real-world data streams that will help improve patient-monitor functionality and alarm algorithms, we initiated a multisite program to design, test, and launch a modular open-source toolkit for research purposes. Come learn about the development, implementation and results for a fully functional, experimental 24/7/365 patient-monitor data stream acquisition system that uses Splunk's forwarding, indexing, query/analytics, visualization, and dashboard capabilities in a 15-bed ED space.
Advanced Analytics with Splunk Using Apache Spark Machine Learning and Spark Graph
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
| Products: Splunk Enterprise, Splunk Enterprise Security | Role: CTO, Architect, Security Analyst, Administrator, Developer, Data Scientist/Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Business Analytics, IoT & Industrial Data, Big Data, Security & Fraud
Raanan Dagan, Staff Architect, Splunk Inc.
Andrew Stein, Global Analytical Architect, Splunk Inc.
How well we analyze events in the Splunk platform hinges upon our ability to investigate and iterate over the data. Spark Machine Learning and Spark Graph enable you to leverage large-scale interactive event graphs and machine learning. In this session, we will dive into the technical details of these integrations, as well as discuss many use cases that leverage big data.
Advanced Machine Learning Using the Extensible ML API
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Data Scientist/Analyst, siteReliabilitySystemsEngineer, Developer | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Big Data
Alexander Johnson, Software Engineer, Splunk Inc.
Zidong Yang, Software Engineer, Splunk Inc.
Have you ever wanted to do customized machine learning on Splunk? Well, now you can! Learn how to use the Splunk Machine Learning Toolkit's extensible API to add custom algorithms. Discover how to add custom algorithms by utilizing popular python data science libraries, such as scikit-learn, pandas and numpy, to create and apply machine learning models.
Advanced Security Monitoring for Critical Groups or Applications
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, Security Analyst, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Business Analytics, Security & Fraud
Benjamin Arnold, Technical Lead – North America Cyber Security Operations Center, JPMorgan Chase, JPMorgan Chase
Mackenzie Kyle, Manager - North America Cyber Security Operations Center, JPMorgan Chase
This session will highlight how to use Splunk Enterprise to deploy enhanced security-monitoring capabilities around critical users, assets or business processes within an organization. The presentation will focus on how you can align core Splunk principles like summary indexing, data-model normalization and custom dashboard development with core security-monitoring principles like threat intelligence, risk scoring, baselining and machine learning to improve your organization's ability to alert, monitor and hunt for advanced security threats. This session will include a live demo showing how to apply these concepts within a large-scale Cybersecurity Operations Center based on what we've achieved at JPMorgan Chase.
Advanced Splunk Searching for Security Hunting and Alerting
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, Security Analyst, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Threat Hunting | Other Topics: Investigation, Search Language, SecOps | Session Type: Breakout Session | Solutions: Security & Fraud
Stefan Hutchison, Sr. Security Engineer, Workday
Splunk provides an effective toolset to quickly analyze data and make security conclusions. However, using those tools is not always easy. In order to discern the answers to difficult questions, you must move beyond the basic search commands like stats, eval, and where and instead add more robust commands into your repertoire like timechart, eventstats, streamstats and transaction. These advanced commands, when used in novel ways, allow an analyst to detect situations, such as when a system has 6 failed login attempts followed by a success, or when a system is receiving more data by a statistically significant margin than it was in the last 30 days. This session will provide the audience with example Splunk queries, gotchas for some of the common and not-so-common commands with in-depth explanations of how commands can be chained, and examples of various statistical analyses. You’ll walk away with not only an understanding of several new advanced commands, but also the practical applications for using them to better target and speed your incident investigations for an enhanced security posture.
Advancements in Splunk Data Ingestion
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Energy & Utilities, Communications, Manufacturing, Media & Entertainment, Higher Education, Online Services, Retail, Financial Services, Non-Profit, Technology, Travel & Transportation, Healthcare | Products: Splunk Enterprise, Splunk Cloud | Role: Security Analyst, Administrator, Architect, Business Manager, Operations Manager, Splunk Technical Champion, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Big Data, IT Operations, Application Delivery, Cloud Strategies, IoT & Industrial Data, Log Management
Michael Porath, Senior Product Manager, Splunk Inc.
For years, Splunk has been the platform of choice to search, analyze and visualize log and other event data. Newer IT stacks, signals from IoT devices and increased use of KPIs tracked over time all have something in common: they require a platform that handles a variety of data types at scale and with the performance appropriate for that data type. Learn in this session how Splunk brings together logs with a variety of other data sources and how to ingest data from a range of sources.
An Introduction to Splunk IT Service Intelligence (ITSI)
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Beginner
Industries: Technology | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Alok Bhide, Director of Product Management, ITSI, Splunk Inc.
Traditional solutions and approaches can't handle today's complex, distributed-service-oriented environments. Learn how to gain service context by combining logs, events, wire data and performance data to get the big picture of your environment, streamline operations, accelerate root cause analysis and get ahead of outages that could impact customers. Understand how artificial intelligence and machine learning can enhance service intelligence. Join us for a live demo to see how Splunk ITSI takes operations and service intelligence to the next level and also understand how the product has evolved, guided by your input, to deliver service-level insights and event analytics.
Analytic Stories or How I Learned to Stop Worrying and Respond to Threats
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion, Business Manager, Security Analyst, Administrator | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | | Session Type: Breakout Session | Solutions: Security & Fraud
David Dorsey, Principal Research Engineer, Splunk Inc.
How do you know what to look for in your environment? Then what do you do when you find it? This session will help you answer these questions and more! Analytic stories provide a way to organize your searches, understand how to respond to events and what data is needed to detect and respond to this threat and detail why you should care about a given threat. They also allow you to map to different security frameworks so business owners can think about their security posture in business terms. This talk will discuss what makes up an analytic story, how they can be used to guide and inform your investigation and how to better understand your security posture.
Analytics: Conquering Perception With Data – A Story of Increased Customer Satisfaction
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Financial Services | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Using Splunk, Machine Learning, Customer Success Story | Session Type: Breakout Session | Solutions: Business Analytics, Application Delivery
Hagop Hagopian, Sr. Product Manager, Charles Schwab
Kirk Hanson, Sales Engineering, Splunk Inc.
“You never get a second chance to make a first impression”. At Charles Schwab, we’ve learned that customers who experience a positive digital account open experience are more likely to fund an account. The digital account creation process is often the only opportunity a business has to motivate and/or stimulate curiosity in the product offered by the firm. The goal of the account creation team is to ensure the customer has a positive experience and should be a primary focal point. Utilizing Splunk Enterprise to look at data otherwise indiscernible, Charles Schwab can examine the customer experience using data driven analytics. Splunk is an invaluable tool to analyze account open activities and, and as a result, Splunk is now used for other informed decisions such as driving code changes to respond to customer needs. These improvements coincided with record performance and gave customers an unforgettable and realistic experience from the first moment they interacted with Charles Schwab.
Analyzing Logs From Microservices
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Technology | | Role: Developer, Operations Manager | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, Log Management
Brian Krueger, Software Engineer, Splunk Inc.
Nikhil Mungel, Principal Software Engineer, Splunk Inc.
Come learn about a new SaaS offering that helps developers easily aggregate and analyze their logs, in the cloud. In the process of building this new service, we've learned how to collect logs from our own cloud-based microservices, and to aggregate logs and metrics from AWS ECS to help us understand how developers are using our service. You'll hear how the development team uses our new service in order to build and operate the service! Yup, super meta.
Architecting Splunk for High Availability and Disaster Recovery
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Online Services, Non-Profit, Higher Education, Energy & Utilities, Financial Services, Retail, Manufacturing, Media & Entertainment, Technology, Healthcare, Travel & Transportation | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Architect, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Logging Frameworks, Best Practices | Session Type: Breakout Session | Solutions: Log Management, Big Data
Sean Delaney, Principal Architect, Splunk Inc.
As Splunk Enterprise becomes more critical to an organization and its business functions, it becomes crucial to maximize the uptime of the service. We'll talk about general principles of resiliency/high availability and disaster recovery and how they apply on a Splunk deployment. We'll also discuss the various mechanisms for implementing these principles, levels of availability and the relative advantages and costs of each.
Automate All the Things! Moving Faster With Puppet and Splunk
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Operations Manager, Developer, CIO, Architect | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Big Data, Application Delivery
Domnick Eger, Global DevOps Practitioner, Splunk Inc.
Deepak Giridharagopal, CTO, Puppet
The all new Splunk + Puppet integrations allow organizations to gain situational awareness of unmanaged resources, take swift and confident action to bring them under management, and then continually analyze and enforce policies with ongoing intelligence, automation, and compliance. With the new Splunk App for Puppet Enterprise, it has never been easier to analyze Puppet data within Splunk and take action on issues across the entire IT environment. Learn how customers can deploy Splunk Enterprise and the Universal Forwarder using new Puppet modules and how to take action on notable events using Puppet scripts in Splunk IT Service Intelligence.
Automating Incident Response In the Cloud With Splunk Adaptive Response and AWS Lambda
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Advanced
| Products: Splunk Cloud | Role: Administrator, Architect, Operations Manager, Developer, Security Analyst, Data Scientist/Analyst, Business Manager, CIO, CISO | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | Other Topics: Amazon Web Services, Best Practices, SecOps, Cloud Strategies | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, Cloud Strategies
Patrick Shumate, Solutions Architect, AWS
Are you overwhelmed with security alerts? Would you like a way to automate the first crucial steps of incident response? In this session, find out how to use Splunk Adaptive Response in conjunction with AWS Lambda and AWS Step Functions to automate incident response in AWS environments. From the raw data ingestion through instance isolation, and everything in between, we’ll walk you through each step of the process.
Automating Threat Hunting With Machine Learning
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
| Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Hunting | | Session Type: Breakout Session | Solutions: Security & Fraud
Philipp Drieger, Sr. Sales Engineer, Splunk Inc.
Monzy Merza, Head of Security Research, Splunk Inc.
Organizations continue to be challenged by human resource constraints, time constraints and the expanding footprint of IT and security. As a result, conversations about security automation are becoming mainstream. Likewise, machine learning is gaining attention for its threat detection talents. In this talk, we explore the intersection of automation and machine learning in the context of threat hunting. We will demonstrate a Splunk proof of concept that enables hypothesis testing. We will share a model to rationalize extensions of the implementations. And we will discuss the concepts behind the Splunk components used in the examples.
Automating the Status Quo: How Machine Learning Algorithms Become Biased
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Financial Services, Healthcare, Technology, Diversity in Technology, Higher Education | | Role: Data Scientist/Analyst | Track: Foundations | Session Focus: Diversity in Technology | Other Topics: Diversity in Technology, Behavioral Analytics and Machine Learning, Machine Learning | Session Type: Breakout Session | Solutions: Big Data
Sarah Moir, Senior Technical Writer, Splunk Inc.
Celeste Tretto, Data Scientist, Splunk Inc.
Bias in statistical analysis is not a new problem, but the rise of big data and decisions that rely on that data make the problems more present in our day-to-day lives. Machine learning can reduce bias in decision making, but can also increase discriminatory bias. In this session, learn about common ways that discriminatory bias can be introduced in algorithms and how to reduce biases in algorithms that you write in Splunk.
Automation of Event Correlation and Clustering With Built-In Machine Learning Algorithms in Splunk IT Service Intelligence (ITSI)
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Technology | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Machine Learning | Session Type: Breakout Session | Solutions: IT Operations
Vineetha Bettaiah, Software Engineer, Splunk Inc.
Ross Lazerowitz, Product Manager, Splunk Inc.
IT monitoring and management software generates an enormous number of events. These events contain a wealth of information useful for simplifying operations, assessing the state of the system and generating timely alerts to avoid catastrophic failures. In a traditional IT environment, these events are inspected manually to extract value. This process is complicated and time consuming due to the diversity and information density of the events. In order to reduce redundancy, understand cause-and-effect relationships and detect anomalies, you absolutely need the ability to cluster events in real time. The Smart Mode Engine in Splunk ITSI automatically identifies meaningful clusters in event data, and empowers users to unlock and understand in real time the mission critical information present in event data, and is the foundation of Splunk’s Event Analytics Engine.
Be a Rock Star! Real-World Use Cases From Aetna That Will Inspire You to Deliver Value With the Machine Learning Tool Kit (MLTK)
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Retail, Healthcare | Products: Splunk Enterprise, Splunk User Behavior Analytics | Role: Operations Manager, Architect, CTO, CIO, Business Manager, Splunk Technical Champion, Data Scientist/Analyst, Security Analyst | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Security & Fraud, Business Analytics, IT Operations, Big Data
Alexander Norris, Data Scientist, AETNA
Thomas Smit, Staff Sales Engineer, Splunk Inc.
Together, we will explore how Aetna delivers timely mission-critical operational insight with the Machine Learning Toolkit. This real-world journey focuses on creating value from availability, performance, capacity and security use cases. Our process supplements, empowers and democratizes Splunk data. This session demonstrates how we transform platform and product experts into rock stars! You will be inspired and armed with high-level concepts to deliver value with the toolkit and your data. We will also explore how Splunk IT Service Intelligence and Splunk User Behavior Analytics can supplement your approach to delivering value in Splunk.
Best Practices and Better Practices for Admins
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
| Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session |
Burch !, Senior Best Practices Engineer, Splunk Inc.
Uplevel your Splunk Fu by learning best practices for Admins that will make you a Splunk Architect/Admin in no time! An updated version of the popular session from .conf2016 and .conf2015, this session will review all of the tips and tricks you've regretted not knowing. As always, attendees are encouraged to support each other by sharing their own best practices, tips and tricks, and love for all things Splunk! This session will explore topics relevant for admins, such as effective Splunk resources, common pitfalls, monitoring consoles, and admin ideas to make your Splunk deployment a palace! If you're hunting for more user-relevant best practices, look for the similarly titled "Best Practices and Better Practices for Users."
Best Practices and Better Practices for Users
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Energy & Utilities, Diversity in Technology, Media & Entertainment, Manufacturing, Communications, Technology, Aerospace & Defense, Public Sector, Retail, Travel & Transportation, Healthcare, Higher Education, Online Services, Non-Profit, Financial Services | Products: Splunk User Behavior Analytics, Splunk Enterprise Security, Splunk Cloud, Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Basic Content, Framework, Workflow, Content, Automation, Getting Data In, Managing Splunk, Dev Tools, Logging Frameworks, Amazon Web Services, Unix and Linux, Microsoft Exchange, DB Connect, ODBC, Platform Extensibility, Cloud Strategies, Using Splunk, App Ecosystem, Visualizations, Alert Actions, HTTP Event Collector, Search Language, Machine Learning, Ransomware, Powershell, Tuning Alerts, Adaptive Response, Anomaly Detection, Analyzing Network Data, Analyzing Endpoint Data, Best Practices, Customer Success Story, Applying Threat Intelligence / Context, Attack Scenarios, Containers (Docker, etc.), Wire Data and Network, Mobile App Monitoring, What's New, SecOps, Investigation, Forensics, Posture Assessment, Analyzing Data Types, Security Use Case Development, Behavioral Analytics and Machine Learning, Nerve Center, Diversity in Technology, Investigate, Search | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Application Delivery, Security & Fraud
Burch !, Senior Best Practices Engineer, Splunk Inc.
Improve your Splunk Fu by learning best practices for users that will make you a Splunk ninja in no time! This is an updated version of the popular session from .conf2016 and .conf2015 and will introduce you to all the Splunk tips and tricks you've regretted not knowing. As always, attendees are encouraged to support each other by sharing their own best practices, tips, tricks and love for all things Splunk! This session will explore topics relevant to users, such as effective Splunk resources, searching strategies and dashboarding efficiencies. If you're hunting for more admin-relevant best practices, look for the similarly titled "Best Practices and Better Practices for Admins."
Best Practices for Deploying and Using Splunk for Security Use Cases
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Healthcare, Technology | Products: Splunk Enterprise | Role: Architect, Security Analyst, Administrator | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Search, Security Use Case Development, Investigation, Best Practices, Customer Success Story, Managing Splunk | Session Type: Breakout Session | Solutions: Security & Fraud
Jake McAleer, Senior Manager, IT Security, athenahealth
athenahealth utilizes Splunk to collect and assess various security-related data from our production and corporate systems. We've had many lessons learned over the years, and this talk is focused on sharing some of those tips and tricks. Topics will include: -Architecture: Designing and deploying your environment, support/maintenance/patching -Searching tips and techniques -Security implications around using Splunk and hardening it -Correlating security activities using a multitude of data sources -Alerting on events and correlations to systems like email and Slack This session assumes the attendee has experience in using Splunk and general system administration concepts such as event logs, shell commands, patching, OS hardening, etc.
Best Practices: Working With and Using Splunk Cloud
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Aerospace & Defense, Energy & Utilities, Communications, Financial Services, Manufacturing, Media & Entertainment, Online Services, Retail, Public Sector, Technology, Healthcare, Travel & Transportation, Non-Profit, Higher Education | Products: Splunk Cloud | Role: Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Cloud Strategies
Shaun Bland, Texas, Splunk Inc.
Eric Six, Staff Architect, Splunk Inc.
Learn best practices for working with and using Spunk Cloud, including latest feature adoption, Splunk validated architecture, getting data in and working with Support. All the things that are better to know now, not later!
Beyond REGULAR Regular Expressions - v2.0
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Communications, Media & Entertainment, Manufacturing, Energy & Utilities, Online Services, Financial Services, Aerospace & Defense, Public Sector, Technology, Healthcare, Travel & Transportation, Non-Profit, Higher Education, Retail | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Architect, Data Scientist/Analyst, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Search Language, Using Splunk, Dev Tools, Analyzing Data Types, Best Practices, Getting Data In, Managing Splunk | Session Type: Breakout Session | Solutions: Business Analytics, IT Operations, Log Management, Security & Fraud, Application Delivery, Big Data, IoT & Industrial Data, Cloud Strategies
Cary Petterborg, Splunk Architect, The Church of Jesus Christ of Latter-day Saints
Splunk is driven by regular expressions, and even with powerful built-in features like the Field Extraction Tool (FET), there are times you have to wrestle with some odd or mixed data types. In this session, you will see some real-world regular expression examples and learn to effectively use the FET along with other third-party tools. This will assist you in creating your own advanced regular expressions to truly achieve control over your data, regardless of its complexity.
Big Data in the Cloud—AWS EMR and Splunk Analytics for Hadoop
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Financial Services, Energy & Utilities, Communications, Healthcare, Higher Education, Non-Profit, Online Services, Manufacturing, Retail, Travel & Transportation, Technology, Aerospace & Defense, Media & Entertainment, Diversity in Technology, Public Sector | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Architect, Administrator, Operations Manager, Developer, CTO, Splunk Technical Champion | Track: Foundations | Session Focus: Business Analytics | Other Topics: Using Splunk, Getting Data In, Best Practices, Cloud Strategies, Content, Basic Content, Search, Search Language, Visualizations, App Ecosystem, Amazon Web Services | Session Type: Breakout Session | Solutions: Log Management, Cloud Strategies, Application Delivery, Big Data, Business Analytics, IoT & Industrial Data, IT Operations, Security & Fraud
Simon O'Brien, QLD, Splunk Inc.
Patrick Shumate, Solutions Architect, AWS
Join this session with AWS and Splunk to see big data come to life in the cloud in minutes. Many organizations spend months building platforms to meet their big data requirements. In this session we show you how to do that in minutes. You will learn how to build a big data solution for fast, interactive analysis of data stored in Amazon S3, and hear real world use cases. The session will include a demonstration of how to build both the AWS EMR and Splunk Analytics for Hadoop components of the solution. We will also walk you through possible use cases showing the solution.
Blueprints for Actionable Alerts
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Administrator, Developer, Operations Manager | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud, IT Operations, Log Management
Burch !, Senior Best Practices Engineer, Splunk Inc.
Do you receive too many alerts from your Splunk environment and don't know which to focus on? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk investment is losing its purpose and value because users have no choice but to ignore it? I’ve been there. I inherited a system like that. This is an updated version of the popular session from .conf2016 covering the evolution of how I improved those alerts and shifted Splunk from spam to glam. Come to this session to learn from my experiences and approaches, which will provide you with more confidence and actionable alerts.
Blueprints for Onboarding Teams
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk Cloud | Role: Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session |
Burch !, Senior Best Practices Engineer, Splunk Inc.
Do you have "problem" users whose searches and dashboards are grinding Splunk to a halt? How about getting the same questions from every new user? What about app-sprawl resulting in config confusion and permissions puzzles? What if I told you there was a solution? There is and it's covered in this talk! We'll explore the new Splunk concepts of Workspaces, Welcome Pages, and Incentive-Driven User Empowerment. From this session, not only will you walk away with the solutions for these problems and more, but you'll learn how to implement them in a way that is positive and supportive of your users [rather than punishing them]. The result is a well-organized Splunk environment where users are self-sufficient and positively motivated to increase their proficiencies. And the best part is, you get to focus on your work...with all that free time, you'll have no choice but to learn to love that dang Buttercup.
Bringing Sweetness to Sour Patch Tuesday – Using Splunk for Easier Patch Management
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
| Products: Splunk Enterprise | Role: Administrator, Operations Manager, Security Analyst | Track: IT Operations | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud
Justin Brown, Splunk Technical Lead, Pacific Northwest National Laboratory
Arzu Gosney, Kentucky, Pacific Northwest National Laboratory
Your patch process is completed and is reporting back that all is well. Then phone calls start arriving telling you otherwise. Every month, security patches arrive and cause outages to servers as well as the applications and services they support. In the past, this required several hours of work by teams of server admins, database admins, application engineers and customers to make sure all services were returned to normal after patching was completed. We’ll show you how Pacific Northwest National Laboratory automated much of this work with patching status dashboards for servers, application health dashboards, automated reports and alerts. This has reduced support labor an estimated 100 hours each month for our infrastructure and application teams and provides better visibility to our customers.
Building Blocks for Analytics Common Sense
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Diversity in Technology | Products: Splunk Enterprise | Role: Architect, Data Scientist/Analyst, Splunk Technical Champion, Operations Manager, Security Analyst, CISO, CTO, Developer, Business Manager, CIO, Administrator | Track: Foundations | Session Focus: Diversity in Technology | Other Topics: Diversity in Technology | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud, IT Operations, Log Management, Big Data, Business Analytics, Cloud Strategies, IoT & Industrial Data
Yanpei Chen, Senior Product Manager, Product Analytics, Splunk Inc.
Archana Ganapathi, Director Data Strategy, Splunk Inc.
Corporate data is a gold mine of useful information, but one must tread water to avoid drowning in the sea of data. That said, adopting a data-driven culture is less intimidating than it seems. You do not have to be a machine-learning or neural-network expert to make a first-cut analysis on your data. Basic queries such as “count useful features by interesting factors” and simple statistics such as average/min/max can create immense insights from your data. In this session, we will discuss how to leverage Splunk for basic analytics and how to visually represent these statistical insights for maximum impact. We will share cautionary tales and point out pitfalls to avoid when you rely on statistical tools for decision-making.
Choosing the Right Infrastructure for Your Splunk Deployment
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Beginner
Industries: Non-Profit, Higher Education, Travel & Transportation, Technology, Public Sector, Aerospace & Defense, Communications, Energy & Utilities, Online Services, Healthcare, Manufacturing, Retail, Financial Services, Media & Entertainment | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Big Data
Brett Roberts, Data Analytics Systems Engineer, Dell EMC
The Splunk platform has become a business-critical application with power that organizations around the world depend on for security, operations and other needs. But with great power comes great responsibility, as users demand the necessary performance, availability and scalability from their Splunk environment. Deploying and running Splunk on the right infrastructure is critical to success, and there are many paths one can take: on-premises, off-premises; SAN or DAS, virtual or bare metal. This session will explore these different paths and discuss the benefits and potential drawbacks to each, followed by reviewing the relevant best practices for deploying Splunk.
Cisco and Splunk Innovation Through the Power of Integration
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Business Manager, Architect, Administrator, Developer, CTO, siteReliabilitySystemsEngineer, CIO, CISO, Data Scientist/Analyst, Operations Manager, Splunk Technical Champion, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Search/Insights/Analytics | Other Topics: Getting Data In, Security Use Case Development, Search Language, Investigation, SecOps, Search, Investigate | Session Type: Breakout Session | Solutions: Security & Fraud, Application Delivery, Cloud Strategies, Big Data, IT Operations
Douglas Hurd, MD, Cisco
Karthik Karupasamy, Product Manager, Cisco UCS, Cisco
Colin Lowenberg, Global Transformational Partners, Cisco Meraki
Robert Novak, Technical Solutions Architect, Big Data & Analytics, Cisco
Cisco has one of the most complete technology solution portfolios in the industry, and through an industry-leading set of Splunk integrations, the power of Splunk and Cisco together will make your environment easier to manage, faster to respond to, and safer to operate. Come hear from three teams within Cisco whose technologies feature Splunk integrations. Cisco Meraki will talk about using APIs to correlate network and infrastructure data, including a case study with the government of the largest Latin American country. Cisco UCS will discuss our mutually validated integrated architectures, automated deployment platforms, and Splunk integration with Cisco UCS itself. And Cisco Security will look at on-premises, mobile, and cloud-based security offerings brought together through the Splunk platform to simplify monitoring and accelerate incident response throughout the enterprise.
Continuing Collaboration Between Operations and Research – The Impact of Student Achievement Predictions on Operational Predictions
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Higher Education, Public Sector | Products: Splunk Enterprise | Role: Business Manager, Administrator, CIO, CTO, Operations Manager, Developer, Splunk Technical Champion | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Behavioral Analytics and Machine Learning, Search, Managing Splunk, Platform Extensibility, Using Splunk, App Ecosystem, Getting Data In, Best Practices, Automation, Workflow, Visualizations, Machine Learning, Alert Actions | Session Type: Breakout Session | Solutions: IT Operations, Big Data, Business Analytics, Log Management
Cyndi Backstrom, Senior IT Operations Analyst, University of Nevada - Las Vegas
Matthew Bernacki, Assistant Professor of Educational Psychology and Higher Education, University of Nevada - Las Vegas
IT professionals in higher education live and breathe the operational data that Splunk excels at searching, managing and modeling...but their statistical background is typically limited. Many researchers at universities are skilled statistical analysts... but often lack the rich data needed to answer their research questions. This presentation continues the story of an Operations+Research collaboration at UNLV. In this chapter, we turn our attention to UNLV projects that employ machine learning using Splunk’s Machine Learning Toolkit (MLTK) and other software platforms. Topics include a review of educational research and intervention for student success, Operations utilization of MLTK for tuned alerting, and scaling a solution for research needs with MLTK.
Creating Your Own Splunk Learning Environment
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Financial Services, Media & Entertainment, Non-Profit, Higher Education, Communications, Energy & Utilities, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Diversity in Technology, Online Services, Manufacturing, Retail | Products: Splunk Enterprise | Role: Architect, Administrator, Developer, Splunk Technical Champion, Data Scientist/Analyst | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: App Ecosystem, Using Splunk, Dev Tools, Getting Data In, Best Practices, Search, Analyzing Data Types, Analyzing Endpoint Data, Analyzing Network Data, Search Language, Visualizations, Managing Splunk | Session Type: Breakout Session | Solutions: Log Management, IoT & Industrial Data, IT Operations, Security & Fraud, Application Delivery, Business Analytics, Cloud Strategies, Big Data
Luke Netto, Senior Professional Services Consultant, Splunk Inc.
You have Splunk installed and created dashboards and reports. Yet, you are still having a hard time gaining traction. Are you also experiencing difficulty getting coworkers hooked on SPL? Are you being overwhelmed with report requests? Or maybe you just want to learn how to search using the Splunk platform, but lack the data? In this session you will learn how to create a Splunk Learning Environment, using apps available on Splunkbase. You will learn how to use Eventgen and readily available apps to generate sample data of almost any flavor. At the end of the session, you will have a functioning learning environment on your own laptop!
Creating a Threat-Based Cyber Team
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Public Sector, Non-Profit, Financial Services | Products: Splunk Enterprise | Role: Security Analyst, Architect, Business Manager | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Todd Kight, MD, Johns Hopkins Applied Physics Laboratory
Anthony Talamantes, Manager, Defensive Cyber Operations, Johns Hopkins Applied Physics Laboratory
With cyberactors evolving quickly and becoming stealthier, challenging the status quo of existing cyber operations is now imperative. We will outline a case study showing how an incident response exercise led to changes in focus and philosophy and how that process changed the structure of Defensive Cyber Operations at Johns Hopkins Applied Physics Laboratory.
Custom Visualizations and You
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Advanced
Industries: Aerospace & Defense, Energy & Utilities, Communications, Media & Entertainment, Financial Services, Retail, Manufacturing, Non-Profit, Online Services, Healthcare, Higher Education, Travel & Transportation, Technology, Public Sector, Diversity in Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Developer, Architect, Administrator | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Visualizations, Basic Content, Framework, Content, Dev Tools, App Ecosystem | Session Type: Breakout Session | Solutions: Cloud Strategies, Business Analytics, IT Operations, Log Management, Security & Fraud, Application Delivery, Big Data, IoT & Industrial Data
Scott Haskell, Principal Architect, Splunk Inc.
Take a deep dive into the custom visualization framework. Learn how Splunk empowers you to build your own visualizations that help solve business-critical problems. This talk will show you everything you need to know about how to build a custom visualization, including packaging, coding, API specifics, best practices and building community. Work through real-world examples by dissecting the very popular Clustered Single Value Map Visualization (https://splunkbase.splunk.com/app/3124/). By the end of this talk, you’ll be inspired to create your own custom visualizations and share them with the Splunk community.
Dashboard Wizardry
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Retail, Energy & Utilities, Diversity in Technology, Media & Entertainment, Aerospace & Defense, Public Sector, Travel & Transportation, Technology, Higher Education, Healthcare, Online Services, Non-Profit, Manufacturing, Communications, Financial Services | Products: Splunk Enterprise | Role: Administrator, Architect, Data Scientist/Analyst, Developer, Splunk Technical Champion | Track: Foundations | Session Focus: Application Performance & Analytics | Other Topics: Content, Workflow, Visualizations, Using Splunk, Dev Tools, Search Language, What's New | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Security & Fraud, Application Delivery, IoT & Industrial Data, Cloud Strategies, Business Analytics, Big Data
Yuxiang Kou, Software Engineer, Splunk Inc.
Siegfried Puchbauer, Principal Software Engineer, Splunk Inc.
Splunk dashboards and forms provide a solid framework from which to quickly compose static content for showing and visualizing data from search results. Tapping into the full power of SimpleXML enables you to go beyond and build rich interactions and workflows into your dashboards without resorting to code. In this session, you'll learn from the creators of the dashboard framework about how to take a rudimentary dashboard and advance it to provide a rich and interactive user experience. It will cover the hooks and building blocks available in SimpleXML, including the new ones introduced in the latest versions of Splunk Enterprise.
Dashboards, Alerting, Reporting and Visualization - What’s New
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Energy & Utilities, Communications, Manufacturing, Media & Entertainment, Financial Services, Higher Education, Retail, Online Services, Non-Profit, Technology, Travel & Transportation, Healthcare, Public Sector, Aerospace & Defense | Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, Splunk Technical Champion, Architect, Business Manager, Developer, Security Analyst, Operations Manager | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Business Analytics, Log Management, IT Operations, Big Data
Nicholas Filippi, Product Management, Splunk Inc.
Patrick Ogdin, Principal Product Manager, Splunk Inc.
Meet the growing demand for richer and more efficient dashboards and visualizations by learning about all the newest framework enhancements.  Walk-through the latest updates to visualizations, drill down and more.
Data Obfuscation and Field Protection in Splunk
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Aerospace & Defense, Public Sector | Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion, Security Analyst, CISO, Administrator | Track: Foundations | Session Focus: Compliance and Regulations | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: Big Data, Log Management, Cloud Strategies, IT Operations, Security & Fraud, Business Analytics, IoT & Industrial Data
Angelo Brancato, Security Specialist, Splunk Inc.
Dirk Nitschke, Senior Sales Engineer, Splunk Inc.
Your events are most likely made up of sensitive data, and you’ve been asked to obfuscate it for risk mitigation or compliance with standards such as PCI, HIPAA, GDPR and others. Join this session to learn about options Splunk offers to anonymize or pseudonymize data at various stages in your environment, while still being able to analyze and correlate said data. Learn about the impact of each method and how to select the right ones for your use cases. You’ll even see how you can integrate a third-party crypto-appliance into Splunk for field protection.
Data Onboarding: Where Do I Begin?
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Non-Profit, Online Services, Healthcare, Travel & Transportation, Technology, Financial Services, Higher Education, Communications, Energy & Utilities, Diversity in Technology, Media & Entertainment, Aerospace & Defense, Public Sector, Retail, Manufacturing | Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, Splunk Technical Champion, Developer, Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: App Ecosystem, Dev Tools, Getting Data In, Best Practices, Search, Analyzing Data Types, Search Language, HTTP Event Collector, Managing Splunk | Session Type: Breakout Session | Solutions: Cloud Strategies, Business Analytics, Application Delivery, Security & Fraud, Log Management, IT Operations, IoT & Industrial Data, Big Data
Luke Netto, Senior Professional Services Consultant, Splunk Inc.
How do I get data into the Splunk platform? What is a sourcetype? Does Splunk already know how to handle my data? What app do I use? What if all my data is syslog? If you tend to ask these types of questions, then this session is for you. It is a walk through onboarding fundamentals. We will discuss the importance of a timestamp and what to do if your data doesn’t have one. We will explain when to use an existing sourcetype and when to create a new one. We will also review the process of examining an app from Splunkbase and determining what sourcetype the app expects. By the end of this session you will no longer use syslog as a sourcetype, but as a means of collecting data.
Data Science Ops in Practice – Learn How Splunk Enables Fast Science for Cybersecurity Operations
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Aerospace & Defense, Public Sector | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data
David Brenman, MD, Booz Allen Hamilton
Olisa Stephensbailey, Technical Director, Booz Allen Hamilton
This session will provide real-world examples of how one data-science team has been providing quick turnaround operational support within the federal sector with our client (U.S. Cyber Command). We will walk through how our agile workflow allows flexibility in identifying data analytic needs to complement cyber analysis, include a real-world scenario showing how we fought through cultural barriers to deliver impact-to-security reporting and outline how Splunk can be leveraged for analyzing both big and small data challenges, while leveraging machine learning. Those that attend this session will walk away armed with actionable steps they can employ within their own government organizations that will foster growth and collaboration between cyber analysts, mission directors and data scientists alike! At the conclusion of our talk, we will announce new modular advanced analytics/machine learning apps that were developed with the Booz Allen and Splunk partnership and tested in Operations.
Data Wars: A New Hope for IT & Security Insights
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise | Role: Operations Manager, Administrator, Splunk Technical Champion, Security Analyst | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data, Log Management, Application Delivery, IT Operations
Jade Catalano, Senior Product Marketing Manager, Security, Splunk Inc.
Rob Christian, Senior Sales Engineer, Splunk Inc.
Ever wonder what insights you’re missing out on? What if you could expand the view of your data while reducing noise so you can focus on what is most critical? Many times you look at data through the lens of your own challenges, but what happens when you can multiply what you know? Often, the same data you are using to help solve security problems also provides valuable insight into IT issues, and vice versa. IT staff often lose too much time to troubleshooting and investigating events, causing them to miss important alerts, while security teams are lost chasing false positives. In this session you will learn to reduce alert fatigue and cut down the noise by correlating across IT and security. Gain different perspectives around authentication, firewall traffic and performance data, whether you’re an IT or security practitioner. Leverage, visualize and correlate data from across your infrastructure to improve your reaction time, determine root cause and accelerate remediation.
Data Your Way—Unlocking the IBM Z Black Box
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Technology, Healthcare, Public Sector, Financial Services, Retail | | | Track: IT Operations | | | Session Type: Breakout Session | Solutions: IT Operations
Daniel Wiegand, Senior Offering Manager, IBM Corporation
This session will cover how you can tap into the vast amounts of IBM Z Systems mainframe operational data to get a single pane-of-glass view of your distributed and mainframe environments. IBM Common Data Provider for Z can collect, filter and stream Z Systems operational data in near real time. Your teams can gain insight into the operational health of critical business systems to ensure that they deliver the services your customers expect or to quickly diagnose issues when they arise.
Deeper Insights into Human Bias in Algorithms: A Fireside Chat with Industry Experts
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Diversity in Technology | | Role: Data Scientist/Analyst | Track: Foundations | Session Focus: Diversity in Technology | Other Topics: Behavioral Analytics and Machine Learning, Machine Learning, Diversity in Technology | Session Type: Breakout Session | Solutions: Big Data
Jeremy Epstein, Deputy Division Director for the National Science Foundation’s Division of Computer and Network Systems, National Science Foundation
Archana Ganapathi, Director Data Strategy, Splunk Inc.
Mehdi Jamei, Executive Director, Bayes Impact
Adam Oliner, Director of Engineering, Splunk Inc.
Join Splunk’s own Data Scientist and Director of Engineering, Adam Oliner, as he hosts a discussion on the topic of algorithmic accountability. When machines are making the decisions, what assumptions have we unconsciously taught them to apply? Why is it so difficult to mitigate baked-in biases? Learn about the broad reach of human biases and why accounting for diversity counts.
Delivering Digital Services to Customers: a Real Example of DevOps Optimization Using Splunk
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Communications | Products: Splunk Enterprise | Role: Developer | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Application Delivery
Philippe Ensarguet, CTO, Orange Application for Business
Like other companies in the IT services industry, Orange Application for Business is facing pressure from customers to deliver more quality software in less time. This is what we called the Daft Punk syndrome: "better, cheaper, stronger, faster." We are also living in a world where development needs to be more agile, moving from traditional software to cloud, containers, etc. By describing the Orange ecosystem that was used to develop software for customers, and the issues they were facing, Orange will explain some limitations and complexity of the open source world, and the tactical advantages that the Splunk platform brings to them, in term of visibility, agility and quality, allowing them to shift their business model.
Deriving Value in Agile Sprints With Real-Time DevOps Analytics
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Technology, Communications | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Developer | Track: IT Operations | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: IT Operations, Application Delivery
Yann Charneau, Tech Architecture Delivery Manager, Accenture
Mark DiFilippo, Automation Architect, Accenture
Bryan McCauley, Consultant, Accenture
By using data from popular DevOps tools and integrating this data into personalized dashboards with DevOps analytics, IT organizations can deliver at the pace a business demands. Attend this session to learn how a large U.S.-based cable operator used DevOps analytics capability to enable real-time feedback across the entire delivery life cycle, providing actionable insight into development velocity, stability and performance. You will learn how an agile IT organization can not only reduce costs but also improve its business impact using advanced DevOps capabilities like e2e visualizations, integrated tracking and alerting, and automation and machine learning.
Do You Really Know My Adversaries? Prove It.
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Energy & Utilities | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Data Scientist/Analyst, Security Analyst, Architect | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | Other Topics: Security Use Case Development, Applying Threat Intelligence / Context | Session Type: Breakout Session | Solutions: Security & Fraud
Kyle Maxwell, Security, Accenture
Tim Plona, Business Solution Architect, Freeport McMoRan
Brandt Varni, TX, Accenture
Do you really know who your adversaries are, how they think, what they want, and what their tools techniques and procedures are? Is this so-called "threat" real or just another one of “those”? Threat intelligence can come in many shapes, sizes and varying costs, but how do you know if what you are looking at is real for your environment? In this session, we will discuss what a real threat looks like when integrated with Splunk and how meaningful threat intelligence can accelerate your ability to focus on what matters.
Docker & Splunk Development: Empowering Splunk Development with Docker - Booz Allen Hamilton (Booz Allen)
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect, Developer, Operations Manager | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Application Delivery
Ronald Cooper, Cyber Security Architect, Booz Allen Hamilton
David Kraemer, Senior Solutions Architect, Booz Allen Hamilton
Docker’s adoption rate for DevOps continues to grow, almost doubling in the last year. Booz Allen is always researching ways to streamline the Splunk development and testing processes and has identified Docker as a viable solution. This solution will allow Splunk development for many different roles and use cases. In this session, the presenters will briefly cover what Docker is and what the benefits are of using Docker for Splunk development, as well as demonstrating and sharing a scripted deployment of a multi-site clustered Splunk development environment and providing specific use cases that focus on building custom Splunk apps, test configurations, dashboards, saved searches and knowledge objects. Finally, they will provide a brief overview of Docker’s native Splunk Logging Driver.
Dockerizing Splunk at Scale
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Advanced
Industries: Online Services, Manufacturing, Retail, Financial Services, Media & Entertainment, Communications, Aerospace & Defense, Energy & Utilities, Public Sector, Technology, Healthcare, Travel & Transportation, Non-Profit | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Developer, Administrator, Architect, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Application Delivery, Log Management, IT Operations
Brian Bingham, Principal Engineer, Splunk Inc.
Brent Boe, Sr Software Engineer, Splunk Inc.
Docker is a new container technology that allows micro-services to be setup at scale. Running full applications inside of docker can pose interesting challenges. Splunk has create an orchestration for creating containers that run Splunk and create repeatable environments. ORCA can deploy Splunk in any major configuration style, from standalone machines, to heavy forwarders, to index clusters and searchhead clusters. This session is to show and demo our new tools that will be released open source, and discuss what unique issues we ran into with Splunk inside of docker. We'll also discuss what other container softwares we looked at and why we chose to use docker.
Don’t Get Stung by Bad Guys—Get STINGAR (Shared Threat Intelligence for Network Gatekeeping With Automated Response)
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM
Industries: Higher Education | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst, Administrator, CISO | Track: Security / Compliance / Fraud | Session Focus: Automation / Adaptive Security | Other Topics: SecOps, Customer Success Story, Applying Threat Intelligence / Context, Adaptive Response, Nerve Center, Search, Automation | Session Type: Breakout Session | Solutions: Security & Fraud
Richard Biever, Chief Information Security Officer, Duke University
Jesse Bowling, Manager of Security Operations and Management, Duke University
Duke University will tell the story of our journey in developing STINGAR (Shared Threat Intelligence for Network Gatekeeping with Automated Response), a dynamic, effective threat intelligence program making use of data from our network and systems, information from our sharing partners, and data from our commercial tools. Central to this program was using Splunk to aggregate, correlate and make sense of the data, categorizing it for automated active response, first with our intrusion protection system, and later making use of black-hole routing techniques. We will also discuss our efforts to develop a community around the sharing of threat intelligence, making use of the same infrastructure.
Effectively Enhancing our SOC with Sysmon, PowerShell Logging and Machine Learning to Detect and Respond to Today’s Threats
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Advanced
Industries: Manufacturing, Media & Entertainment, Communications, Public Sector, Energy & Utilities, Technology, Aerospace & Defense, Healthcare, Travel & Transportation, Non-Profit, Higher Education, Retail, Online Services, Financial Services | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Administrator, Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: DevOps | Other Topics: Platform Extensibility, Using Splunk | Session Type: Breakout Session | Solutions: Security & Fraud
Kent Farries, Sr. Systems Analyst, Security Intelligence & Analytics, TransAlta Corporation
Ikenna Nwafor, Sr Systems Analyst, Security Design, TransAlta
With today’s threats, TransAlta needed to improve its managed SOC with the goal of becoming a “pretty good SOC” in 2017. We had to look at how we are doing things today, what we should stop doing or automate and what we should be doing tomorrow. We decided that we needed to get better at hunting with limited resources, so we chose to leverage Sysmon, PowerShell logging and machine learning. This session will showcase how we used Splunk to efficiently collect and analyze the logs from thousands of endpoints to understand our security posture. We will also provide some insight from our lessons learned around deployment, tuning and capacity planning.
Ending the Finger-Pointing Between Apps and Network Admins
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Energy & Utilities, Communications, Financial Services, Manufacturing, Media & Entertainment, Online Services, Retail, Higher Education, Non-Profit, Technology, Healthcare, Travel & Transportation | Products: Splunk Enterprise | Role: Administrator, Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Analyzing Endpoint Data | Session Type: Breakout Session | Solutions: IT Operations
David Cavuto, Principal Product Manager, Splunk Inc.
Your network is speaking to you! Listen to what your applications are saying. Monitoring the metrics already present in your wire data can be the key to understanding and characterizing their performance. With Splunk Stream, you can collect dozens of metrics at the IP, TCP, and application layer. This session will show you how to characterize the performance of your applications and the network, and how to tell which is the source of trouble.
Ensuring Customer Satisfaction Through End-To-End Business Process Monitoring Using Splunk ITSI
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Healthcare | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Developer | Track: IT Operations | Session Focus: itsi | Other Topics: Customer Success Story, Anomaly Detection | Session Type: Breakout Session | Solutions: Business Analytics, IT Operations
Patrick Farrell, Sr. Engineer, Cardinal Health
Michael Hurley, Sr. Software Architect, Cardinal Health
This session will highlight a valuable Splunk ITSI solution that helps Cardinal Health ensure customer satisfaction through the visualization of business-process health. The process features end-to-end correlation across the entire business spectrum, anomaly detection through machine learning and the ability to isolate and fix a problem quickly. The presentation will also include a simulation of this solution, in which the health of an entire business process can be observed within a single pane in near real time. Also discussed will be key considerations and challenges, such as the correlation of data across multiple systems, including SAP.
Enterprise Security Biology: Dissecting the Splunk Enterprise Security Threat Intelligence Framework
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Advanced
| Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | | Session Type: Breakout Session | Solutions: Security & Fraud
John Stoner, Staff Security Architect, Splunk
The Splunk Enterprise Security (ES) Threat Intelligence framework has been part of Splunk ES since version 3.0. This session will dive into this framework, covering how observables/indicators for files, URLs, certificates and others can be integrated into the Threat Intel framework and what happens behind the scenes to prepare these diverse indicators for consumption and correlation. During this talk, examples of different techniques to simplify working with threat intelligence will be discussed, including how to disable artifacts, integrate with incident response and perform retrospective analysis of new indicators against old events. Attendees will leave this talk with a greater understanding of the Threat Intel framework and methods to work more effectively with it and Splunk ES.
Essentials to Creating Your Own Security Posture Using Splunk Enterprise
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Aerospace & Defense, Public Sector | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Administrator, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Security & Fraud
Richard McKee, Cyber Security Incident Response Team, Principal Cyber Security Analyst
Attendees will see examples of how the Nevada National Security Site (NNSS) monitors its security posture using Splunk Enterprise. Showcasing real-time dashboards gives the NNSS IT/Cyber Operations the ability to monitor and alert on insider threat activities, incident response, network forensics and more. Using available logs, network flows and other metrics and sources of data commonly found in most environments, the attendee will gain an understanding of how to use Splunk Enterprise for detecting IOCs and create a more mature security posture.
Expert Panel: Analytics for the Industrial Internet of Things
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Manufacturing | Products: Splunk Cloud, Splunk Enterprise | Role: CIO, Administrator, Architect, Business Manager, Data Scientist/Analyst, Splunk Technical Champion, Operations Manager, Security Analyst, CISO, Developer, CTO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: SecOps, Attack Scenarios, Investigation, Anomaly Detection, Security Use Case Development, Forensics | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Brian Berg, Senior Mgr, ESP Lead DACH & Nordics, Accenture
Robert Frazier, Senior Manager for Cyber Security Architecture, Lockheed Martin
Brian Gilmore, Director, IoT and Industrial Data Ecosystem, Splunk Inc.
Jason Oney, CEO, Strategic Maintenance Solutions, Inc.
Andy Robinson, NC, Avid Solutions
The digitization of manufacturing has opened up many opportunities for analytics use cases, like predictive maintenance and asset failure prediction. But where do you start? Come learn industrial IoT data analytics best practices from our panel of industry experts.
Extending SPL with Custom Search Commands and the Splunk SDK for Python
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Advanced
| Products: Splunk Enterprise | Role: Administrator, Developer, Data Scientist/Analyst, Splunk Technical Champion | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Application Delivery
Jacob Leverich, Director of Engineering, Splunk Inc.
Splunk's Search Processing Language, SPL, is both powerful and versatile. Nevertheless, some use cases exceed the capabilities of SPL. For these cases, SPL can be extended with "Custom Search Commands." This talk covers implementation details of the Custom Search Command feature, and teaches you how to build new commands using the Splunk SDK for Python.
External Webservice Monitoring
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Media & Entertainment | | Role: Operations Manager, Architect | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Cloud Strategies, IT Operations, Application Delivery
Martin Senebald, Unit Manager Data Analytics & Cloud, COCUS AG
Having web services run smoothly is vital for most of us, so to have an external view on the service is key to deliver the best experience for our customers. At Sky we use AWS and JMeter with Splunk at its core to effectively get these important insights. Not only gathering the information also scheduling and distributing tests in a multi region setup makes this setup so powerful and effective.
FFIEC Cybersecurity Assessment Tool: Cybersecurity Controls & Incidence Mappings for Splunk Enterprise, Enterprise Security, User Behavior Analytics
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Financial Services | Products: Splunk Cloud, Splunk Enterprise | Role: CIO, CISO, Operations Manager, Business Manager | Track: Security / Compliance / Fraud | Session Focus: Compliance and Regulations | Other Topics: Framework, Posture Assessment, Security Use Case Development | Session Type: Breakout Session | Solutions: Security & Fraud
Morian Eberhard, CISO, Zions Bank
Curtis Johnson, Senior Sales Engineer, Splunk Inc.
The Federal Financial Institutions Examination Council (FFIEC) developed its Cybersecurity Assessment Tool (CAT) in June 2015. Within the tool are a series of questions and controls that help financial institutions evaluate their cybersecurity risk and define their security maturity. Splunk has taken each of the cybersecurity controls from the CAT and mapped Splunk capabilities to each to explain how Splunk can help institutions assess and mature their cybersecurity posture as it pertains to the CAT. This session will cover how Splunk maps to these controls.
Fake Data for Real Apps
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud, Splunk User Behavior Analytics, Splunk Enterprise Security | Role: Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery
David Cavuto, Principal Product Manager, Splunk Inc.
David Poncelow, Senior Software Engineer, Splunk Inc.
The Splunk Data Simulator lets you simulate sophisticated, real-time sample data for your Splunk apps. In this presentation, we'll describe current challenges in getting data for developing, testing, and demoing Splunk apps and demonstrate how this new tool can help. We'll walk you through the details of the Splunk Data Simulator—including its human-readable scripting language. We'll also present (live!) demos showing you how to use simulations to drive apps, and explain how Splunk Data Simulator can fit into your organization’s development and sales process.
Fields, Indexed Tokens and You
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Advanced
Industries: Non-Profit, Media & Entertainment, Manufacturing, Communications, Energy & Utilities, Financial Services, Retail, Online Services, Travel & Transportation, Technology, Aerospace & Defense, Higher Education, Healthcare, Public Sector | Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Operations Manager, Administrator, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud, Log Management, Cloud Strategies, IoT & Industrial Data, IT Operations, Big Data, Business Analytics
Martin Müller, Consultant, Consist Software Solutions GmbH
Splunk software does many things to make your searches run fast. Most importantly, Splunk has to narrow down the set of potentially matching events. The fewer events that Splunk must scan, the faster your search will run. In this session, we will explore how Splunk software uses fields and indexed tokens to achieve this and how you can leverage them to your advantage. You will learn how to detect optimization potential in your searches and how to make meaningful changes. Additionally, we will cover how common configurations can have a great impact on search performance.
Focus the Splunk Lens With Visual Design Best Practices
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Energy & Utilities, Communications, Financial Services, Retail, Manufacturing, Online Services, Higher Education, Non-Profit, Travel & Transportation, Healthcare, Technology, Public Sector, Aerospace & Defense, Media & Entertainment | Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Architect, Splunk Technical Champion, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Business Analytics, IT Operations, IoT & Industrial Data, Security & Fraud, Cloud Strategies, Big Data, Log Management, Application Delivery
Haider Al-Seaidy, Global Sales Engineer, Splunk Inc.
Eric Merkel, Sr Sales Engineer, Splunk Inc.
Learn best practices for working with and using Slpunk Cloud, including latest feature adoption, Splunk validated architecture, getting data in and working with Support. All the things that are better to know now, not later!
Forming, Storming, Norming, and Performing – Developing Enterprise Security Into an Effective Member of Your Security Team
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Beginner
Industries: Manufacturing | Products: Splunk Enterprise Security | Role: Administrator, Security Analyst, Architect, CTO | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Best Practices, App Ecosystem, Security Use Case Development, Using Splunk | Session Type: Breakout Session | Solutions: Security & Fraud
Dru Streicher, Information Security Analyst, The Sherwin-Williams Company
Introducing Splunk Enterprise Security (ES) into your environment is just like introducing a new member to your security team. In this session, we’ll walk you through our implementation process and how Sherwin-Williams developed use cases and tailored Splunk ES to become our Security Operations Center’s most important tool. As we’ve developed Splunk ES and the use cases used with it, we’ll also talk about how the SOC has adapted to Splunk and, finally, the metrics that we use to show the effectiveness of the Splunk and SOC team.
Friction Free Splunk App Certification
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery
Theodore Hellmann, Product Manager, Splunk Inc.
Logan Knecht, Washington, Splunk Inc.
Andrew Nortrup, Sr. Product Manager, Splunk Inc.
Splunk Application Certification is a process that was created to help raise the profile of your Splunk App on Splunkbase. It works by signaling to Splunk users that your Splunk App conforms to Splunk's best practices and security standards. This talk will cover the advantages of the Splunk Application Certification program and discuss how we use Splunk AppInspect's API metrics to identify the most common failures found. The talk will be followed by a guided walk through with an Application Certification team member on how to avoid the most common pitfalls that block a candidate during Splunk’s manual code review step in the certification process. There will also be a demo Splunk App that can be used by developers afterwards in order to help clarify the points that will be discussed.
From API to APM using Splunk Add-on Builder
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Developer | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Security & Fraud
Elias Haddad, Product Manager, Splunk Inc.
Cheney Li, Senior Software Engineer, Splunk Inc.
Gordon Wang, Principal Software Engineer, Splunk Inc.
Add-ons can import and enrich data from any source, creating a rich dataset ready for analysis in Splunk. We present an overview of Splunk Add-on Builder and show how this app makes onboarding data faster and easier. We’ll use a real-world example to demonstrate how the Splunk Add-ons for New Relic and AppDynamics and SolarWinds were built. Highlights of the demo include Splunk ITSI and Common Information Model mapping and validation with the click of a button.
From Monitoring and Alerting to Ensuring Mission Readiness Through Improved Availability
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Aerospace & Defense | | Role: Operations Manager, Architect | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Tunay Basar, VP and Co-Founder of Pernix LLC, Pernix Consulting LLc
This session shares how the need to monitor mission-critical systems grew into a desire to provide better availability and architecture of existing systems using Splunk.
From Zero to 100 in 100 Days, or "How Quickly Can You Drive Splunk Adoption?"
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Online Services, Technology | Products: Splunk Enterprise Security, Splunk Enterprise | Role: CIO, CISO, Splunk Technical Champion, Business Manager, CTO | Track: Foundations | Session Focus: Business Innovation | | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud, Log Management
Tom Gerhard, Fellow, Logging & Monitoring, priceline.com
Vidhya Ramachandran, Principal Software Engineer, Priceline.com
Priceline.com adopted Splunk in late 2016, going from turning on the system to full deployment in just over three months. In this discussion, we'll review the technical and organizational challenges that led us to Splunk and share our experiences implementing Splunk with a project team of five people, targeting more than 100 users and 3.5TB of daily data.
Gain Real-Time Insights from Your Data Using Splunk and AWS Cloud
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Online Services, Public Sector, Aerospace & Defense, Energy & Utilities, Communications, Media & Entertainment, Financial Services, Manufacturing, Healthcare | | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Elias Haddad, Product Manager, Splunk Inc.
Ray Zhu, Sr. Product Manager, AWS
In this session, we’ll give an overview of Splunk capabilities in AWS cloud and how you can use Splunk to gain insights from your cloud resources. We’ll also introduce a new capability that allows you to ingest, transform, and analyze data in real-time with Splunk and AWS cloud.
Goodbye Tedious Tasks! Modernizing InfoSec Training and IT Operations at USF: A Novel Automation Framework Leveraging Splunk
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Technology, Higher Education | Products: Splunk Enterprise | | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Platform Extensibility, Posture Assessment | Session Type: Breakout Session | Solutions: Big Data, IT Operations, Log Management, Security & Fraud
Tim Ip, Security Engineer, University of San Francisco
Nick Recchia, Information Security Officer & Director, University of San Francisco
Ever wonder how to expand Splunk use cases beyond visualizations? In this session, we will demystify how we automate boring, tedious IT operational tasks using Splunk at University of San Francisco (USF). We will introduce our automation framework and highlight how we automate our Information Security Online Training for >3000 employees using Splunk. We will also demonstrate how we apply our automation framework to streamline and automate: security monitoring, incident triage, and improved operational efficiency inside/outside of our centralized IT division.
Harnessing Robotic Microscopes, Artificial Intelligence and Deep Learning to Increase the Speed of Drug Discovery
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Manufacturing, Healthcare, Technology | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Operations Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Customer Success Story, Analyzing Data Types, Machine Learning | Session Type: Breakout Session | Solutions: Big Data, IoT & Industrial Data, Business Analytics
August Allen, Automation Scientist, Recursion Pharmaceuticals
Ben Miller, Director HTS Operations, Recursion Pharmaceuticals
Recursion Pharmaceuticals applies automation and data science to discover treatments for rare diseases. Splunk works as an ETL tool to feed data back to our data scientists and as a quality monitoring and diagnostics tool for laboratory instrumentation. Implementing a system like this in three months would not have been possible without several key technologies from Splunk. Universal forwarders collect data from instrumentation, the Splunk SDK for Python passes data back into more complex decision-making processes, Splunk DB Connect enriches our log data with quality metrics, and the Machine Learning Toolkit analyzes metrics to create interesting insights. During this talk we'll explain some of the basic concepts of Recursion's technology platform. Then we’ll dive into some of the details on how we've used Splunk to help develop and track metrics on laboratory performance as well as to detect and prevent mistakes in experiment processing.
Headache in the Cloud? Prescription for Relief: Using Splunk Enterprise Security to Secure the Cloud
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Travel & Transportation, Higher Education | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Data Scientist/Analyst, Architect, Security Analyst, Operations Manager, CISO | Track: Security / Compliance / Fraud | Session Focus: Threat Hunting | Other Topics: Amazon Web Services, Security Use Case Development, Investigation, SecOps, Adaptive Response | Session Type: Breakout Session | Solutions: Security & Fraud, Cloud Strategies
David Naylor, Security Analyst, Georgetown University
Craig Vincent, Solution Engineer/ Regional Security SME, Splunk Inc.
Do your colleagues have their heads in the cloud? Worried about visibility in a hybrid world? Come listen to Georgetown University’s Security Analyst and a Splunk Security SME discuss securing IaaS like AWS and SaaS using Splunk for Enterprise Security. This session will cover common challenges and real-world strategies to mitigate risks and reduce the headache of moving to the cloud.
How DHA and Leidos are Monitoring the Applications and Infrastructure of the World's Largest Healthcare System with Splunk
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Healthcare, Public Sector, Aerospace & Defense | Products: Splunk Enterprise | Role: Splunk Technical Champion, CTO, Architect, Administrator, Operations Manager, siteReliabilitySystemsEngineer, CIO | Track: IT Operations | Session Focus: Public Sector & Education Industry Day | Other Topics: Analyzing Network Data, Tuning Alerts, Alert Actions, Visualizations, Managing Splunk, Analyzing Endpoint Data, Getting Data In, Customer Success Story, Investigation, govday, Search, Automation, Best Practices | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Ariel Canonizado, Principal Engineer, Leidos
Steve Mullins, System Architect, Leidos
Wayne Speaks, Chief IT Operations and Sustainment Branch, Defense Health Agency
Small healthcare systems are complex. Large healthcare systems are cumbersome and complex. On the contrary, the world’s largest healthcare system’s information technology and clinical applications are becoming more efficient and easier to understand and manage. Splunk and Leidos are helping this transformation by monitoring performance, availability, compliance, and configuration of the systems, networks, and applications. In this session, we will discuss and show what we are doing to keep stakeholders informed about the status of the DoD healthcare applications and it's computing infrastructure.
How Rabobank's Monitoring Team Got a Seat at the Business Table With Splunk ITSI
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Financial Services | Products: Splunk IT Service Intelligence, Splunk Enterprise | Role: Operations Manager | Track: IT Operations | Session Focus: itsi | | Session Type: Breakout Session | Solutions: IT Operations
Danny Bos, VP, Manager Monitoring Services, Rabobank
Eduard Lekanne, ITSI Evengalist, UMBRIO
Rabobank started using Splunk Enterprise years ago and, with over 1,300 named users, is very successful with it, especially within the technical application teams. Splunk is traditionally managed from out of a central Continuity & Security Services Team doing also other tools like event monitoring, service management, control room, SOC, etc. Last year Rabobank decided to use Splunk ITSI to support the monitoring of its main business services. In this session we want to talk about how Rabobank addressed challenges such as how to position Splunk ITSI against all the other solutions currently in use, how to work with business teams, what type of people/roles are needed to make it happen, is Self-Service a concept that works for Splunk ITSI, how to deliver quick and real value, and how to maintain Splunk ITSI not only as platform, but more from the functional perspective.
How To Use Office 365, Salesforce and Box With Splunk Enterprise and Splunk Enterprise Security
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: Security Analyst, Administrator, Business Manager | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | Other Topics: Investigation, Using Splunk, Cloud Strategies, Getting Data In, Analyzing Data Types | Session Type: Breakout Session | Solutions: Security & Fraud, Log Management
Girish Bhat, Director, Splunk Inc.
Chinmay Kulkarni, Senior Software Engineer, Splunk Inc.
As native SaaS tools, Cloud Access Security Brokers (CASBs) provide visibility into SaaS Apps limited to cloud data. With Splunk Enterprise and Splunk Enterprise Security (ES), you can get context from popular Enterprise SaaS Apps and correlate it across SaaS and on-premises sources to improve investigation and incident response. This session will walk you through how to incorporate cloud data from Microsoft Cloud Services (Office 365), Salesforce, Box, Okta and AWS into Splunk ES content to monitor sanctioned SaaS apps.
How splunkd Works
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Communications, Energy & Utilities, Financial Services | Products: Splunk Enterprise | Role: Developer, Administrator, Architect, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Internals | | Session Type: Breakout Session | Solutions: Application Delivery, Cloud Strategies, Log Management, Security & Fraud, Big Data, IoT & Industrial Data, Business Analytics, IT Operations
Amrit Bath, Principal Engineer, Splunk Inc.
Abhinav Nekkanti, Software Engineer, Splunk Inc.
Join this session to learn about the building blocks of splunkd. We'll review how pipeline, processors and queues work to build a scalable system in splunkd, and highlight how Splunk can ingest data from a variety of input sources. We will detail File, Network and Scripted inputs, and walk through a scenario where data in a file is read by splunkd and makes its way through different components of splunkd before getting indexed or forwarded. Finally we'll review how to debug issues based on metrics.log information.
How to Use Splunk to Automate Troubleshooting in a Call Center Environment
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Beginner
Industries: Healthcare, Technology | Products: Splunk Enterprise | Role: Administrator | Track: IT Operations | Session Focus: Business Innovation | | Session Type: Breakout Session | Solutions: Log Management, IT Operations
Travis McBee, Sr. Team Lead, Cerner Corporation
This session will show you how to use Splunk in a call center environment to reduce talk time, increase first contact resolution, and prevent caller frustration. The session will highlight what types of information you need to capture in logs and what actions you need to apply to the logs in order to make them usable for non-technical staff in a call center. We will include specific examples of how our group has executed on this initiative, including dashboard and process examples. The session will also cover how Splunk can help call center associates working on problem and event management. Finally, we will discuss the real-world results that we have experienced and how a similar process can be set up at other organizations.
How’d You Get So Big? Tips & Tricks for Growing Your Splunk Deployment from 50 GB/Day to 1 TB/Day
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices, Managing Splunk | Session Type: Breakout Session | Solutions: IT Operations
Gareth Anderson, Middleware Specialist, IAG
This session will cover two main subjects: minimizing the amount of hardware your Splunk installation requires through performance tuning and troubleshooting a number of issues that will likely occur as your Splunk installation grows in size and users. This session aims to assist Splunk administrators with troubleshooting and tuning their growing Splunk installation.
Hunting the Known Unknowns: Finding Evil With SSL Traffic
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Advanced
| Products: Splunk Enterprise | Role: Data Scientist/Analyst, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Hunting | Other Topics: Search Language, Applying Threat Intelligence / Context, Investigation, Analyzing Data Types, Security Use Case Development | Session Type: Breakout Session | Solutions: Security & Fraud
Steve Brant, Senior Security Strategist, Splunk Inc.
Ryan Kovar, Staff Security Strategist, Splunk Inc.
This year’s “Hunting” session will describe how to find malicious adversaries using SSL. The talk will cover new ways to log SSL/TLS certificates and how to find malware in your network using SSL certificates (and more!). Throughout this session we will show you what TLS certificates are used for, how they can be used to find evildoers on your network and other ways you can use SSL traffic to find the "unknowns." Finally, we will release a TLS/SSL hunting Splunk app for attendees to take home to start immediately implementing these techniques on their own network!
ICS Defender: Using Splunk to defend industrial networks
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
Industries: Energy & Utilities | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect, Business Manager, CIO, CTO, CISO, Operations Manager, Security Analyst | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Machine Learning, Ransomware, Powershell, Tuning Alerts, Adaptive Response, Anomaly Detection, Analyzing Network Data, Analyzing Endpoint Data, Applying Threat Intelligence / Context, Attack Scenarios, Containers (Docker, etc.), Wire Data and Network, Mobile App Monitoring, What's New, SecOps, Investigation, Getting Data In, Managing Splunk, Dev Tools, Logging Frameworks, Amazon Web Services, Unix and Linux, Microsoft Exchange, DB Connect, ODBC, Platform Extensibility, Cloud Strategies, Using Splunk, Best Practices, Customer Success Story, Forensics, Posture Assessment, Analyzing Data Types, Security Use Case Development, Behavioral Analytics and Machine Learning, Nerve Center, Diversity in Technology, Investigate, Search, Basic Content, Framework, Workflow, Content, Automation, App Ecosystem, Visualizations, Alert Actions, HTTP Event Collector, Search Language | Session Type: Breakout Session | Solutions: Security & Fraud, IoT & Industrial Data
Drew Hunt, Malware & Threat Intel Lead, Bechtel
Patrick Orr, Network Engineer, Bechtel
Bechtel Industrial Control Systems Lab has been researching and developing uses for Splunk in defense of control systems networks. As we have penetrated and tested attacks against ICS systems, we have developed better ways to document and maintain laboratory network states to identify an introduced adversary. Our dashboard developments bring these intrusions to the attention of control systems operators who can then take immediate action.
IT Super Session: Splunk IT Markets Vision and Future Outlook with Rick Fitz
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM
| | | Track: IT Operations | | | Session Type: Breakout Session | Solutions: IT Operations
Rick Fitz, Senior Vice President & GM, Splunk
Join us as Rick Fitz, Splunk SVP of IT Markets, shares what drives our approach to creating solutions for IT professionals and developers. He will also discuss our perspectives on the future and where we are headed. You’ll walk away with a deeper understanding of the many things Splunk is enabling today and what’s to come.
ITSI in the Wild – Why Micron Chose Splunk IT Service Intelligence and Lessons Learned
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Alert Actions, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations
Michael Scully, IT Area Lead, Micron Technology
Joe Trimmings, IT Area Lead, Micron
Micron needed real-time monitoring, faster incident resolution and improved governance, while delivering demonstrable business value. With a vision of making operations faster, more cross-functional and easily accessible, Micron turned to Splunk IT Service Intelligence (ITSI). In this session, we will cover why Micron chose Splunk ITSI, advantages gained, implementation best practices and lessons learned. We will also touch on some advanced topics, such as custom reporting with Splunk ITSI.
If You Graph It, They Will See It: Identifying Root Issues from Product Testing to Production Crisis. (Splunk@Murex For Test and Development)
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Developer, Data Scientist/Analyst, Splunk Technical Champion | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations
Robert Lynch, Splunk Global Manager and Performance Manager, Murex
Performance analysis on financial software is massively complex and challenging. This is the story of how Murex, a world leader in trading platforms used by financial institutions, started to use the Splunk platform to help debug performance problems. Before deploying the Splunk platform, we had millions and millions of timings logs, and a problem displaying them quickly so they were usable for developers and testers. Up to this point, we were using a basic PDF report with graphs with static mathematics. However, when we were able to dynamically graph this data with Splunk the analysis became much quicker and easier. The turnaround time decreased for resolution, testing and development. In addition, we developed multiple functions in the dashboard to enhance the usability. A developer could attach their environment to the Splunk platform in 5 seconds for live monitoring and save a test as a URL to share with their colleagues. https://www.youtube.com/watch?v=pJsTp7XlGGA [Dashboard for Developers/Testers]
Illuminating Value – Real-Time Point-of-Sale (POS) Analytics
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Retail | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Getting Data In, Analyzing Data Types | Session Type: Breakout Session | Solutions: Business Analytics, IoT & Industrial Data, Big Data
Mike Hineline, Technology Strategy Senior Manager, GTM Strategy Lead for Products in Retail, Accenture
Frank Savino, Senior Principle, Supply Chain & Operations, Accenture
Combining POS, store inventory, and loyalty and marketing data with real-time Splunk analytics, Accenture is developing a bleeding-edge solution that will transform retailers into digital businesses. Attend this meeting to learn how Accenture is preparing retailers to solve difficult use cases, including out-of-stock, waste, fraud, returns, real-time cart expansion, and PCI compliance. You will learn how a digital business with advanced customer experience and operations capabilities can capture new revenue and reduce leakage that can add up to hundreds of millions of dollars!
Improve Customer Satisfaction by Understanding User Feedback with Splunk Machine Learning Toolkit (MLT) and Splunk DB Connect
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Travel & Transportation, Online Services | Products: Splunk Enterprise | Role: Data Scientist/Analyst | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Customer Success Story, Behavioral Analytics and Machine Learning, DB Connect, Machine Learning | Session Type: Breakout Session | Solutions: Business Analytics
Sebastian Fernandez, Digital Analytics Manager, LATAM AIRLINES GROUP
What do you do with your user feedback? Using DBX and the MLT with algorithms like KMeans and TFIDF, we are able to give our agile development teams the input and tools they need to build and maintain high-quality products, focusing on fixing errors that have the greatest impact on customer satisfaction and building the features customers ask for.
Improved Monitoring and Alerting With the Splunk Platform
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Manufacturing, Healthcare, Higher Education, Non-Profit, Online Services, Media & Entertainment, Retail, Communications, Energy & Utilities, Financial Services, Travel & Transportation, Technology | | | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: IT Operations, IoT & Industrial Data, Log Management, Big Data
Michael Porath, Senior Product Manager, Splunk Inc.
Splunk has improved monitoring and alerting so that it’s faster and more responsive. The talk will introduce you to how to take advantage of this new functionality, covering improvements to visualizations and the user interface.
Indexer Clustering Internals, Scaling and Performance Testing
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
| Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session |
Da Xu, CA, Splunk Inc.
Chloe Yeung, CA, Splunk Inc.
This session will discuss indexer clustering internals -* what’s my cluster doing right now? And historically,* how to inspect the details of my cluster (buckets, indexes, peers, fixup activity).* How does clustering scale? We'll also discuss how we do Performance Testing internally,* i.e., what kind of intensive tests do we run?* How has clustering improved over the releases (and latest performance numbers!)
Integrating Splunk and AWS Lambda: Big Results at Fast-Food Prices
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Cloud | Role: CIO, Architect, CISO, Developer, Operations Manager, Security Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Security & Fraud, Cloud Strategies, IT Operations
Siddhartha Dadana, Lead Security Engineer, FINRA
Gary Mikula, Senior Director, Cyber & Information Security, FINRA
Kuljeet Singh, Lead Security Engineer, FINRA
During this session, members of FINRA’s cyber and information security team will discuss how they took advantage of the benefits of serverless computing and the power of the Splunk platform to address some key concerns about the cloud. The speakers will show how integrating Splunk and Lambda resulted in a more successful and cost-effective set of solutions from three distinct vantage points: development, security, and DevOps. Are you willing to spend the cost of a cheeseburger every month for better security? Come and find out why you should.
Introducing Splunk Validated Architectures
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Financial Services, Manufacturing, Retail, Higher Education, Online Services, Media & Entertainment, Communications, Energy & Utilities, Aerospace & Defense, Public Sector, Technology, Healthcare, Travel & Transportation, Non-Profit | Products: Splunk Enterprise | Role: Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: Log Management, IoT & Industrial Data, IT Operations, Big Data
Sean Delaney, Principal Architect, Splunk Inc.
Stefan Sievert, Principal Architect, Splunk Inc.
Learn how to architect stable and efficient Splunk deployments using Splunk Validated Architectures (SVAs). These certified architectures will help you avoid the pitfalls of custom-built snowflakes and better align with Splunk best practices. You will learn how SVAs can help build environments that are easy to maintain and that perform efficiently, simplify troubleshooting and scale with your needs. Best of all, this work will provide a repeatable architectural Splunk foundation.
Keeping Track of All The Things: A Splunk Enterprise Security Use Case and Content Management Story
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Public Sector, Technology | Products: Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | | Session Type: Breakout Session | Solutions: Security & Fraud
Matt Parks, Security Analytics Lead, Kaiser Permanente
Ruperto Razon, Sr. Threat Analyst, Kaiser Permanente
As your Splunk ES deployment matures, how do you organize your content to provide the threat and use-case visibility your security team and management require? Questions arise such as are we covered for a specific threat? What is the efficacy of our security tools? Do our current use cases work as designed? How do we organize and prioritize all the disparate requests for content from inside and outside our org? These can be difficult and time-consuming questions to answer. But by building a robust use case development life cycle, you will be able to leverage the content you have already created in Splunk ES to answer these questions. Not only will it provide the requisite visibility, but it will also allow you to continuously improve your Splunk ES content. Hear how Kaiser Permanente has built a robust use case/content-development life cycle to provide these answers for today and the future.
Keeping Your Medical Center CIO Engaged: Using Splunk to Increase Real-Time IT Operation Transparency, and Creating Insights Into Clinical/Patient Data
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Beginner
Industries: Healthcare | Products: Splunk Enterprise | Role: Architect | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Customer Success Story, Using Splunk, Analyzing Data Types | Session Type: Breakout Session | Solutions: IT Operations, Business Analytics
Kun Deng, MR, University of Michigan
Kalpesh Unadkat, IT Monitoring (Lead), University of Michigan Health System
In this session, we introduce the ever-increasing use of the Splunk platform in a medical center environment. Particularly, we’ll discuss how an infrastructure team uses data from real-time IT operations and electronic medical systems, to provide a real-time single pane of glass view of the enterprise for the CIO.
Know Your Insider: Unmasking Lateral Movement with Splunk UBA
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
| Products: Splunk User Behavior Analytics | Role: Security Analyst, CISO, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Investigation, Behavioral Analytics and Machine Learning, Machine Learning, Anomaly Detection | Session Type: Breakout Session | Solutions: Security & Fraud
George Apostolopoulos, Dir Engineering, Splunk Inc.
Satheesh Kumar Joseph Durairaj, Principal Data Scientist, Splunk Inc.
Stanislav Miskovic, Principal Data Scientist, Splunk Inc.
In this session, we discuss the efficacy of Splunk User Behavior Analytics (UBA) in the discovery of the most devastating threat to an organization: Insider Threat. To protect assets before they are compromised or the final objective of the Insider is achieved, we should focus on detecting lateral movement inside the organization. In this session, we demonstrate multiple challenges in detecting Lateral Movement, along with a real-world example touching vantage points in logs. We also demonstrate how UBA detects Insider Threat via Lateral Movement. Algorithms implemented in Splunk UBA can identify threats by combing firewall and endpoint data and pointing to exact machines and credentials compromised by the insider's lateral movement.
Legacy Compliance Is Dead - Leveraging Continuous Monitoring with Splunk to support the NIST Framework
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Media & Entertainment, Healthcare, Retail, Online Services, Higher Education, Technology, Travel & Transportation, Public Sector, Manufacturing, Energy & Utilities, Communications, Financial Services, Aerospace & Defense | Products: Splunk Enterprise Security, Splunk Enterprise | Role: CISO, Administrator, CIO, CTO, Security Analyst, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Public Sector & Education Industry Day | Other Topics: Customer Success Story, Best Practices, Analyzing Endpoint Data, Analyzing Network Data, Visualizations, Logging Frameworks, Search, Analyzing Data Types, Investigation, SecOps, Attack Scenarios, Automation, govday | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data, Log Management
Matt Coose, CEO, Qmulos
Rinaldi Rampen, Director, Technology Risk, Fannie Mae
Ronald Ross, Fellow, National Institute of Standards and Technology (NIST)
The Trump Administration has called for a tighter focus on risk management measures, reporting, and agency implementation of the NIST Cybersecurity Framework. Compliance is no longer a ""check the box"" activity. In fact, the renewed focus represents a huge opportunity for organizations to rethink their strategy. Join this panel session to gain insight into how organizations can apply an automated solution to enable continuous monitoring of security controls, and how initiatives from NIST are helping to harmonize security and compliance efforts for private industry and public sector organizations. The session will include insights from NIST, industry practitioners and executives, as well as a live demo of the Qmulos Enterprise Compliance app that uses real-time data to create dashboards that enable timely analysis and accurate reporting to support the requirements of multiple frameworks.
Legacy SIEM to Splunk, How to Conquer Migration and Not Die Trying
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
| Products: Splunk Enterprise Security | Role: Administrator, Architect, Security Analyst, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud
Risi Avila, Security Consultant, Splunk Inc.
Ryan Faircloth, FL, Splunk Inc.
Years in the making by multiple teams and leaders, a legacy SIEM is a complex, opaque platform…possibly no living person understands it completely. That's why Splunk has applied an analytics-based approach to identify what's valuable from existing detections and functions – as opposed to busy work and noise – when creating and implementing Splunk Enterprise Security. This approach builds on the foundations of the Splunk Professional Services Security Use Case practice to deliver success where lift-and-shift has failed before. Two experienced Splunk Security practitioners walk you through the approach to identify what should be migrated and what should be replaced from your existing SIEM.
Leidos - Our Journey to Splunk IT Service Intelligence (ITSI)
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Beginner
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Alert Actions, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations
Donald Mahler, Director of Performance Engineering, Leidos
Historically, the focus of Splunk IT Service Intelligence (ITSI) has been glass tables and deep dives. But the practical work of operational awareness and alert management is done by a manager of managers (MoM), or in ITSI terms, the "notable events." Event acquisition issues, rules engine development and automation are just as important and worthy of consideration. Join us in this session for an examination of how Leidos IT replaced an aging MoM with Splunk ITSI.
Lesser Known Search Commands
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Aerospace & Defense, Technology, Travel & Transportation, Public Sector, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Media & Entertainment, Financial Services, Healthcare, Communications, Energy & Utilities | Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, Developer, Business Manager, siteReliabilitySystemsEngineer, Splunk Technical Champion, Security Analyst, Administrator, Architect, Operations Manager | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Search, Search Language | Session Type: Breakout Session | Solutions: Cloud Strategies, IoT & Industrial Data, IT Operations, Big Data, Security & Fraud, Log Management, Business Analytics, Application Delivery
Kyle Smith, Integration Developer, Aplura
Learn new and lesser-known SPL Search Commands! Hear from the Sorcerer of SPL on how you can extend your knowledge of Splunk queries and subjugate the search bar! In this session we’ll also cover lesser-known and understood commands such as streamstats, map, gentimes, untable, and more! Wow your bosses, friends, and other magicians! (Doves not included.)
Machine Learning & Splunk: The Splunk Machine Learning Toolkit in Action
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Communications, Online Services, Technology | | Role: Data Scientist/Analyst, Operations Manager, Administrator | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Machine Learning, Behavioral Analytics and Machine Learning, Customer Success Story | Session Type: Breakout Session | Solutions: IoT & Industrial Data, IT Operations
Iman Makaremi, Senior Data Scientist, Splunk Inc.
Andrew Stein, Global Analytical Architect, Splunk Inc.
Splunk has engaged with several customers to solve their problems using the Splunk Machine Learning Toolkit. In this talk, we will discuss their use cases and discuss how the Machine Learning Toolkit may be applicable to your work.
Making Sense of Web Fraud With Splunk Stream
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Technology, Online Services, Financial Services, Retail | Products: Splunk Enterprise, Splunk Cloud | Role: Developer, Data Scientist/Analyst, Splunk Technical Champion, Operations Manager, Security Analyst, Architect | Track: Security / Compliance / Fraud | Session Focus: Fraud | Other Topics: Search Language, Wire Data and Network, Investigation, Search, Security Use Case Development | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud, Application Delivery
Jim Apger, Sr. Security Architect, Splunk Inc.
Whether you’re interested in web analytics for application-performance management and microservices, IT operations, security or fraud, don’t miss out on one of the richest sources of data within your environment: stream:http. The real-world success stories, advanced use cases and ease of deployment make Splunk Stream your secret weapon for the collection of valuable metadata. This session will walk through solving real-life fraud examples using Splunk and Splunk Stream.
Making the Most of the Splunk Scheduler
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
| Products: Splunk Enterprise, Splunk Cloud | Role: Administrator | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Using Splunk, Search, Best Practices, Managing Splunk | Session Type: Breakout Session | Solutions: Big Data
Paul Lucas, Principal Software Engineer, Splunk Inc.
The ability to generate reports on a periodic schedule is one of the core features of Splunk Enterprise. Scheduling many reports naively can lead to some getting skipped which can then lead to taking action (or not taking it) based on incomplete information. A detailed knowledge of how the scheduler works, including its new features (auto windows, priority increases, skewing), can enable you and your users to use your existing hardware resources to generate reports more effectively.
Manage Enterprise-Level Amazon Web Services (AWS) Services With Splunk Solution
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Technology | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion, Administrator | Track: IT Operations | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Application Delivery
Peter Chen, Principal Software Engineer, Splunk Inc.
Elias Haddad, Product Manager, Splunk Inc.
Managing an enterprise-level Amazon Web Services (AWS) account is challenging work. Most enterprises are answering the same four questions: “How do we optimize costs?” “How can we strengthen security?” “How do we apply best practices?” “How can we simplify troubleshooting?” The Splunk solution, constituting the AWS app and the AWS add-on, can help customers achieve these goals easily. With the AWS add-on, data from multiple AWS accounts can be collected securely, efficiently, and in real time. The AWS app can not only perform searches and view standard dashboards, but it can also offer more intelligent management with topology, timeline, anomaly detection and smart alerting. In this session, we will share several case studies on topics such as managing billing reports, optimizing reserved instances, topology and anomaly detection.
Managing Splunk as an Internal Service at MITRE: Expanding and Demonstrating the Value of Splunk
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Public Sector, Aerospace & Defense, Non-Profit | Products: Splunk Enterprise | Role: Splunk Technical Champion, Operations Manager, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: IT Operations, Log Management, Security & Fraud
Bob Clasen, Computer Engineer, The MITRE Corporation
Like many companies, MITRE’s usage of Splunk started small and grew rapidly. This resulted in a need for enhanced service management to help leverage Splunk’s awesome capabilities and maximize its value to the company. This presentation will give an overview of our service management approach and how we used it to boost the return on our Splunk investment.
Master the Dark Arts: Demystifying Splunk Architecture
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Architect, Splunk Technical Champion, Business Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Cory Minton, Principal Engineer, Dell EMC
Out of the shadows we will come, bearing closely guarded secrets, collected from the dark corners of the world. We’ll show you how to implement Splunk for optimal performance and scalability. Step behind the curtain and learn how small changes in your log files can have massive impacts on infrastructure, whether in the public or private cloud. Uncover how to safely prepare for the unknowns of Splunk Enterprise Security deployments. Discover exactly how you, as a Splunk administrator, can communicate your needs to IT operations and their vendors to ensure your success. Master these dark arts and come into the light!
Measuring HEC Performance for Fun and Profit
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Developer, Administrator | Track: Foundations | Session Focus: Splunk Internals | Other Topics: Getting Data In, HTTP Event Collector, Using Splunk | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Log Management, Big Data
Clif Gordon, WA, Splunk Inc.
Itay Neeman, Senior Director of Engineering, Splunk Inc.
Abigail Sessions, WA, Splunk Inc.
Splunk's HTTP Event Collector (HEC) is one of the most popular ways of getting data into Splunk, whether from custom applications, WebHooks or Docker. You can use HEC in a variety of configurations, and you have many ways to use the HEC APIs. This presentation will help you better understand HEC: We will go over how Splunk measures different configurations, what scenarios we cover, and the tooling we use to do it all in an automated fashion. We will also go over the results we see internally and share best practices on how to successfully deploy HEC in your environment for maximum performance.
Monitor and Manage Your Cloud Environment with Azure Monitor and Splunk
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Non-Profit, Higher Education, Travel & Transportation, Healthcare, Technology, Public Sector, Aerospace & Defense, Energy & Utilities, Online Services, Manufacturing, Retail, Financial Services, Media & Entertainment, Communications | Products: Splunk Enterprise | Role: CTO, Administrator, Operations Manager, Developer, CIO, Architect | Track: Foundations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Business Analytics, Big Data
John Kemnetz, Program Manager, Microsoft
This session will walk through Microsoft Azure's new approach to powerful, flexible logging across all layers of your stack that enable you to deploy, configure and gain insight on your Azure infrastructure using the built-in management capabilities in Azure and the Splunk platform. We'll introduce some exciting Azure Monitor capabilities that will help you easily direct everything, from VM-level syslog events and Azure service-health events to your Splunk instance. We'll then discuss best practices for monitoring and securing your environment using these events in Splunk with queries and dashboards.
Monitoring Docker Containers with Splunk
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Energy & Utilities, Communications, Media & Entertainment, Financial Services, Online Services, Retail, Manufacturing, Higher Education, Technology, Aerospace & Defense, Public Sector, Healthcare, Travel & Transportation, Non-Profit | | Role: Operations Manager, Developer, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations
Marc Chéné, Director, Product Management ITOA, Splunk Inc.
Containers – especially from Docker – have changed the way organizations build, ship and run their applications. Containers reduce problems by ensuring what worked in dev works in production. They can also be orchestrated to scale applications. With these opportunities come monitoring challenges.
Monitoring End User Experiences With Splunk and New Relic
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Public Sector, Travel & Transportation, Communications, Financial Services, Media & Entertainment, Retail, Online Services, Technology | | Role: Developer, Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Application Delivery
Abner Germanow, Senior Director of Partner and Strategic Marketing, New Relic
When your digital experience is your brand experience, understanding what your customers go through is critical. Troubleshooting and optimizing their experiences requires visibility into metrics, traces and logs. In this session, we'll demonstrate how to use the combined power of New Relic's real-user monitoring and application performance monitoring with Splunk to keep teams focused on identifying issues before customers tweet, fixing problems fast and knowing what to tackle next.
Monitoring Radiation Exposure with DICOM and Splunk
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Healthcare | Products: Splunk Enterprise | Role: Administrator, Architect, CIO, Business Manager, CTO, Operations Manager, Splunk Technical Champion | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story | Session Type: Breakout Session | Solutions: Big Data, IT Operations, IoT & Industrial Data
Derek Merck, Director of the 3D Lab, Rhode Island Hospital
Monitoring radiation exposure from diagnostic imaging is important for patient safety, but the existing systems for addressing this suffer from high latency, lack of introspection, and astronomical pricing and maintenance costs. At Rhode Island Hospital, we developed an inexpensive, powerful tool for monitoring radiation exposure from our 60,000 annual computed tomography studies, using an open-source DICOM server and Splunk. This system meets Joint Commission requirements for comparing radiation exposure to external benchmarks; provides near-real-time email alerts for results exceeding internally set threshold values; and allows for rapid, interactive exploration and intervention of potential problems.
Multi-Tenancy : Achieving Security, Collaboration, and Operational Efficiency
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Higher Education, Healthcare, Public Sector, Manufacturing | Products: Splunk Enterprise, Splunk User Behavior Analytics | Role: CTO, Splunk Technical Champion, Administrator, Operations Manager, CIO, Architect | Track: Foundations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations, Log Management, Application Delivery
Benjamin August, Senior Solutions Engineer, UNC Chapel Hill
David Safian, Sr. Systems Engineer, University of North Carolina at Chapel Hill
Initially used by a single workgroup, Splunk is now being used by over 90 groups on UNC's campus. We will discuss our deployment strategy and how the management of roles, apps and indexes is used to provide data isolation while contributing to cross-functional collaborations and more effective reporting.
Navigating Data Quality Issues for Better Decision Making
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
Industries: Healthcare, Retail, Higher Education, Non-Profit, Public Sector, Aerospace & Defense, Diversity in Technology, Financial Services, Energy & Utilities, Media & Entertainment, Manufacturing, Communications | Products: Splunk Enterprise | Role: CISO, CTO, Security Analyst, Operations Manager, Splunk Technical Champion, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Developer, Business Manager, CIO, Administrator, Architect | Track: Foundations | Session Focus: Diversity in Technology | Other Topics: Diversity in Technology | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Cloud Strategies, Log Management, Business Analytics, Security & Fraud, Application Delivery, IT Operations, Big Data
Yanpei Chen, Senior Product Manager, Product Analytics, Splunk Inc.
Archana Ganapathi, Director Data Strategy, Splunk Inc.
In today’s digital revolution, organizations must be data driven or they will be left behind. Regardless of the analytics techniques used, analysis is ultimately only as useful as the data fed into it. In other words, “garbage in, garbage out.” Not all data is created with downstream usage implications in mind. Furthermore, data quality is highly subjective and what appears as useless for one business decision may actually be the most telling attribute for another decision. The onus is often on the data scientist to bridge the gap between data context and analysis interpretation. In this session, we will delve into various common data-quality issues and how to minimize their impact on analytics quality. We will share best practices for designing data-collection interfaces that mitigate ambiguous and incorrect data semantics. Last, we will discuss various processes that help us ensure data harmony within an organization.
Networks Optimization With Intelligence: An Application of Splunk Machine Learning to Drive Performance Up and Cost Down in Mobile Telecommunications
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Communications | | | Track: IT Operations | | | Session Type: Breakout Session | Solutions: Big Data, IoT & Industrial Data
Stanley Kaplunov, Senior Manager, Accenture
Telecommunications companies are under ever-increasing pressure from ever-increasing network traffic demands, cost, competition and regulatory demands. Accenture’s innovation program, in partnership with Splunk, has been looking at how companies can use data to address these demands. Through a real-world proof-of-concept journey, we will show how Accenture and Splunk combined machine learning and real-time analytics to anticipate problems, gain new network insights, automatically optimize traffic flow and enhance the customer experience. Accenture and Splunk are changing how mobile telecommunications operators can use data innovatively across their value chain in ways that can be applied in other service delivery industries. Splunk's ability to process millions of data points in real time, combined with Accenture's industry expertise around networks and machine learning, enables more powerful software defined networks. Together we're driving up business value and improving customer experiences.
Next Generation Dashboards
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise Security, Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Developer, Operations Manager, Security Analyst, Administrator | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session |
Stephen Luedtke, Senior Manager, Technical Product Marketing, Splunk Inc.
Looking to make your dashboards more visually appealing and compelling? Or just to get some ideas on what's possible? This session will go through real Splunk dashboard examples, using some of the latest Splunk features. Additionally you will learn tips and tricks on how to build these dashboards yourself!
Observations and Recommendations on Splunk Performance
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Foundations | Session Focus: Splunk Internals | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, Business Analytics, IoT & Industrial Data, IT Operations, Big Data, Application Delivery
Brian Wooden, KY, Splunk Inc.
Simeon Yep, AVP, Sales Engineering GSA, Splunk Inc.
This session will cover a performance analysis of Splunk indexing and search workloads under various conditions and environments (physical, virtual). Focus will be around debunking common misconceptions, presenting key findings and offering guidance.
Options for Implementing Chargeback Models and Driving Agency Success
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Aerospace & Defense, Energy & Utilities, Higher Education, Public Sector | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Business Manager, Architect, Administrator, Operations Manager, CISO, CIO | Track: Foundations | Session Focus: Service Monitoring | Other Topics: App Ecosystem, Using Splunk, Visualizations, Automation, Workflow, Platform Extensibility, Getting Data In, Best Practices | Session Type: Breakout Session | Solutions: Application Delivery, Log Management, IT Operations, Business Analytics
Adilson Jardim, Area Vice President, Public Sector, Splunk Inc.
Mike Wilson, Sales Engineer, Splunk Inc.
As agencies and departments continue to grow Splunk deployments and architectures, the number of stakeholders grows. The central question becomes how best to fund and optimize ever-growing Splunk environments and enable the visibility into consumption, utilization and even resource management. In this session we address organizational models to support a large Splunk deployment plus recouping costs and the ability to quantify use, resources and future needs.
Payment Cards and Risk: How to Detect Stolen Cards, Pinpoint Suspicious Merchants and Uncover Compromised Payment Terminals
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Financial Services, Online Services, Retail | Products: Splunk Enterprise | Role: Operations Manager, Security Analyst, Business Manager, Developer, Administrator, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Security & Fraud
Gleb Esman, Sr. Product Manager, Anti-Fraud, Splunk Inc.
Felipe Hernandez, , VPNet
This session will explain how Splunk can be used to handle a wide range of fraud scenarios: from detecting suspicious transactions and calculating risk scores of debit and credit cards to analyzing transactional and timing anomalies. We'll share a live demonstration of a custom fraud detection application that provides risk analysis of merchants and payment terminals, risk scoring of individual transactions and detailed investigations of buying activities.
Power of SPL
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Aerospace & Defense, Non-Profit, Higher Education, Retail, Financial Services, Media & Entertainment, Communications, Energy & Utilities, Travel & Transportation, Online Services, Technology, Healthcare, Manufacturing, Public Sector | Products: Splunk Cloud, Splunk Enterprise, Splunk User Behavior Analytics, Splunk Enterprise Security | Role: Operations Manager, Architect, Administrator, Developer, Security Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Security & Fraud, Application Delivery, Log Management, IT Operations, Business Analytics, Cloud Strategies, IoT & Industrial Data, Big Data
Stephen Luedtke, Senior Manager, Technical Product Marketing, Splunk Inc.
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk’s simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions and, finally, data science and exploration. We’ll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!
Predictive, Proactive, and Collaborative ML with Splunk ITSI
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Energy & Utilities, Technology | Products: Splunk IT Service Intelligence, Splunk Enterprise | Role: Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Alert Actions, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Nate Smalley, Staff Sales Engineer, Splunk Inc.
Andrew Stein, Global Analytical Architect, Splunk Inc.
The predictive capabilities from the Machine Learning Took Kit (MLTK) combined with ITSI’s Event Analytics capabilities give operations teams the opportunity to proactively act on an event before it becomes an outage. This session will detail and demonstrate how to combine Splunk ITSI with MLTK to predict a service health score, proactively take action based on those predictions, and publish to your collaborative messaging system, such as Slack. We will also be sharing advanced search commands for novel tactics you can employ for better incident management.
Prevent Ransomware and Defeat the Adversary With the Latest From Palo Alto Networks and Splunk
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: Administrator, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Investigation, SecOps, Basic Content, Attack Scenarios, Applying Threat Intelligence / Context, Analyzing Endpoint Data, Analyzing Data Types, Anomaly Detection, Adaptive Response, Analyzing Network Data | Session Type: Breakout Session | Solutions: Security & Fraud
Brian Torres-Gil, Solutions Architect, Palo Alto Networks
Ransomware is top of mind for enterprises, their security teams as well as board members. But who are the adversaries targeting in your organization and how effective are you at stopping them? Know who is attacking you and automatically prevent the attacks with the latest Splunk Certified App from Palo Alto Networks. With valuable data at risk, organizations need a security platform that correlates data with broad and accurate threat intelligence and automatically implements protections. Learn from a member of the Unit42 Threat Research Team and watch a demo of a recent ransomware attack to see how Splunk and the Palo Alto Networks Next-generation Security Platform provide the viability and insight necessary to keep your organization from becoming the next victim. Palo Alto Networks continually develops new features for the Palo Alto Networks App and Add-on for Splunk Enterprise and Splunk Cloud. Recent updates help identify the adversaries and malware campaigns putting your data at risk, and automatically pull incident investigation timelines into the analyst view.
Productizing Machine Learning (ML) for Behavior Modeling and Security
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
| Products: Splunk User Behavior Analytics | Role: Data Scientist/Analyst, Security Analyst, Architect | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data
Ravi Bulusu, Architect, Splunk Inc.
Janet He, Chief Solution Architect, SAIC
Marios Iliofotou, Data Science Engineer, Splunk Inc.
Running complex algorithms in a distributed production environment is challenging. In order for the entire system to work correctly, many independent tasks need to run successfully. This requires a robust orchestration layer to control the execution/scheduling of all the complex streaming and batch ML models. Streaming models allow for faster response to time-sensitive events, and batch models allow for powerful correlations across entities and data inputs. In this talk, we explain how the Splunk User Behavior Analytics (UBA) orchestration layer applies Docker and Kubernetes so that any new custom logic, streaming or batch will not affect the stability of the whole system. Finally, we demo how to create a custom batch model using Splunk UBA’s Software Development Kit (SDK). Effectively, the SDK and the orchestration layer provide the means to easily and securely incorporate custom logic into any Splunk UBA environment.
Pushing Configuration Bundles in an Indexer Cluster
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Energy & Utilities, Communications, Media & Entertainment, Financial Services, Retail, Manufacturing, Non-Profit, Online Services, Diversity in Technology, Aerospace & Defense, Public Sector, Technology, Travel & Transportation, Higher Education, Healthcare | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Big Data, Business Analytics, Application Delivery, Log Management, IT Operations, Security & Fraud
Meema Esguerra, Software Engineer, Splunk Inc.
Kartheek Babu Kolla, Software Engineer, Splunk Inc.
This session will provide a deep dive into the indexer clustering bundle push feature, which provides a way to push configuration bundles from the cluster master to the cluster peers. It will also provide an introduction about basic principles of indexer clustering, why we need to push clustering bundles, how we validate the bundles that are being pushed, a safe way to perform bundle pushing without restarts or interruptions and what to do if something goes wrong. The session also provides best practices, troubleshooting tips and a live demo/video.
PwC: Using Splunk ITSI to Measure the End-to-End User Experience
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Technology, Financial Services | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Customer Success Story, Analyzing Network Data | Session Type: Breakout Session | Solutions: IT Operations
Patrick Combs, Data Center Services Lead, PwC
Charles Hamrick, IT Director Operations Analytics, PwC
This session illustrates how we use Splunk and IT Service Intelligence to collect and analyze desktop, network, server and application data to build a comprehensive picture of the user experience. Integrating Splunk functionality with third-party tools such as uberAgent and AppDynamics to calculate end-to-end behavior helps you measure user satisfaction with IT systems. As a result, you can plan successful deployments of applications and upgrades.
Quest for “The Glow”: Building Out a Production SIEM Using Splunk Enterprise Security (ES), Git and a Bit of Techno-Magery
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Technology, Non-Profit, Financial Services | Products: Splunk Enterprise Security | Role: Business Manager, CISO, Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: DevOps | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: Security & Fraud
Joseph Walbert, Lead Engineer, TIAA
Build an enterprise-grade security information event management (SIEM) system so it’s highly available, scalable and sporting a small footprint from an initial deployment resource perspective. The core deployment takes a page out of the Dockerization playbook and is structured in layers that are essentially static and unchangeable. Pervasive through the entire build stack are hooks into Git, so as to include all content developed outside of the core deployment. For all content creation, such as the correlation searches that make up the SIEM rules, the usage of a robust and extensible use case framework is highly recommended.
Quickly Advance Your Security Posture With Splunk Security Essentials
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Security & Fraud
David Veuve, Principal Security Strategist, Splunk Inc.
Whether you're looking to reduce breaches, set up monitoring to anticipate attacks, or build more predictive capabilities, you will learn to apply the power of Splunk’s search processing language (SPL) via the Splunk Security Essentials App. We'll also present how to tighten your security with actionable searches that you can use immediately. All of the examples will have demo data, but you will see how you can apply custom data in your own environment. In this session, you will learn how to: – Optimize and make Splunk search work for you, so you can quickly gain insights into your data to identify and describe security impacts and potential threats – Detect unusual and potentially malicious activity using Splunk Enterprise statistical and behavioral analysis capabilities – Find unusual activities
Real-Time Oracle Monitoring with Splunk
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Financial Services, Higher Education, Non-Profit, Travel & Transportation, Healthcare, Technology, Public Sector, Aerospace & Defense, Manufacturing, Retail, Online Services, Media & Entertainment, Communications, Energy & Utilities | | | Track: Foundations | | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Tyler Muth, Analytics Architect, Splunk Inc.
Oracle databases are the data-persistence layer of some of the most critical production systems. Splunk provides a unique ability to capture short- and long-term metrics from all components of a system, thus allowing for a much quicker mean time to resolution of faults or performance problems. Splunk’s machine learning capabilities allow predictive capacity planning to ensure efficient use of on-premises and cloud infrastructure.
Real-World Cases of Insider Threat: Combating Malicious IT Insiders
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Aerospace & Defense | Products: Splunk Enterprise | Role: CISO, Data Scientist/Analyst, Security Analyst, Administrator, CIO | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Security Use Case Development, Behavioral Analytics and Machine Learning, Anomaly Detection | Session Type: Breakout Session | Solutions: Security & Fraud
Craig Lewis, IT Manager, Software Engineering Institute, Carnegie Mellon University
Joe Tammariello, Information Security Analyst, Software Engineering Institute, Carnegie Mellon University
Richard Voninski, Colorado, Splunk Inc.
In this session, we describe actual cases — found by reviewing cases from the CERT Insider Threat Database — where malicious IT insiders misused their privileges to subvert controls and sidestep security measures. Lastly, we turn to discuss how you can use the Splunk platform to detect malicious activity and ensure monitoring is taking place.
Regex in Your SPL
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Energy & Utilities, Financial Services, Online Services, Retail, Manufacturing, Higher Education, Non-Profit, Travel & Transportation, Healthcare, Aerospace & Defense, Communications, Media & Entertainment, Public Sector, Technology | Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Operations Manager, Developer, Administrator, Splunk Technical Champion, Security Analyst, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Search Language, Search | Session Type: Breakout Session | Solutions: Security & Fraud, Application Delivery, IT Operations, Log Management, Big Data
Michael Simko, Instructor / Sr. Engineer, Kinney Group
“Regex in Your SPL” is a friendly introduction to using regular expressions in your Splunk searches. In this session, we'll teach you how to use regex to extract nonpersistent fields, how to use regex to filter data and how to use regex to change the values being returned.
Revealing the Magic: The Life Cycle of a Splunk Search
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
| Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Internals | Other Topics: Search Language, Best Practices, Search | Session Type: Breakout Session | Solutions: Log Management, IT Operations
Kellen Green, Senior Software Engineer, Splunk Inc.
To many, using Splunk can feel like magic at times. For curious souls, we offer this glimpse behind the curtain – a technical walkthrough of everything that goes into a search on Splunk. This session will provide a behind-the-scenes look at the life cycle of a Splunk search, and we’ll discuss ways you can avoid common search bottlenecks to improve performance of your own instances.
Running Enterprise Security at Capacity: Tuning ES With Data Model Acceleration
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Aerospace & Defense, Public Sector, Technology | Products: Splunk Enterprise Security | Role: Architect, Administrator, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: SOC | Other Topics: Using Splunk, Best Practices | Session Type: Breakout Session | Solutions: Security & Fraud
Gabriel Vasseur, Senior Cyber Security Analyst, Thales UK
Achieve accuracy in times of austerity! Based on a true story. Data model acceleration allows you to make the most of limited hardware and run something like Enterprise Security or ITSI with accuracy. We'll go from scratch to having a really good grasp on data models and their acceleration. Learn how to monitor acceleration and backfilling, minimise lag, and how to best leverage DM acceleration and avoid pitfalls that could degrade your detection accuracy. Includes source for a few key dashboards and searches.
SPL Optimization - the Why, the What and the How
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Aerospace & Defense, Energy & Utilities, Communications, Media & Entertainment, Public Sector, Technology, Financial Services, Healthcare, Travel & Transportation, Non-Profit, Higher Education, Manufacturing, Retail, Online Services | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Developer, Data Scientist/Analyst, Architect | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Managing Splunk, Best Practices, What's New, Using Splunk, Search Language | Session Type: Breakout Session | Solutions: Cloud Strategies, Log Management, IT Operations, Security & Fraud, Big Data, IoT & Industrial Data
Manan Brahmkshatriya, Principal QA Engineer, Splunk Inc.
Alex James, Principal Product Manager, Splunk Inc.
Splunk recently introduced automatic SPL optimization, a powerful feature to help refine searches, and maximize efficiency. In this session you'll learn why optimization is so important in Splunk, the basic optimization principles, and what Splunk handles for you automatically. You will even learn how to give hints to the optimizer so it can do an even better job speeding up your searches.
Scaling Indexer Clustering – 5 Million Unique Buckets and Beyond
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Big Data
Tameem Anwar, Software Engineer, Splunk Inc.
Cher-Hung Chang, Principal Software Engineer, Splunk Inc.
Learn about enhancements that allow Splunk Indexer Clusters to support 5 million unique buckets – with faster response times and a smaller memory footprint. This session explores the various mechanisms that allow you to scale up a large cluster with a massive number of buckets. We also talk about our internal performance benchmarks and best practices for achieving a stable cluster master.
Search Head Clustering – Basics to Best Practices
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Higher Education, Public Sector, Non-Profit, Technology, Energy & Utilities, Healthcare, Retail, Online Services, Financial Services, Media & Entertainment, Aerospace & Defense, Travel & Transportation, Manufacturing, Communications | Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Using Splunk, Platform Extensibility, Search, What's New, Best Practices | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud, Log Management, IT Operations, Business Analytics, Cloud Strategies, IoT & Industrial Data, Big Data
Bharath Aleti, Sr Product Manager, Splunk Inc.
Manu Jose, Principal Software Engineer, Splunk Inc.
This session will provide an overview of search head clustering (SHC), including recent additions and best practices for managing a search head cluster for distributed search. Search head clustering is Splunk's horizontal scaling solution for searches. As enterprises on-board more users onto Splunk deployments – and thus increase the need for dashboards and alerts – search heads need to be scaled out to manage the load. SHC solves this problem by providing a highly available and scalable search. This includes in-depth coverage of SHC internals such as captain election, conf and bundle replication and new additions to SHC in recent releases.
Search Splunk With Natural Language Queries (aka Plain English)
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Beginner
| Products: Splunk Enterprise Security | Role: CIO, Administrator, CISO, Operations Manager, Data Scientist/Analyst, Security Analyst, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Search/Insights/Analytics | Other Topics: Search, Search Language, Security Use Case Development | Session Type: Breakout Session | Solutions: Big Data, Log Management, Security & Fraud, IT Operations
Grant Wernick, CEO and Founder, Insight Engines
Attend this session to learn and see how users can interact with Splunk using plain English, or “natural language” search queries. No Splunk Search Processing Language (SPL) needed! As a result, anyone in an organization, from the executives down to analysts or non-technical users, can use Splunk to search, monitor and visualize their machine data. As a result, the data in Splunk is democratized and insights expand, cybersecurity and IT operations improve, employees can scope, investigate and remediate security incidents faster, and the full value/ROI of Splunk is realized. This session includes a demo of an app from Insight Engines that enables plain English search on Splunk. The former Symantec Chief Information Security Officer will also share how his team leveraged Insight Engines to reduce the learning curve for Splunk and detect and investigate threats more quickly. As a result, costs have dropped and security posture has improved.
Searching FAST: How to Start Using tstats and Other Acceleration Techniques
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
| Products: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: Administrator, Architect, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session |
David Veuve, Principal Security Strategist, Splunk Inc.
You know the use cases, you understand stats. You might strut through the halls of .conf events as an advanced SPLer. But you’ve heard a whisper on the wind, a next-level approach to building queries in Splunk with upwards of a 1000x performance improvement: tstats. tstats is the most powerful tool for taking your Splunk queries (of all kinds) to a ludicrously fast speed. This talk will explain how and when to leverage acceleration, and improving user experience, value and TCO for all kinds of use cases.
Security Ninjutsu Part Four: Attackers Be Gone in 45 Minutes of Epic SPL
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Administrator, Architect, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Security & Fraud
David Veuve, Principal Security Strategist, Splunk Inc.
My favorite part of any spy movie is the gadgets. You see a spy in normal attire, without knowing that the jacket is bulletproof and the watch shoots amnesia darts. That spy is prepared for anything. Writing security searches in SPL is much the same—so you can call me Q. In past Security Ninjutsu sessions, we’ve covered many foundational elements common among security searches. This year, we are bringing the ninja, and it’s going to be epic. We’ll spend 60 minutes covering all the awesome search techniques used by Splunk Security Ninjas from around the world. There will be an app and a massive PDF. Attendance of prior Ninjutsu sessions not required, though available at dvsplunk.com.
Security Super Session: Splunk Security Vision and Roadmap with Haiyan Song
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
| Products: Splunk User Behavior Analytics, Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: Architect, Business Manager, Operations Manager, Developer, Splunk Technical Champion, CTO, siteReliabilitySystemsEngineer, Data Scientist/Analyst, CIO, Security Analyst, Administrator, CISO | Track: Security / Compliance / Fraud | Session Focus: Automation / Adaptive Security | Other Topics: Ransomware, Adaptive Response, Anomaly Detection, Analyzing Network Data, Analyzing Endpoint Data, Applying Threat Intelligence / Context, Attack Scenarios, Getting Data In, Cloud Strategies, Investigate, Search, Automation, SecOps, Investigation, Forensics, Analyzing Data Types, Security Use Case Development, Behavioral Analytics and Machine Learning, Nerve Center, Machine Learning | Session Type: Breakout Session | Solutions: Security & Fraud
Haiyan Song, SVP & GM Security Markets, Splunk
Haiyan Song, SVP of Security Markets for Splunk, will share the motivations and innovations driving Splunk’s security portfolio, delivering you the content, machine learning and automation you need to reduce risk and better secure your organization.
Shrinking the Elephant in the Room: Maximizing Logs’ Business Value with AWS
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Advanced
Industries: Technology | Products: Splunk Enterprise | Role: Developer, Splunk Technical Champion, Administrator | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Log Management, Big Data
Chris Gordon, Software Engineer, Yelp
Zachary Musgrave, Lead Engineer, Yelp
Patrick Shumate, Solutions Architect, AWS
Learn to maximize your ingested logs’ value in Splunk! This session demonstrates leveraging DevOps principles and AWS cloud products to reduce your cluster’s storage needs while still meeting your users’ data requirements. Responding to and unifying all stakeholder needs and concerns is key to effective DevOps; this session provides a framework and techniques for bringing such unity to Splunk. We’ll start by using Amazon SQS to ingest logs stored in S3, and we’ll show you how to best make use of its ability to ingest (or reingest) logs on demand. Next, we’ll use summary indexing to pick and choose data you want to retain forever at insignificant cost. This is especially useful for systems like Puppet, Jenkins, Nginx and Apache. They produce high volumes of events that are essential to DevOps teams when newly ingested but, as the data ages, its overall trends and summaries provide all the value. If you do need access to specific older data from these sources, you can use SQS to reingest it for analysis. In the second part of this talk, we’ll focus on measuring the business value of each gigabyte you’ve indexed by source type and by retention window. These strategies help DevOps teams track and justify their joint decisions. By maximizing your data’s overall utility, you can better support users who make large demands on your Splunk cluster’s resources. We’ll end by demonstrating how you can use these data to determine the most appropriate retention settings and AWS storage options for each of your logs, enabling you to put your newfound business insight into action.
Speed Up Your Searches!
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Energy & Utilities, Media & Entertainment, Financial Services, Retail, Manufacturing, Online Services, Higher Education, Non-Profit, Communications, Aerospace & Defense, Public Sector, Technology, Healthcare, Travel & Transportation | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Data Scientist/Analyst, Developer, Architect | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Best Practices, Search Language, Using Splunk | Session Type: Breakout Session | Solutions: Security & Fraud, Application Delivery, Cloud Strategies, IT Operations, Business Analytics, Log Management, IoT & Industrial Data, Big Data
Satoshi Kawasaki, Splunk4Good Ninja, Splunk Inc.
How to speed up existing searches is one of the most common inquiries Splunk receives from customers, and it’s an important skill that our Professional Services team regularly uses. Splunk has many methods to speed up a search, including classic summary indexing, data modeling and the use of tstats. In this session, we will review some of these common techniques, as well as the cost and limitations of each. In the end you will learn proven techniques that provide better results.
Splunk & Open Source: Build vs. Buy Workshop
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Business Manager, Developer, Security Analyst, Splunk Technical Champion, Administrator, CIO, Architect, CTO, CISO, Operations Manager | Track: Foundations | | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Log Management, Cloud Strategies, Business Analytics, Security & Fraud, IoT & Industrial Data, Big Data
Jon Webster, Senior Manager Competitive Intelligence, Splunk Inc.
Does your company have an Open Source Software (OSS) initiative? Do you have a “problem child” OSS project? Have you been asked about OSS alternatives to Splunk? Based on your requests, Splunk created a workshop to help you understand, respond and guide your team on OSS build vs. buy decisions. In this session, we’ll walk through the Build vs. Buy Workshop and present several real-world results.
Splunk App Lifecycle Management - To the Cloud and Beyond!
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Cloud Strategies
Cecelia Redding, Senior Software Engineer, Splunk Inc.
Blaine Wastell, Product Management Director for Splunk Distributed Management, Splunk Inc.
If you're a developer who wants to make sophisticated Splunk apps that may be dependent on a number of other add-ons or apps and be deployed to a distributed environment, why are you still writing install manuals for a Splunk admin to fumble through during installation? Similarly, if you're a Splunk admin, why are you still using those manuals to determine how to configure and install the app along with its dependencies? The Splunk platform is maturing and bringing new advanced self-service app lifecycle capabilities such as app installation, uninstallation, dependency management and validation to your distributed cloud deployment. We have enhanced the app model in a way that allows the system to perform the heavy lifting during app management, instead of putting the onus on the developer or admin. We are changing the way Splunk developers and Splunk admins manage apps - come to this session to find out how!
Splunk Champions Program
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Financial Services, Energy & Utilities, Communications, Retail, Media & Entertainment, Online Services, Manufacturing, Healthcare, Higher Education, Non-Profit, Technology, Travel & Transportation, Public Sector, Aerospace & Defense | Products: Splunk Enterprise Security, Splunk User Behavior Analytics, Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: IT Operations, IoT & Industrial Data, Application Delivery, Security & Fraud, Big Data, Log Management, Cloud Strategies, Business Analytics
Jason Hupka, @SnoopLogg, Splunk Inc.
Did you know you can earn more than T-shirts from Splunk? Learn about the new Splunk Champions program and how you can earn anything from stickers to free EDU credits for your company. Anyone who uses Splunk can be a Splunk Champion. You use the product, you’ve got your stories… we want to hear them and get you hooked up with swag for sharing. But don’t take our word for it. Learn about some who participated in our Champions beta program and what they earned. Spoiler alert, it’s more than swag.
Splunk DB Connect Is Back, and It Is Better Than Ever
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Beginner
Industries: Online Services, Energy & Utilities, Retail, Financial Services, Aerospace & Defense, Public Sector, Travel & Transportation, Technology, Communications | Products: Splunk Enterprise, Splunk Cloud | Role: Security Analyst, Administrator | Track: Foundations | Session Focus: Business Analytics | Other Topics: Investigate, DB Connect, Using Splunk, Managing Splunk | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud, Application Delivery, Big Data, Business Analytics, Log Management
Tyler Muth, Analytics Architect, Splunk Inc.
Denis Vergnes, Senior Software Engineer, Splunk Inc.
Splunk DB Connect is the best solution for working with databases from Splunk. Use it with anything that speaks SQL and JDBC in Splunk Enterprise and Splunk Cloud to quickly browse, index, and look up machine data, state tables and much more. Performance and user experience improvements in the latest version allow more data collection with less overhead. Splunk DB Connect monitors performance, security and key business metrics across a huge variety of use cases
Splunk Data Life Cycle: Determining When and Where to Roll Data
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Communications, Energy & Utilities, Media & Entertainment, Financial Services, Online Services, Retail, Manufacturing, Higher Education, Non-Profit, Travel & Transportation, Public Sector, Technology, Aerospace & Defense, Healthcare | Products: Splunk Enterprise | Role: Architect, siteReliabilitySystemsEngineer, Splunk Technical Champion, Security Analyst, Administrator, CIO, CTO, CISO, Operations Manager, Developer, Data Scientist/Analyst, Business Manager | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Getting Data In, Using Splunk | Session Type: Breakout Session | Solutions: Big Data, IT Operations, Log Management
Jeff Champagne, Staff Architect, Splunk Inc.
Splunk has many options for managing data via hot/warm and cold paths, freezing, roll to HDFS, and TSIDX reduce. These features can impact your search performance, retention and resiliency. This session will provide you with an in-depth understanding of the Splunk data life cycle options and how to determine which will work best in your environment.
Splunk Enterprise Security Health Check
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
| Products: Splunk Enterprise Security, Splunk Enterprise | Role: Architect, Operations Manager, Administrator | Track: Security / Compliance / Fraud | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Big Data, Security & Fraud
Jae Jung, Professional Services Consultant, Splunk Inc.
Marquis Montgomery, Sr. Staff Security Consultant, Splunk Inc.
Splunk Professional Services sees it all. In this talk we will explore solutions to challenges some customers face with preparing for a new or scaling up their existing Splunk Enterprise Security (ES) deployment. We will discuss how to recognize when you need more cores, how to tune correlation rules and under-the-hood ES infrastructure, and how to optimize your memory usage for the best performance in your ES installation. We'll go through common issues seen in the real world during our deployments and health checks and discuss how to identify whether they should be of concern and ways to address them. Why are correlation rules not firing? Where are the events in data models? Do you need new hardware or can it be remediated by configuration? You'll walk away knowing all of the important metrics for great performance in your environment.
Splunk IT Service Intelligence (ITSI) for When Your Service Spans Your Mainframe and Distributed IT
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Beginner
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Ian Hartley, Principal Engineer, Syncsort
Nick Tankersley, Washington, Splunk Inc.
Your business delivers a service. Delivery of that service involves servers, a mainframe and other devices and infrastructure. Any issue could negatively impact the delivery of that service and ultimately harm your business. Modules are a powerful way to accelerate insights in Splunk ITSI, with its immediate data access and pre-packaged dashboards across various IT domains. Join us in this session to learn more about modules, how to provide valuable templates for service and KPIs and easily build custom modules and third-party integration into Splunk ITSI. Hear from Syncsort on how the ITSI module and integration for mainframe environments gives you powerful information, including System Management Facility or Resource Measurement Facility records from each element. Learn how to use this built-in integration feature to quickly address issues and predict and prevent service interruptions in mainframe environments.
Splunk IT Service Intelligence (ITSI): Event Management Is Dead – Event Analytics Is Revolutionizing IT
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
Industries: Media & Entertainment, Higher Education, Non-Profit, Travel & Transportation, Healthcare, Public Sector, Aerospace & Defense, Technology, Energy & Utilities, Communications, Manufacturing, Retail, Online Services, Financial Services | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Machine Learning, What's New, Best Practices | Session Type: Breakout Session | Solutions: IT Operations
David Millis, Staff Architect, IT Operations Analytics, Splunk Inc.
Throughout much of its history, IT has focused on managing time-stamped events – from hosts, applications, element managers and other components – to reduce event noise. Events were initially created to help humans find what was broken. But the complexity and sheer volume of this time-series data has outstripped our ability to simply “manage events.” In today’s IT environments, identifying and quieting the noise to find root cause events is often futile and inconsequential. The path to providing the prioritized, actionable, human-scale intelligence that enables IT to find what is broken is actually in the event data itself – all of the data, not a filtered, aggregated subset of data! See how Splunk’s ITSI Event Analytics is revolutionizing how IT operates by combining service intelligence and machine learning with data from machines, event managers and, well, everywhere.
Splunk Search and Performance Improvements
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Non-Profit, Aerospace & Defense, Public Sector, Healthcare, Travel & Transportation, Technology, Energy & Utilities, Higher Education, Retail, Online Services, Financial Services, Media & Entertainment, Manufacturing, Communications | Products: Splunk Cloud, Splunk Enterprise | Role: Data Scientist/Analyst, Architect, Administrator, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Dev Tools, Using Splunk, Search Language, What's New, Best Practices | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations, Cloud Strategies, Big Data, Log Management, IoT & Industrial Data
Manan Brahmkshatriya, Principal QA Engineer, Splunk Inc.
Alex James, Principal Product Manager, Splunk Inc.
In the past year, we’ve made many great improvements to our search technology and our Search Processing Language (SPL). In this session you will learn all about them. We'll cover new language features, conditional typing and tagging, improved parallelism, data model improvements and the SPL optimizer. You'll also learn how these great features fit into the larger vision for search and SPL and how they will ultimately provide deeper insight into your data.
Splunk UBA: Setting Active Directory’s Security Straight
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
| Products: Splunk User Behavior Analytics | Role: Data Scientist/Analyst, Security Analyst, Administrator | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Machine Learning, Attack Scenarios, Automation, Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud, Big Data
Stanislav Miskovic, Principal Data Scientist, Splunk Inc.
Active Directory (AD) is a service of choice for user and device management in corporate environments. The service provides rich telemetry, making security analysts believe that choosing few representative AD events can ensure attack detection. This is not the case: we show that events miss crucial information, they are too granular to capture modern threats and they may be randomly reported. Consequently, exploits get undetected, incidents overrepresented and attacks spuriously attributed, all leading to misguided SOC operation. In this talk, we propose a new approach to AD security analysis that is accurate and automated. We expose a number of current misconceptions in AD characterization and apply data science to security investigations. We leverage the Splunk UBA platform and our AD research to alleviate exiting blind spots and false characterization, being the first to offer immediately interpretable deep insights to SOC teams.
Splunk and Adobe Omniture – An Absolute Must for True Multi-Channel, Real-Time Marketing Intelligence
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Architect | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Analyzing Data Types, Machine Learning, Getting Data In, Platform Extensibility, Using Splunk | Session Type: Breakout Session | Solutions: Business Analytics
Hari Rajaram, Chief Architect, Arcogent
Sylvain Watier, President at Arcogent, Arcogent
This session discusses how to deliver real-time, multi-channel business insights to achieve a 360-degree view of your customer. We will cover how, using the power of Splunk, and with a particular focus on Adobe Omniture, we took an accelerated time-to-value approach in getting operational, predictive and machine-learned analytics that exposed the wealth of information in these tools and channels. See how using Splunk’s powerful engine and algorithms to correlate data from multiple channels and/or sources can produce high-impact analyses that businesses can use for continual and timely action.
Splunk and Ansible Playbooks: Joining Forces to Increase Implementation Power.
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Platform Extensibility, Managing Splunk, Using Splunk | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud, Log Management
Rodrigo Silva, Professional Services Manager, Tempest Security Intelligence
This session will cover the use of Ansible playbooks to gain operation time when implementing Splunk cluster. We will also walk through the creation of basic playbooks in the lead-up to a full Splunk cluster implementation (with tree search heads and two indexers).
Splunk and Credit Karma: The Road to Web Application Defense Using Splunk and the OWASP Top 10
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
Industries: Healthcare, Technology, Financial Services, Online Services | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion, Security Analyst, Administrator | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud
Nate Hawthorne, Senior Security Engineer, Credit Karma
Lily Lee, Staff Sales Engineer, Splunk Inc.
Christopher Shobert, Senior Sales Engineer, Splunk Inc.
Web applications and the frameworks they are built upon are growing more powerful and complex every day, and attacker techniques continue to evolve. Learn the latest best practices proposed in the Open Web Application Security Project (OWASP) Top 10 – 2017 with a focus on how Splunk can be used to help transition from vulnerability-avoidance to attack prevention. Discover how Nate Hawthorne, a Security Engineer at Credit Karma, uses Splunk to monitor and respond to threats against their web applications by leveraging custom logging, web application firewall (WAF) rule validation, Content Security Policy (CSP), and more. Learn how to detect and defend against web application attacks such as cross-site scripting (XSS) and TLS man-in-the middle (MITM) in real time and immediately use these techniques in your own environments. For participants in the Splunk Boss of the SOC (BOTS) competition, this talk will also demonstrate how these techniques were used in BOTS 2017 scenarios.
Splunk and Machine Learning for Sales Efficiency
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Retail | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Customer Success Story, DB Connect, Machine Learning, Using Splunk, Analyzing Data Types | Session Type: Breakout Session | Solutions: Business Analytics
Michael Cormier, Founder, Managing Director, Concanon LLC
Chandra Vaughan, Customer Experience & Marketing Analyst, Ferguson Enterprises
For over 63 years, Ferguson Enterprises has been proud to deliver world-class service to its customers, but in 2017 doing so means being more data-driven than ever before. They have combined their in-house expertise in customer profiling with Splunk’s machine learning capabilities to deliver useful, actionable metrics about orders and payments to sales representatives in the field, as well as customer segmentation guidance gleaned from advanced analytical models. A Ferguson team will present the goals of this project and the success it has found, thanks to an agile sales-efficiency solution leveraging real-time data in Splunk.
Splunk at Genesco. How We Got a Quick ROI Using Splunk to Monitor Application Logs
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Beginner
Industries: Retail | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator | Track: IT Operations | Session Focus: Incident Response | | Session Type: Breakout Session | Solutions: IT Operations, Cloud Strategies, Log Management, Application Delivery
Jeremy Haggard, Manager Platform Systems, Genesco
Michael Nobles, Sr. Sales Engineer, Splunk Inc.
Come learn how Genesco implemented Splunk and quickly got an ROI by turning a system fraught with hundreds of thousands of errors (a new, cloud-based point of sale system) into a lean-running environment. We’ll discuss additional ways that Genesco is using Splunk, such as for forensics, core system monitoring of Splunkbase apps, and custom apps for our internal systems.
Splunk for DevOps? Absolutely! Using Splunk across Docker, Bitbucket, Jenkins, Boomerang & Splunk-JS
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Developer, Architect, Operations Manager, Administrator | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Business Analytics, IT Operations, Application Delivery
Domnick Eger, Global DevOps Practitioner, Splunk Inc.
Tom Martin, Staff Practitioner, Splunk Inc.
Interested in DevOps? CI/CD? APM? End User Monitoring? Business Analytics? If so, this session if for you. Come see how Splunk software can be used across DevOps tool chains, APM tools, end user monitoring and real-time business analytics. You’ll see how Splunk can be used to monitor code commits, software builds, test results, end-user experience and the capture of real-time business metrics directly from your end users. Which developers commit the most code? Which develops commit the highest QUALITY code? How many containers are we running? Who are our best customers? Which products are the best sellers? Come see how you can answer questions like these and more with Splunk software.
Splunk n' Box
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
| Products: Splunk Enterprise | Role: Developer, Architect, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session |
Mo Hassan, Missouri, Splunk Inc.
I have written an extensive and feature-rich bash script (4000+ lines) that can be used by Splunk admins, regular users and Splunk employees to test multiple Splunk deployment scenarios using Docker (while shielding the user from learning Docker in the process). The script is widely used by Splunk customers, Splunk SEs and Splunk partners. The code base is the result of five months of development and testing.
Splunk, Docs, and You: Making Splunk Documentation Better Together
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Technology, Energy & Utilities, Communications, Media & Entertainment, Financial Services, Retail, Manufacturing, Non-Profit, Travel & Transportation, Higher Education, Healthcare, Online Services | Products: Splunk Cloud, Splunk Enterprise Security, Splunk User Behavior Analytics, Splunk Enterprise | Role: Business Manager, Architect, Administrator, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Security & Fraud, Big Data, Cloud Strategies, Business Analytics, IoT & Industrial Data, Log Management
Christopher Gales, Senior Director of Documentation, Splunk Inc.
Rich Mahlerwein, Senior Information Systems Security & Database Architect, Forest County Potawatomi Community
Love Splunk docs? They love you, too. The documentation offered by Splunk helps you become productive and confident using Splunk software. However, while Splunk product documentation is usually very good, it’s not always perfect. If you’ve ever come across a documentation topic that confused you or left you with questions, you are not alone. Did you know that with just a few minutes of your time you can make changes that will help both you and others now and in the future? It’s true! What ultimately drives the quality of Splunk docs is the ongoing conversation with customers like you. Here’s how to make the most of it! Customer and SplunkTrust member Rich Mahlerwein delivers a rollicking joint presentation with Splunk doc director Christopher Gales. Join us for a look at some of the great – and awful – comments they have seen, and find out how to submit comments to the docs team that will prompt immediate, substantial improvements.
Splunkin' my Harley!
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Media & Entertainment, Travel & Transportation, Technology | Products: Splunk Enterprise | Role: CIO, Developer, CTO, Operations Manager, Administrator, Architect, Business Manager, CISO, Splunk Technical Champion, Data Scientist/Analyst, Security Analyst | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Anomaly Detection, Machine Learning | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Geoffrey Martins, Senior Technical Instructor, Splunk Inc.
Motorcycles are a passion and way of life for many. And so is Splunk, so why not bring these two things together? Splunkin' My Harley is a project that captures sensor data from the electronic systems of Harley-Davidson motorcycles in real time, on the road. With the inexpensive and DIY components, you can transmit sensor telemetry in real time to Splunk and transform this data into powerful intelligence for other motorcycle lovers and enthusiasts. Once the data reaches Splunk, a world of analytical possibilities opens up, including in the areas of performance, quality of driving, predictive analytics and much more.
Splunking Airport Early Baggage Storage Systems
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Travel & Transportation | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Operations Manager, Developer, CTO, CIO, Business Manager, Architect, Administrator | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Anomaly Detection, Customer Success Story | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Suren Deora, System Integration Manager, Vanderlande Industries
Lorena Diaz, PROCESS IMPROVEMENT ENGINEER, VANDERLANDE
Airport early baggage storage systems are essential to the efficient retrieval of baggage by departure time and priority class. Come learn how one airport uses Splunk to report and monitor KPIs in its early bag storage system. You will learn why the airport decided to implement Splunk, as well as about the benefits realized and some of the issues that were overcome.
Splunking Dark Tools—A Pen Teste'rs Guide to Pwnage Visualization
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Operations Manager, Security Analyst, Administrator, Architect | Track: Security / Compliance / Fraud | Session Focus: Incident Response | Other Topics: Best Practices, Security Use Case Development, Applying Threat Intelligence / Context | Session Type: Breakout Session | Solutions: Security & Fraud
Nathan Bates, Lead Security Engineer, Adobe
Bryce Kunz, UT, Adobe Systems, Inc.
A rise in data analytics and machine learning has left the typical pen testers behind in the dust. This talk covers the required tools for consolidating, analyzing and visualizing the dark tools that are used by every red team. We'll release the required framework for getting the data where it needs to be, the technical add-ons to ensure this data is ingested in usable formats, and dashboards for Splunk to leverage this data for mass pwnage of your target!
Splunking to Fight Human Trafficking
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Beginner
Industries: Non-Profit | Products: Splunk Enterprise | | Track: Foundations | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Security & Fraud
Satoshi Kawasaki, Splunk4Good Ninja, Splunk Inc.
Monzy Merza, Head of Security Research, Splunk Inc.
Human trafficking is a big business model built on forced labor. It brings in roughly $150 billion annually, according to the International Labor Organization. Human traffickers in developed countries like the United States must keep up with the current technology to increase their revenue and stay one step ahead of law enforcement. But the same technology can be used against them. This session will showcase how Splunk has partnered with Global Emancipation Network, a non-profit organization, to fight human trafficking.
Splunking with Multiple Personalities: Extending Role Based Access Control to Achieve Fine Grain Security of Your Data
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Healthcare, Financial Services, Aerospace & Defense | Products: Splunk Enterprise | Role: Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: Log Management, Business Analytics, Security & Fraud, Big Data
Shaun C, ,
Sabrina Lea, Senior Sales Engineer, Splunk Inc.
Splunk software does a great job at role-based access control (RBAC) out of the box, but what happens when you want to dynamically restrict which events a user can view within an index? How do you mark one event as more sensitive than another and ensure that Splunk presents the right sensitivity events to users with the right level of access, especially when user access levels are always changing? We will provide a few methods of implementing fine-grained access controls in Splunk software. They are workarounds, in that they all leverage search filters, but they bring value to your business because they will enable you to put more sensitive data in Splunk. No longer will you be restricted from getting value from all your machine data!
Successfully Implementing Cybersecurity Monitoring within Critical Operational Technology (OT) and Industrial Control System (ICS) Environments
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Travel & Transportation, Retail, Healthcare, Public Sector, Aerospace & Defense, Energy & Utilities, Manufacturing | Products: Splunk Enterprise, Splunk Cloud | Role: Operations Manager, Architect, Administrator, CIO, Business Manager, Splunk Technical Champion, Security Analyst, CISO, CTO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Anomaly Detection, Security Use Case Development, Forensics, Applying Threat Intelligence / Context, Investigate, SecOps, Attack Scenarios | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Security & Fraud
Kyle Miller, Industrial Cyber Security Engineer, Booz Allen Hamilton
Today’s industrial, manufacturing and building management processes rely on a vast array of operational technologies, including industrial control systems, to support their day-to-day operations. Escalations in cyberattacks have prompted a greater focus on securing these critical systems, and gaining visibility into them has never been more important. Over the past year, Booz Allen and Splunk have collaborated to pilot an OT cybersecurity monitoring solution that provides enhanced visibility and anomaly detection within several OT environments. By aggregating data from within and around the process itself – as well as relevant outside sources – the solution can detect a myriad of the most common malicious activities and alert security teams. This session will highlight dozens of unique OT use cases we have implemented. In this customer success story, Splunk’s solution identified critical vulnerabilities and enhanced the organization’s cyber and operational resilience.
Systematic Analysis for Splunk Security: Control the Crazy Into Your Splunks!
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: CISO, Operations Manager, Security Analyst, Administrator, Architect | Track: Security / Compliance / Fraud | Session Focus: SOC | Other Topics: Best Practices, Getting Data In | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud
Henry Canivel, Security Operations Engineer, Splunk Inc.
Get the most out of Splunk for your security team! You've installed a variety of Splunk Apps and Add-ons – maybe including premium apps, such as Splunk ES and Add-On Builder. You’re pulling all kinds of data in but you are stuck… or, better yet, updated product data that breaks your Splunk apps! Learn what you can do with custom or potentially un-supported data for better visibility and monitoring, to maintain your security posture. Focus the data to provide your team with the targeted insights that you need. Control the craziness of your data. This session will focus on providing you with the guidance of a few sustainable workflow scenarios to pipeline new security monitoring use cases and potentially actionable results that will help your team get started!
Taking Care of Patients With Splunk
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Healthcare | Products: Splunk Cloud, Splunk Enterprise | Role: Developer | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Business Analytics
Theodore Hellmann, Product Manager, Splunk Inc.
Sergii Kononov, Senior Delivery Manager, EPAM Systems
Igal Vainer, Senior Director of Isv Unit, EPAM Systems
Patients are usually unaware of the nature and composition of their care team. Clinical staff struggle to quickly identify other appropriate and available staff members in an emergency or if they have questions. Hospital executives lack a comprehensive view of patient-staff interactions and resource utilization within the hospital. Compliance departments do not have a real-time view of whether a staff member’s patient record access is relevant to their job. These factors are driving the need to identify the patient’s circle of care. Enabling effective communications in the circle of care may provide additional opportunities to improve care processes and patient satisfaction. Relevant data is scattered across multiple systems. EPAM’s Splunk-based solution integrates information from multiple data sources and identifies care-circle participants. The solution adds further value by providing insights into the nature of the care circle, its participants and relevant care activities. Additional operational KPIs represent a good opportunity for management teams to optimize care processes.
Tame the Splunk Dragons Before Winter Comes
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM
| | | Track: IT Operations | | | Session Type: Breakout Session |
Dragons do not fare well in captivity, and neither does Splunk. Ask any Splunk Ninja: we know Splunk and we know things. That is what we do. As you gain insight from the Splunk platform and value from your machine data, you want your Splunk environment to grow from the eggs of your initial Splunk Enterprise download or licenses to majestic and magical beasts that can reign over your enterprise and include Splunk Enterprise Security, Splunk ITSI or Splunk UBA. However, you have to feed dragon to allow it to grow. You need to be able to feed resources seamlessly and flexibly to allow your Splunk dragon to grow. Dell EMC will show you how you can grow your Splunk dragon stronger, larger, more easily and linearly on your premises with our Ready Solutions that are validated with Splunk. Do not stunt your dragon’s growth.
The Art of Detection Using Splunk Enterprise Security
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: SOC | Other Topics: Security Use Case Development, Investigation, Anomaly Detection, Customer Success Story | Session Type: Breakout Session | Solutions: Security & Fraud
Douglas Brown, Senior Information Security Analyst, Red Hat
Splunk Enterprise Security (ES) provides a number of excellent frameworks for operational security. However, its true potential is only realized when the frameworks are effectively applied then integrated into the heart of a team’s workflow. In this session, we will explore the flexibility of frameworks in ES and how to leverage and extend them to meet the needs of your team as an effective detection, triage and investigation platform. We will also examine what constitutes a false-positive, showing how auto-closed notables that measure change and aggregate risk are the most effective means of detecting unknown threats, raising actionable alerts and reducing alert fatigue.
The Critical Syslog Tricks That No One Seems to Know About
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Splunk Technical Champion, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices, Unix and Linux, Logging Frameworks, Getting Data In | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations, Log Management
George Barrett, Splunk Consultant, Rational Cyber
Jonathan Margulies, Splunker. Co-author of textbook "Security in Computing, Department of Justice
Some of the most important logs an enterprise generates can only be delivered to Splunk in syslog format. In this talk, we’ll guide you through every step you need to follow to get Splunk collecting syslog perfectly in any environment. We’ll provide a ready-to-use syslog-ng.conf along with detailed explanations of why we used the settings we did. We’ll give you working cron jobs that roll old log data over, and explain why you’ll lose a couple of seconds of logs every night if you use logrotate instead. You’ll learn where syslog-ng fits in your network and Splunk architectures to minimize data loss. You’ll also learn about the default Splunk setting that causes major input delays if you don’t know to change it. Finally, we’ll give you the tool we built to manage thousands of syslog inputs and make sure they all get labeled with the right index, source type, host and time zone. In short, we’re going to lay out everything you need to solve the syslog problem for your enterprise once and for all.
The Human Intelligence Factor in Splunk ES: Is There a Real Difference?
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Administrator, CIO, Operations Manager, CISO, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Applying Threat Intelligence / Context, Security Use Case Development | Session Type: Breakout Session | Solutions: Security & Fraud
Matt Wycoff, Ask Me About Cyber4Sight for Splunk!, Cyber4Sight
Today’s increasing attack tempo forces analysts to spend more time sifting through the mounting number of alerts on their systems. As they scramble to differentiate false positives from real attacks, chances increase that a truly dangerous piece of malware will slip through the cracks. Splunk and Booz Allen Hamilton have partnered to provide a more powerful solution for prioritizing the array of cyber threats facing organizations. By applying Booz Allen’s decades of experience developing intelligence tradecraft, Cyber4Sight® for Splunk provides human-curated intelligence to make analysts not only smarter, but faster. This presentation will show the enhanced incident response workflows and seamless integration of Cyber4Sight in Splunk ES.
The Instrumented Enterprise: Making Digital Transformation as Nimble as a Fighter Jet
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Manufacturing | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Security Analyst, Operations Manager, CTO, Developer, CISO, CIO, Business Manager, Architect, Administrator | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story, Best Practices | Session Type: Breakout Session | Solutions: Big Data, Security & Fraud, IT Operations, IoT & Industrial Data, Cloud Strategies
Robert Frazier, Senior Manager for Cyber Security Architecture, Lockheed Martin
Digital transformation is changing the face of business. Beyond traditional enterprise security and Operational Intelligence, digital transformation is adding IoT devices, digital manufacturing, and suppliers to the enterprise. Understanding how all these systems work together is more than a challenge; it is vital to operations and security. Like instrument panels in manned spacecraft or fifth-generation fighters like the F-22 and F-35, at Lockheed Martin Splunk serves as the instrument panel for our business. From IoT devices on the shop floor to the computer incident response team, networks, cloud and IT operations, Splunk provides the data that offers insight into everything we do. Splunk gives us visibility into the digital transformation of Lockheed Martin, allowing us to fly our business efficiently, reliably and securely into the future.
The Next Level of Quality Assurance at BMW With the Splunk Machine Learning Toolkit
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Manufacturing | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Operations Manager, CTO, Data Scientist/Analyst, Administrator, Business Manager, CIO | Track: Business Analytics | Session Focus: IoT & Industrial Data | Other Topics: Analyzing Data Types, Machine Learning, Customer Success Story | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Big Data, Business Analytics
Markus Boenisch, General Manager, BMW Group
Georg Schröder, Lead System Architect, Robotron Datenbank-Software GmbH
In order to support efficient car production, BMW supports its quality managers by letting Splunk software handle its data. This system, called Intelligent Quality Perception (iQP), combines machine data (i.e., test results from electric/electronic engineering and other automated tests) with human-provided descriptions and categorizations of tests, failures and rework. Based on this dataset, BMW applies machine-learning algorithms to different use cases. In general, similar error and rework patterns are identified and linked together in order to offer workers recommendations for solving particular issues based on previous, similar issues and to optimize plant logistics. Come learn about how BMW, together with solution partner Robotron, will present the system and the use cases.
The Power of Data Normalization: A look at CIM Under the Hood
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Communications, Manufacturing, Media & Entertainment, Financial Services, Online Services, Retail, Higher Education, Non-Profit, Technology, Travel & Transportation, Healthcare, Public Sector, Aerospace & Defense, Energy & Utilities | Products: Splunk Enterprise Security, Splunk Cloud, Splunk Enterprise | Role: Developer, Administrator, Architect, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, IoT & Industrial Data
Mark Bonsack, Staff Sales Engineer, Splunk Inc.
Vladimir Skoryk, Professional Services Architect, Splunk Inc.
This session will cover the Splunk Common Information Model (CIM), its place in the Splunk ecosystem, and tips and tricks for optimizing performance when using it. We will cover how to make the schema-on-the-fly (search-time schema, or "schema on read") much more powerful and how to seamlessly define relationships between disparate data sources. We will also cover what CIM is not and some of the misconceptions around CIM and its concepts.
The Renaissance is Here! Splunk's Powerful Innovations for your IT Management Approach
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Media & Entertainment, Non-Profit, Travel & Transportation, Healthcare, Technology, Public Sector, Aerospace & Defense, Energy & Utilities, Communications, Higher Education, Retail, Online Services, Manufacturing, Financial Services | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations
Stuart Ainsworth, IT Markets Specialist, Splunk Inc.
Mike Makar, Senior IT Manager, World Bank Group
The decades-old approach that employs a dozen or more integrated IT management tools is not sustainable as services become increasingly digital. Splunk’s data platform with IT Service Intelligence offers a revolutionary approach to IT management – a simpler approach that adds required capabilities for digital services and provides visibility for executives and support personnel – all in a single platform. Come learn about World Bank Group’s service management success and how Splunk is helping to achieve the IT Management Renaissance.
The Splunk IT Service Intelligence (ITSI) Top 20 KPIs
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Non-Profit, Higher Education, Energy & Utilities, Communications, Manufacturing, Retail, Financial Services, Online Services, Media & Entertainment, Travel & Transportation, Healthcare, Public Sector, Technology, Aerospace & Defense | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Bill Babilon, Global ITOA Solutions Architect, Splunk Inc.
William Von Alt II, Staff Sales Engineer, Splunk Inc.
This session will go through the top 20 KPIs that our IT Operations Analytics (ITOA) practice has observed in supporting over 200 IT Service Intelligence (ITSI) engagements over the last two years. We’ll discuss specific details (data source, search, threshold field, entities and thresholds). We will focus on the most requested and valuable KPIs observed in typical ITSI scenarios, and you’ll walk away with these KPI best practices, ready to implement in your own Splunk environment!
To HEC with syslog! Scalable Aggregated Data Collection in Splunk
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Travel & Transportation, Communications, Financial Services, Energy & Utilities, Media & Entertainment, Retail, Manufacturing, Non-Profit, Online Services, Aerospace & Defense, Public Sector, Technology, Higher Education, Healthcare | Products: Splunk Enterprise, Splunk Cloud | Role: Architect, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Getting Data In | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Mark Bonsack, Staff Sales Engineer, Splunk Inc.
Ryan Faircloth, FL, Splunk Inc.
Despite significant developments in new REST, API, and pub/sub methods for data query and collection, over a third of all Splunk deployments include traditional syslog as a sourcetype. By a significant margin, data delivered via syslog is also the volume leader in these deployments. Yet, the proper onboarding of aggregated syslog data has been the source of much confusion over the years, and this data is often misconfigured. These issues prevent Splunk users from deriving the full benefit from this most-used data source and the Splunk platform. This session covers best practices in the configuration of syslog and Splunk, including proper filtering, sourcetyping, and architecting for scale using the newer HTTP Event Collection (HEC) method for data onboarding. Several examples and supporting code will be provided that will be directly applicable to your environment.
Tokens in Splunk Web Framework: Use, Abuse and Incantations
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Energy & Utilities, Financial Services, Communications, Healthcare, Higher Education, Non-Profit, Online Services, Retail, Manufacturing, Media & Entertainment, Public Sector, Aerospace & Defense, Travel & Transportation, Technology | Products: Splunk Enterprise | Role: Developer | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Business Analytics, Cloud Strategies, IoT & Industrial Data, Security & Fraud, Big Data, Application Delivery, IT Operations, Log Management
Ryan Thibodeaux, VP of Operations, OctoInsight Inc
This session covers the ins-and-outs of tokens in the Splunk Web Framework: SimpleXML and HTML/JS dashboards. Any dashboard containing more than predefined report searches will likely require tokens to relay user inputs, search states, and user feedback. This session will review how token states are represented, demonstrate how to manipulate tokens to drive dashboards using built-in features and explain how to extend the basic SimpleXML with custom JavaScript to make dashboards really shine. Examples will be provided in both SimpleXML and custom JavaScript/CSS/HTML. This talk is for any Splunk developer that wants to learn how to boost dashboard performance, improve user experience, and add safeguards against misuse. Splunk app developers that must maintain compatibility across versions of Splunk Enterprise are encouraged to attend and contribute to the community discussion.
Tossing Splunk in Your PAN: Integrating Splunk With Palo Alto Networks
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Financial Services, Technology | Products: Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Adaptive Response, Analyzing Network Data, Analyzing Endpoint Data, Applying Threat Intelligence / Context, SecOps, Investigation, Security Use Case Development, Nerve Center, Automation, Best Practices, Customer Success Story, App Ecosystem | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Kevin Gonzalez, Security Operations Center Manager, Lennar Corporation
Splunk and Palo Alto Networks provide some of the tightest integrations amongst security platforms but how do you go beyond these integrations? Using Splunk and data your organization is already collecting, learn how your organization can maximize security operation’s response times, visibility and autocorrect bugs within your environment. The use cases presented aim to spark the ideas of attendees on how to maximize on other integrations within their environment.
Tracking Logs at Zillow with Lookups & JIRA
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Business Manager, Developer, Administrator, Operations Manager | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Seth Thomas, Director, Site Operations, Zillow Group
Jon Wentworth, Systems Engineer, Zillow
Zillow has learned how to sort its service log messages and map them to bug tracking tickets using a simple combination of lookups and other native utilities in Splunk, plus an add-on for accessing Jira via REST API. Before deploying the Splunk platform, monitoring site health was based mostly on looking at volume-based graphs, tailing logs and depending on difficult-to-use alarming systems. After learning to use Splunk lookups for investigating IP address-related issues, the same logic was applied to tackle the problem of how to make it easier to parse through logs in general. Once their NOC started having success using this tool to quickly identify and document production issues in near real time, a project was launched to integrate the same functionality into in-house lower environment management applications. Find out how to create a basic system to codify complex logs for easy identification, plus how this organically developed idea has begun to shape how code is promoted within the organization.
Traversing the Cloud: Atlassian’s Journey Building a Logging Pipeline with Splunk on AWS
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Developer, Operations Manager, Security Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Cloud Strategies, Log Management
Timothy Clancy, Engineering Manager, Atlassian
James Mackie, Senior Engineer (Infrastructure), Atlassian
Learn about Atlassian's action-packed journey with Splunk, from an initial security use case to an enterprise platform. Learn why Atlassian moved from open-source solutions to Splunk Enterprise and how they rapidly built out and scaled a cloud-based, multi-terabyte environment leveraging AWS Kinesis streams. Learn how they successfully engaged with their internal user community to achieve significant productivity gains through enterprisewide adoption. Finally, along with the “how,” Atlassian will share best practices and key learnings from their journey successfully deploying Splunk Enterprise at scale in the cloud.
Triggering Alerts With xMatters and Achieving Automated Recovery Actions From Splunk IT Service Intelligence
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Energy & Utilities, Communications, Media & Entertainment, Financial Services, Retail, Non-Profit, Online Services, Healthcare, Higher Education, Technology, Manufacturing | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Alert Actions, Automation, Anomaly Detection | Session Type: Breakout Session | Solutions: IT Operations
Marty Jackson, Director Product Evangelist - Office of CTO, xMatters
Martin Wiser, CO, Splunk Inc.
Come learn about the common external integrations for Splunk IT Service Intelligence (ITSI) Event Analytics. We will present an overview of ITSI notable event actions, which can be used to integrate other event management, incident tracking or alert systems like xMatters. Experts from xMatters and the Splunk team will also discuss common alert scenarios and best practices concerning the rules engine.
Understanding and Measuring the End User Experience in Mobile Apps and Beyond!
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Media & Entertainment, Financial Services, Retail, Online Services, Higher Education, Healthcare | Products: Splunk Enterprise | Role: Developer, Administrator, Business Manager, Operations Manager, Data Scientist/Analyst | Track: Developing | Session Focus: Application Performance & Analytics | Other Topics: Visualizations, Logging Frameworks, Mobile App Monitoring, Getting Data In, Dev Tools, Anomaly Detection | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Business Analytics
Sam Gazitt, California, Splunk Inc.
Roy Ma, Senior Software Engineer, Splunk Inc.
Michael Margulis, CA, Splunk
This technical session will present what Splunk Mobile Intelligence (MINT) can do out of the box and how you can use your knowledge of Splunk to get more mobile data insights. This deep technical dive will focus on MINT SDK integration with your mobile app, SDK functionality, APIs and internals, and the Splunk MINT App. Come learn how Splunk MINT can also help you track and measure user experience across your mobile applications and even extend to your web applications!
Unleash Your Machine Data with Context from Historical and Transactional Data using Hadoop, RDBMS and Splunk
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
| Products: Splunk Enterprise, Splunk Enterprise Security | Role: Administrator, Operations Manager, Splunk Technical Champion, CTO, Data Scientist/Analyst, Architect | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Business Analytics, IoT & Industrial Data, IT Operations, Security & Fraud, Log Management, Big Data
Raanan Dagan, Staff Architect, Splunk Inc.
Rohit Pujari, Sr Sales Engineer, Splunk Inc.
Big data, big data, big data. Is it just a buzzword or can we actually leverage it in a real-world scenario? In this session, we discuss and demonstrate the architecture that best encapsulates all the big data components and how Splunk is ultimately the best choice for most use cases. This session digs into the technical elements and architecture required to combine real-time data with historical and transactional data. We also demonstrate how Splunk, Splunk Analytics for Hadoop, Splunk DB Connect and Splunk Hadoop Connect can live under a single roof to enable analysts to combine Splunk, Hadoop and RDBMS.
Using Datasets for Easier Data Exploration, Preparation and Analysis
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Energy & Utilities, Communications, Manufacturing, Media & Entertainment, Public Sector, Non-Profit, Technology, Aerospace & Defense, Higher Education, Healthcare, Retail, Online Services, Financial Services, Travel & Transportation | Products: Splunk Enterprise | Role: Developer, Architect, Splunk Technical Champion, Administrator, Operations Manager | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Log Management, Business Analytics, Big Data, IT Operations, IoT & Industrial Data, Application Delivery, Security & Fraud
Jesse Miller, Staff Sales Engineer, Splunk Inc.
Take a shortcut to being a Splunk Ninja! In Splunk Enterprise 6.5, we introduced the Datasets feature to help users understand their data and ensure more accurate results of analysis. We will explore this feature as well as the Table Editor (Provided by the Datasets Add-On), and learn how to harness the power of SPL without having to learn its syntax.
Using Splunk for Credentials: Detect and Respond to Online Account Takeover of Your E-Commerce Applications with Splunk Enterprise
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Online Services, Retail | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Attack Scenarios | Session Type: Breakout Session | Solutions: Security & Fraud
Bruno Almeida, Principal Security Operations Engineer, YOOX NET-A-PORTER GROUP
Does your organization offer consumer-facing service requiring logins? Then you face a challenge that nearly every online business faces: online account takeover. Learn how Yoox Net-a-Porter, an online fashion retailer, is using Splunk to gain visibility into the authentication process for our online properties, detect account takeovers early, understand attack techniques and take appropriate action. We will discuss: – Which data sources we use to detect account takeovers – What attack patterns look like – How we build our own security intelligence based on what we detect – How we automate response to reset user passwords (our “zero manual intervention” approach) – Which reports we share with internal stakeholders
Using Splunk for Development Productivity
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Business Manager, Developer, Operations Manager | Track: IT Operations | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Application Delivery, Log Management
Bill Houston, Release Engineer, Splunk Inc.
Sumit Nagal, Principal Engineer, Intuit
Eddie Shafaq, Release Engineer, Splunk Inc.
How do you use Splunk to measure development productivity and solve for speed in developer and quality teams? By collecting event data related to productivity, of course! Hear how Intuit and Splunk are using apps, like the Jenkins app from Splunkbase, to identify areas of improvement in the build, test and release of software. See how Intuit improved build times from hours to minutes, how Splunk “builds Splunk with Splunk,” and how Splunk helps developers collaborate through tools such as Git, JIRA, Jenkins and Slack.
Using Splunk for Retail Banking Cross Channel Fraud Analysis, Detection and Investigation
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Beginner
Industries: Financial Services | Products: Splunk Enterprise | Role: CISO, Business Manager, Security Analyst, Data Scientist/Analyst, CIO, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Big Data, Security & Fraud
Rory Blake, Staff Consultant, Professional Services, Splunk Inc.
This session will highlight how the Commercial Bank of Dubai uses Splunk to detect fraudulent account activity across multiple product channels to provide analysis and investigation capabilities to its fraud analysts. We will show how Splunk and Splunk MINT are used to gather online, mobile, ATM and branch-initiated transactions to provide a consolidated view of customer activity for their investigations. The solution involves pulling data from internal and third-party sources together into a custom accelerated data model to provide high-performance contextual access to relevant data for fraud analysis. The session will cover how those data models are leveraged to create actionable alerts and power dashboards that allow fraud analysts to review activity history with a single pane of glass.
Using Splunk to Assess and Implement Critical Security Control #3, Secure Configurations for Hardware and Software
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, CISO, Operations Manager, Administrator | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | Other Topics: Basic Content, Attack Scenarios, SecOps, Search, Best Practices | Session Type: Breakout Session | Solutions: Security & Fraud
Matthew Gonter, Virginia, Concanon
Matthew Wade, Principle Consultant, Cybersecurity, Concanon
Splunk and Concanon have partnered to provide in-depth assessments based on the 20 Security Controls (CSC). A 20 CSC assessment typically produces use cases that drive verification or execution of support within Splunk. While presenting the controls as an assurance framework, we demonstrate different methods of leveraging Splunk to support CSC #3.
Using Splunk to Comply With NIST Standards and Get Authorization to Operate
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Public Sector, Technology | Products: Splunk Enterprise Security | Role: Administrator, Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Compliance and Regulations | Other Topics: SecOps | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Antonio Porras, Attorney/Security Architect, PorrasLaw
This session will highlight a real-word case study of how Splunk and Splunk Enterprise Security (ES) were used to meet National Institute of Standards and Technology (NIST) requirements and get authorization to operate (ATO) with the Department of Homeland Security and Customs and Border Protection. In this session, we will start with the requirements put forth by NIST and how Splunk ES maps to those requirements to present a holistic view of the controls. We will continue by outlining the process of meeting the NIST standards and how that gets mapped to an ATO application process. The session will also cover the continuous monitoring requirement for NIST as implemented with Splunk.
Using the Latest Features from Splunk Machine Learning Toolkit to Create Your Own Custom Models
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Operations Manager, Data Scientist/Analyst, Security Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Machine Learning, Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: Big Data, IT Operations, Log Management, Security & Fraud, IoT & Industrial Data
Adam Oliner, Director of Engineering, Splunk Inc.
Manish Sainani, Director of Products, Machine Learning, Splunk Inc.
Splunk is a powerful platform for understanding your data. The Machine Learning Toolkit App extends Splunk Enterprise with a rich suite of advanced analytics, using machine learning algorithms and rich visualizations to provide customers with a guided model building and operational environment. This session will introduce the Splunk Machine Learning Toolkit and review what's new since the last major release. We will also demonstrate the key features for guided model building, without writing any SPL for a variety of machine learning tasks such as predictive analytics, outlier detection, event clustering, and anomaly detection. Lastly, we’ll review typical use cases and real-world customer examples of using the Toolkit to drive business results.
Virtual Reality Process Visualization at OTTO, aka -Geheimprojekt URSULA-
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Retail, Online Services | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Using Splunk, Platform Extensibility, Visualizations, Customer Success Story | Session Type: Breakout Session | Solutions: Business Analytics
Andre Pietsch, Produktmanager, OTTO GmbH & Co. KG
t OTTO, with -Geheimprojekt URSULA- we explored virtual reality as the next big thing in data visualization for Splunk. We created a basic platform that can visualize a graph model with nodes and edges in VR and imported our existing process graphs. That gave us an idea about the complexity of the processes. Then we connected the platform to a Splunk instance via REST API and mapped machine data to the nodes. As a result we were able to monitor and manage a complex process with a simple interface. To accomplish all that, we partnered with Dell EMC and Gemini Data. We finally drafted a product with the help of LC Systems that can be developed into a turnkey solution. In this presentation we will tell you about the components needed and how to stich them together. We will also show a demo and discuss what could be done with a VR platform.
What Got You Here Won't Will Not Get You There – The Journey to the Enterprise Cloud from a Customer’s Perspective
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM
| | | Track: IT Operations | | | Session Type: Breakout Session |
José Cedeño, Principal SE, Vital Management and Engineering
Nathan Crisler, Principal Telemetry Engineer, Genesys
Charu Madan, Director Strategic Alliances, Nutanix
Murali Sriram, SE Manager, Nutanix
Splunk has become the new business-critical application in the largest enterprises, enabling a variety of use cases, from end customer experience, real-time security and threat detection and IT operations to real-time analytics. Join us for an interactive customer roundtable discussion and hear from customers about how to leverage the power of Nutanix and Splunk to deliver world-class analytics to meet the growing needs of your organizations. In this session, customers Genesys, the Department of Defense and our Nutanix Systems Architect will share the core value of running Splunk on Nutanix, specifically around cost saving, scaling, performance and ease of management. They’ll also discuss the evaluation process and why they chose and best practices for using Nutanix.
What Is Your DevOps Team Actually Doing?
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Business Manager, Administrator, Architect, Developer, Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations
Brandon Cipes, VP of DevOps, cPrime
Stephen Henderson, Developer Advocate, Atlassian
DevOps solutions are tying together increasingly complex tools and solutions that can be hard to manage and monitor. To check on the health of your processes you need to be dialed in to your source code, artifact management, continuous integration, delivery and deployment, static code analysis, security analysis, monitoring health, infrastructure, and test automation, just to name a few. On top of this broadening responsibility, iterative-based development practices have increased the cadence of teams and the delivery of features and capabilities. If you don't have your finger on the pulse of your organization, you could already be in trouble. Providing a dashboard to view the real-time health of your delivery and operations pipeline is as important as tracking the resultant applications themselves. Come see how to aggregate your view of the DevOps world in practice.
What's New in Splunk Enterprise and Cloud!
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Energy & Utilities, Manufacturing, Media & Entertainment, Financial Services, Online Services, Retail, Higher Education, Non-Profit, Technology, Travel & Transportation, Healthcare, Public Sector, Aerospace & Defense, Communications | Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Operations Manager, CTO, Developer, Administrator, Architect | Track: Foundations | Session Focus: Splunk Internals | | Session Type: Breakout Session | Solutions: Application Delivery, Cloud Strategies, Log Management, IT Operations, Security & Fraud, Big Data
Todd Untrecht, VP, Product Management, Splunk Inc.
It's been an exciting year at Splunk, jam-packed with new capabilities both in Splunk Enterprise and Splunk Cloud. Come join the fun and learn about all the cool stuff we’ve delivered since last year. Whether you're a Splunk veteran or rookie, whether you're a small shop or large organization, whether you can SPL or not, we have something for you. In this action-packed session we will fly through some of the coolest additions to Splunk Enterprise and Splunk Cloud – with rapid-fire demos and cool giveaways to those paying attention (think Splunk T-shirts)!
What's new in Machine Learning across our products - Platform, ITSI and UBA
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk User Behavior Analytics, Splunk Enterprise | Role: Operations Manager, Architect, Administrator, CISO, CIO, Splunk Technical Champion, Data Scientist/Analyst, Security Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: What's New, Behavioral Analytics and Machine Learning, Machine Learning, Anomaly Detection | Session Type: Breakout Session | Solutions: IT Operations, Log Management, Big Data, Business Analytics, IoT & Industrial Data, Security & Fraud
Bob Pratt, Sr Director, Product Management, Splunk Inc.
Manish Sainani, Director of Products, Machine Learning, Splunk Inc.
This session will provide an overview of machine learning offerings across our portfolio including Splunk Enterprise, IT Service Intelligence, Splunk Enterprise Security and Splunk UBA and give you insight into how machine learning can be applied across IT ops, security, IoT and business analytics use cases.
Worst Practices...and How to Fix Them
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Retail, Online Services, Healthcare, Higher Education, Travel & Transportation, Technology, Public Sector, Aerospace & Defense, Manufacturing, Non-Profit, Media & Entertainment, Energy & Utilities, Financial Services, Communications | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: IT Operations, Big Data, Log Management
Jeff Champagne, Staff Architect, Splunk Inc.
We've all slowed down to get a glimpse of a car crash on the freeway or tuned in to hear about a celebrity scandal. This session will analyze the Splunk equivalent of a 16-car pileup from an architecture and search workload management perspective. Come hear about real-life Splunk deployments that went bad and how you can avoid those same pitfalls.
You Splunk My Battleship, How to Recover and Make It a Success
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Beginner
Industries: Technology, Online Services, Media & Entertainment | Products: Splunk Cloud | Role: Splunk Technical Champion, Administrator, Operations Manager | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Cloud Strategies, Application Delivery
David Butler, SRE Delivery Manager, Paddy Power Betfair
What can you learn from two organizations that have come full circle with Splunk – returning after ditching it to try alternative solutions? When Paddy Power and Betfair merged to create one of the largest online gaming companies in the world, it was an opportunity to turn a fresh page with Splunk and Splunk Cloud. Join this session to learn how to avoid the mistakes they initially made with Splunk, how and why ELK and Sumo didn't work out, as well as the best way to adopt Splunk across your organization and ensure success.
You've Inherited a Splunk Deployment. Now what?
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Financial Services, Higher Education, Non-Profit, Travel & Transportation, Healthcare, Aerospace & Defense, Technology, Public Sector, Retail, Online Services, Manufacturing, Media & Entertainment, Communications, Energy & Utilities | Products: Splunk Enterprise | Role: Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: IT Operations
Jessica Law, Senior Staff Technical Writer, Splunk Inc.
Matt Ness, Principal Technical Writer, Splunk Inc.
Are you the new owner of an established Splunk Enterprise deployment? With great power comes great responsibility! You need to quickly gain an understanding of your deployment's network characteristics, data sources, user population and knowledge objects. Learn how to find out what is happening with your deployment, what issues might need closer attention and what your next steps should be. We will discuss admin tools like the monitoring console, talk about uncovering data-collection configurations, demonstrate orphaned knowledge-object management, highlight considerations for premium apps and more.
Ziften and Splunk – Building comprehensive apps and solutions on the Splunk platform
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Administrator, Developer, Splunk Technical Champion | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery
Joel Ebrahimi, Principal Solutions Architecht, Ziften Technologies
Elias Haddad, Product Manager, Splunk Inc.
Splunk Apps are often created at a point in time using the latest Splunk tools for development. Over time, though, developments tools get better and the need for more valuable data increases as well. In this session, we will explore the journey of an app built several years ago as it is revamped in the current time using the latest and greatest that the Splunk platform has to offer.

Community Theater Session

2017 National SPL'ing Bee
Wednesday, September 27, 2017 | 2:00 PM-2:45 PM
| | | | | | Session Type: Community Theater Session |
This is your opportunity to sharpen your search processing language (SPL) knowledge or show off your ninja skills and win prizes. Like a spelling bee, there will be multiple rounds that will get more challenging as you progress. Entrants will use log in to a Splunk instance with a sample data set to run their searches on and answers will be tracked and judged by a master instance. Results will be available and on display in real time! Don't forget to bring your own laptop!
2017 National Security SPL'ing Bee
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
| | | | | | Session Type: Community Theater Session |
Young Cho, Technical Marketing Manager, Security, Splunk Inc.
Want to show us your security-specific Splunk-fu? Join us for the inaugural 2017 National Security SPL'ing Bee! The Security SPL'ing Bee is a competition that will be held during .conf2017. This is your opportunity to learn new security- specific commands, show off your Splunk ninja skills and compete with your fellow Splunkers to solve search challenges using Splunk's Search Processing Language (SPL). Entrants will utilize a Splunk instance with a sample data set to run their searches on and answers will be tracked and judged by a master instance. Results will be available and on display in real time! There will be prizes!
Advanced Dashboarding Tips & Techniques
Thursday, September 28, 2017 | 12:45 PM-1:00 PM Good for all Skill Levels
Industries: Healthcare, Online Services, Technology, Travel & Transportation, Communications, Financial Services, Media & Entertainment | Products: Splunk Enterprise | Role: Developer, CISO, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Administrator, Architect, siteReliabilitySystemsEngineer, Business Manager, CIO, CTO | Track: Developing | Session Focus: Splunk Administration & Scaling | | Session Type: Community Theater Session | Solutions: Security & Fraud, IT Operations, Log Management, Business Analytics, Big Data
Karthik Subramanian, Developer, Function1
Splunk has several built-in features to address the needs of users in creating dashboards. This session will demonstrate best practices for advanced dashboard creation, as well as techniques for taking full advantage of features. We’ll highlight the aspects you should consider when designing a Splunk dashboard to help your ideas result in a more useful and impactful design.
Analyzing and Measuring Webinar Impact with Splunk
Thursday, September 28, 2017 | 12:30 PM-12:45 PM Good for all Skill Levels
Industries: Technology, Communications, Media & Entertainment | Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, CISO, CTO, Developer, Operations Manager, Administrator, Architect, CIO, Business Manager | Track: Business Analytics | Session Focus: Application Performance & Analytics | Other Topics: Using Splunk | Session Type: Community Theater Session | Solutions: Business Analytics
Jose Manuel Silva Vela, Sales Engineer, Splunk Inc.
The Sales Engineering organization at Splunk is committed to delivering webinars to prospective and existing customers and invests significant resources to achieve this goal. We use Cisco WebEx, which provides key information about the context of each webinar. One of the challenges we face is correlating the data sources that WebEx provides. Indicators such as registration and attendance data are provided in separate sources, which makes it difficult to visualize and analyze the actual impact of each event. By indexing and analyzing this data in the Splunk platform, we were able to create an app that lets you correlate, analyze and visualize this data in ways that allow you to effectively understand the impact of each webinar. We’re also able to better follow up with the people that were most interested in each of the topics presented on each event.
Beat Business Rules: The Power of Combining Text Mining and Machine Learning on Your Logs for Accurate and Fully Automatic Classification
Thursday, September 28, 2017 | 11:15 AM-11:30 AM Advanced
Industries: Technology | Products: Splunk Enterprise | Role: Administrator, siteReliabilitySystemsEngineer, Architect, CIO, Business Manager, CISO, CTO, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Logging Frameworks | Session Type: Community Theater Session | Solutions: IT Operations, Log Management
Stan van Velthoven, Data scientist, Itility
A lot of logs come without any classification. Some come with built-in severity levels, but they are rarely good enough to use out of the box. To solve this, we write queries in Splunk to implement business rules for filtering what is relevant. However, as the diversity grows due to our expanding environment, we either miss things or must continue increasing the number of rules. We found a better way! By combining text mining techniques and machine learning, we can use Splunk and R together to interpret and classify logs, even if Splunk has never seen them before. Text mining techniques turn words and sentences into easily digested numeric matrices with which algorithms can train! We are currently using this technique on multiple log sources, such as vCenter, syslog, Cisco UCS and Splunkd.logs, among multiple customers — combining this mechanism with Splunk’s built-in alerting WebHook to automate ticket creation. In this session, we’ll show you how we did it!
Become a Diversity Ally – Stand Up and Join the Effort
Tuesday, September 26, 2017 | 12:45 PM-1:00 PM Good for all Skill Levels
Industries: Communications, Energy & Utilities, Manufacturing, Media & Entertainment, Financial Services, Non-Profit, Online Services, Retail, Healthcare, Higher Education, Technology, Travel & Transportation, Diversity in Technology | | | Track: Foundations | Session Focus: Diversity in Technology | Other Topics: Diversity in Technology | Session Type: Community Theater Session | Solutions: Log Management, Big Data, Security & Fraud, Cloud Strategies, Application Delivery, IoT & Industrial Data
Janet Revell, Director, Product Documentation, Splunk Inc.
When it comes to increasing diversity in the workplace, we are all champions for the cause. Just because you don't self-identify as being part of a minority group in tech does not excuse you or exclude you from the work of increasing diversity. This talk seeks to open minds and catalyze an increased number of diversity allies in tech. And we want you!
Big Dating: Using Splunk to Fall in Love
Tuesday, September 26, 2017 | 3:15 PM-3:30 PM Beginner
Industries: Media & Entertainment, Online Services, Technology | Products: Splunk Enterprise | Role: Business Manager, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Security Analyst, Operations Manager, Developer, CTO, Administrator, Architect, CIO, CISO | Track: Business Analytics | Session Focus: What the Splunk?!?! | Other Topics: Using Splunk | Session Type: Community Theater Session | Solutions: IoT & Industrial Data, Big Data
Keegan Dubbs, Senior Product Marketing Manager, Splunk Inc.
Kelly Kitagawa, Sales Engineer, Splunk Inc.
We’ve all heard that dating is a number’s game — well at Splunk we thought we’d put that to the test and use Splunk software to mine the machine data from our dating profile applications. By indexing and analyzing this data in Splunk, we are able to measure what is the best performing opening line, which day of the week is most conducive to conversation and other analytical insights. Attendees will learn how to manipulate a complex data set in Splunk to harness the power of their data, from creating custom regex to index the data to field extractions and dashboarding. We’re bringing operational intelligence to a formerly taboo topic.
Building a Product Business on Top of Splunk
Tuesday, September 26, 2017 | 2:30 PM-3:15 PM Intermediate
Industries: Communications | | | Track: Developing | | | Session Type: Community Theater Session | Solutions: IT Operations, Log Management, Cloud Strategies, Big Data, Application Delivery, Security & Fraud, Business Analytics, IoT & Industrial Data
Jeffrey Bernt, Software Engineer, Splunk Inc.
Tieu Luu, VP Product Development, Qmulos
Nicholas Mealy, CEO, Sideview, LLC
Ryan Thibodeaux, VP of Operations, OctoInsight Inc
Panel discussion about creating complex commercial Splunk App products, and what it’s like to use Splunk as a product development platform. Even if you don't have an app you want to start a business around, the discussion is likely to be interesting for anyone who maintains complex apps and deployments. Possible topics include: Developing apps that are product-like and more than just a sum of dashboards; Supportability - what works and what doesn't to keep adding power and flexibility while still keeping it simple to install and support; What special powers, pitfalls and responsibilities are involved with the Splunk platform; Pivoting from Professional services revenue into product revenue; Communicating the value of your app on top without selling short the Splunk platform underneath; What has worked well when integrating a smaller app in as a dependency; likewise on being integrated in as a piece of a larger app or convention above; Expectations around certifications and thoroughly vetted apps; Working with Splunk Sales, with Community, with Resellers, with Cloud, with other Technical partners.
Building the Right Infrastructure With Splunk and NetApp E-Series
Tuesday, September 26, 2017 | 1:15 PM-1:30 PM Intermediate
| | | Track: IT Operations | | | Session Type: Community Theater Session | Solutions: Log Management, Big Data, Application Delivery
Hoseb Dermanilian, Business Development Manager, NetApp
The right infrastructure for Splunk means an infrastructure that increases search performance, optimizes capacity buckets for Splunk's hot, warm and cold data tiers and provides a single-interface management. The right infrastructure is a one that can scale computing and storage independently without compromising performance, functionality or the security of the data. In this session, we will discuss how to build this infrastructure for Splunk on NetApp E-Series.
Bushfire Alerting Automation System
Wednesday, September 27, 2017 | 5:45 PM-6:00 PM Good for all Skill Levels
Industries: Public Sector, Technology, Non-Profit | Products: Splunk Enterprise | Role: Splunk Technical Champion, siteReliabilitySystemsEngineer, CTO, Operations Manager, Security Analyst, Data Scientist/Analyst, CIO, Developer, CISO, Business Manager, Architect, Administrator | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Automation | Session Type: Community Theater Session | Solutions: IoT & Industrial Data
Nicholas Laurent, Managed Service Manager, Converging Data
The Converging Data Bushfire Alerting Automation System is designed to gather data on homes and their surrounding fire-related characteristics. Sensors can measure: smoke, water tank levels, temperature, humidity, wind direction, wind speed, flame characteristics, rain, UV, infrared output, air quality and power. The data generated from these sensors is shared to a Splunk Cloud instance. Communities can securely access their data, which can be shared with emergency services including government fire agencies, police, fire departments, ambulances, hospitals, and infrastructure service providers.
Business Value Delivery for Enterprise Splunk Customers: A Use Case From ABN AMRO Bank
Wednesday, September 27, 2017 | 1:30 PM-1:45 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Splunk Technical Champion, siteReliabilitySystemsEngineer, CISO, CTO, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Administrator, CIO, Business Manager | Track: IT Operations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices | Session Type: Community Theater Session | Solutions: Log Management, Application Delivery, Big Data, Cloud Strategies, Business Analytics, IT Operations
Leo van Essen, Director CoE's, ABN AMRO BANK
Erik Witte, CEO, UMBRiO
How can you secure value delivery with Splunk in large enterprises with multiple business units and departments wanting to harness Splunk's power? Our approach is based on the creation of a “center of excellence” with an agile mindset.
Case Study: Slashing Incident Response Time by 96% With IBM Resilient and Splunk
Wednesday, September 27, 2017 | 1:45 PM-2:00 PM
| | | Track: IT Operations | | | Session Type: Community Theater Session |
Join Ted Julian, VP of Product Management and Co-Founder of IBM Resilient, to learn how one of the world’s largest pharmaceutical organizations cut down incident response time from hours to under two minutes. This organization faced a significant number of security challenges that impacted its response times and overall resilience. To improve the speed and efficiency to the more than 5,000 security incidents faced yearly, it implemented an advanced incident response orchestration strategy that was unified on the Resilient IR platform and leveraged the power of Splunk – aligning its people, processes and technologies.
Catching Rogue Traders: How a Multinational Bank Used Splunk to Catch Rogue Traders in Financial Markets
Tuesday, September 26, 2017 | 1:45 PM-2:00 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Operations Manager, Administrator, Architect, Business Manager, CIO, CTO, CISO, Developer, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer | Track: Business Analytics | Session Focus: Fraud | | Session Type: Community Theater Session | Solutions: Security & Fraud, Business Analytics, Big Data
Aleksey Eremenko, Head of Scenario Development - Markets Surveillance, ANZ Banking Group
Vincent Leycuras, Head of Tech Development, ANZ
There has been no shortage of well-publicized and highly damaging misconduct scandals within the financial services industry over the past decade. A large number of customers have claimed sizable losses and there has been a significant reputation and brand damage to firms. Deloitte has estimated that global banks have paid out more than $275 billion in legal costs since 2008. This session will highlight how we have implemented Splunk at a large multi-national bank to detect a myriad of misconduct and fraudulent scenarios. We leverage Splunk to detect and mitigate these events in real-time by aggregating multiple data sources including system access, order information, trade information, anomaly detection and behavioral analytics. Splunk has allowed us to interactively analyze incidents and manage risks in real-time compared to many vendor T+1 & 2 systems.
Cognitive Operations Analytics With IBM Z
Tuesday, September 26, 2017 | 4:00 PM-4:15 PM
| | | Track: IT Operations | | | Session Type: Community Theater Session |
Chris Dittmer, Managing Director, IBM
The worldwide digital transformation continues to increase our reliance on quick access to information from a variety of devices. The data generated from the hybrid network of public cloud, private distributed systems and IBM Z continues to increase exponentially as 90% of the world’s total machine data has been generated in the last two years. Learn how IBM is leveraging IBM Z data in Splunk to provide our customers with an end-to-end view of their entire IT operations.
Dashboard Time Selection: Balancing Flexibility Versus a Series of System-Crushing Searches
Thursday, September 28, 2017 | 12:15 PM-12:30 PM Intermediate
Industries: Energy & Utilities, Public Sector, Media & Entertainment, Communications, Technology, Financial Services, Online Services, Retail, Manufacturing, Higher Education, Non-Profit, Travel & Transportation, Healthcare, Aerospace & Defense | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, CIO, Business Manager, Architect, CTO, CISO, Operations Manager, Developer, Data Scientist/Analyst, Security Analyst, siteReliabilitySystemsEngineer | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Visualizations | Session Type: Community Theater Session | Solutions: Business Analytics, Big Data
Chuck Gilbert, Analyst, Comcast
The Splunk platform has provided our company with a wonderfully designed time input for dashboards (aka the time picker). It is extremely flexible, easy to use and easy to set up. So, what's not to love? The Splunk time picker has no upper limit to how long a period can be selected. Therefore, the naive or overly enthusiastic user is only one click away from querying all data since the dawn of time. However, in companies that ingest terabytes of data every hour, this can be a problem! Even if such a query runs to completion, it could be inconveniently slow. This presentation explores alternative approaches to dashboard time selection. For each alternative, we will illustrate what it looks like to the end user and we explore the simple XML that drives the feature. The goal of this session is to give the dashboard consumer all the flexibility that they need, while helping the Splunk administrator minimize the potential for an endless series of system-crushing queries.
Dessert Deity: A Recipe for Splunk, Raspberry Pi, Kali, Wi-Fi
Tuesday, September 26, 2017 | 6:15 PM-6:30 PM Good for all Skill Levels
Industries: Technology, Healthcare, Higher Education | Products: Splunk Enterprise | Role: CISO, Administrator, Operations Manager, Developer, CTO, CIO, Business Manager, Architect, siteReliabilitySystemsEngineer, Splunk Technical Champion, Data Scientist/Analyst, Security Analyst | Track: Developing | Session Focus: Business Analytics | Other Topics: Wire Data and Network | Session Type: Community Theater Session | Solutions: IT Operations, Security & Fraud
Ryan Adler, Security Engineer, Defense Point Security
Free wireless is the modern-day "Peanuts, getcha peanuts here!" – a siren call. Combine this with confusion about data plans and the constant search for the fastest connection, and you have a source of information that needs Splunk. In this presentation, we look at device habits, connections, arrivals and departures, and how this information can be used to evaluate risk. Is it worth knowing when an employee arrives at or departs from work? How about the connections their device looks for? And what about physical traffic flow based on unique devices in a certain area, or the time it takes to travel between two points by searching for the same device in two areas and comparing the time delta? Join us and get the answers.
Discovering the Children's Discovery Museum