Sessions
.conf2017 | September 25-28, 2017 | Washington, DC

Already Registered for .conf2017? Schedule Your Sessions Now!

  • Products
    Premium Solutions

Keynote Sessions

.conf2017 Technology Keynote
Wednesday, September 27, 2017 | 9:00 AM-10:30 AM
| | | | | | Session Type: Keynote Sessions |
Snehal Antani, Senior Vice President, IoT and Business Analytics, Splunk Inc.
The explosion of machine data presents a massive opportunity for companies able to use that to data meet and exceed the ever-increasing expectations of their customers and stakeholders. Find out what’s new, emerging and transformative across the Splunk platform and solutions to arm customers with the insights and intelligence needed to thrive in a digital marketplace.
.conf2017 Welcome Keynote
Tuesday, September 26, 2017 | 9:00 AM-10:30 AM
| | | | | | Session Type: Keynote Sessions |
Doug Merritt, President and Chief Executive Officer, Splunk Inc.
Customer success is at the heart of everything we do at Splunk – from empowering data-driven business transformation at the world’s largest companies to helping build the skills and careers of our passionate community advocates in SOCs, NOCs and data centers around the world. CEO Doug Merritt takes the stage to show how Splunk turns machine data into the answers our customers need to reimagine IT, security, the internet of things and business analytics.

Breakout Session

A Day in the Life of a GDPR Breach
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Healthcare, Energy & Utilities, Communications, Financial Services, Media & Entertainment, Retail, Online Services, Non-Profit, Public Sector, Technology, Travel & Transportation, Higher Education | Products: Splunk Enterprise, Splunk Cloud | Role: Security Analyst, Operations Manager, Administrator, CIO, CTO, CISO | Track: Security / Compliance / Fraud | Session Focus: Compliance and Regulations | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud
James Hanlon, Security Specialist, Splunk Inc.
Matthias Maier, Product Marketing Manager, Splunk Inc.
You’re a CIO, CISO or IT Security Manager - and you wake up in the middle of the night to a call from your Data Privacy Officer. Your organization is in the headlines of national newspapers because personal data has been disclosed and the privacy of customers is at risk. What do you do next? Join this session to learn about GDPR (General Data Privacy Regulation) and go through a breach investigation and response scenario under the GDPR, which comes into effect in May 2018.
A Journey to Awesome Without the Baggage: How Difficult Became Easy With Splunk at John Lewis
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Retail | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Business Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Paul Adams, Operational Intelligence Lead, John Lewis
If a company could ever be a National Treasure, John Lewis, a UK Retailer, might come close. But in its online store, the checkout funnel is where 150 years of hard-earned reputation could unravel. The company had to ask itself, “Should we care?” The answer: You bet. A lot. And in many different ways. Is the checkout process working? Is it confusing customers? Are third parties letting us down? Are there malevolent users? Orthodoxy tells you to use different tools and teams to explore these concerns separately. Convergence says, “Tear down the walls and let the facts speak freely.” In 2014, Splunk succeeded in visualizing flow paths down both happy and troubled checkout journeys. We’ll walk you through a trip that in just one week had the company shedding unnecessary baggage without having to rework cornerstone queries. “On the shoulders of Splunk, a flight of fancy suddenly became serious.
A Trip Through the Splunk Data Ingestion and Retrieval Pipeline
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Architect, Developer, Administrator | Track: Foundations | Session Focus: Splunk Internals | Other Topics: Getting Data In, Search Language, Logging Frameworks | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Harold Murn, Chaos Monkey, Atlassian
This presentation will attempt to give a better understanding of how the Splunk platform stores and retrieves data from disk. Concepts such as bloom filters, lexicons and data storage in TSIDX files will be demonstrated by "live coding" a Splunk-like search backend. We will also cover parts of the ingestion pipeline, such as input segmenting and index time field extractions. We will take a trip through the full search pipeline, bringing all the covered topics together and explaining how they impact the amount of data Splunk must read from disk. To conclude, we’ll discuss what you can do as a developer to provide logs that reduce the workload of the Splunk cluster, making your administrators happy and returning results faster.
Achieve Operational Efficiency in Car Manufacturing with Advanced Analytics
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Manufacturing, Technology | Products: Splunk Cloud, Splunk Enterprise | Role: CIO, Splunk Technical Champion, Administrator, Architect, Business Manager, CTO, Operations Manager | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Analyzing Network Data, Customer Success Story | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Philipp Drieger, Sr. Sales Engineer, Splunk Inc.
Sebastian Schmerl, Solution Manager Cyber Defense for Production and IoT, Computacenter
Car manufacturers are under enormous cost pressure and need to gain the highest operational efficiency to compete in the market. Getting data from heterogeneous Industry 4.0 environments is a challenge and current analytical approaches still involve pencil and paper. In this session, you will learn how passively captured, low-level data from industrial assets can be collected with Production Data Extractor from production network traffic. The extracted data is analyzed along with traditional data from manufacturing execution systems and data historians. Advanced analytics on this heterogeneous dataset yields significant increases in production efficiency.
Acute Care Telemetry: Datastream Process Monitoring, Visualization, and Search with Splunk
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Healthcare, Non-Profit, Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Business Manager, CIO, Developer, CTO, Operations Manager | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story | Session Type: Breakout Session | Solutions: Big Data, Cloud Strategies, Application Delivery, IoT & Industrial Data
Leo Kobayashi, Attending physician, Alpert Medical School of Brown University / Rhode Island Hospital
Derek Merck, Director of the 3D Lab, Rhode Island Hospital
Healthcare researchers study emergency department (ED) patients' live physiologic data streams to understand, prevent and mitigate unsafe conditions that lead to medical error. However, medical device alarm fatigue is a pervasive problem that has been shown to cause patient harm, even as the underlying technology issues have not been fully investigated. In order to enable the acquisition and examination of high-resolution, real-world data streams that will help improve patient-monitor functionality and alarm algorithms, we initiated a multisite program to design, test, and launch a modular open-source toolkit for research purposes. Come learn about the development, implementation and results for a fully functional, experimental 24/7/365 patient-monitor data stream acquisition system that uses Splunk's forwarding, indexing, query/analytics, visualization, and dashboard capabilities in a 15-bed ED space.
Advanced Analytics with Splunk Using Apache Spark Machine Learning and Spark Graph
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
| Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Enterprise Security | Role: Architect, Administrator, Data Scientist/Analyst, Splunk Technical Champion, Developer, CTO, Security Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Security & Fraud, Log Management, IoT & Industrial Data, Business Analytics, Big Data, IT Operations
Raanan Dagan, Sales Engineer Architect, Splunk Inc.
Andrew Stein, , Splunk Inc.
How well we analyze events in the Splunk platform hinges upon our ability to investigate and iterate over the data. Spark Machine Learning and Spark Graph enable you to leverage large-scale interactive event graphs and machine learning. In this session, we will dive into the technical details of these integrations, as well as discuss many use cases that leverage big data.
Advanced Security Monitoring for Critical Groups or Applications
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Beginner
Industries: Financial Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, Security Analyst, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Security & Fraud, Business Analytics
Benji Arnold, Security Analyst, JPMorgan Chase
Mackenzie Kyle, Manager - North America Cyber Security Operations Center, JPMorgan Chase
This session will highlight how to use Splunk Enterprise to deploy enhanced security-monitoring capabilities around critical users, assets or business processes within an organization. The presentation will focus on how you can align core Splunk principles like summary indexing, data-model normalization and custom dashboard development with core security-monitoring principles like threat intelligence, risk scoring, baselining and machine learning to improve your organization's ability to alert, monitor and hunt for advanced security threats. This session will include a live demo showing how to apply these concepts within a large-scale Cybersecurity Operations Center based on what we've achieved at JPMorgan Chase.
Advanced Splunk Searching for Security Hunting and Alerting
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Incident Response | | Session Type: Breakout Session | Solutions: Security & Fraud
Stefan Hutchison, Sr. Security Engineer, Workday
Splunk provides an effective toolset to quickly analyze data and make security conclusions. However, using those tools is not always easy. In order to discern the answers to difficult questions, you must move beyond the basic search commands like stats, eval, and where and instead add more robust commands into your repertoire like timechart, eventstats, streamstats and transaction. These advanced commands, when used in novel ways, allow an analyst to detect situations, such as when a system has 6 failed login attempts followed by a success, or when a system is receiving more data by a statistically significant margin than it was in the last 30 days. This session will provide the audience with example Splunk queries, gotchas for some of the common and not-so-common commands with in-depth explanations of how commands can be chained, and examples of various statistical analyses. You’ll walk away with not only an understanding of several new advanced commands, but also the practical applications for using them to better target and speed your incident investigations for an enhanced security posture.
An Introduction to Splunk IT Service Intelligence (ITSI)
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Beginner
Industries: Technology | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Alok Bhide, Director of Product Management, ITSI, Splunk Inc.
Traditional solutions and approaches can't handle today's complex, distributed-service-oriented environments. Learn how to gain service context by combining logs, events, wire data and performance data to get the big picture of your environment, streamline operations, accelerate root cause analysis and get ahead of outages that could impact customers. Understand how artificial intelligence and machine learning can enhance service intelligence. Join us for a live demo to see how Splunk ITSI takes operations and service intelligence to the next level and also understand how the product has evolved, guided by your input, to deliver service-level insights and event analytics.
Analytic Stories or How I Learned to Stop Worrying and Respond to Threats
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst, Business Manager, Administrator, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | | Session Type: Breakout Session | Solutions: Security & Fraud
David Dorsey, Principal Research Engineer, Splunk Inc.
How do you know what to look for in your environment? Then what do you do when you find it? This session will help you answer these questions and more! Analytic stories provide a way to organize your searches, understand how to respond to events and what data is needed to detect and respond to this threat and detail why you should care about a given threat. They also allow you to map to different security frameworks so business owners can think about their security posture in business terms. This talk will discuss what makes up an analytic story, how they can be used to guide and inform your investigation and how to better understand your security posture.
Analytics: Conquering Perception With Data – A Story of Increased Customer Satisfaction
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Financial Services | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Using Splunk, Machine Learning, Customer Success Story | Session Type: Breakout Session | Solutions: Business Analytics, Application Delivery
Hagop Hagopian, Sr. Product Manager, Charles Schwab
Kirk Hanson, Sales Engineering, Splunk Inc.
“You never get a second chance to make a first impression”. At Charles Schwab, we’ve learned that customers who experience a positive digital account open experience are more likely to fund an account. The digital account creation process is often the only opportunity a business has to motivate and/or stimulate curiosity in the product offered by the firm. The goal of the account creation team is to ensure the customer has a positive experience and should be a primary focal point. Utilizing Splunk Enterprise to look at data otherwise indiscernible, Charles Schwab can examine the customer experience using data driven analytics. Splunk is an invaluable tool to analyze account open activities and, and as a result, Splunk is now used for other informed decisions such as driving code changes to respond to customer needs. These improvements coincided with record performance and gave customers an unforgettable and realistic experience from the first moment they interacted with Charles Schwab.
Analyzing Logs From Microservices
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Technology | | Role: Developer, Operations Manager | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, Log Management
Brian Krueger, Software Engineer, Splunk Inc.
Nikhil Mungel, Principal Software Engineer, Splunk Inc.
Come learn about a new SaaS offering that helps developers easily aggregate and analyze their logs, in the cloud. In the process of building this new service, we've learned how to collect logs from our own cloud-based microservices, and to aggregate logs and metrics from AWS ECS to help us understand how developers are using our service. You'll hear how the development team uses our new service in order to build and operate the service! Yup, super meta.
Architecting Splunk for High Availability and Disaster Recovery
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Online Services, Higher Education, Healthcare, Travel & Transportation, Technology, Non-Profit, Energy & Utilities, Financial Services, Manufacturing, Media & Entertainment, Retail | Products: Splunk Enterprise Security, Splunk Enterprise, Splunk IT Service Intelligence | Role: Architect, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices, Managing Splunk, Logging Frameworks | Session Type: Breakout Session | Solutions: Log Management, Big Data
Sean Delaney, Principal Architect, Splunk Inc.
As Splunk Enterprise becomes more critical to an organization and its business functions, it becomes crucial to maximize the uptime of the service. We'll talk about general principles of resiliency/high availability and disaster recovery and how they apply on a Splunk deployment. We'll also discuss the various mechanisms for implementing these principles, levels of availability and the relative advantages and costs of each.
Automate All the Things! Moving Faster With Puppet and Splunk
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Cloud | Role: CIO, Developer, Operations Manager, Architect | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, Big Data
Domnick Eger, Global DevOps Practitioner, Splunk Inc.
Deepak Giridharagopal, CTO, Puppet
The all new Splunk + Puppet integrations allow organizations to gain situational awareness of unmanaged resources, take swift and confident action to bring them under management, and then continually analyze and enforce policies with ongoing intelligence, automation, and compliance. With the new Splunk App for Puppet Enterprise, it has never been easier to analyze Puppet data within Splunk and take action on issues across the entire IT environment. Learn how customers can deploy Splunk Enterprise and the Universal Forwarder using new Puppet modules and how to take action on notable events using Puppet scripts in Splunk IT Service Intelligence.
Automating Threat Hunting With Machine Learning
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
| Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Hunting | | Session Type: Breakout Session | Solutions: Security & Fraud
Monzy Merza, Head of Security Research, Splunk Inc.
Organizations continue to be challenged by human resource constraints, time constraints and the expanding footprint of IT and security. As a result, conversations about security automation are becoming mainstream. Likewise, machine learning is gaining attention for its threat detection talents. In this talk, we explore the intersection of automation and machine learning in the context of threat hunting. We will demonstrate a Splunk proof of concept that enables hypothesis testing. We will share a model to rationalize extensions of the implementations. And we will discuss the concepts behind the Splunk components used in the examples.
Automating the Status Quo: How Machine Learning Algorithms Become Biased
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Technology, Higher Education, Financial Services, Diversity in Technology, Healthcare | | Role: Data Scientist/Analyst | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Machine Learning, Behavioral Analytics and Machine Learning, Diversity in Technology | Session Type: Breakout Session | Solutions: Big Data
Sarah Moir, Senior Technical Writer, Splunk Inc.
Celeste Tretto, Data Scientist, Splunk Inc.
Bias in statistical analysis is not a new problem, but the rise of big data and decisions that rely on that data make the problems more present in our day-to-day lives. Machine learning can reduce bias in decision making, but can also increase discriminatory bias. In this session, learn about common ways that discriminatory bias can be introduced in algorithms and how to reduce biases in algorithms that you write in Splunk.
Automation of Event Correlation and Clustering With Built-In Machine Learning Algorithms in Splunk IT Service Intelligence (ITSI)
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Technology | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Machine Learning | Session Type: Breakout Session | Solutions: IT Operations
Vineetha Bettaiah, Software Engineer, Splunk Inc.
Ross Lazerowitz, CA, Splunk Inc.
IT monitoring and management software generates an enormous number of events. These events contain a wealth of information useful for simplifying operations, assessing the state of the system and generating timely alerts to avoid catastrophic failures. In a traditional IT environment, these events are inspected manually to extract value. This process is complicated and time consuming due to the diversity and information density of the events. In order to reduce redundancy, understand cause-and-effect relationships and detect anomalies, you absolutely need the ability to cluster events in real time. The Smart Mode Engine in Splunk ITSI automatically identifies meaningful clusters in event data, and empowers users to unlock and understand in real time the mission critical information present in event data, and is the foundation of Splunk’s Event Analytics Engine.
Be a Rock Star! Real-World Use Cases From Aetna That Will Inspire You to Deliver Value With the Machine Learning Tool Kit (MLTK)
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Retail, Healthcare | Products: Splunk Enterprise, Splunk User Behavior Analytics, Splunk IT Service Intelligence | Role: Business Manager, CIO, Architect, Data Scientist/Analyst, Security Analyst, Operations Manager, CTO, Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations, Business Analytics, Big Data
Alexander Norris, Data Scientist, AETNA
Thomas Smit, Sr. Sales Engineer, Splunk Inc.
Together, we will explore how Aetna delivers timely mission-critical operational insight with the Machine Learning Toolkit. This real-world journey focuses on creating value from availability, performance, capacity and security use cases. Our process supplements, empowers and democratizes Splunk data. This session demonstrates how we transform platform and product experts into rock stars! You will be inspired and armed with high-level concepts to deliver value with the toolkit and your data. We will also explore how Splunk IT Service Intelligence and Splunk User Behavior Analytics can supplement your approach to delivering value in Splunk.
Best Practices and Better Practices for Users
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Energy & Utilities, Diversity in Technology, Media & Entertainment, Manufacturing, Communications, Technology, Aerospace & Defense, Public Sector, Retail, Travel & Transportation, Healthcare, Higher Education, Online Services, Non-Profit, Financial Services | Products: Splunk Enterprise Security, Splunk User Behavior Analytics, Splunk IT Service Intelligence, Splunk Cloud, Splunk Enterprise | Role: Business Manager, CISO, CIO, Architect, Splunk Technical Champion, siteReliabilitySystemsEngineer, CTO, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Administrator | Track: Foundations | Session Focus: Application Performance & Analytics | Other Topics: Basic Content, Framework, Workflow, Content, Automation, Getting Data In, Managing Splunk, Dev Tools, Logging Frameworks, Amazon Web Services, Unix and Linux, Microsoft Exchange, DB Connect, ODBC, Platform Extensibility, Cloud Strategies, Using Splunk, App Ecosystem, Visualizations, Alert Actions, HTTP Event Collector, Search Language, Machine Learning, Ransomware, Powershell, Tuning Alerts, Adaptive Response, Anomaly Detection, Analyzing Network Data, Analyzing Endpoint Data, Best Practices, Customer Success Story, Applying Threat Intelligence / Context, Attack Scenarios, Containers (Docker, etc.), Wire Data and Network, Mobile App Monitoring, What's New, SecOps, Investigation, Forensics, Posture Assessment, Analyzing Data Types, Security Use Case Development, Behavioral Analytics and Machine Learning, Nerve Center, Diversity in Technology, Investigate, Search | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Security & Fraud, Log Management, IoT & Industrial Data, Business Analytics, Cloud Strategies, Big Data
Burch Simon, Senior Sales Engineer, Splunk Inc.
Improve your Splunk Fu by learning best practices for users that will make you a Splunk ninja in no time! This is an updated version of the popular session from .conf2016 and .conf2015 and will introduce you to all the Splunk tips and tricks you've regretted not knowing. As always, attendees are encouraged to support each other by sharing their own best practices, tips, tricks and love for all things Splunk! This session will explore topics relevant to users, such as effective Splunk resources, searching strategies and dashboarding efficiencies. If you're hunting for more admin-relevant best practices, look for the similarly titled "Best Practices and Better Practices for Admins."
Best Practices for Deploying and Using Splunk for Security Use Cases
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Technology, Healthcare | Products: Splunk Enterprise | Role: Architect, Administrator, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Investigation, Security Use Case Development, Search, Managing Splunk, Best Practices, Customer Success Story | Session Type: Breakout Session | Solutions: Security & Fraud
Jake McAleer, Senior Manager, IT Security, athenahealth
athenahealth utilizes Splunk to collect and assess various security-related data from our production and corporate systems. We've had many lessons learned over the years, and this talk is focused on sharing some of those tips and tricks. Topics will include: -Architecture: Designing and deploying your environment, support/maintenance/patching -Searching tips and techniques -Security implications around using Splunk and hardening it -Correlating security activities using a multitude of data sources -Alerting on events and correlations to systems like email and Slack This session assumes the attendee has experience in using Splunk and general system administration concepts such as event logs, shell commands, patching, OS hardening, etc.
Beyond REGULAR Regular Expressions - v2.0
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Travel & Transportation, Communications, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Technology, Aerospace & Defense, Public Sector | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Data Scientist/Analyst, Developer, Administrator | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Getting Data In, Managing Splunk, Dev Tools, Using Splunk, Best Practices, Analyzing Data Types, Search Language | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Big Data, Business Analytics, Application Delivery, Cloud Strategies, IT Operations, Log Management, Security & Fraud
Cary Petterborg, Splunk Architect, The Church of Jesus Christ of Latter-day Saints
Splunk is driven by regular expressions, and even with powerful built-in features like the Field Extraction Tool (FET), there are times you have to wrestle with some odd or mixed data types. In this session, you will see some real-world regular expression examples and learn to effectively use the FET along with other third-party tools. This will assist you in creating your own advanced regular expressions to truly achieve control over your data, regardless of its complexity.
Bridging the Gap Between DevOps, Agile and ITIL
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Administrator, Operations Manager, Splunk Technical Champion, Security Analyst, Developer, Architect | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Cloud Strategies, Business Analytics, Application Delivery, Security & Fraud, Log Management
Andi Mann, , Splunk Inc.
Johnny Mirza, Senior Sales Engineer, Australia & New Zealand, Splunk Inc.
Joseph Smith, Director Product Cloud, Optus
This session addresses the gap in guidance and best-practice standards for enterprise in how to integrate agile and DevOps end to end in a cohesive operating model. Optus developed a framework that encompassed the best guidance available to create a model that represented the intersection of new and existing practices and tooling. Future organization requires a high level of individual self-determination within a financial and security context, coupled with deep analytical insight for the organization, team and individual to address the paradox of speed and control. This framework was then used to develop an integrated tool chain that spanned CI/CD/CT/CM, which brings together the traditional ITIL world with DevOps in a blended model of governance and control that enables innovation and agility.
Bringing Sweetness to Sour Patch Tuesday – Using Splunk for Easier Patch Management
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
| Products: Splunk Enterprise | Role: Security Analyst, Administrator, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Justin Brown, Splunk Technical Lead, Pacific Northwest National Laboratory
Arzu Gosney, Monitoring & Automation Technical Lead, Pacific Northwest National Laboratory
Your patch process is completed and is reporting back that all is well. Then phone calls start arriving telling you otherwise. Every month, security patches arrive and cause outages to servers as well as the applications and services they support. In the past, this required several hours of work by teams of server admins, database admins, application engineers and customers to make sure all services were returned to normal after patching was completed. We’ll show you how Pacific Northwest National Laboratory automated much of this work with patching status dashboards for servers, application health dashboards, automated reports and alerts. This has reduced support labor an estimated 100 hours each month for our infrastructure and application teams and provides better visibility to our customers.
Building Blocks for Analytics Common Sense
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Diversity in Technology | Products: Splunk Enterprise | Role: Architect, Business Manager, CISO, CIO, CTO, Administrator, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Diversity in Technology | Session Type: Breakout Session | Solutions: Big Data, Application Delivery, Cloud Strategies, IoT & Industrial Data, Business Analytics, Security & Fraud, Log Management, IT Operations
Yanpei Chen, CALIFORNIA, Splunk Inc.
Archana Ganapathi, CA, Splunk Inc.
Corporate data is a gold mine of useful information, but one must tread water to avoid drowning in the sea of data. That said, adopting a data-driven culture is less intimidating than it seems. You do not have to be a machine-learning or neural-network expert to make a first-cut analysis on your data. Basic queries such as “count useful features by interesting factors” and simple statistics such as average/min/max can create immense insights from your data. In this session, we will discuss how to leverage Splunk for basic analytics and how to visually represent these statistical insights for maximum impact. We will share cautionary tales and point out pitfalls to avoid when you rely on statistical tools for decision-making.
Choosing the Right Infrastructure for Your Splunk Deployment
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Beginner
Industries: Energy & Utilities, Aerospace & Defense, Public Sector, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Financial Services, Technology, Communications, Online Services, Retail, Manufacturing, Media & Entertainment | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Big Data
Brett Roberts, Data Analytics Systems Engineer, Dell EMC
The Splunk platform has become a business-critical application with power that organizations around the world depend on for security, operations and other needs. But with great power comes great responsibility, as users demand the necessary performance, availability and scalability from their Splunk environment. Deploying and running Splunk on the right infrastructure is critical to success, and there are many paths one can take: on-premises, off-premises; SAN or DAS, virtual or bare metal. This session will explore these different paths and discuss the benefits and potential drawbacks to each, followed by reviewing the relevant best practices for deploying Splunk.
Coming Soon: New Infrastructure Monitoring From Splunk
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Communications, Technology, Public Sector, Healthcare, Travel & Transportation, Manufacturing, Media & Entertainment, Retail, Aerospace & Defense, Financial Services, Energy & Utilities, Non-Profit, Higher Education, Online Services | | Role: Architect, Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Bill Emmett, Director, Product Marketing, Splunk Inc.
Nick Tankersley, Product Manager, Splunk Inc.
In this session, we will introduce you to Splunk's new technology for infrastructure monitoring and discuss how you can try it in your environment.
Creating Your Own Splunk Learning Environment
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Healthcare, Travel & Transportation, Diversity in Technology, Public Sector, Aerospace & Defense, Technology, Energy & Utilities, Financial Services, Manufacturing, Media & Entertainment, Retail, Non-Profit, Online Services, Higher Education, Communications | Products: Splunk Enterprise | Role: Splunk Technical Champion, Business Manager, Operations Manager, siteReliabilitySystemsEngineer, Developer, Administrator, Architect, Security Analyst, Data Scientist/Analyst | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Analyzing Endpoint Data, Analyzing Network Data, Visualizations, Using Splunk, Dev Tools, Search, Analyzing Data Types, Search Language | Session Type: Breakout Session | Solutions: Business Analytics
Luke Netto, Senior Professional Services Consultant, Splunk Inc.
You have Splunk installed and created dashboards and reports. Yet, you are still having a hard time gaining traction. Are you also experiencing difficulty getting coworkers hooked on SPL? Are you being overwhelmed with report requests? Or maybe you just want to learn how to search using the Splunk platform, but lack the data? In this session you will learn how to create a Splunk Learning Environment, using apps available on Splunkbase. You will learn how to use Eventgen and readily available apps to generate sample data of almost any flavor. At the end of the session, you will have a functioning learning environment on your own laptop!
Creating a Threat-Based Cyber Team
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Non-Profit, Public Sector, Financial Services | Products: Splunk Enterprise | Role: Architect, Business Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Todd Kight, Lead Cyber Analyst, Johns Hopkins Applied Physics Laboratory
Anthony Talamantes, Manager, Defensive Cyber Operations, Johns Hopkins Applied Physics Laboratory
With cyberactors evolving quickly and becoming stealthier, challenging the status quo of existing cyber operations is now imperative. We will outline a case study showing how an incident response exercise led to changes in focus and philosophy and how that process changed the structure of Defensive Cyber Operations at Johns Hopkins Applied Physics Laboratory.
Cutting Through the Noise: Enterprise Security Use Case Tuning
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Communications, Aerospace & Defense, Public Sector, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Technology, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities, Travel & Transportation | Products: Splunk User Behavior Analytics | Role: Data Scientist/Analyst, Security Analyst, Architect | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Security & Fraud
Robert Boyce, Security Managing Director, Accenture
John Rubey, Security Consultant, Accenture
Am I under attack, or is this just a monthly vulnerability scan? Do I need to worry about the failed logons from that source? With every use case comes false positives and noise from the general IT environment: users forget passwords, service account passwords expire and scanning behavior happens. In this session, we will discuss how to identify these types of false positives and tune use cases, so that incident responders can focus on real security events.
Dashboard Wizardry
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Aerospace & Defense, Technology, Travel & Transportation, Healthcare, Higher Education, Non-Profit, Online Services, Retail, Communications, Energy & Utilities, Manufacturing, Media & Entertainment, Public Sector, Financial Services, Diversity in Technology | Products: Splunk Enterprise | Role: CISO, siteReliabilitySystemsEngineer, Splunk Technical Champion, Security Analyst, Data Scientist/Analyst, Operations Manager, Developer, CTO, Architect, CIO, Business Manager | Track: Foundations | Session Focus: Application Performance & Analytics | Other Topics: Using Splunk, Dev Tools, Workflow, What's New, Visualizations, Content, Search Language | Session Type: Breakout Session | Solutions: Application Delivery
Yuxiang Kou, Software Engineer, Splunk Inc.
Siegfried Puchbauer, Principal Software Engineer, Splunk Inc.
Splunk dashboards and forms provide a solid framework from which to quickly compose static content for showing and visualizing data from search results. Tapping into the full power of SimpleXML enables you to go beyond and build rich interactions and workflows into your dashboards without resorting to code. In this session, you'll learn from the creators of the dashboard framework about how to take a rudimentary dashboard and advance it to provide a rich and interactive user experience. It will cover the hooks and building blocks available in SimpleXML, including the new ones introduced in the latest versions of Splunk Enterprise.
Dashboards, Alerting, Reporting and Visualization - What’s New
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Financial Services, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Media & Entertainment, Manufacturing, Energy & Utilities, Communications, Public Sector, Aerospace & Defense, Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Operations Manager, Developer, Architect, Business Manager, Security Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Business Analytics, Big Data
Nicholas Filippi, Product Management, Splunk Inc.
Meet the growing demand for richer and more efficient dashboards and visualizations by learning about all the newest framework enhancements.  Walk-through the latest updates to visualizations, drill down and more.
Data Obfuscation and Field Protection in Splunk
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Aerospace & Defense, Public Sector | Products: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security | Role: Security Analyst, Administrator, Splunk Technical Champion, CISO | Track: Foundations | Session Focus: Compliance and Regulations | Other Topics: Best Practices, Managing Splunk | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Security & Fraud, IoT & Industrial Data, Cloud Strategies, Business Analytics, Big Data
Angelo Brancato, Security Specialist, Splunk Inc.
Dirk Nitschke, Senior Sales Engineer, Splunk Inc.
Your events are most likely made up of sensitive data, and you’ve been asked to obfuscate it for risk mitigation or compliance with standards such as PCI, HIPAA, GDPR and others. Join this session to learn about options Splunk offers to anonymize or pseudonymize data at various stages in your environment, while still being able to analyze and correlate said data. Learn about the impact of each method and how to select the right ones for your use cases. You’ll even see how you can integrate a third-party crypto-appliance into Splunk for field protection.
Data Onboarding: Where Do I Begin?
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Media & Entertainment, Retail, Non-Profit, Online Services, Higher Education, Energy & Utilities, Travel & Transportation, Diversity in Technology, Public Sector, Aerospace & Defense, Technology, Healthcare, Manufacturing, Financial Services, Communications | Products: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security, Splunk IT Service Intelligence | Role: Developer, Splunk Technical Champion, Administrator, siteReliabilitySystemsEngineer, Architect, Data Scientist/Analyst, Security Analyst | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices, Analyzing Data Types, Getting Data In, Managing Splunk, App Ecosystem | Session Type: Breakout Session | Solutions: Log Management
Luke Netto, Senior Professional Services Consultant, Splunk Inc.
How do I get data into the Splunk platform? What is a sourcetype? Does Splunk already know how to handle my data? What app do I use? What if all my data is syslog? If you tend to ask these types of questions, then this session is for you. It is a walk through onboarding fundamentals. We will discuss the importance of a timestamp and what to do if your data doesn’t have one. We will explain when to use an existing sourcetype and when to create a new one. We will also review the process of examining an app from Splunkbase and determining what sourcetype the app expects. By the end of this session you will no longer use syslog as a sourcetype, but as a means of collecting data.
Data Science Ops in Practice – Learn How Splunk Enables Fast Science for Cybersecurity Operations
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Public Sector, Aerospace & Defense | Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Operations Manager, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data
David Brenman, Data Scientist, Booz Allen Hamilton
Olisa Stephensbailey, Maryland, Booz Allen Hamilton
This session will provide real-world examples of how one data-science team has been providing quick turnaround operational support within the federal sector with our client (U.S. Cyber Command). We will walk through how our agile workflow allows flexibility in identifying data analytic needs to complement cyber analysis, include a real-world scenario showing how we fought through cultural barriers to deliver impact-to-security reporting and outline how Splunk can be leveraged for analyzing both big and small data challenges, while leveraging machine learning. Those that attend this session will walk away armed with actionable steps they can employ within their own government organizations that will foster growth and collaboration between cyber analysts, mission directors and data scientists alike! At the conclusion of our talk, we will announce new modular advanced analytics/machine learning apps that were developed with the Booz Allen and Splunk partnership and tested in Operations.
Data Wars: A New Hope for IT & Security Insights
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
| Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Security Analyst, Administrator, Operations Manager | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud, Log Management, IT Operations, Big Data
Jade Catalano, CA, Splunk Inc.
Rob Christian, CA, Splunk Inc.
Ever wonder what insights you’re missing out on? What if you could expand the view of your data while reducing noise so you can focus on what is most critical? Many times you look at data through the lens of your own challenges, but what happens when you can multiply what you know? Often, the same data you are using to help solve security problems also provides valuable insight into IT issues, and vice versa. IT staff often lose too much time to troubleshooting and investigating events, causing them to miss important alerts, while security teams are lost chasing false positives. In this session you will learn to reduce alert fatigue and cut down the noise by correlating across IT and security. Gain different perspectives around authentication, firewall traffic and performance data, whether you’re an IT or security practitioner. Leverage, visualize and correlate data from across your infrastructure to improve your reaction time, determine root cause and accelerate remediation.
Deeper Insights into Human Bias in Algorithms: A Fireside Chat with Industry Experts
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Diversity in Technology | | Role: Data Scientist/Analyst | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Behavioral Analytics and Machine Learning, Diversity in Technology, Machine Learning | Session Type: Breakout Session | Solutions: Big Data
Adam Oliner, Director of Engineering, Splunk Inc.
Join Splunk’s own Data Scientist and Director of Engineering, Adam Oliner, as he hosts a discussion on the topic of algorithmic accountability. When machines are making the decisions, what assumptions have we unconsciously taught them to apply? Why is it so difficult to mitigate baked-in biases? Learn about the broad reach of human biases and why accounting for diversity counts.
Delivering Digital Services to Customers: a Real Example of DevOps Optimization Using Splunk
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Communications | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Developer | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Application Delivery
Philippe Ensarguet, CTO, Orange Application for Business
Like other companies in the IT services industry, Orange Application for Business is facing pressure from customers to deliver more quality software in less time. This is what we called the Daft Punk syndrome: "better, cheaper, stronger, faster." We are also living in a world where development needs to be more agile, moving from traditional software to cloud, containers, etc. By describing the Orange ecosystem that was used to develop software for customers, and the issues they were facing, Orange will explain some limitations and complexity of the open source world, and the tactical advantages that the Splunk platform brings to them, in term of visibility, agility and quality, allowing them to shift their business model.
Deriving Value in Agile Sprints With Real-Time DevOps Analytics
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Communications, Technology | Products: Splunk Enterprise | Role: Developer, Data Scientist/Analyst, Splunk Technical Champion | Track: IT Operations | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: IT Operations, Application Delivery
Yann Charneau, Tech Architecture Delivery Manager, Accenture
Mark DiFilippo, Automation Architect, Accenture
Bryan McCauley, Consultant, Accenture
By using data from popular DevOps tools and integrating this data into personalized dashboards with DevOps analytics, IT organizations can deliver at the pace a business demands. Attend this session to learn how a large U.S.-based cable operator used DevOps analytics capability to enable real-time feedback across the entire delivery life cycle, providing actionable insight into development velocity, stability and performance. You will learn how an agile IT organization can not only reduce costs but also improve its business impact using advanced DevOps capabilities like e2e visualizations, integrated tracking and alerting, and automation and machine learning.
Docker & Splunk Development: Empowering Splunk Development with Docker - Booz Allen Hamilton (Booz Allen)
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Architect, Developer, Administrator, Operations Manager, Splunk Technical Champion | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Application Delivery
Ronald Cooper, Cyber Security Architect, Booz Allen Hamilton
David Kraemer, Senior Solutions Architect, Booz Allen Hamilton
Docker’s adoption rate for DevOps continues to grow, almost doubling in the last year. Booz Allen is always researching ways to streamline the Splunk development and testing processes and has identified Docker as a viable solution. This solution will allow Splunk development for many different roles and use cases. In this session, the presenters will briefly cover what Docker is and what the benefits are of using Docker for Splunk development, as well as demonstrating and sharing a scripted deployment of a multi-site clustered Splunk development environment and providing specific use cases that focus on building custom Splunk apps, test configurations, dashboards, saved searches and knowledge objects. Finally, they will provide a brief overview of Docker’s native Splunk Logging Driver.
Dockerizing Splunk at Scale
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Advanced
Industries: Technology, Manufacturing, Travel & Transportation, Healthcare, Non-Profit, Online Services, Aerospace & Defense, Retail, Media & Entertainment, Communications, Financial Services, Energy & Utilities, Public Sector | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion, Developer, Architect, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Log Management
Brian Bingham, Principal Engineer, Splunk Inc.
Brent Boe, Sr Software Engineer, Splunk Inc.
Docker is a new container technology that allows micro-services to be setup at scale. Running full applications inside of docker can pose interesting challenges. Splunk has create an orchestration for creating containers that run Splunk and create repeatable environments. ORCA can deploy Splunk in any major configuration style, from standalone machines, to heavy forwarders, to index clusters and searchhead clusters. This session is to show and demo our new tools that will be released open source, and discuss what unique issues we ran into with Splunk inside of docker. We'll also discuss what other container softwares we looked at and why we chose to use docker.
Effectively Enhancing our SOC with Sysmon, PowerShell Logging and Machine Learning to Detect and Respond to Today’s Threats
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Advanced
Industries: Public Sector, Higher Education, Aerospace & Defense, Technology, Healthcare, Travel & Transportation, Manufacturing, Non-Profit, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Online Services, Retail | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Administrator, Security Analyst, Architect | Track: Security / Compliance / Fraud | Session Focus: DevOps | Other Topics: Platform Extensibility, Using Splunk | Session Type: Breakout Session | Solutions: Security & Fraud
Kent Farries, Sr. Systems Analyst, Security Intelligence & Analytics, TransAlta Corporation
David Pesano, Manager, IT Infrastructure, TransAlta Corporation
With today’s threats, TransAlta needed to improve its managed SOC with the goal of becoming a “pretty good SOC” in 2017. We had to look at how we are doing things today, what we should stop doing or automate and what we should be doing tomorrow. We decided that we needed to get better at hunting with limited resources, so we chose to leverage Sysmon, PowerShell logging and machine learning. This session will showcase how we used Splunk to efficiently collect and analyze the logs from thousands of endpoints to understand our security posture. We will also provide some insight from our lessons learned around deployment, tuning and capacity planning.
Ending the Finger-Pointing Between Apps and Network Admins
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Higher Education, Non-Profit, Healthcare, Travel & Transportation, Technology, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Communications, Online Services, Retail | Products: Splunk Enterprise | Role: Administrator, Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Analyzing Endpoint Data | Session Type: Breakout Session | Solutions: IT Operations
David Cavuto, Principal Product Manager, Splunk Inc.
Your network is speaking to you! Listen to what your applications are saying. Monitoring the metrics already present in your wire data can be the key to understanding and characterizing their performance. With Splunk Stream, you can collect dozens of metrics at the IP, TCP, and application layer. This session will show you how to characterize the performance of your applications and the network, and how to tell which is the source of trouble.
Ensuring Customer Satisfaction Through End-To-End Business Process Monitoring Using Splunk ITSI
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Healthcare | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Developer | Track: IT Operations | Session Focus: itsi | Other Topics: Customer Success Story, Anomaly Detection | Session Type: Breakout Session | Solutions: Business Analytics, IT Operations
Patrick Farrell, Sr. Engineer, Cardinal Health
Michael Hurley, Sr. Software Architect, Cardinal Health
This session will highlight a valuable Splunk ITSI solution that helps Cardinal Health ensure customer satisfaction through the visualization of business-process health. The process features end-to-end correlation across the entire business spectrum, anomaly detection through machine learning and the ability to isolate and fix a problem quickly. The presentation will also include a simulation of this solution, in which the health of an entire business process can be observed within a single pane in near real time. Also discussed will be key considerations and challenges, such as the correlation of data across multiple systems, including SAP.
Enterprise Security Biology: Dissecting the Splunk Enterprise Security Threat Intelligence Framework
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Advanced
| Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | | Session Type: Breakout Session | Solutions: Security & Fraud
John Stoner, Staff Security Architect, Splunk Inc.
The Splunk Enterprise Security (ES) Threat Intelligence framework has been part of Splunk ES since version 3.0. This session will dive into this framework, covering how observables/indicators for files, URLs, certificates and others can be integrated into the Threat Intel framework and what happens behind the scenes to prepare these diverse indicators for consumption and correlation. During this talk, examples of different techniques to simplify working with threat intelligence will be discussed, including how to disable artifacts, integrate with incident response and perform retrospective analysis of new indicators against old events. Attendees will leave this talk with a greater understanding of the Threat Intel framework and methods to work more effectively with it and Splunk ES.
Essentials to Creating Your Own Security Posture Using Splunk Enterprise
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Public Sector, Aerospace & Defense | Products: Splunk Enterprise | Role: Security Analyst, Administrator, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Security & Fraud
Richard McKee, , Nevada National Security Site
Attendees will see examples of how the Nevada National Security Site (NNSS) monitors its security posture using Splunk Enterprise. Showcasing real-time dashboards gives the NNSS IT/Cyber Operations the ability to monitor and alert on insider threat activities, incident response, network forensics and more. Using available logs, network flows and other metrics and sources of data commonly found in most environments, the attendee will gain an understanding of how to use Splunk Enterprise for detecting IOCs and create a more mature security posture.
Expert Panel: Analytics for the Industrial Internet of Things
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Manufacturing | Products: Splunk Enterprise, Splunk Cloud | Role: Architect, Administrator, Splunk Technical Champion, Security Analyst, Data Scientist/Analyst, Operations Manager, Developer, CTO, CIO, CISO, Business Manager | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Anomaly Detection, Attack Scenarios, Investigation, SecOps, Forensics, Security Use Case Development | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Brian Berg, Splunk + Accenture ESP lead, DACH & Nordics, Accenture
Robert Frazier, Senior Manager for Cyber Security Architecture, Lockheed Martin
Brian Gilmore, Director, Solution Architecture, IoT and Big Data Ecosystem, Splunk Inc.
Andy Robinson, Information Systems Consultant, Avid Solutions
Amit Shah, Product Marketing, Splunk Inc.
The digitization of manufacturing has opened up many opportunities for analytics use cases, like predictive maintenance and asset failure prediction. But where do you start? Come learn industrial IoT data analytics best practices from our panel of industry experts.
External Webservice Monitoring at Sky Germany With Splunk
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Media & Entertainment | | Role: Architect, Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Cloud Strategies
Dirk Gröger, IT Monitoring, Sky Deutschland Fernsehen GmbH & Co. KG
Martin Senebald, Head of Competence Center Data Analytics, COCUS AG
Having web services run smoothly is vital for most of us, so to have an external view on the service is key to deliver the best experience for our customers. At Sky we use AWS and JMeter with Splunk at its core to effectively get these important insights. Not only gathering the information also scheduling and distributing tests in a multi region setup makes this setup so powerful and effective.
Fake Data for Real Apps
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise Security, Splunk User Behavior Analytics, Splunk IT Service Intelligence, Splunk Enterprise, Splunk Cloud | Role: Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery
David Cavuto, Principal Product Manager, Splunk Inc.
David Poncelow, Senior Software Engineer, Splunk Inc.
The Splunk Data Simulator lets you simulate sophisticated, real-time sample data for your Splunk apps. In this presentation, we'll describe current challenges in getting data for developing, testing, and demoing Splunk apps and demonstrate how this new tool can help. We'll walk you through the details of the Splunk Data Simulator—including its human-readable scripting language. We'll also present (live!) demos showing you how to use simulations to drive apps, and explain how Splunk Data Simulator can fit into your organization’s development and sales process.
Flight Center Travel: Service Decomposition
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Beginner
Industries: Travel & Transportation | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices, Customer Success Story | Session Type: Breakout Session | Solutions: Log Management, IT Operations
Rob Heaydon, Service Delivery Manager, Flight Centre Travel Group
Simon O'Brien, QLD, Splunk Inc.
Michelle Willis, Enterprise Operations Manager, Flight Centre Travel Group
The Flight Centre Travel Group (FCTG) consists of over 30 brands, over 1,200 physical sites, numerous online applications and thousands of employees. FCTG is using Splunk to gain insight into cloud services, voice services, authentication services and branch performance, among others. FCTG adopted Splunk ITSI to rapidly provide their teams with deep information about infrastructure, business processes and IT workflows. Join us for a demonstration of the ITSI adoption and implementation process. Both Flight Centre Travel Group and Splunk will demo this process, so you can go back home and implement it as well.
Forming, Storming, Norming, and Performing – Developing Enterprise Security Into an Effective Member of Your Security Team
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Beginner
Industries: Manufacturing | Products: Splunk Enterprise Security | Role: Architect, CTO, Security Analyst, Administrator | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Best Practices, App Ecosystem, Using Splunk, Security Use Case Development | Session Type: Breakout Session | Solutions: Security & Fraud
Michael Babischkin, IT Security Operations Manager, Sherwin-Williams
Dru Streicher, Ohio, The Sherwin-Williams Company
Introducing Splunk Enterprise Security (ES) into your environment is just like introducing a new member to your security team. In this session, we’ll walk you through our implementation process and how Sherwin-Williams developed use cases and tailored Splunk ES to become our Security Operations Center’s most important tool. As we’ve developed Splunk ES and the use cases used with it, we’ll also talk about how the SOC has adapted to Splunk and, finally, the metrics that we use to show the effectiveness of the Splunk and SOC team.
From API to APM using Splunk Add-on Builder
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Developer | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Security & Fraud
Elias Haddad, Product Manager, Splunk Inc.
Cheney Li, Dev lead, Splunk Inc.
Tom Martin, Staff Practitioner, Splunk Inc.
Gordon Wang, Principal Software Engineer, Splunk Inc.
Add-ons can import and enrich data from any source, creating a rich dataset ready for analysis in Splunk. We present an overview of Splunk Add-on Builder and show how this app makes onboarding data faster and easier. We’ll use a real-world example to demonstrate how the Splunk Add-ons for New Relic and AppDynamics and SolarWinds were built. Highlights of the demo include Splunk ITSI and Common Information Model mapping and validation with the click of a button.
From Monitoring and Alerting to Ensuring Mission Readiness Through Improved Availability
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Aerospace & Defense | | Role: Architect, Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Tunay Basar, VIRGINIA, Pernix Consulting LLc
This session shares how the need to monitor mission-critical systems grew into a desire to provide better availability and architecture of existing systems using Splunk.
From Zero to 100 in 100 Days, or "How Quickly Can You Drive Splunk Adoption?"
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Online Services, Technology | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Business Manager, CISO, Splunk Technical Champion, CIO, CTO | Track: Foundations | Session Focus: Business Innovation | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, IT Operations
Tom Gerhard, Fellow, Logging & Monitoring, priceline.com
Vidhya Ramachandran, Principal Software Engineer, Priceline.com
Priceline.com adopted Splunk in late 2016, going from turning on the system to full deployment in just over three months. In this discussion, we'll review the technical and organizational challenges that led us to Splunk and share our experiences implementing Splunk with a project team of five people, targeting more than 100 users and 3.5TB of daily data.
Getting Metrics Data In
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Communications, Energy & Utilities, Online Services, Media & Entertainment, Manufacturing, Retail, Financial Services, Non-Profit, Higher Education, Healthcare, Technology, Travel & Transportation | Products: Splunk Enterprise, Splunk Cloud | Role: Splunk Technical Champion, Operations Manager, Administrator, Architect, Security Analyst, Data Scientist/Analyst, Business Manager | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: IT Operations, Log Management, IoT & Industrial Data, Cloud Strategies, Application Delivery, Big Data
Michael Porath, Product Manager, Splunk Inc.
For years, Splunk has been the platform of choice to search, analyze, and visualize log and other event data. Newer IT stacks, signals from IoT devices, and increased use of KPIs tracked over time all have something in common: they require a platform that handles both logs and metrics at scale and with the performance appropriate for either data type. Learn in this session how Splunk brings together logs and metrics and how to ingest metrics from various sources.
Harnessing Robotic Microscopes, Artificial Intelligence and Deep Learning to Increase the Speed of Drug Discovery
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Healthcare, Manufacturing, Technology | Products: Splunk Enterprise | Role: Operations Manager, Data Scientist/Analyst | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Analyzing Data Types, Machine Learning, Customer Success Story | Session Type: Breakout Session | Solutions: Big Data, Business Analytics, IoT & Industrial Data
August Allen, Automation Scientist, Recursion Pharmaceuticals
Ben Miller, UT, Recursion Pharmaceuticals
Recursion Pharmaceuticals applies automation and data science to discover treatments for rare diseases. Splunk works as an ETL tool to feed data back to our data scientists and as a quality monitoring and diagnostics tool for laboratory instrumentation. Implementing a system like this in three months would not have been possible without several key technologies from Splunk. Universal forwarders collect data from instrumentation, the Splunk SDK for Python passes data back into more complex decision-making processes, Splunk DB Connect enriches our log data with quality metrics, and the Machine Learning Toolkit analyzes metrics to create interesting insights. During this talk we'll explain some of the basic concepts of Recursion's technology platform. Then we’ll dive into some of the details on how we've used Splunk to help develop and track metrics on laboratory performance as well as to detect and prevent mistakes in experiment processing.
How DHA and Leidos are Monitoring the Applications and Infrastructure of the World's Largest Healthcare System with Splunk
Wednesday, September 27, 2017 | 11:10 AM-11:55 AM Intermediate
Industries: Healthcare | | | Track: IT Operations | | | Session Type: Breakout Session | Solutions: IT Operations
Steve Mullins, System Architect, Leidos
Small healthcare systems are complex. Large healthcare systems are cumbersome and complex. On the contrary, the world’s largest healthcare system’s information technology and clinical applications are becoming more efficient and easier to understand and manage. Splunk and Leidos are helping this transformation by monitoring performance, availability, compliance, and configuration of the systems, networks, and applications. In this session, we will discuss and show what we are doing to keep stakeholders informed about the status of the DoD healthcare applications and it's computing infrastructure.
How to Use Splunk to Automate Troubleshooting in a Call Center Environment
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Beginner
Industries: Technology, Healthcare | Products: Splunk Enterprise | Role: Administrator | Track: IT Operations | Session Focus: Business Innovation | | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Travis McBee, Sr. Team Lead, Cerner Corporation
This session will show you how to use Splunk in a call center environment to reduce talk time, increase first contact resolution, and prevent caller frustration. The session will highlight what types of information you need to capture in logs and what actions you need to apply to the logs in order to make them usable for non-technical staff in a call center. We will include specific examples of how our group has executed on this initiative, including dashboard and process examples. The session will also cover how Splunk can help call center associates working on problem and event management. Finally, we will discuss the real-world results that we have experienced and how a similar process can be set up at other organizations.
How’d You Get So Big? Tips & Tricks for Growing Your Splunk Deployment from 50 GB/Day to 1 TB/Day
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Gareth Anderson, Middleware Specialist, IAG
This session will cover two main subjects: minimizing the amount of hardware your Splunk installation requires through performance tuning and troubleshooting a number of issues that will likely occur as your Splunk installation grows in size and users. This session aims to assist Splunk administrators with troubleshooting and tuning their growing Splunk installation.
Hunting the Known Unknowns: Finding Evil With SSL Traffic
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Advanced
| Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Threat Hunting | Other Topics: Applying Threat Intelligence / Context, Search Language, Security Use Case Development, Investigation, Analyzing Data Types | Session Type: Breakout Session | Solutions: Security & Fraud
Steve Brant, Senior Security Strategist, Splunk Inc.
Ryan Kovar, Staff Security Strategist, Splunk Inc.
This year’s “Hunting” session will describe how to find malicious adversaries using SSL. The talk will cover new ways to log SSL/TLS certificates and how to find malware in your network using SSL certificates (and more!). Throughout this session we will show you what TLS certificates are used for, how they can be used to find evildoers on your network and other ways you can use SSL traffic to find the "unknowns." Finally, we will release a TLS/SSL hunting Splunk app for attendees to take home to start immediately implementing these techniques on their own network!
ICS Defender: Using Splunk to defend industrial networks
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
Industries: Energy & Utilities | Products: Splunk Enterprise | Role: CIO, Security Analyst, Operations Manager, Splunk Technical Champion, Administrator, Architect, CISO, Business Manager, CTO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: ODBC, Platform Extensibility, Cloud Strategies, Using Splunk, App Ecosystem, Visualizations, Best Practices, Customer Success Story, Content, Automation, Alert Actions, HTTP Event Collector, Search Language, Machine Learning, Ransomware, Powershell, Tuning Alerts, Adaptive Response, Anomaly Detection, Analyzing Network Data, Analyzing Endpoint Data, Applying Threat Intelligence / Context, Attack Scenarios, Containers (Docker, etc.), Wire Data and Network, Mobile App Monitoring, What's New, SecOps, Investigation, Forensics, Posture Assessment, Analyzing Data Types, Security Use Case Development, Behavioral Analytics and Machine Learning, Nerve Center, Diversity in Technology, Investigate, Search, Basic Content, Framework, Workflow, Getting Data In, Managing Splunk, Dev Tools, Logging Frameworks, Amazon Web Services, Unix and Linux, Microsoft Exchange, DB Connect | Session Type: Breakout Session | Solutions: Security & Fraud, IoT & Industrial Data
Drew Hunt, Malware & Threat Intel Lead, Bechtel
Patrick Orr, Network Engineer, Bechtel
Bechtel Industrial Control Systems Lab has been researching and developing uses for Splunk in defense of control systems networks. As we have penetrated and tested attacks against ICS systems, we have developed better ways to document and maintain laboratory network states to identify an introduced adversary. Our dashboard developments bring these intrusions to the attention of control systems operators who can then take immediate action.
ITSI in the Wild – Why Micron Chose Splunk IT Service Intelligence and Lessons Learned
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Alert Actions, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations
Michael Scully, IT Area Lead - Automation, Micron Technology
Joe Trimmings, IT Manager, Micron
Micron needed real-time monitoring, faster incident resolution and improved governance, while delivering demonstrable business value. With a vision of making operations faster, more cross-functional and easily accessible, Micron turned to Splunk IT Service Intelligence (ITSI). In this session, we will cover why Micron chose Splunk ITSI, advantages gained, implementation best practices and lessons learned. We will also touch on some advanced topics, such as custom reporting with Splunk ITSI.
Illuminating Value – Real-Time Point-of-Sale (POS) Analytics
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
Industries: Retail | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Getting Data In, Analyzing Data Types | Session Type: Breakout Session | Solutions: Big Data, IoT & Industrial Data, Business Analytics
Mike Hineline, Technology Strategy Senior Manager, GTM Strategy Lead for Products in Retail, Accenture
Tommy Lam, Senior Strategy Consultant, Accenture
Frank Savino, Senior Principle, Supply Chain & Operations, Accenture
Combining POS, store inventory, and loyalty and marketing data with real-time Splunk analytics, Accenture is developing a bleeding-edge solution that will transform retailers into digital businesses. Attend this meeting to learn how Accenture is preparing retailers to solve difficult use cases, including out-of-stock, waste, fraud, returns, real-time cart expansion, and PCI compliance. You will learn how a digital business with advanced customer experience and operations capabilities can capture new revenue and reduce leakage that can add up to hundreds of millions of dollars!
Improve Customer Satisfaction by Understanding User Feedback with Splunk Machine Learning Toolkit (MLT) and Splunk DB Connect
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Travel & Transportation, Online Services | Products: Splunk Enterprise | Role: Data Scientist/Analyst | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Machine Learning, Customer Success Story, DB Connect, Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: Business Analytics
Sebastian Fernandez, Digital Analytics Manager, LATAM AIRLINES GROUP
What do you do with your user feedback? Using DBX and the MLT with algorithms like KMeans and TFIDF, we are able to give our agile development teams the input and tools they need to build and maintain high-quality products, focusing on fixing errors that have the greatest impact on customer satisfaction and building the features customers ask for.
Ingesting AWS Data at Scale Using Kinesis Firehose
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Public Sector, Aerospace & Defense, Online Services, Healthcare, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Communications | | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Elias Haddad, Product Manager, Splunk Inc.
Yiyun Zhu, Sr. UX engineer, Splunk Inc.
Kinesis Firehose is a fully managed service for delivering real-time data to data storage and analytical destinations. Splunk and AWS are partnering to deliver a highly scalable integration by adding Splunk as a new destination to Kinesis Firehose. Using this integration, you will be able to ingest high volumes of AWS data at scale and in near real-time.
Integrating Splunk and AWS Lambda: Big Results at Fast-Food Prices
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Cloud | Role: CISO, CIO, Architect, Developer, Operations Manager, Security Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations, Cloud Strategies
Siddhartha Dadana, Lead Security Engineer, FINRA
Gary Mikula, Senior Director, Cyber & Information Security, FINRA
Kuljeet Singh, Lead Security Engineer, FINRA
During this session, members of FINRA’s cyber and information security team will discuss how they took advantage of the benefits of serverless computing and the power of the Splunk platform to address some key concerns about the cloud. The speakers will show how integrating Splunk and Lambda resulted in a more successful and cost-effective set of solutions from three distinct vantage points: development, security, and DevOps. Are you willing to spend the cost of a cheeseburger every month for better security? Come and find out why you should.
Introducing Splunk Validated Architectures
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Aerospace & Defense, Manufacturing, Retail, Online Services, Financial Services, Media & Entertainment, Energy & Utilities, Communications, Public Sector, Technology, Travel & Transportation, Healthcare, Higher Education, Non-Profit | Products: Splunk Enterprise | Role: Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: Log Management, IoT & Industrial Data, IT Operations, Big Data
Dritan Bitincka, Principal Architect, Splunk Inc.
Sean Delaney, Principal Architect, Splunk Inc.
Stefan Sievert, Staff Architect, Splunk Inc.
Learn how to architect stable and efficient Splunk deployments using Splunk Validated Architectures (SVAs). These certified architectures will help you avoid the pitfalls of custom-built snowflakes and better align with Splunk best practices. You will learn how SVAs can help build environments that are easy to maintain and that perform efficiently, simplify troubleshooting and scale with your needs. Best of all, this work will provide a repeatable architectural Splunk foundation.
Keeping Track of All The Things: A Splunk Enterprise Security Use Case and Content Management Story
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Public Sector, Technology | Products: Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | | Session Type: Breakout Session | Solutions: Security & Fraud
Matt Parks, Security Analytics Lead, Kaiser Permanente
Ruperto Razon, Sr. Threat Analyst, Kaiser Permanente
As your Splunk ES deployment matures, how do you organize your content to provide the threat and use-case visibility your security team and management require? Questions arise such as are we covered for a specific threat? What is the efficacy of our security tools? Do our current use cases work as designed? How do we organize and prioritize all the disparate requests for content from inside and outside our org? These can be difficult and time-consuming questions to answer. But by building a robust use case development life cycle, you will be able to leverage the content you have already created in Splunk ES to answer these questions. Not only will it provide the requisite visibility, but it will also allow you to continuously improve your Splunk ES content. Hear how Kaiser Permanente has built a robust use case/content-development life cycle to provide these answers for today and the future.
Keeping Your Medical Center CIO Engaged: Using Splunk to Increase Real-Time IT Operation Transparency, and Creating Insights Into Clinical/Patient Data
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Beginner
Industries: Healthcare | Products: Splunk Enterprise | Role: Architect | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Using Splunk, Customer Success Story, Analyzing Data Types | Session Type: Breakout Session | Solutions: IT Operations, Business Analytics
Kun Deng, Solutions Architect, University of Michigan Health System
Kalpesh Unadkat, IT Monitoring Lead, University of Michigan Health System
In this session, we introduce the ever-increasing use of the Splunk platform in a medical center environment. Particularly, we’ll discuss how an infrastructure team uses data from real-time IT operations and electronic medical systems, to provide a real-time single pane of glass view of the enterprise for the CIO.
Know Your Insider: Unmasking Lateral Movement with Splunk UBA
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
| Products: Splunk User Behavior Analytics | Role: CISO, Security Analyst, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Anomaly Detection, Machine Learning, Investigation, Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: Security & Fraud
George Apostolopoulos, Dir Engineering, Splunk Inc.
Satheesh Kumar Joseph Durairaj, Data Scientist, Splunk Inc.
Stanislav Miskovic, Principal Data Scientist, Splunk Inc.
In this session, we ‘ll discuss the efficacy of Splunk User Behavior Analytics (UBA) in addressing complex cyber threats. We demonstrate the advanced capabilities of Splunk UBA to combine heterogeneous types of data sources and state-of-the-art machine learning algorithms in the discovery of one of the most devastating insider threats – the lateral movement threat. This threat is launched in a way that cannot be detected by either network protection systems (such as firewalls) or endpoint protections (such as endpoint IDSs or log analyzers). Namely, we combine smart phishing and drive-by exploits to bypass protections by firewall signatures, as well as the in-memory hijacking of credentials via Meterpreter or any ethical hacking tools to bypass endpoint security solutions. Nevertheless, algorithms implemented in the Splunk UBA are capable of identifying threats by combing firewall and endpoint data and pointing to exact machines and credentials compromised by the insider's lateral movement.
Legacy SIEM to Splunk, How to Conquer Migration and Not Die Trying
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
| Products: Splunk Enterprise Security | Role: Architect, Administrator, Security Analyst, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | | Session Type: Breakout Session | Solutions: Security & Fraud, Log Management
Risi Avila, Splunk Security Consultant, Splunk Inc.
Ryan Faircloth, Mr, Splunk Inc.
Years in the making by multiple teams and leaders, a legacy SIEM is a complex, opaque platform…possibly no living person understands it completely. That's why Splunk has applied an analytics-based approach to identify what's valuable from existing detections and functions – as opposed to busy work and noise – when creating and implementing Splunk Enterprise Security. This approach builds on the foundations of the Splunk Professional Services Security Use Case practice to deliver success where lift-and-shift has failed before. Two experienced Splunk Security practitioners walk you through the approach to identify what should be migrated and what should be replaced from your existing SIEM.
Leidos - Our Journey to Splunk IT Service Intelligence (ITSI)
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Beginner
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Customer Success Story, Alert Actions | Session Type: Breakout Session | Solutions: IT Operations
Donald Mahler, Director of Performance Engineering, Leidos
Historically, the focus of Splunk IT Service Intelligence (ITSI) has been glass tables and deep dives. But the practical work of operational awareness and alert management is done by a manager of managers (MoM), or in ITSI terms, the "notable events." Event acquisition issues, rules engine development and automation are just as important and worthy of consideration. Join us in this session for an examination of how Leidos IT replaced an aging MoM with Splunk ITSI.
Lesser Known Search Commands
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Communications, Energy & Utilities, Media & Entertainment, Financial Services, Manufacturing, Online Services, Retail, Non-Profit, Higher Education, Travel & Transportation, Healthcare, Technology, Diversity in Technology, Public Sector, Aerospace & Defense | Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, siteReliabilitySystemsEngineer, Developer, Operations Manager, Security Analyst, Splunk Technical Champion, Administrator, Architect, Business Manager | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Search Language, Search | Session Type: Breakout Session | Solutions: Cloud Strategies, Application Delivery, Big Data, IT Operations, Log Management, Security & Fraud, IoT & Industrial Data, Business Analytics
Kyle Smith, Integration Developer, Aplura
Learn new and lesser-known SPL Search Commands! Hear from the Sorcerer of SPL on how you can extend your knowledge of Splunk queries and subjugate the search bar! In this session we’ll also cover lesser-known and understood commands such as streamstats, map, gentimes, untable, and more! Wow your bosses, friends, and other magicians! (Doves not included.)
Let's Get Hands-On With Splunk Enterprise Security and Real Boss of the SOC Data
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
| Products: Splunk Enterprise Security | Role: Administrator, Security Analyst, Splunk Technical Champion, Operations Manager, CISO | Track: Security / Compliance / Fraud | Session Focus: SOC | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud
Ryan Kovar, Staff Security Strategist, Splunk Inc.
Join this session to learn how to use Splunk Enterprise Security (ES) using real data from the Boss of the SOC contest. Please bring your laptop to this 90-minute hands-on session showing how Splunk ES fits into the incident response lifecycle.
Machine Learning & Splunk: The Splunk Machine Learning Toolkit in Action
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Communications, Online Services, Technology | | Role: Data Scientist/Analyst, Operations Manager, Administrator | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Behavioral Analytics and Machine Learning, Machine Learning, Customer Success Story | Session Type: Breakout Session | Solutions: IoT & Industrial Data, IT Operations
Iman Makaremi, Senior Data Scientist, Splunk Inc.
Andrew Stein, , Splunk Inc.
Splunk has engaged with several customers to solve their problems using the Splunk Machine Learning Toolkit. In this talk, we will discuss their use cases and discuss how the Machine Learning Toolkit may be applicable to your work.
Making Sense of the Web With Splunk Stream
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Online Services, Financial Services, Technology, Retail | Products: Splunk Enterprise, Splunk Cloud | Role: Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Architect | Track: Security / Compliance / Fraud | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations, Security & Fraud
Jim Apger, Sr. Security Architect, Splunk Inc.
Whether you’re interested in web analytics for application-performance management and microservices, IT operations, security or fraud, don’t miss out on one of the richest sources of data within your environment: stream:http. The real-world success stories, advanced use cases and ease of deployment make Splunk Stream your secret weapon for the collection of valuable metadata.
Making the Most of the Splunk Scheduler
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
| Products: Splunk Enterprise, Splunk Cloud | Role: Administrator | Track: Foundations | Session Focus: What the Splunk?!?! | Other Topics: Using Splunk, Managing Splunk, Search, Best Practices | Session Type: Breakout Session | Solutions: Big Data
Paul Lucas, Principal Software Engineer, Splunk Inc.
The ability to generate reports on a periodic schedule is one of the core features of Splunk Enterprise. Scheduling many reports naively can lead to some getting skipped which can then lead to taking action (or not taking it) based on incomplete information. A detailed knowledge of how the scheduler works, including its new features (auto windows, priority increases, skewing), can enable you and your users to use your existing hardware resources to generate reports more effectively.
Manage Enterprise-Level Amazon Web Services (AWS) Services With Splunk Solution
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Technology | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion, Administrator | Track: IT Operations | Session Focus: Monitoring and Triaging | | Session Type: Breakout Session | Solutions: Application Delivery
Peter Chen, Engineer Manager, Splunk Inc.
Elias Haddad, Product Manager, Splunk Inc.
Managing an enterprise-level Amazon Web Services (AWS) account is challenging work. Most enterprises are answering the same four questions: “How do we optimize costs?” “How can we strengthen security?” “How do we apply best practices?” “How can we simplify troubleshooting?” The Splunk solution, constituting the AWS app and the AWS add-on, can help customers achieve these goals easily. With the AWS add-on, data from multiple AWS accounts can be collected securely, efficiently, and in real time. The AWS app can not only perform searches and view standard dashboards, but it can also offer more intelligent management with topology, timeline, anomaly detection and smart alerting. In this session, we will share several case studies on topics such as managing billing reports, optimizing reserved instances, topology and anomaly detection.
Master the Dark Arts: Demystifying Splunk Architecture
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Technology | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Architect, Business Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Cory Minton, Principal Engineer, Dell EMC
Out of the shadows we will come, bearing closely guarded secrets, collected from the dark corners of the world. We’ll show you how to implement Splunk for optimal performance and scalability. Step behind the curtain and learn how small changes in your log files can have massive impacts on infrastructure, whether in the public or private cloud. Uncover how to safely prepare for the unknowns of Splunk Enterprise Security deployments. Discover exactly how you, as a Splunk administrator, can communicate your needs to IT operations and their vendors to ensure your success. Master these dark arts and come into the light!
Measuring HEC Performance for Fun and Profit
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Developer, Administrator | Track: Foundations | Session Focus: Splunk Internals | Other Topics: Using Splunk, HTTP Event Collector, Getting Data In | Session Type: Breakout Session | Solutions: Application Delivery, Log Management, IT Operations, Big Data
Clif Gordon, Principal Software Engineer, Splunk Inc.
Itay Neeman, Director of Engineering, Splunk Inc.
Abby Sessions, Software Engineer, Splunk Inc.
Splunk's HTTP Event Collector (HEC) is one of the most popular ways of getting data into Splunk, whether from custom applications, WebHooks or Docker. You can use HEC in a variety of configurations, and you have many ways to use the HEC APIs. This presentation will help you better understand HEC: We will go over how Splunk measures different configurations, what scenarios we cover, and the tooling we use to do it all in an automated fashion. We will also go over the results we see internally and share best practices on how to successfully deploy HEC in your environment for maximum performance.
Metrics Analysis With the Splunk Platform
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Intermediate
Industries: Energy & Utilities, Retail, Online Services, Non-Profit, Media & Entertainment, Financial Services, Manufacturing, Communications, Technology, Travel & Transportation, Healthcare, Higher Education | | | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Log Management, Big Data, IoT & Industrial Data, IT Operations
Michael Porath, Product Manager, Splunk Inc.
Splunk's new metrics capabilities allow users to better visualize time series for analysis and investigation purposes. This talk will introduce you to working with metrics in Splunk, covering improvements to the visualizations and user interface, as well as tips to visualize, create reports and monitor dashboards using data from metrics sources and log events.
Monitor and Secure Your Microsoft Azure Environment With Splunk
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Public Sector, Higher Education, Healthcare, Travel & Transportation, Technology, Energy & Utilities, Aerospace & Defense, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Communications | Products: Splunk Enterprise | Role: Administrator, Architect, CIO, Developer, CTO, Operations Manager | Track: Foundations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Business Analytics, Big Data
John Kemnetz, Program Manager, Microsoft
This session will walk through Microsoft Azure's new approach to powerful, flexible logging across all layers of your stack, enabling you to deploy, configure and gain insight on your Azure infrastructure with the Splunk platform in a matter of minutes. We'll introduce some exciting capabilities of Azure Monitor that help you easily direct everything, from VM-level syslog events to Azure service-health events to your Splunk instance. We'll then discuss best practices for monitoring and securing your environment using these events in Splunk with queries and dashboards.
Monitoring Docker Containers with Splunk
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Aerospace & Defense, Technology, Public Sector, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Online Services, Retail | | Role: Developer, Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Application Delivery, IT Operations
Marc Chéné, Director, Product Management ITOA, Splunk Inc.
Containers – especially from Docker – have changed the way organizations build, ship and run their applications. Containers reduce problems by ensuring what worked in dev works in production. They can also be orchestrated to scale applications. With these opportunities come monitoring challenges.
Monitoring End User Experiences With Splunk and New Relic
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Technology, Travel & Transportation, Public Sector, Retail, Online Services, Communications, Financial Services, Media & Entertainment | | Role: Developer, Splunk Technical Champion, Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Application Delivery
Abner Germanow, Senior Director of Partner and Strategic Marketing, New Relic
When your digital experience is your brand experience, understanding what your customers go through is critical. Troubleshooting and optimizing their experiences requires visibility into metrics, traces and logs. In this session, we'll demonstrate how to use the combined power of New Relic's real-user monitoring and application performance monitoring with Splunk to keep teams focused on identifying issues before customers tweet, fixing problems fast and knowing what to tackle next.
Monitoring Radiation Exposure with DICOM and Splunk
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Healthcare | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Operations Manager, Architect, CIO, Business Manager, CTO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations, IoT & Industrial Data, Big Data
Derek Merck, Director of the 3D Lab, Rhode Island Hospital
Monitoring radiation exposure from diagnostic imaging is important for patient safety, but the existing systems for addressing this suffer from high latency, lack of introspection, and astronomical pricing and maintenance costs. At Rhode Island Hospital, we developed an inexpensive, powerful tool for monitoring radiation exposure from our 60,000 annual computed tomography studies, using an open-source DICOM server and Splunk. This system meets Joint Commission requirements for comparing radiation exposure to external benchmarks; provides near-real-time email alerts for results exceeding internally set threshold values; and allows for rapid, interactive exploration and intervention of potential problems.
Multi-Tenancy : Achieving Security, Collaboration, and Operational Efficiency
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Higher Education, Manufacturing, Healthcare, Public Sector | Products: Splunk Enterprise, Splunk User Behavior Analytics | Role: CTO, Splunk Technical Champion, Administrator, Architect, CIO, Operations Manager | Track: Foundations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: Log Management, Application Delivery, IT Operations
Benjamin August, Senior Solutions Engineer, UNC Chapel Hill
David Safian, Sr. Systems Engineer, University of North Carolina at Chapel Hill
Initially used by a single workgroup, Splunk is now being used by over 90 groups on UNC's campus. We will discuss our deployment strategy and how the management of roles, apps and indexes is used to provide data isolation while contributing to cross-functional collaborations and more effective reporting.
Navigating Data Quality Issues for Better Decision Making
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
Industries: Communications, Retail, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities, Healthcare, Higher Education, Non-Profit, Diversity in Technology, Public Sector, Aerospace & Defense | Products: Splunk Enterprise | Role: Architect, Business Manager, CISO, CIO, Security Analyst, CTO, Operations Manager, siteReliabilitySystemsEngineer, Splunk Technical Champion, Data Scientist/Analyst, Administrator, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Diversity in Technology | Session Type: Breakout Session | Solutions: IT Operations, IoT & Industrial Data, Big Data, Business Analytics, Application Delivery, Log Management, Cloud Strategies, Security & Fraud
Yanpei Chen, CALIFORNIA, Splunk Inc.
Archana Ganapathi, CA, Splunk Inc.
In today’s digital revolution, organizations must be data driven or they will be left behind. Regardless of the analytics techniques used, analysis is ultimately only as useful as the data fed into it. In other words, “garbage in, garbage out.” Not all data is created with downstream usage implications in mind. Furthermore, data quality is highly subjective and what appears as useless for one business decision may actually be the most telling attribute for another decision. The onus is often on the data scientist to bridge the gap between data context and analysis interpretation. In this session, we will delve into various common data-quality issues and how to minimize their impact on analytics quality. We will share best practices for designing data-collection interfaces that mitigate ambiguous and incorrect data semantics. Last, we will discuss various processes that help us ensure data harmony within an organization.
Observations and Recommendations on Splunk Performance
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator | Track: Foundations | Session Focus: Splunk Internals | | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations, Log Management, Application Delivery, IoT & Industrial Data, Business Analytics, Big Data
Brian Wooden, Global Strategic Alliances, Splunk Inc.
Simeon Yep, AVP, Sales Engineering GSA, Splunk Inc.
This session will cover a performance analysis of Splunk indexing and search workloads under various conditions and environments (physical, virtual). Focus will be around debunking common misconceptions, presenting key findings and offering guidance.
Operationalizing Continuous Diagnostics and Mitigation (CDM) Data to Enhance Cybersecurity Operations
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Intermediate
Industries: Public Sector | Products: Splunk Enterprise | Role: Administrator, Architect, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: SOC | | Session Type: Breakout Session | Solutions: Log Management, IT Operations, Security & Fraud
Jason Deshano, CDM Systems Architect, Booz Allen Hamilton
Shea Pendleton, , Booz Allen Hamilton
Ingesting and managing complex datasets in cybersecurity operations is a challenge as modern SOCs must collect and analyze near real-time data from a wide variety of sources. Through the Department of Homeland Security CDM program, Booz Allen addressed this challenge by deploying Splunk Enterprise across nearly 80 percent of .gov entities, resulting in improved visibility of vulnerabilities associated with 12M+ devices across 13 federal departments and agencies. Aggregating CDM data, event logs, audit/compliance logs and threat intelligence through Splunk has provided agency SOCs greater insight, enriched datasets and an understanding of APTs. This effort provides a better understanding of configurations and associated risks, allowing security tools to be tuned to decrease false-positive events and reduce the attack surface. This presentation will illustrate how Booz Allen improved security at OPM and how we are elevating Splunk deployment to enable security use cases at NASA.
Optimizeing Fullfillment Processes in Complex Industry 4.0 Environments at Bosch
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Manufacturing | Products: Splunk Enterprise | Role: Business Manager, Architect, Administrator, CIO, Operations Manager, CTO, Splunk Technical Champion | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story, Machine Learning, Anomaly Detection | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Hans-Werner Cedl, Architect, Robert Bosch GmbH
Modern manufacturing industries face the challenge of process complexity and lack of visibility in heterogeneous system landscapes. Optimizing such processes leads to higher efficiency, lower costs and increased customer satisfaction. In this session you’ll learn how Bosch uses Splunk to gain full visibility into a heterogeneous system landscape that includes SAP, MES and Middleware. To support high availability and data quality for critical systems, Bosch developed specialized data collection methods. The company uses accelerated data models to achieve fast analysis over months of historical data, gaining long term as well as ad hoc insights. With the help of alerts, stakeholders are informed about critical or unusual process behavior and can react faster to incidents, successfully decreasing negative business impacts.
Payment Cards and Risk: How to Detect Stolen Cards, Pinpoint Suspicious Merchants and Uncover Compromised Payment Terminals
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Online Services, Retail, Financial Services | Products: Splunk Enterprise | Role: Administrator, Business Manager, Developer, Operations Manager, Data Scientist/Analyst, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Security & Fraud
Gleb Esman, Senior Product Manager, Anti-Fraud, Splunk Inc.
This session will explain how Splunk can be used to handle a wide range of fraud scenarios: from detecting suspicious transactions and calculating risk scores of debit and credit cards to analyzing transactional and timing anomalies. We'll share a live demonstration of a custom fraud detection application that provides risk analysis of merchants and payment terminals, risk scoring of individual transactions and detailed investigations of buying activities.
Power of SPL
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Communications, Energy & Utilities, Retail, Media & Entertainment, Manufacturing, Financial Services, Online Services, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector | Products: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence, Splunk Cloud, Splunk User Behavior Analytics | Role: Administrator, Architect, Operations Manager, Security Analyst, Splunk Technical Champion, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Cloud Strategies, IoT & Industrial Data, IT Operations, Big Data, Security & Fraud, Application Delivery, Business Analytics, Log Management
Stephen Luedtke, Sr. Technical Marketing Manager, Splunk Inc.
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk’s simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions and, finally, data science and exploration. We’ll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!
Productizing Machine Learning (ML) for Behavior Modeling and Security
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
| Products: Splunk User Behavior Analytics | Role: Data Scientist/Analyst, Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data
Ravi Bulusu, Architect, Splunk Inc.
Marios Iliofotou, Data Science Engineer, Splunk Inc.
Running complex algorithms in a distributed production environment is challenging. In order for the entire system to work correctly, many independent tasks need to run successfully. This requires a robust orchestration layer to control the execution/scheduling of all the complex streaming and batch ML models. Streaming models allow for faster response to time-sensitive events, and batch models allow for powerful correlations across entities and data inputs. In this talk, we explain how the Splunk User Behavior Analytics (UBA) orchestration layer applies Docker and Kubernetes so that any new custom logic, streaming or batch will not affect the stability of the whole system. Finally, we demo how to create a custom batch model using Splunk UBA’s Software Development Kit (SDK). Effectively, the SDK and the orchestration layer provide the means to easily and securely incorporate custom logic into any Splunk UBA environment.
PwC: Using Splunk ITSI to Measure the End-to-End User Experience
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Financial Services, Technology | Products: Splunk IT Service Intelligence, Splunk Enterprise | Role: Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Analyzing Network Data, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations
Patrick Combs, , PwC
Charles Hamrick, IT Director Operations Analytics, PwC
This session illustrates how we use Splunk and IT Service Intelligence to collect and analyze desktop, network, server and application data to build a comprehensive picture of the user experience. Integrating Splunk functionality with third-party tools such as uberAgent and AppDynamics to calculate end-to-end behavior helps you measure user satisfaction with IT systems. As a result, you can plan successful deployments of applications and upgrades.
Quickly Advance Your Security Posture With Splunk Security Essentials
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Security Analyst, Administrator, Splunk Technical Champion | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | | Session Type: Breakout Session | Solutions: Security & Fraud
David Veuve, Principal Security Strategist, Splunk Inc.
Whether you're looking to reduce breaches, set up monitoring to anticipate attacks, or build more predictive capabilities, you will learn to apply the power of Splunk’s search processing language (SPL) via the Splunk Security Essentials App. We'll also present how to tighten your security with actionable searches that you can use immediately. All of the examples will have demo data, but you will see how you can apply custom data in your own environment. In this session, you will learn how to: – Optimize and make Splunk search work for you, so you can quickly gain insights into your data to identify and describe security impacts and potential threats – Detect unusual and potentially malicious activity using Splunk Enterprise statistical and behavioral analysis capabilities – Find unusual activities
Real-World Cases of Insider Threat: Combating Malicious IT Insiders
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Aerospace & Defense | Products: Splunk Enterprise | Role: CISO, Security Analyst, Data Scientist/Analyst, Administrator, CIO | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Behavioral Analytics and Machine Learning, Security Use Case Development, Anomaly Detection | Session Type: Breakout Session | Solutions: Security & Fraud
Craig Lewis, IT Manager, Software Engineering Institute, Carnegie Mellon University
Joe Tammariello, Information Security Analyst, Software Engineering Institute, Carnegie Mellon University
Richard Voninski, Colorado, Splunk Inc.
In this session, we describe actual cases — found by reviewing cases from the CERT Insider Threat Database — where malicious IT insiders misused their privileges to subvert controls and sidestep security measures. Lastly, we turn to discuss how you can use the Splunk platform to detect malicious activity and ensure monitoring is taking place.
Regex in Your SPL
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Travel & Transportation, Healthcare, Technology, Aerospace & Defense, Public Sector, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Energy & Utilities, Communications, Higher Education, Non-Profit | Products: Splunk Cloud, Splunk Enterprise Security, Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, Operations Manager, Developer, Administrator | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Search Language, Search | Session Type: Breakout Session | Solutions: Big Data, IT Operations, Security & Fraud, Log Management, Application Delivery
Michael Simko, Instructor / Sr. Engineer, Kinney Group
“Regex in Your SPL” is a friendly introduction to using regular expressions in your Splunk searches. In this session, we'll teach you how to use regex to extract nonpersistent fields, how to use regex to filter data and how to use regex to change the values being returned.
Republic Services Inc.’s Operational Intelligence: Where the Rubber Meets the Road for Operationalizing Splunk ITSI
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Technology, Energy & Utilities | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Customer Success Story, Alert Actions | Session Type: Breakout Session | Solutions: Log Management, IT Operations
Nate Smalley, 3, Splunk Inc.
James Wilson, IT Manager, Service Operations, Republic Services
Has your team struggled with transforming business needs into engineering efforts and then executing those critical tasks to achieve the KPIs you need? Has the team implemented point products that in turn led to insulated knowledge and slowdown in mean time to repair? Join Republic Services Inc. and Splunk as we discuss step-by-step methodology for crafting those engineering efforts and producing meaningful KPIs by partnering with the business and service teams to build, operationalize and provide KPIs, notable events and visualizations for all parties through Splunk ITSI.
Revealing the Magic: The Life Cycle of a Splunk Search
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
| Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Internals | | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Kellen Green, London, Splunk Inc.
To many, using Splunk can feel like magic at times. For curious souls, we offer this glimpse behind the curtain – a technical walkthrough of everything that goes into a search on Splunk. This session will provide a behind-the-scenes look at the life cycle of a Splunk search, and we’ll discuss ways you can avoid common search bottlenecks to improve performance of your own instances.
Running Enterprise Security at Capacity: Tuning ES With Data Model Acceleration
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Technology, Public Sector, Aerospace & Defense | Products: Splunk Enterprise Security | Role: Security Analyst, Administrator, Architect | Track: Security / Compliance / Fraud | Session Focus: SOC | Other Topics: Best Practices, Using Splunk | Session Type: Breakout Session | Solutions: Security & Fraud
Gabriel Vasseur, Senior Cyber Security Analyst, Thales UK
Achieve accuracy in times of austerity! Based on a true story. Data model acceleration allows you to make the most of limited hardware and run something like Enterprise Security or ITSI with accuracy. We'll go from scratch to having a really good grasp on data models and their acceleration. Learn how to monitor acceleration and backfilling, minimise lag, and how to best leverage DM acceleration and avoid pitfalls that could degrade your detection accuracy. Includes source for a few key dashboards and searches.
SPL Optimization - the Why, the What and the How
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Technology, Communications, Energy & Utilities, Financial Services, Public Sector, Aerospace & Defense, Media & Entertainment, Travel & Transportation, Healthcare, Higher Education, Non-Profit, Online Services, Retail, Manufacturing | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Data Scientist/Analyst, Administrator, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Search Language, Managing Splunk, Using Splunk, What's New, Best Practices | Session Type: Breakout Session | Solutions: IT Operations, Log Management, Security & Fraud, Big Data, Cloud Strategies, IoT & Industrial Data
Manan Brahmkshatriya, Principal QA Engineer, Splunk Inc.
Alex James, Principal Product Manager, Splunk Inc.
Splunk recently introduced automatic SPL optimization, a powerful feature to help refine searches, and maximize efficiency. In this session you'll learn why optimization is so important in Splunk, the basic optimization principles, and what Splunk handles for you automatically. You will even learn how to give hints to the optimizer so it can do an even better job speeding up your searches.
Search Head Clustering – Basics to Best Practices
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Healthcare, Financial Services, Energy & Utilities, Communications, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Manufacturing, Media & Entertainment, Retail, Online Services, Non-Profit, Higher Education | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, IoT & Industrial Data, Application Delivery, Cloud Strategies, Business Analytics, Big Data, IT Operations
Bharath Aleti, Sr Product Manager, Splunk Inc.
Manu Jose, Sr Software Engineer, Splunk Inc.
This session will provide an overview of search head clustering (SHC), including recent additions and best practices for managing a search head cluster for distributed search. Search head clustering is Splunk's horizontal scaling solution for searches. As enterprises on-board more users onto Splunk deployments – and thus increase the need for dashboards and alerts – search heads need to be scaled out to manage the load. SHC solves this problem by providing a highly available and scalable search. This includes in-depth coverage of SHC internals such as captain election, conf and bundle replication and new additions to SHC in recent releases.
Security Ninjutsu Part Four: Attackers Be Gone in 45 Minutes of Epic SPL
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Security Analyst, Architect, Administrator, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Security & Fraud
David Veuve, Principal Security Strategist, Splunk Inc.
My favorite part of any spy movie is the gadgets. You see a spy in normal attire, without knowing that the jacket is bulletproof and the watch shoots amnesia darts. That spy is prepared for anything. Writing security searches in SPL is much the same—so you can call me Q. In past Security Ninjutsu sessions, we’ve covered many foundational elements common among security searches. This year, we are bringing the ninja, and it’s going to be epic. We’ll spend 60 minutes covering all the awesome search techniques used by Splunk Security Ninjas from around the world. There will be an app and a massive PDF. Attendance of prior Ninjutsu sessions not required, though available at dvsplunk.com.
Shrinking the Elephant in the Room: Maximizing Logs’ Business Value with AWS
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Advanced
Industries: Technology | Products: Splunk Enterprise | Role: Developer, Splunk Technical Champion, Administrator | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Big Data, Log Management
Chris Gordon, California, Yelp
Zachary Musgrave, Lead Engineer, Yelp
Patrick Shumate, Solutions Architect, AWS
Learn to maximize your ingested logs’ value in Splunk! This session demonstrates leveraging DevOps principles and AWS cloud products to reduce your cluster’s storage needs while still meeting your users’ data requirements. Responding to and unifying all stakeholder needs and concerns is key to effective DevOps; this session provides a framework and techniques for bringing such unity to Splunk. We’ll start by using Amazon SQS to ingest logs stored in S3, and we’ll show you how to best make use of its ability to ingest (or reingest) logs on demand. Next, we’ll use summary indexing to pick and choose data you want to retain forever at insignificant cost. This is especially useful for systems like Puppet, Jenkins, Nginx and Apache. They produce high volumes of events that are essential to DevOps teams when newly ingested but, as the data ages, its overall trends and summaries provide all the value. If you do need access to specific older data from these sources, you can use SQS to reingest it for analysis. In the second part of this talk, we’ll focus on measuring the business value of each gigabyte you’ve indexed by source type and by retention window. These strategies help DevOps teams track and justify their joint decisions. By maximizing your data’s overall utility, you can better support users who make large demands on your Splunk cluster’s resources. We’ll end by demonstrating how you can use these data to determine the most appropriate retention settings and AWS storage options for each of your logs, enabling you to put your newfound business insight into action.
Speed Up Your Searches!
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Energy & Utilities, Communications, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Public Sector, Aerospace & Defense, Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Developer, Architect, Data Scientist/Analyst, Administrator | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Using Splunk, Best Practices, Search Language | Session Type: Breakout Session | Solutions: Security & Fraud, Application Delivery, Big Data, IT Operations, Log Management, IoT & Industrial Data, Cloud Strategies, Business Analytics
Satoshi Kawasaki, CA, Splunk Inc.
How to speed up existing searches is one of the most common inquiries Splunk receives from customers, and it’s an important skill that our Professional Services team regularly uses. Splunk has many methods to speed up a search, including classic summary indexing, data modeling and the use of tstats. In this session, we will review some of these common techniques, as well as the cost and limitations of each. In the end you will learn proven techniques that provide better results.
Splunk & Open Source: Build vs. Buy Workshop
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Architect, Operations Manager, CTO, Developer, CISO, Splunk Technical Champion, Administrator, Security Analyst, CIO, Business Manager | Track: Foundations | | | Session Type: Breakout Session | Solutions: Application Delivery, Security & Fraud, Log Management, IT Operations, IoT & Industrial Data, Business Analytics, Big Data, Cloud Strategies
Jon Webster, Senior Manager Competitive Intelligence, Splunk Inc.
Does your company have an Open Source Software (OSS) initiative? Do you have a “problem child” OSS project? Have you been asked about OSS alternatives to Splunk? Based on your requests, Splunk created a workshop to help you understand, respond and guide your team on OSS build vs. buy decisions. In this session, we’ll walk through the Build vs. Buy Workshop and present several real-world results.
Splunk App Lifecycle Management - To the Cloud and Beyond!
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Cloud Strategies, Application Delivery
Cecelia Redding, Senior Software Engineer, Splunk Inc.
Blaine Wastell, , Splunk Inc.
If you're a developer who wants to make sophisticated Splunk apps that may be dependent on a number of other add-ons or apps and be deployed to a distributed environment, why are you still writing install manuals for a Splunk admin to fumble through during installation? Similarly, if you're a Splunk admin, why are you still using those manuals to determine how to configure and install the app along with its dependencies? The Splunk platform is maturing and bringing new advanced self-service app lifecycle capabilities such as app installation, uninstallation, dependency management and validation to your distributed cloud deployment. We have enhanced the app model in a way that allows the system to perform the heavy lifting during app management, instead of putting the onus on the developer or admin. We are changing the way Splunk developers and Splunk admins manage apps - come to this session to find out how!
Splunk Champions Program
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Communications, Energy & Utilities, Retail, Media & Entertainment, Manufacturing, Financial Services, Online Services, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector | Products: Splunk User Behavior Analytics, Splunk IT Service Intelligence, Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Application Delivery, Big Data, Business Analytics, Cloud Strategies, IoT & Industrial Data, IT Operations, Log Management, Security & Fraud
Jason Hupka, , Splunk Inc.
Did you know you can earn more than T-shirts from Splunk? Learn about the new Splunk Champions program and how you can earn anything from stickers to free EDU credits for your company. Anyone who uses Splunk can be a Splunk Champion. You use the product, you’ve got your stories… we want to hear them and get you hooked up with swag for sharing. But don’t take our word for it. Learn about some who participated in our Champions beta program and what they earned. Spoiler alert, it’s more than swag.
Splunk DB Connect Is Back, and It Is Better Than Ever
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Aerospace & Defense, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Retail, Technology, Public Sector, Travel & Transportation, Healthcare, Online Services, Non-Profit, Higher Education | Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, Developer, Administrator, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Internals | Other Topics: Using Splunk, DB Connect, Managing Splunk, Investigate | Session Type: Breakout Session | Solutions: Cloud Strategies, IoT & Industrial Data, Application Delivery, Security & Fraud, IT Operations, Big Data, Business Analytics
Tyler Muth, Analytics Architect, Splunk Inc.
Denis Vergnes, Senior Software Engineer, Splunk Inc.
Splunk DB Connect is the best solution for working with databases from Splunk. Use it with anything that speaks SQL and JDBC in Splunk Enterprise and Splunk Cloud to quickly browse, index, and look up machine data, state tables and much more. Performance and user experience improvements in the latest version allow more data collection with less overhead. Splunk DB Connect monitors performance, security and key business metrics across a huge variety of use cases
Splunk Data Life Cycle: Determining When and Where to Roll Data
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Communications | Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Developer, Operations Manager, Architect, Business Manager, Administrator, CISO, CIO, siteReliabilitySystemsEngineer, Splunk Technical Champion, CTO | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Getting Data In, Using Splunk | Session Type: Breakout Session | Solutions: Big Data, IT Operations, Log Management
Jeff Champagne, New York, Splunk Inc.
Splunk has many options for managing data via hot/warm and cold paths, freezing, roll to HDFS, and TSIDX reduce. These features can impact your search performance, retention and resiliency. This session will provide you with an in-depth understanding of the Splunk data life cycle options and how to determine which will work best in your environment.
Splunk Enterprise Security Health Check
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
| Products: Splunk Enterprise Security, Splunk Enterprise | Role: Administrator, Architect, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data
Jae Jung, Professional Services Consultant, Splunk Inc.
Marquis Montgomery, Sr. Staff Security Consultant, Splunk Inc.
Splunk Professional Services sees it all. In this talk we will explore solutions to challenges some customers face with preparing for a new or scaling up their existing Splunk Enterprise Security (ES) deployment. We will discuss how to recognize when you need more cores, how to tune correlation rules and under-the-hood ES infrastructure, and how to optimize your memory usage for the best performance in your ES installation. We'll go through common issues seen in the real world during our deployments and health checks and discuss how to identify whether they should be of concern and ways to address them. Why are correlation rules not firing? Where are the events in data models? Do you need new hardware or can it be remediated by configuration? You'll walk away knowing all of the important metrics for great performance in your environment.
Splunk IT Service Intelligence (ITSI) for When Your Service Spans Your Mainframe and Distributed IT
Thursday, September 28, 2017 | 1:20 PM-2:05 PM Beginner
Industries: Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Ian Hartley, Principal Engineer, Syncsort
Nick Tankersley, Product Manager, Splunk Inc.
Your business delivers a service. Delivery of that service involves servers, a mainframe and other devices and infrastructure. Any issue could negatively impact the delivery of that service and ultimately harm your business. Modules are a powerful way to accelerate insights in Splunk ITSI, with its immediate data access and pre-packaged dashboards across various IT domains. Join us in this session to learn more about modules, how to provide valuable templates for service and KPIs and easily build custom modules and third-party integration into Splunk ITSI. Hear from Syncsort on how the ITSI module and integration for mainframe environments gives you powerful information, including System Management Facility or Resource Measurement Facility records from each element. Learn how to use this built-in integration feature to quickly address issues and predict and prevent service interruptions in mainframe environments.
Splunk IT Service Intelligence (ITSI): Event Management Is Dead – Event Analytics Is Revolutionizing IT
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Public Sector, Travel & Transportation, Aerospace & Defense, Technology, Energy & Utilities, Financial Services, Media & Entertainment, Communications, Non-Profit, Higher Education, Healthcare, Online Services, Retail, Manufacturing | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: What's New, Machine Learning, Best Practices | Session Type: Breakout Session | Solutions: IT Operations
David Millis, Staff Architect, IT Operations Analytics, Splunk Inc.
Throughout much of its history, IT has focused on managing time-stamped events – from hosts, applications, element managers and other components – to reduce event noise. Events were initially created to help humans find what was broken. But the complexity and sheer volume of this time-series data has outstripped our ability to simply “manage events.” In today’s IT environments, identifying and quieting the noise to find root cause events is often futile and inconsequential. The path to providing the prioritized, actionable, human-scale intelligence that enables IT to find what is broken is actually in the event data itself – all of the data, not a filtered, aggregated subset of data! See how Splunk’s ITSI Event Analytics is revolutionizing how IT operates by combining service intelligence and machine learning with data from machines, event managers and, well, everywhere.
Splunk Search and Performance Improvements
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Media & Entertainment, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Communications, Healthcare, Higher Education, Non-Profit, Online Services, Retail, Manufacturing, Financial Services, Energy & Utilities | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Architect, Developer, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Dev Tools, Best Practices, Using Splunk, What's New, Search Language | Session Type: Breakout Session | Solutions: Security & Fraud, Cloud Strategies, IT Operations, Log Management, IoT & Industrial Data, Big Data
Manan Brahmkshatriya, Principal QA Engineer, Splunk Inc.
Alex James, Principal Product Manager, Splunk Inc.
In the past year, we’ve made many great improvements to our search technology and our Search Processing Language (SPL). In this session you will learn all about them. We'll cover new language features, conditional typing and tagging, improved parallelism, data model improvements and the SPL optimizer. You'll also learn how these great features fit into the larger vision for search and SPL and how they will ultimately provide deeper insight into your data.
Splunk and Adobe Omniture – An Absolute Must for True Multi-Channel, Real-Time Marketing Intelligence
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Architect | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Machine Learning, Analyzing Data Types, Getting Data In, Platform Extensibility, Using Splunk | Session Type: Breakout Session | Solutions: Business Analytics
Hari Rajaram, Chief Architect, Arcogent
Sylvain Watier, VA, Arcogent
This session discusses how to deliver real-time, multi-channel business insights to achieve a 360-degree view of your customer. We will cover how, using the power of Splunk, and with a particular focus on Adobe Omniture, we took an accelerated time-to-value approach in getting operational, predictive and machine-learned analytics that exposed the wealth of information in these tools and channels. See how using Splunk’s powerful engine and algorithms to correlate data from multiple channels and/or sources can produce high-impact analyses that businesses can use for continual and timely action.
Splunk and Ansible Playbooks: Joining Forces to Increase Implementation Power.
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Using Splunk, Platform Extensibility, Managing Splunk | Session Type: Breakout Session | Solutions: IT Operations, Security & Fraud, Log Management
Rodrigo Silva, Professional Services Manager, Tempest Security Intelligence
This session will cover the use of Ansible playbooks to gain operation time when implementing Splunk cluster. We will also walk through the creation of basic playbooks in the lead-up to a full Splunk cluster implementation (with tree search heads and two indexers).
Splunk and Credit Karma: The Road to Web Application Defense Using Splunk and the OWASP Top 10
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Financial Services, Technology, Healthcare, Online Services | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Splunk Technical Champion, Administrator | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | | Session Type: Breakout Session | Solutions: Security & Fraud, Application Delivery
Nate Hawthorne, Security Engineer, CK
Lily Lee, Staff Sales Engineer, Splunk Inc.
Christopher Shobert, CA, Splunk Inc.
Web applications and the frameworks they are built upon are growing more powerful and complex every day, and attacker techniques continue to evolve. Learn the latest best practices proposed in the Open Web Application Security Project (OWASP) Top 10 – 2017 with a focus on how Splunk can be used to help transition from vulnerability-avoidance to attack prevention. Discover how Nate Hawthorne, a Security Engineer at Credit Karma, uses Splunk to monitor and respond to threats against their web applications by leveraging custom logging, web application firewall (WAF) rule validation, Content Security Policy (CSP), and more. Learn how to detect and defend against web application attacks such as cross-site scripting (XSS) and TLS man-in-the middle (MITM) in real time and immediately use these techniques in your own environments. For participants in the Splunk Boss of the SOC (BOTS) competition, this talk will also demonstrate how these techniques were used in BOTS 2017 scenarios.
Splunk and Machine Learning for Sales Efficiency
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Retail | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Analyzing Data Types, DB Connect, Customer Success Story, Using Splunk, Machine Learning | Session Type: Breakout Session | Solutions: Business Analytics
Michael Cormier, Founder, Managing Director, Scianta / Concanon LLC
Chandra Vaughan, VIRGINIA, Ferguson Enterprises
For over 63 years, Ferguson Enterprises has been proud to deliver world-class service to its customers, but in 2017 doing so means being more data-driven than ever before. They have combined their in-house expertise in customer profiling with Splunk’s machine learning capabilities to deliver useful, actionable metrics about orders and payments to sales representatives in the field, as well as customer segmentation guidance gleaned from advanced analytical models. A Ferguson team will present the goals of this project and the success it has found, thanks to an agile sales-efficiency solution leveraging real-time data in Splunk.
Splunk at Genesco. How We Got a Quick ROI Using Splunk to Monitor Application Logs
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Beginner
Industries: Retail | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion | Track: IT Operations | Session Focus: Incident Response | | Session Type: Breakout Session | Solutions: Cloud Strategies, Log Management, IT Operations, Application Delivery
Jeremy Haggard, Manager Platform Systems, Genesco
Mike Nobles, Sr. Sales Engineer, Named Accounts, Splunk Inc.
Come learn how Genesco implemented Splunk and quickly got an ROI by turning a system fraught with hundreds of thousands of errors (a new, cloud-based point of sale system) into a lean-running environment. We’ll discuss additional ways that Genesco is using Splunk, such as for forensics, core system monitoring of Splunkbase apps, and custom apps for our internal systems.
Splunk for DevOps? Absolutely! Using Splunk across Docker, Bitbucket, Jenkins, Boomerang & Splunk-JS
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Developer, Administrator, Architect, Operations Manager, Splunk Technical Champion | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery, Business Analytics, IT Operations
Domnick Eger, Global DevOps Practitioner, Splunk Inc.
Tom Martin, Staff Practitioner, Splunk Inc.
Interested in DevOps? CI/CD? APM? End User Monitoring? Business Analytics? If so, this session if for you. Come see how Splunk software can be used across DevOps tool chains, APM tools, end user monitoring and real-time business analytics. You’ll see how Splunk can be used to monitor code commits, software builds, test results, end-user experience and the capture of real-time business metrics directly from your end users. Which developers commit the most code? Which develops commit the highest QUALITY code? How many containers are we running? Who are our best customers? Which products are the best sellers? Come see how you can answer questions like these and more with Splunk software.
Splunk, Docs and You: Making Splunk Documentation Better Together
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Energy & Utilities, Financial Services, Communications, Retail, Technology, Travel & Transportation, Healthcare, Higher Education, Media & Entertainment, Manufacturing, Online Services, Non-Profit | Products: Splunk Enterprise Security, Splunk Cloud, Splunk Enterprise, Splunk IT Service Intelligence, Splunk User Behavior Analytics | Role: Architect, Administrator, Business Manager, Developer, Security Analyst, Data Scientist/Analyst, Operations Manager, Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: Big Data, Business Analytics, IoT & Industrial Data, Cloud Strategies, IT Operations, Log Management, Security & Fraud, Application Delivery
Christopher Gales, Senior Director of Documentation, Splunk Inc.
Rich Mahlerwein, Senior Information Systems Security & Database Architect, Forest County Potawatomi Community
Love Splunk docs? They love you, too. The documentation offered by Splunk helps you become productive and confident using Splunk software. However, while Splunk product documentation is usually very good, it’s not always perfect. If you’ve ever come across a documentation topic that confused you or left you with questions, you are not alone. Did you know that with just a few minutes of your time you can make changes that will help both you and others now and in the future? It’s true! What ultimately drives the quality of Splunk docs is the ongoing conversation with customers like you. Here’s how to make the most of it! Customer and SplunkTrust member Rich Mahlerwein delivers a rollicking joint presentation with Splunk doc director Christopher Gales. Join us for a look at some of the great – and awful – comments they have seen, and find out how to submit comments to the docs team that will prompt immediate, substantial improvements.
Splunk@DATEV: Implementing Splunk-as-a-Service for Monitoring and Managing DATEV Cloud Services
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Financial Services, Online Services | | Role: Operations Manager | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Breakout Session | Solutions: IT Operations
Andreas Jahnke, Lead of Monitoring, DATEV eG
Lorenz Röhrl, Systems Engineer, DATEV eG
Discover how DATEV has implemented Splunk-as-a-Service for monitoring and managing DATEV’s cloud services through the whole life cycle, using different technology stacks in order to speed up QA, reducing incidents with rapid repair time and improving the overall quality of service to its customers. This session will cover best practices for implementing Splunk in an organization and useful techniques to reduce mean-time-to-investigate and mean-time-to-resolve. In addition to monitoring different technology stacks (including network devices, Microsoft Windows/LINUX/, IBM AIX Server, IBM DataPower, IBM Websphere Application Server, Apache Webserver, and Pivotal Cloud Foundry), DATEV is gaining operational insights from IBM z/OS mainframe servers, z/OS customer information control systems and web applications with Syncsort Ironstream.
Splunkin' my Harley!
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Technology, Travel & Transportation, Media & Entertainment | Products: Splunk Enterprise | Role: Architect, CIO, Business Manager, CTO, CISO, Data Scientist/Analyst, Administrator, Splunk Technical Champion, Operations Manager, Security Analyst, Developer | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Machine Learning, Anomaly Detection | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Geoffrey Martins, Senior Technical Instructor, Splunk Inc.
Motorcycles are a passion and way of life for many. And so is Splunk, so why not bring these two things together? Splunkin' My Harley is a project that captures sensor data from the electronic systems of Harley-Davidson motorcycles in real time, on the road. With the inexpensive and DIY components, you can transmit sensor telemetry in real time to Splunk and transform this data into powerful intelligence for other motorcycle lovers and enthusiasts. Once the data reaches Splunk, a world of analytical possibilities opens up, including in the areas of performance, quality of driving, predictive analytics and much more.
Splunking Splunkbase for App Development Recommendations
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery
Logan Knecht, Software Engineer, Splunk Inc.
Andrew Nortrup, Sr. Product Manager, Splunk Inc.
The AppInspect API provides users with a robust static and dynamic test suite to help developers improve their apps and ensure they’re in compliance with best practices. If having individual results is good for fixing individual apps, think how much more you could do with lots of results. This talk will give developers an opportunity to see results at scale and understand the state of the Splunk platform. Using the results from over 4,500 AppInspect runs on 400+ apps, we will discuss what we have learned about the Splunk platform and how it will help you be a better Splunk App developer. We will talk about the most common mistakes made by developers and how to avoid them, the features used most (and least), and which features are seeing increased or decreased use. Finally, we will discuss how Splunk uses this data internally to support platform, tooling and documentation improvements to better support developers so they can in turn contribute to the whole Splunk App ecosystem.
Splunking The Endpoint Part III: Macs Don't Get Malware, Right?
Thursday, September 28, 2017 | 10:30 AM-11:15 AM
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
| Products: Splunk Enterprise | Role: Security Analyst, CISO, CIO, Business Manager, Architect | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Analyzing Endpoint Data, Ransomware, Using Splunk, Security Use Case Development, Attack Scenarios | Session Type: Breakout Session | Solutions: Security & Fraud, IoT & Industrial Data, Log Management
James Brodsky, Sales Engineering Manager, Splunk Inc.
For the past two years at .conf we have covered why gathering data from your production endpoints is an excellent way to bolster your security posture. After all, the front line in the constantly-escalating cyberwar is the endpoint—so the more you know about endpoints, the better you can hunt and defend. But there's a lot more out there these days than just Windows-based desktops and laptops! This session will cover investigation, forensic and prevention techniques against some alternative endpoints - as just like #alternativefacts have become widespread, non-Windows endpoints are becoming more prevalent. We'll cover end data from *nix, macOS, printers, IoT and mobile devices, wire data, and anything else on the edge of the network that we can think of. We'll also review some of what we have learned in prior years.
Splunking airport early baggage storage systems
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Travel & Transportation | Products: Splunk Enterprise | Role: CIO, CTO, Developer, Operations Manager, Administrator, Architect, Business Manager, Splunk Technical Champion, Data Scientist/Analyst | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story, Anomaly Detection | Session Type: Breakout Session | Solutions: IoT & Industrial Data
Suren Deora, System Integration Manager, Vanderlande Industries
Lorena Diaz, PROCESS IMPROVEMENT ENGINEER, VANDERLANDE
Airport early baggage storage systems are essential to the efficient retrieval of baggage by departure time and priority class. Come learn how one airport uses Splunk to report and monitor KPIs in its early bag storage system. You will learn why the airport decided to implement Splunk, as well as about the benefits realized and some of the issues that were overcome.
Splunking to Fight Human Trafficking
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Non-Profit | Products: Splunk Enterprise | | Track: Foundations | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Security & Fraud
Satoshi Kawasaki, CA, Splunk Inc.
Monzy Merza, Head of Security Research, Splunk Inc.
Human trafficking is a big business model built on forced labor. It brings in roughly $150 billion annually, according to the International Labor Organization. Human traffickers in developed countries like the United States must keep up with the current technology to increase their revenue and stay one step ahead of law enforcement. But the same technology can be used against them. This session will showcase how Splunk has partnered with Global Emancipation Network, a non-profit organization, to fight human trafficking.
Splunking with Multiple Personalities: Extending Role Based Access Control to Achieve Fine Grain Security of Your Data
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Aerospace & Defense, Healthcare, Financial Services | Products: Splunk Enterprise | Role: Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Managing Splunk, Best Practices | Session Type: Breakout Session | Solutions: Business Analytics, Security & Fraud, Log Management, Big Data
Shaun C, ,
Sabrina Lea, Senior Sales Engineer, Splunk Inc.
Splunk software does a great job at role-based access control (RBAC) out of the box, but what happens when you want to dynamically restrict which events a user can view within an index? How do you mark one event as more sensitive than another and ensure that Splunk presents the right sensitivity events to users with the right level of access, especially when user access levels are always changing? We will provide a few methods of implementing fine-grained access controls in Splunk software. They are workarounds, in that they all leverage search filters, but they bring value to your business because they will enable you to put more sensitive data in Splunk. No longer will you be restricted from getting value from all your machine data!
Successfully Implementing Cybersecurity Monitoring within Critical Operational Technology (OT) and Industrial Control System (ICS) Environments
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Travel & Transportation, Healthcare, Aerospace & Defense, Public Sector, Manufacturing, Retail, Energy & Utilities | Products: Splunk Cloud, Splunk Enterprise | Role: CTO, CIO, Operations Manager, Security Analyst, Splunk Technical Champion, Administrator, Architect, Business Manager, CISO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Anomaly Detection, Applying Threat Intelligence / Context, Attack Scenarios, Security Use Case Development, Forensics, Investigate, SecOps | Session Type: Breakout Session | Solutions: Security & Fraud, IoT & Industrial Data
Kyle Miller, Industrial Cyber Security Engineer, Booz Allen Hamilton
Today’s industrial, manufacturing and building management processes rely on a vast array of operational technologies, including industrial control systems, to support their day-to-day operations. Escalations in cyberattacks have prompted a greater focus on securing these critical systems, and gaining visibility into them has never been more important. Over the past year, Booz Allen and Splunk have collaborated to pilot an OT cybersecurity monitoring solution that provides enhanced visibility and anomaly detection within several OT environments. By aggregating data from within and around the process itself – as well as relevant outside sources – the solution can detect a myriad of the most common malicious activities and alert security teams. This session will highlight dozens of unique OT use cases we have implemented. In this customer success story, Splunk’s solution identified critical vulnerabilities and enhanced the organization’s cyber and operational resilience.
Taking Care of Patients With Splunk
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Intermediate
Industries: Healthcare | Products: Splunk Enterprise, Splunk Cloud | Role: Developer | Track: Developing | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Business Analytics
Theodore Hellmann, Product Manager, Splunk Inc.
Sergii Kononov, Director, EPAM Systems
Igal Vainer, IL, EPAM Systems
Patients are usually unaware of the nature and composition of their care team. Clinical staff struggle to quickly identify other appropriate and available staff members in an emergency or if they have questions. Hospital executives lack a comprehensive view of patient-staff interactions and resource utilization within the hospital. Compliance departments do not have a real-time view of whether a staff member’s patient record access is relevant to their job. These factors are driving the need to identify the patient’s circle of care. Enabling effective communications in the circle of care may provide additional opportunities to improve care processes and patient satisfaction. Relevant data is scattered across multiple systems. EPAM’s Splunk-based solution integrates information from multiple data sources and identifies care-circle participants. The solution adds further value by providing insights into the nature of the care circle, its participants and relevant care activities. Additional operational KPIs represent a good opportunity for management teams to optimize care processes.
The Art of Detection Using Splunk Enterprise Security
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: SOC | Other Topics: Customer Success Story, Security Use Case Development, Investigation, Anomaly Detection | Session Type: Breakout Session | Solutions: Security & Fraud
Douglas Brown, Senior Information Security Analyst, Red Hat
Splunk Enterprise Security (ES) provides a number of excellent frameworks for operational security. However, its true potential is only realized when the frameworks are effectively applied then integrated into the heart of a team’s workflow. In this session, we will explore the flexibility of frameworks in ES and how to leverage and extend them to meet the needs of your team as an effective detection, triage and investigation platform. We will also examine what constitutes a false-positive, showing how auto-closed notables that measure change and aggregate risk are the most effective means of detecting unknown threats, raising actionable alerts and reducing alert fatigue.
The Critical Syslog Tricks That No One Seems to Know About
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Architect, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Unix and Linux, Getting Data In, Best Practices, Logging Frameworks | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, IT Operations
George Barrett, Splunk Consultant, Rational Cyber
Jonathan Margulies, Splunker. Co-author of textbook "Security in Computing, Department of Justice
Some of the most important logs an enterprise generates can only be delivered to Splunk in syslog format. In this talk, we’ll guide you through every step you need to follow to get Splunk collecting syslog perfectly in any environment. We’ll provide a ready-to-use syslog-ng.conf along with detailed explanations of why we used the settings we did. We’ll give you working cron jobs that roll old log data over, and explain why you’ll lose a couple of seconds of logs every night if you use logrotate instead. You’ll learn where syslog-ng fits in your network and Splunk architectures to minimize data loss. You’ll also learn about the default Splunk setting that causes major input delays if you don’t know to change it. Finally, we’ll give you the tool we built to manage thousands of syslog inputs and make sure they all get labeled with the right index, source type, host and time zone. In short, we’re going to lay out everything you need to solve the syslog problem for your enterprise once and for all.
The Instrumented Enterprise: Making Digital Transformation as Nimble as a Fighter Jet
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Manufacturing | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Operations Manager, Security Analyst, Developer, CISO, Business Manager, CIO, Architect, Administrator, Splunk Technical Champion, CTO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story, Best Practices | Session Type: Breakout Session | Solutions: IoT & Industrial Data, IT Operations, Security & Fraud, Big Data, Cloud Strategies
Robert Frazier, Senior Manager for Cyber Security Architecture, Lockheed Martin
Digital transformation is changing the face of business. Beyond traditional enterprise security and Operational Intelligence, digital transformation is adding IoT devices, digital manufacturing, and suppliers to the enterprise. Understanding how all these systems work together is more than a challenge; it is vital to operations and security. Like instrument panels in manned spacecraft or fifth-generation fighters like the F-22 and F-35, at Lockheed Martin Splunk serves as the instrument panel for our business. From IoT devices on the shop floor to the computer incident response team, networks, cloud and IT operations, Splunk provides the data that offers insight into everything we do. Splunk gives us visibility into the digital transformation of Lockheed Martin, allowing us to fly our business efficiently, reliably and securely into the future.
The Next Level of Quality Assurance at BMW With the Splunk Machine Learning Toolkit
Tuesday, September 26, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Manufacturing | Products: Splunk Enterprise | Role: Splunk Technical Champion, Operations Manager, Data Scientist/Analyst, Administrator, Architect, Business Manager, CIO, CTO | Track: Business Analytics | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story, Machine Learning, Analyzing Data Types | Session Type: Breakout Session | Solutions: Big Data, Business Analytics, IoT & Industrial Data
Markus Boenisch, General Manager, BMW Group
Georg Schröder, System Architect, Robotron Datenbank-Software GmbH
In order to support efficient car production, BMW supports its quality managers by letting Splunk software handle its data. This system, called Intelligent Quality Perception (iQP), combines machine data (i.e., test results from electric/electronic engineering and other automated tests) with human-provided descriptions and categorizations of tests, failures and rework. Based on this dataset, BMW applies machine-learning algorithms to different use cases. In general, similar error and rework patterns are identified and linked together in order to offer workers recommendations for solving particular issues based on previous, similar issues and to optimize plant logistics. Come learn about how BMW, together with solution partner Robotron, will present the system and the use cases.
The Path to On-Demand Intelligence: How Equifax Workforce Solutions Broke Down the Traditional Mindsets and Silos Around Big Data
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Developer | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Visualizations, Using Splunk, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations, Business Analytics
Chris Doebert, Splunk Team Lead, Equifax Workforce Solutions
Reza Garrow, Director, Equifax Workforce Solutions
What started as individual efforts from a handful of application teams turned into a "Splunk Everywhere" edict from company leaders. Team leaders from Equifax Workforce Solutions will talk about how using Splunk as a shared service allowed them to break off from the traditional trails around operational and business intelligence and fundamentally changed the way they logged and consumed data. This presentation will cover the concepts and game plans that worked (and what didn't) to improve how your developer and support teams create and use the data from their applications, and how your stakeholder and leadership teams consume that data.
The Power of Data Normalization: A look at CIM Under the Hood
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Communications | Products: Splunk Enterprise Security, Splunk IT Service Intelligence, Splunk Cloud, Splunk Enterprise | Role: Developer, Architect, Administrator, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, IoT & Industrial Data
Mark Bonsack, Staff Sales Engineer, Splunk Inc.
Vladimir Skoryk, Professional Services Architect, Splunk Inc.
This session will cover the Splunk Common Information Model (CIM), its place in the Splunk ecosystem, and tips and tricks for optimizing performance when using it. We will cover how to make the schema-on-the-fly (search-time schema, or "schema on read") much more powerful and how to seamlessly define relationships between disparate data sources. We will also cover what CIM is not and some of the misconceptions around CIM and its concepts.
The Renaissance is Here! Splunk's Powerful Innovations for your IT Management Approach
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Energy & Utilities, Public Sector, Non-Profit, Higher Education, Healthcare, Travel & Transportation, Technology, Financial Services, Media & Entertainment, Manufacturing, Aerospace & Defense, Communications, Online Services, Retail | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion, Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices, Customer Success Story | Session Type: Breakout Session | Solutions: IT Operations
Stuart Ainsworth, IT Markets Specialist, Splunk Inc.
Mike Makar, Senior IT Manager, World Bank Group
The decades-old approach that employs a dozen or more integrated IT management tools is not sustainable as services become increasingly digital. Splunk’s data platform with IT Service Intelligence offers a revolutionary approach to IT management – a simpler approach that adds required capabilities for digital services and provides visibility for executives and support personnel – all in a single platform. Come learn about World Bank Group’s service management success and how Splunk is helping to achieve the IT Management Renaissance.
The Splunk IT Service Intelligence (ITSI) Top 20 KPIs
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Technology, Travel & Transportation, Aerospace & Defense, Public Sector, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Energy & Utilities, Communications, Healthcare, Higher Education, Non-Profit | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices | Session Type: Breakout Session | Solutions: IT Operations
Bill Babilon, Global ITOA Solutions Architect, Splunk Inc.
William Von Alt II, Staff Sales Engineer - HHS, Splunk Inc.
This session will go through the top 20 KPIs that our IT Operations Analytics (ITOA) practice has observed in supporting over 200 IT Service Intelligence (ITSI) engagements over the last two years. We’ll discuss specific details (data source, search, threshold field, entities and thresholds). We will focus on the most requested and valuable KPIs observed in typical ITSI scenarios, and you’ll walk away with these KPI best practices, ready to implement in your own Splunk environment!
The Trillion Dollar Problem: “If You Graph It, They Will See It”
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Developer | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Application Delivery
Robert Lynch, Dublin, Murex
Performance analysis on financial software is massively complex and challenging. This is the story of how Murex, a world leader in trading platforms used by financial institutions, started to use the Splunk platform to help debug performance problems. Before deploying the Splunk platform, we had millions and millions of timings logs, and a problem displaying them quickly so they were usable for developers and testers. Up to this point, we were using a basic PDF report with graphs with static mathematics. However, when we were able to dynamically graph this data with Splunk the analysis became much quicker and easier. The turnaround time decreased for resolution, testing and development. In addition, we developed multiple functions in the dashboard to enhance the usability. A developer could attach their environment to the Splunk platform in 5 seconds for live monitoring and save a test as a URL to share with their colleagues. https://www.youtube.com/watch?v=pJsTp7XlGGA [Dashboard for Developers/Testers]
To HEC with syslog! Scalable Aggregated Data Collection in Splunk
Thursday, September 28, 2017 | 10:30 AM-11:15 AM Intermediate
Industries: Online Services, Retail, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Public Sector, Aerospace & Defense, Technology, Travel & Transportation, Healthcare, Higher Education, Non-Profit | Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Getting Data In | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Mark Bonsack, Staff Sales Engineer, Splunk Inc.
Ryan Faircloth, Mr, Splunk Inc.
Despite significant developments in new REST, API, and pub/sub methods for data query and collection, over a third of all Splunk deployments include traditional syslog as a sourcetype. By a significant margin, data delivered via syslog is also the volume leader in these deployments. Yet, the proper onboarding of aggregated syslog data has been the source of much confusion over the years, and this data is often misconfigured. These issues prevent Splunk users from deriving the full benefit from this most-used data source and the Splunk platform. This session covers best practices in the configuration of syslog and Splunk, including proper filtering, sourcetyping, and architecting for scale using the newer HTTP Event Collection (HEC) method for data onboarding. Several examples and supporting code will be provided that will be directly applicable to your environment.
Tokens in Splunk Web Framework: Use, Abuse and Incantations
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Aerospace & Defense, Public Sector, Technology, Healthcare, Communications, Energy & Utilities, Media & Entertainment, Financial Services, Manufacturing, Online Services, Retail, Travel & Transportation, Higher Education, Non-Profit | Products: Splunk Enterprise | Role: Developer | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Breakout Session | Solutions: IoT & Industrial Data, Cloud Strategies, IT Operations, Log Management, Application Delivery, Security & Fraud, Business Analytics, Big Data
Ryan Thibodeaux, VP of Operations, OctoInsight Inc
This session covers the ins-and-outs of tokens in the Splunk Web Framework: SimpleXML and HTML/JS dashboards. Any dashboard containing more than predefined report searches will likely require tokens to relay user inputs, search states, and user feedback. This session will review how token states are represented, demonstrate how to manipulate tokens to drive dashboards using built-in features and explain how to extend the basic SimpleXML with custom JavaScript to make dashboards really shine. Examples will be provided in both SimpleXML and custom JavaScript/CSS/HTML. This talk is for any Splunk developer that wants to learn how to boost dashboard performance, improve user experience, and add safeguards against misuse. Splunk app developers that must maintain compatibility across versions of Splunk Enterprise are encouraged to attend and contribute to the community discussion.
Tossing Splunk in Your PAN: Integrating Splunk With Palo Alto Networks
Tuesday, September 26, 2017 | 4:35 PM-5:20 PM Advanced
Industries: Technology, Financial Services | Products: Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Customer Success Story, Best Practices, Analyzing Network Data, Adaptive Response, App Ecosystem, Automation, Nerve Center, Security Use Case Development, Investigation, SecOps, Applying Threat Intelligence / Context, Analyzing Endpoint Data | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Kevin Gonzalez, Security Operations Center Manager, Lennar Corporation
This presentation will illustrate how Lennar Corporation has integrated Splunk into its Palo Alto Networks firewalls, how this integration has helped resolve several issues, and how this integration has strengthened the security posture of Lennar and its subsidiaries. The main topics that will be covered are: • Utilizing Splunk data to populate your User-ID agent using custom inputs • Utilizing Splunk Enterprise Security’s Threat Intelligence to publish feeds into the firewalls for greater efficiency • Utilizing several custom inputs into Splunk that allow the Enterprise Security Office to better react to the environment.
Tracking Logs at Zillow with Lookups & JIRA
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Administrator, Business Manager, Developer, Operations Manager | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Log Management
Seth Thomas, Director, Site Operations, Zillow
Jon Wentworth, Systems Engineer, Zillow
Zillow has learned how to sort its service log messages and map them to bug tracking tickets using a simple combination of lookups and other native utilities in Splunk, plus an add-on for accessing Jira via REST API. Before deploying the Splunk platform, monitoring site health was based mostly on looking at volume-based graphs, tailing logs and depending on difficult-to-use alarming systems. After learning to use Splunk lookups for investigating IP address-related issues, the same logic was applied to tackle the problem of how to make it easier to parse through logs in general. Once their NOC started having success using this tool to quickly identify and document production issues in near real time, a project was launched to integrate the same functionality into in-house lower environment management applications. Find out how to create a basic system to codify complex logs for easy identification, plus how this organically developed idea has begun to shape how code is promoted within the organization.
Traversing the Cloud: Atlassian’s Journey Building a Logging Pipeline with Splunk on AWS
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Operations Manager, Security Analyst, Developer, Splunk Technical Champion | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Cloud Strategies, Log Management
Timothy Clancy, Engineering Manager, Atlassian
James Mackie, Senior Engineer (Infrastructure), Atlassian
Learn about Atlassian's action-packed journey with Splunk, from an initial security use case to an enterprise platform. Learn why Atlassian moved from open-source solutions to Splunk Enterprise and how they rapidly built out and scaled a cloud-based, multi-terabyte environment leveraging AWS Kinesis streams. Learn how they successfully engaged with their internal user community to achieve significant productivity gains through enterprisewide adoption. Finally, along with the “how,” Atlassian will share best practices and key learnings from their journey successfully deploying Splunk Enterprise at scale in the cloud.
Triggering Alerts With xMatters and Achieving Automated Recovery Actions From Splunk IT Service Intelligence
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Retail, Non-Profit, Higher Education, Healthcare, Technology, Communications, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Online Services | Products: Splunk Enterprise, Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Automation, Anomaly Detection, Alert Actions | Session Type: Breakout Session | Solutions: IT Operations
Marty Jackson, Director Product Evangelist - Office of CTO, xMatters
Martin Wiser, ITOA Practitioner, Splunk Inc.
Come learn about the common external integrations for Splunk IT Service Intelligence (ITSI) Event Analytics. We will present an overview of ITSI notable event actions, which can be used to integrate other event management, incident tracking or alert systems like xMatters. Experts from xMatters and the Splunk team will also discuss common alert scenarios and best practices concerning the rules engine.
Understanding and Measuring the End User Experience in Mobile Apps and Beyond!
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Online Services, Retail, Higher Education, Healthcare, Financial Services, Media & Entertainment | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Business Manager, Developer, Operations Manager, Administrator | Track: Developing | Session Focus: Application Performance & Analytics | Other Topics: Visualizations, Dev Tools, Getting Data In, Mobile App Monitoring, Anomaly Detection, Logging Frameworks | Session Type: Breakout Session | Solutions: IT Operations, Business Analytics, Application Delivery
Sam Gazitt, Dr. of Product Management, Splunk Inc.
Roy Ma, Senior Software Engineer, Splunk Inc.
Michael Margulis, CALIFORNIA, mmargulis@splunk.com
This technical session will present what Splunk Mobile Intelligence (MINT) can do out of the box and how you can use your knowledge of Splunk to get more mobile data insights. This deep technical dive will focus on MINT SDK integration with your mobile app, SDK functionality, APIs and internals, and the Splunk MINT App. Come learn how Splunk MINT can also help you track and measure user experience across your mobile applications and even extend to your web applications!
Unleash Your Machine Data with Context from Historical and Transactional Data using Hadoop, RDBMS and Splunk
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Intermediate
| Products: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence | Role: Architect, Operations Manager, Administrator, Splunk Technical Champion, CTO, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Big Data, Business Analytics, IoT & Industrial Data, IT Operations, Security & Fraud, Log Management
Raanan Dagan, Sales Engineer Architect, Splunk Inc.
Rohit Pujari, Sr Sales Engineer, Splunk Inc.
Big data, big data, big data. Is it just a buzzword or can we actually leverage it in a real-world scenario? In this session, we discuss and demonstrate the architecture that best encapsulates all the big data components and how Splunk is ultimately the best choice for most use cases. This session digs into the technical elements and architecture required to combine real-time data with historical and transactional data. We also demonstrate how Splunk, Splunk Analytics for Hadoop, Splunk DB Connect and Splunk Hadoop Connect can live under a single roof to enable analysts to combine Splunk, Hadoop and RDBMS.
Using Datasets for Easier Data Exploration, Preparation and Analysis
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Energy & Utilities, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Communications, Diversity in Technology, Retail, Manufacturing, Media & Entertainment, Financial Services, Online Services, Non-Profit | Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion, Operations Manager, Developer | Track: Foundations | Session Focus: Search/Insights/Analytics | | Session Type: Breakout Session | Solutions: Application Delivery, IoT & Industrial Data, IT Operations, Security & Fraud, Big Data, Business Analytics, Log Management
Jesse Miller, California, Splunk Inc.
Take a shortcut to being a Splunk Ninja! In Splunk Enterprise 6.5, we introduced the Datasets feature to help users understand their data and ensure more accurate results of analysis. We will explore this feature as well as the Table Editor (Provided by the Datasets Add-On), and learn how to harness the power of SPL without having to learn its syntax.
Using Physical Badge Logs to Augment Detection of Malicious Insiders
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Advanced
Industries: Public Sector, Aerospace & Defense, Technology, Energy & Utilities, Financial Services | Products: Splunk User Behavior Analytics, Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst, Administrator, CIO, Data Scientist/Analyst, CISO, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Security Use Case Development, Investigation, Analyzing Data Types | Session Type: Breakout Session | Solutions: Security & Fraud
David Doyle, IT Security Senior, Bechtel
Drew Hunt, Malware & Threat Intel Lead, Bechtel
Kathy Wang, Sr. Security Strategist, Splunk Inc.
We will discuss and demonstrate how organizations can use physical badge reader logs as part of an insider threat program to detect malicious insiders, with a high degree of confidence. Our session will also cover potential challenges in detecting malicious insiders, and how to minimize them. We will highlight the tools we use with the physical badge reader logs and other log sources to detect malicious insiders, including Splunk Enterprise, Enterprise Security, and Splunk UBA.
Using Splunk for Credentials: Detect and Respond to Online Account Takeover of Your E-Commerce Applications with Splunk Enterprise
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Retail, Online Services | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Attack Scenarios | Session Type: Breakout Session | Solutions: Security & Fraud
Bruno Almeida, Principal Security Operations Engineer, YOOX NET-A-PORTER GROUP
Does your organization offer consumer-facing service requiring logins? Then you face a challenge that nearly every online business faces: online account takeover. Learn how Yoox Net-a-Porter, an online fashion retailer, is using Splunk to gain visibility into the authentication process for our online properties, detect account takeovers early, understand attack techniques and take appropriate action. We will discuss: – Which data sources we use to detect account takeovers – What attack patterns look like – How we build our own security intelligence based on what we detect – How we automate response to reset user passwords (our “zero manual intervention” approach) – Which reports we share with internal stakeholders
Using Splunk for Development Productivity
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Business Manager, Developer, Operations Manager | Track: IT Operations | Session Focus: DevOps | Other Topics: Dev Tools | Session Type: Breakout Session | Solutions: Log Management, Application Delivery
Bill Houston, , Splunk Inc.
Sumit Nagal, Principle Engineer, Intuit
Eddie Shafaq, Release Engineer, Splunk Inc.
How do you use Splunk to measure development productivity and solve for speed in developer and quality teams? By collecting event data related to productivity, of course! Hear how Intuit and Splunk are using apps, like the Jenkins app from Splunkbase, to identify areas of improvement in the build, test and release of software. See how Intuit improved build times from hours to minutes, how Splunk “builds Splunk with Splunk,” and how Splunk helps developers collaborate through tools such as Git, JIRA, Jenkins and Slack.
Using Splunk for Retail Banking Cross Channel Fraud Analysis, Detection and Investigation
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Beginner
Industries: Financial Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Business Manager, CISO, Security Analyst, CIO | Track: Security / Compliance / Fraud | Session Focus: Fraud | | Session Type: Breakout Session | Solutions: Security & Fraud, Big Data
Rory Blake, Staff Consultant, Professional Services, Splunk Inc.
Rinaldo Ribeiro, Head of IT Risk & GRC, Commercial bank Of Dubai
This session will highlight how the Commercial Bank of Dubai uses Splunk to detect fraudulent account activity across multiple product channels to provide analysis and investigation capabilities to its fraud analysts. We will show how Splunk and Splunk MINT are used to gather online, mobile, ATM and branch-initiated transactions to provide a consolidated view of customer activity for their investigations. The solution involves pulling data from internal and third-party sources together into a custom accelerated data model to provide high-performance contextual access to relevant data for fraud analysis. The session will cover how those data models are leveraged to create actionable alerts and power dashboards that allow fraud analysts to review activity history with a single pane of glass.
Using Splunk to Comply With NIST Standards and Get Authorization to Operate
Thursday, September 28, 2017 | 11:35 AM-12:20 PM Intermediate
Industries: Public Sector, Technology | Products: Splunk Enterprise Security | Role: Administrator, Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Compliance and Regulations | Other Topics: SecOps | Session Type: Breakout Session | Solutions: Security & Fraud, IT Operations
Antonio Porras, Attorney/Security Architect, PorrasLaw
This session will highlight a real-word case study of how Splunk and Splunk Enterprise Security (ES) were used to meet National Institute of Standards and Technology (NIST) requirements and get authorization to operate (ATO) with the Department of Homeland Security and Customs and Border Protection. In this session, we will start with the requirements put forth by NIST and how Splunk ES maps to those requirements to present a holistic view of the controls. We will continue by outlining the process of meeting the NIST standards and how that gets mapped to an ATO application process. The session will also cover the continuous monitoring requirement for NIST as implemented with Splunk.
Using the Latest Features from Splunk Machine Learning Toolkit to Create Your Own Custom Models
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
| Products: Splunk Enterprise | Role: Splunk Technical Champion, Operations Manager, Security Analyst, Data Scientist/Analyst | Track: Foundations | Session Focus: Search/Insights/Analytics | Other Topics: Machine Learning, Behavioral Analytics and Machine Learning | Session Type: Breakout Session | Solutions: IT Operations, Log Management, Security & Fraud, IoT & Industrial Data, Big Data
Adam Oliner, Director of Engineering, Splunk Inc.
Manish Sainani, , Splunk Inc.
Splunk is a powerful platform for understanding your data. The Machine Learning Toolkit App extends Splunk Enterprise with a rich suite of advanced analytics, using machine learning algorithms and rich visualizations to provide customers with a guided model building and operational environment. This session will introduce the Splunk Machine Learning Toolkit and review what's new since the last major release. We will also demonstrate the key features for guided model building, without writing any SPL for a variety of machine learning tasks such as predictive analytics, outlier detection, event clustering, and anomaly detection. Lastly, we’ll review typical use cases and real-world customer examples of using the Toolkit to drive business results.
Virtual Reality Process Visualization at OTTO, aka -Geheimprojekt URSULA-
Wednesday, September 27, 2017 | 1:10 PM-1:55 PM Intermediate
Industries: Online Services, Retail | Products: Splunk Enterprise | Role: Business Manager | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Using Splunk, Platform Extensibility, Customer Success Story, Visualizations | Session Type: Breakout Session | Solutions: Business Analytics
Andre Pietsch, Produktmanager, OTTO GmbH & Co. KG
t OTTO, with -Geheimprojekt URSULA- we explored virtual reality as the next big thing in data visualization for Splunk. We created a basic platform that can visualize a graph model with nodes and edges in VR and imported our existing process graphs. That gave us an idea about the complexity of the processes. Then we connected the platform to a Splunk instance via REST API and mapped machine data to the nodes. As a result we were able to monitor and manage a complex process with a simple interface. To accomplish all that, we partnered with Dell EMC and Gemini Data. We finally drafted a product with the help of LC Systems that can be developed into a turnkey solution. In this presentation we will tell you about the components needed and how to stich them together. We will also show a demo and discuss what could be done with a VR platform.
What Is Your DevOps Team Actually Doing?
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Operations Manager, Architect, Splunk Technical Champion, Business Manager, Developer, Administrator | Track: IT Operations | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: IT Operations, Application Delivery
Brandon Cipes, VP of DevOps, cPrime
Stephen Henderson, Developer Advocate, Atlassian
DevOps solutions are tying together increasingly complex tools and solutions that can be hard to manage and monitor. To check on the health of your processes you need to be dialed in to your source code, artifact management, continuous integration, delivery and deployment, static code analysis, security analysis, monitoring health, infrastructure, and test automation, just to name a few. On top of this broadening responsibility, iterative-based development practices have increased the cadence of teams and the delivery of features and capabilities. If you don't have your finger on the pulse of your organization, you could already be in trouble. Providing a dashboard to view the real-time health of your delivery and operations pipeline is as important as tracking the resultant applications themselves. Come see how to aggregate your view of the DevOps world in practice.
What's New in Splunk Enterprise and Cloud!
Tuesday, September 26, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Higher Education, Communications, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Public Sector, Aerospace & Defense, Technology, Travel & Transportation, Healthcare | Products: Splunk Enterprise, Splunk Cloud | Role: Developer, Architect, Administrator, CTO, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: Splunk Internals | | Session Type: Breakout Session | Solutions: Log Management, Security & Fraud, Big Data, IT Operations, Cloud Strategies, Application Delivery
Lucia Hicks-Williams, , Splunk Inc.
Todd Untrecht, VP, Product Management, Splunk Inc.
It's been an exciting year at Splunk, jam-packed with new capabilities both in Splunk Enterprise and Splunk Cloud. Come join the fun and learn about all the cool stuff we’ve delivered since last year. Whether you're a Splunk veteran or rookie, whether you're a small shop or large organization, whether you can SPL or not, we have something for you. In this action-packed session we will fly through some of the coolest additions to Splunk Enterprise and Splunk Cloud – with rapid-fire demos and cool giveaways to those paying attention (think Splunk T-shirts)!
Worst Practices...and How to Fix Them
Tuesday, September 26, 2017 | 3:30 PM-4:15 PM Intermediate
Industries: Public Sector, Aerospace & Defense, Higher Education, Healthcare, Travel & Transportation, Technology, Manufacturing, Retail, Communications, Media & Entertainment, Financial Services, Energy & Utilities, Non-Profit, Online Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: Log Management, Big Data, IT Operations
Jeff Champagne, New York, Splunk Inc.
We've all slowed down to get a glimpse of a car crash on the freeway or tuned in to hear about a celebrity scandal. This session will analyze the Splunk equivalent of a 16-car pileup from an architecture and search workload management perspective. Come hear about real-life Splunk deployments that went bad and how you can avoid those same pitfalls.
You've Inherited a Splunk Deployment. Now what?
Tuesday, September 26, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Aerospace & Defense, Public Sector, Retail, Online Services, Non-Profit, Higher Education, Communications, Technology, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities, Travel & Transportation, Healthcare | Products: Splunk Enterprise | Role: Administrator | Track: Foundations | Session Focus: Splunk Administration & Scaling | | Session Type: Breakout Session | Solutions: IT Operations
Jessica Law, Senior Staff Technical Writer, Splunk Inc.
Matt Ness, Principal Technical Writer, Splunk Inc.
Are you the new owner of an established Splunk Enterprise deployment? With great power comes great responsibility! You need to quickly gain an understanding of your deployment's network characteristics, data sources, user population and knowledge objects. Learn how to find out what is happening with your deployment, what issues might need closer attention and what your next steps should be. We will discuss admin tools like the monitoring console, talk about uncovering data-collection configurations, demonstrate orphaned knowledge-object management, highlight considerations for premium apps and more.
Ziften and Splunk – Building comprehensive apps and solutions on the Splunk platform
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Developer | Track: Developing | Session Focus: DevOps | | Session Type: Breakout Session | Solutions: Application Delivery
Joel Ebrahimi, California, Ziften Technologies
Elias Haddad, Product Manager, Splunk Inc.
Splunk Apps are often created at a point in time using the latest Splunk tools for development. Over time, though, developments tools get better and the need for more valuable data increases as well. In this session, we will explore the journey of an app built several years ago as it is revamped in the current time using the latest and greatest that the Splunk platform has to offer.

Community Theater Session

Advanced Dashboarding Tips & Techniques
Thursday, September 28, 2017 | 12:45 PM-1:00 PM Good for all Skill Levels
Industries: Technology, Travel & Transportation, Online Services, Healthcare, Communications, Financial Services, Media & Entertainment | Products: Splunk Enterprise | Role: Splunk Technical Champion, CIO, siteReliabilitySystemsEngineer, Business Manager, CTO, CISO, Operations Manager, Developer, Security Analyst, Data Scientist/Analyst, Administrator, Architect | Track: Developing | Session Focus: Splunk Administration & Scaling | | Session Type: Community Theater Session | Solutions: Business Analytics, Big Data, Security & Fraud, Log Management, IT Operations
Karthik Subramanian, Developer, Function1
Splunk has several built-in features to address the needs of users in creating dashboards. This session will demonstrate best practices for advanced dashboard creation, as well as techniques for taking full advantage of features. We’ll highlight the aspects you should consider when designing a Splunk dashboard to help your ideas result in a more useful and impactful design.
Analyzing and Measuring Webinar Impact with Splunk
Thursday, September 28, 2017 | 12:30 PM-12:45 PM Good for all Skill Levels
Industries: Communications, Media & Entertainment, Technology | Products: Splunk Enterprise | Role: Business Manager, Developer, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, CISO, CIO, CTO, Operations Manager | Track: Business Analytics | Session Focus: Application Performance & Analytics | Other Topics: Using Splunk | Session Type: Community Theater Session | Solutions: Business Analytics
Jose Manuel Silva Vela, Sales Engineer, Splunk Inc.
The Sales Engineering organization at Splunk is committed to delivering webinars to prospective and existing customers and invests significant resources to achieve this goal. We use Cisco WebEx, which provides key information about the context of each webinar. One of the challenges we face is correlating the data sources that WebEx provides. Indicators such as registration and attendance data are provided in separate sources, which makes it difficult to visualize and analyze the actual impact of each event. By indexing and analyzing this data in the Splunk platform, we were able to create an app that lets you correlate, analyze and visualize this data in ways that allow you to effectively understand the impact of each webinar. We’re also able to better follow up with the people that were most interested in each of the topics presented on each event.
Beat Business Rules: The Power of Combining Text Mining and Machine Learning on Your Logs for Accurate and Fully Automatic Classification
Thursday, September 28, 2017 | 11:15 AM-11:30 AM Advanced
Industries: Technology | Products: Splunk Enterprise | Role: Security Analyst, Administrator, Architect, CIO, Business Manager, CTO, CISO, Operations Manager, Developer, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Splunk Technical Champion | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Logging Frameworks | Session Type: Community Theater Session | Solutions: IT Operations, Log Management
Daniel Koops, Data scientist, Itility
A lot of logs come without any classification. Some come with built-in severity levels, but they are rarely good enough to use out of the box. To solve this, we write queries in Splunk to implement business rules for filtering what is relevant. However, as the diversity grows due to our expanding environment, we either miss things or must continue increasing the number of rules. We found a better way! By combining text mining techniques and machine learning, we can use Splunk and R together to interpret and classify logs, even if Splunk has never seen them before. Text mining techniques turn words and sentences into easily digested numeric matrices with which algorithms can train! We are currently using this technique on multiple log sources, such as vCenter, syslog, Cisco UCS and Splunkd.logs, among multiple customers — combining this mechanism with Splunk’s built-in alerting WebHook to automate ticket creation. In this session, we’ll show you how we did it!
Big Dating: Using Splunk to Fall in Love
Tuesday, September 26, 2017 | 3:15 PM-3:30 PM Beginner
Industries: Media & Entertainment, Online Services, Technology | Products: Splunk Enterprise | Role: CIO, Administrator, Architect, CISO, Business Manager, Developer, CTO, Operations Manager, Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer | Track: Business Analytics | Session Focus: What the Splunk?!?! | Other Topics: Using Splunk | Session Type: Community Theater Session | Solutions: IoT & Industrial Data, Big Data
Keegan Dubbs, Senior Product Marketing Manager, Splunk Inc.
Kelly Kitagawa, Sales Engineer, Splunk Inc.
This session will highlight a real-world example of using Splunk’s field extractor utility to quickly and easily manipulate a complex data set: the machine data from dating profile applications. We’ll delve into the formerly taboo topic of the untapped potential of the mountains of data lying beneath the profiles of the nearly 400 million Americans who use online dating sites. Attendees will learn the do’s and don’ts of using Splunk to detect patterns in their own dating profile data. We will also include a live demo of using commands such as predict and stats to visualize and create dashboards from the dataset. This session will also cover using lookups to enrich your dataset by matching field-value combinations in your event data with field-value combinations from external CSV tables like CSVS. Finally we will show how users can harness the power of their data to analyze discrepancies in location, response times, and photos while using dating applications.
Bushfire Alerting Automation System
Wednesday, September 27, 2017 | 5:45 PM-6:00 PM Good for all Skill Levels
Industries: Public Sector, Technology, Non-Profit | Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Administrator, Developer, Architect, Business Manager, CISO, siteReliabilitySystemsEngineer, Operations Manager, CTO, CIO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Automation | Session Type: Community Theater Session | Solutions: IoT & Industrial Data
Nicholas Laurent, Managed Service Manger, Converging Data
The Converging Data Bushfire Alerting Automation System is designed to gather data on homes and their surrounding fire-related characteristics. Sensors can measure: smoke, water tank levels, temperature, humidity, wind direction, wind speed, flame characteristics, rain, UV, infrared output, air quality and power. The data generated from these sensors is shared to a Splunk Cloud instance. Communities can securely access their data, which can be shared with emergency services including government fire agencies, police, fire departments, ambulances, hospitals, and infrastructure service providers.
Business Value Delivery for Enterprise Splunk Customers: A Use Case From ABN AMRO Bank
Wednesday, September 27, 2017 | 1:30 PM-1:45 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Cloud, Splunk Enterprise | Role: CTO, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, CIO, Business Manager, CISO, Developer, Operations Manager | Track: IT Operations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices | Session Type: Community Theater Session | Solutions: Business Analytics, Log Management, IT Operations, Big Data, Application Delivery, Cloud Strategies
Leo van Essen, Director CoE's, ABN AMRO BANK
Erik Witte, CEO, UMBRiO
How can you secure value delivery with Splunk in large enterprises with multiple business units and departments wanting to harness Splunk's power? Our approach is based on the creation of a “center of excellence” with an agile mindset.
Dashboard Time Selection: Balancing Flexibility With a Never-Ending Series of System-Crushing Queries
Thursday, September 28, 2017 | 12:15 PM-12:30 PM Intermediate
Industries: Aerospace & Defense, Technology, Public Sector, Higher Education, Healthcare, Travel & Transportation, Media & Entertainment, Manufacturing, Retail, Financial Services, Energy & Utilities, Communications, Non-Profit, Online Services | Products: Splunk Enterprise | Role: Business Manager, CISO, CIO, CTO, siteReliabilitySystemsEngineer, Data Scientist/Analyst, Security Analyst, Architect, Splunk Technical Champion, Administrator, Operations Manager, Developer | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Visualizations | Session Type: Community Theater Session | Solutions: Business Analytics, Big Data
Chuck Gilbert, CA, Comcast
The Splunk platform has provided our company with a wonderfully designed time input for dashboards (aka the time picker). It is extremely flexible, easy to use and easy to set up. So, what's not to love? The Splunk time picker has no upper limit to how long a period can be selected. Therefore, the naive or overly enthusiastic user is only one click away from querying all data since the dawn of time. However, in companies that ingest terabytes of data every hour, this can be a problem! Even if such a query runs to completion, it could be inconveniently slow. This presentation explores alternative approaches to dashboard time selection. For each alternative, we will illustrate what it looks like to the end user and we explore the simple XML that drives the feature. The goal of this session is to give the dashboard consumer all the flexibility that they need, while helping the Splunk administrator minimize the potential for an endless series of system-crushing queries.
Desert Deity: Raspberry Kali and Airodump
Tuesday, September 26, 2017 | 6:15 PM-6:30 PM Good for all Skill Levels
Industries: Higher Education, Healthcare, Technology | Products: Splunk Enterprise | Role: Operations Manager, CIO, Business Manager, Architect, siteReliabilitySystemsEngineer, CTO, Developer, CISO, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Administrator | | Session Focus: Business Analytics | Other Topics: Wire Data and Network | Session Type: Community Theater Session | Solutions: Security & Fraud, IT Operations
Ryan Adler, Security Engineer, Defense Point Security
Free wireless is the modern-day "Peanuts, getcha peanuts here!" – a siren call. Combine this with confusion about data plans and the constant search for the fastest connection, and you have a source of information that needs Splunk. In this presentation, we look at device habits, connections, arrivals and departures, and how this information can be used to evaluate risk. Is it worth knowing when an employee arrives at or departs from work? How about the connections their device looks for? And what about physical traffic flow based on unique devices in a certain area, or the time it takes to travel between two points by searching for the same device in two areas and comparing the time delta? Join us and get the answers.
Discovering the Children's Discovery Museum
Tuesday, September 26, 2017 | 11:15 AM-11:30 AM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise | Role: Developer, CTO, Operations Manager, CISO, CIO, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Business Manager, Administrator, Architect | Track: IT Operations | Session Focus: Business Analytics | Other Topics: Managing Splunk, Visualizations, What's New, Logging Frameworks, Using Splunk | Session Type: Community Theater Session | Solutions: IT Operations
Gregg Daly, Performance Engineer, IoTango
Gregg Daley presents the use of Splunk at the Children's Discovery Museum, a member of the Splunk Pledge.
Discovery: Phantom Windows Firewall Enabling
Tuesday, September 26, 2017 | 3:30 PM-3:45 PM Beginner
Industries: Technology | Products: Splunk Enterprise | Role: siteReliabilitySystemsEngineer, Administrator, Architect, CIO, Business Manager, CTO, CISO, Developer, Security Analyst, Operations Manager, Splunk Technical Champion, Data Scientist/Analyst | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | | Session Type: Community Theater Session | Solutions: Log Management, IT Operations
Robert Jue, Engineering, facebook
Within our Windows-based server fleet, the Windows firewall used to enable randomly. Two teams spent over 40 combined hours troubleshooting this with no resolution. Using Splunk, I was able to quickly determine and mitigate the issue.
Diversity and Inclusion: How to Empower Your Teams With Differences
Tuesday, September 26, 2017 | 12:15 PM-12:30 PM Good for all Skill Levels
Industries: Technology, Travel & Transportation, Aerospace & Defense, Public Sector, Diversity in Technology, Online Services, Non-Profit, Higher Education, Healthcare, Energy & Utilities, Financial Services, Communications, Retail, Manufacturing, Media & Entertainment | Products: Splunk Enterprise | Role: Architect, Business Manager, CISO, CIO, CTO, Administrator, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Developer | Track: IT Operations | Session Focus: Splunk Administration & Scaling | Other Topics: Workflow, Diversity in Technology, Best Practices | Session Type: Community Theater Session | Solutions: IT Operations, Security & Fraud, Cloud Strategies, Business Analytics, Big Data, Log Management, IoT & Industrial Data, Application Delivery
Brian Reyes, Washington, Splunk Inc.
We will explore how Splunk finds power in diversity and inclusion — and how Splunk customers can, too. Diversity and inclusion yield benefits for any business. Our differences help us solve problems in new and unique ways. And when we bring our own qualities as IT professionals, security experts and data analysts to tools such as Splunk, we can make any organization better. Splunk experiences firsthand the value of diversity and inclusion not only in skillsets and experience, but also in thought that comes from different experiences of gender, ethnicity, culture, language, passions, interests and much more.
Driven by Data: Analyzing Real-Time Car Data With Splunk and Machine Learning
Tuesday, September 26, 2017 | 12:30 PM-12:45 PM Good for all Skill Levels
Industries: Travel & Transportation, Manufacturing, Energy & Utilities, Technology | Products: Splunk Enterprise | Role: CIO, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, Business Manager, CISO, Developer, CTO | Track: IoT | Session Focus: What the Splunk?!?! | Other Topics: Visualizations, Using Splunk, What's New | Session Type: Community Theater Session | Solutions: Big Data, IoT & Industrial Data, Business Analytics
Daniel Koops, Data scientist, Itility
Gijs Wobben, Data Scientist, Itility
It started out as a bit of fun. Would it be possible to connect my car to Splunk? Obviously the answer is yes, but what could we learn from this data? In this presentation we'll take you on a trip and show how we connected our car, analyzed the data, and how we can now generate real-time driving advice with machine learning to help reduce our carbon footprint. What started out as a small project for fun is now gaining traction in our company; we're scaling up to dozens of cars!
Easy Ride: How to Collect Tolls While Keeping Drivers Happy
Wednesday, September 27, 2017 | 1:15 PM-1:30 PM Intermediate
Industries: Travel & Transportation, Online Services, Financial Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, siteReliabilitySystemsEngineer, CIO, Data Scientist/Analyst, Business Manager, CISO, Developer, CTO, Operations Manager, Security Analyst, Architect, Administrator | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Customer Success Story | Session Type: Community Theater Session | Solutions: Application Delivery, Security & Fraud, IT Operations, IoT & Industrial Data, Business Analytics
Peter Polakovic, CTO, SkyToll, a. s.
Ladislav Straka, Managing Consultant, Service & Support spol. s r. o.
The Splunk platform has unified the security and operation management of the comprehensive real-time application and system infrastructure of Slovakia’s national toll system. MYTO manages the longest road network in the EU – over 17,000 km. Since implementing the Splunk platform, they have optimized operator profitability and provided a holistic approach to cybersecurity management in compliance with ISO 27000.
Forensic Investigator Splunk App – 2,600 Downloads Later
Tuesday, September 26, 2017 | 2:00 PM-2:15 PM Good for all Skill Levels
Industries: Travel & Transportation, Communications, Energy & Utilities, Financial Services, Manufacturing, Media & Entertainment, Retail, Non-Profit, Technology, Healthcare, Higher Education, Online Services | Products: Splunk Enterprise | Role: Administrator, Architect, Business Manager, CIO, CISO, siteReliabilitySystemsEngineer, CTO, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Foundations | Session Focus: What the Splunk?!?! | | Session Type: Community Theater Session | Solutions: Application Delivery
Kyle Champlin, Staff SE, Global Strategic Alliances, Splunk Inc.
Anthony Lee, Senior Technical Director, Cylance, Inc.
Are you considering creating a Splunk app to share with the world? If so, we would love to share our insights about designing, developing and releasing an app. We have learned a great deal through our work with the Splunk Forensic Investigator App and feel that others would benefit from our experience. If anything, hearing about our trials and tribulations will make for a good laugh.
Fun With Analytics: Beyond Security
Tuesday, September 26, 2017 | 1:00 PM-1:15 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Developer, Architect, Administrator, CIO, Business Manager, CTO, CISO, Operations Manager, Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer | Track: IoT | Session Focus: What the Splunk?!?! | | Session Type: Community Theater Session | Solutions: Big Data, IoT & Industrial Data, Security & Fraud
Marcello Lino, SVP, Citi
James Sullivan, VP, Citi
Learn about the Splunk platform’s machine learning capabilities beyond security. We’ll apply the concepts from security use cases to have some fun with analytics. In our first scenario, we will build sensors and collect data from a homemade greenhouse that allow us to find the perfect conditions for growth, such as soil type, humidity and temperature. The second scenario will bring analytics to car racing on a small scale. We will build and use slot cars to collect racing data and predict winners based on their cars, lane uses, and other factors.
Go Splunk Yourself: How using Splunk to analyze my biometric data has improved my quality of life
Wednesday, September 27, 2017 | 3:45 PM-4:00 PM Beginner
Industries: Healthcare | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, Administrator, Operations Manager, Architect, Business Manager, CISO, CIO, siteReliabilitySystemsEngineer, Developer, CTO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Diversity in Technology | Session Type: Community Theater Session | Solutions: IoT & Industrial Data, Log Management
Josef Kuepker, New York, Splunk Inc.
I was recently diagnosed with sleep apnea, a medical condition that affects millions. After discovering that the apnea medical device collected data about my sleep, I decided to use the Splunk platform to analyze the information to track my health and see how changes in my lifestyle affected sleep quality. Does my sleep change when I travel? How has having a baby affected my sleep? In this session, I’ll walk you through the protocol dissection, development, and hardware I used to analyze the data using the Splunk platform. I'll also opine on how this and similar biometric data from medical devices can help improve our health.
Hindsight Is 20/20: What to Consider First When Implementing an Enterprisewide Environment
Wednesday, September 27, 2017 | 3:15 PM-3:30 PM Intermediate
Industries: Technology | Products: Splunk Enterprise | Role: Business Manager, Developer, Security Analyst, Operations Manager, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, CISO, CIO, CTO | | Session Focus: Search/Insights/Analytics | Other Topics: Using Splunk, Search, Workflow, Managing Splunk | Session Type: Community Theater Session | Solutions: Log Management, Application Delivery, Security & Fraud, IT Operations
Angela Fruits, Splunk Lover, Kinney Group
Laura Vetter, Indiana, Kinney Group
Splunk is a powerful platform. It can also be complex. Add to this a large IT environment with its fair share of silos, internally developed technology, rapid company growth, increased security risk, and constant changes in technology. Ahh! Our customer knew that an enterprisewide Splunk environment could have global impact on their organization. We forged forward and continue to do so today. Along this journey together, we have learned key lessons. We will share those lessons and show our battle scars for the benefit of other large environments looking to implement, launch and scale Splunk across the enterprise for many use cases. These stories will show that the journey is not lacking in difficulties and setbacks, but working through them in partnership will deliver the best results and make fighting the battles all the more rewarding.
How Happy is .conf2017
Thursday, September 28, 2017 | 12:00 PM-12:15 PM Good for all Skill Levels
Industries: Public Sector, Higher Education, Non-Profit, Online Services, Aerospace & Defense, Technology, Travel & Transportation, Healthcare, Communications, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Retail | Products: Splunk Enterprise | Role: siteReliabilitySystemsEngineer, Administrator, Architect, CIO, Business Manager, CISO, Developer, CTO, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Business Analytics | Session Focus: What the Splunk?!?! | Other Topics: Using Splunk, What's New, Visualizations, Managing Splunk | Session Type: Community Theater Session | Solutions: Business Analytics
David Fearne, , Arrow
Arrow is a leader in bringing outcomes to bear from an end to end perspective.  With “How Happy is .conf” we’ve developed a platform that will showcase our ability to understand and manipulate IoT sensor data in real-time, in order to gain big data on the well-being of .conf participants using their digital exhaust.
How to Become a Freelance Splunk Consultant Unicorn in 2017 and Beyond
Tuesday, September 26, 2017 | 6:00 PM-6:15 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Cloud, Splunk Enterprise Security, Splunk User Behavior Analytics, Splunk IT Service Intelligence, Splunk Enterprise | Role: Data Scientist/Analyst, Operations Manager, CTO, Developer, CIO, CISO, Business Manager, Administrator, Architect, siteReliabilitySystemsEngineer, Splunk Technical Champion, Security Analyst | Track: Business Analytics | Session Focus: What the Splunk?!?! | Other Topics: App Ecosystem | Session Type: Community Theater Session | Solutions: Business Analytics
Coen Meerbeek, Freelance Splunk Consultant, C. Meerbeek BV
This session will give you a look into the world of freelance Splunk consulting. You will learn which courses are important for you, how to get jobs and be noticed by customers, and how to help the Splunk community as whole grow. We’ll also discuss which blog topics attract attention, how to use social media as well as how to create and promote your apps. This session is for consultants who want to add Splunk to their tool belt and for those who want to start freelancing.
How to Empower Yourself, Inspire Others and Truly Win in Your Organization: A Master Class in Getting Your Splunk Swagger On
Tuesday, September 26, 2017 | 1:30 PM-1:45 PM Good for all Skill Levels
Industries: Aerospace & Defense | Products: Splunk Enterprise | Role: Operations Manager, Administrator, Architect, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, CTO, Developer, CISO, Business Manager, CIO | Track: IT Operations | Session Focus: Splunk Administration & Scaling | Other Topics: Using Splunk, Managing Splunk, Workflow, Basic Content, Analyzing Data Types, Search | Session Type: Community Theater Session | Solutions: Application Delivery
Aleem Cummins, CEO & Founder, Digital Disruption Today Ltd
Vladimir Mellnik, Senior Director, Strategy, Splunk Inc.
This session will inspire and empower those wishing to win with Splunk in their organization. Let’s explore what you need to step out of the shadows and be a superstar and a more effective you. You’ll get fresh insights on proven roles, techniques, thought leadership, being disruptive, emotional intelligence, making the case, gaining traction, business outcomes, defensive and offensive weapons, influence, public speaking, overcoming doubt, community support, mastering use cases, measuring value and sharing success.
Indexer Clustering Fixups - how a cluster recovers from failures
Thursday, September 28, 2017 | 11:45 AM-12:00 PM Advanced
Industries: Technology | Products: Splunk Enterprise Security | Role: Business Manager, CTO, CISO, Developer, siteReliabilitySystemsEngineer, Architect, Administrator, Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, CIO, Operations Manager | Track: IT Operations | Session Focus: eventAnalytics | Other Topics: Investigation | Session Type: Community Theater Session | Solutions: Big Data
Da Xu, Principal Software Engineer, Splunk Inc.
Dive into how an indexer cluster recovers from indexer failures! We'll detail the steps that the cluster takes to recover from failures - from identifying which buckets need to be fixed to scheduling the various fixup jobs!
Literal Data Fabrics: The Splunk Gallery
Wednesday, September 27, 2017 | 2:45 PM-3:00 PM Good for all Skill Levels
Industries: Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Financial Services, Energy & Utilities, Communications, Public Sector, Non-Profit, Media & Entertainment, Manufacturing, Online Services, Retail | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Administrator, Architect, Business Manager, CISO, CIO, Developer, CTO, Operations Manager, Security Analyst, siteReliabilitySystemsEngineer | Track: Business Analytics | Session Focus: What the Splunk?!?! | Other Topics: Using Splunk, Basic Content, Analyzing Data Types, What's New, Platform Extensibility, Visualizations, Best Practices, Managing Splunk | Session Type: Community Theater Session | Solutions: Business Analytics
Charlie Huggard, Software Architect, Cerner
Have you heard that Splunk is a T-shirt company that solves a big data problem? That may be an exaggeration, but Splunk T-shirts are pretty popular. In our nearly 14-year history, we have produced and given away many T-shirts and other types of swag. In this talk, we’ll show off and tell stories about some of our favorite pieces of official and unofficial swag, as well as other artifacts from Splunk's history. We'll also introduce a new community project to document this material history and let you know how you can help.
Physical State and Positional Analytics
Wednesday, September 27, 2017 | 1:45 PM-2:00 PM Good for all Skill Levels
Industries: Travel & Transportation | Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Administrator, Operations Manager, Architect, CIO, Business Manager, siteReliabilitySystemsEngineer, CTO, Developer, CISO | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Content | Session Type: Community Theater Session | Solutions: IoT & Industrial Data
Sandeep Vasani, Texas, Splunk Inc.
In this session, we will live demo how phone sensor data can predict a user’s physical state or trigger alerts based on their location. The session will cover collecting sensor data from phones in real-time using scripted inputs, predicting a physical state using a model built with the Machine Learning Toolkit and triggering alerts with geofences.
Predicting the Weather With Historical Data
Wednesday, September 27, 2017 | 5:00 PM-5:15 PM Beginner
Industries: Energy & Utilities, Technology | Products: Splunk Enterprise | Role: CISO, Operations Manager, Security Analyst, Splunk Technical Champion, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Administrator, Business Manager, Architect, CIO, CTO, Developer | Track: IoT | Session Focus: IoT & Industrial Data | | Session Type: Community Theater Session | Solutions: Big Data
Alex Wade, Consultant, Function1
Weather is influenced by thousands, if not hundreds of thousands of factors. With current technology, it is difficult to determine what the weather will be like, even in a week’s time. This is where the Splunk platform can come in handy. Using historical data gathered from the Dark Sky API, I can determine the length of heat waves, rainstorms and other weather phenomena without ever taking a class in meteorology.
Prioritizing Anomalies
Thursday, September 28, 2017 | 1:30 PM-1:45 PM Intermediate
Industries: Public Sector, Aerospace & Defense, Higher Education, Healthcare, Travel & Transportation, Technology, Manufacturing, Retail, Online Services, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Non-Profit | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Operations Manager, CTO, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, Developer, CIO, Business Manager, CISO | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Anomaly Detection | Session Type: Community Theater Session | Solutions: Security & Fraud, Log Management, IT Operations, IoT & Industrial Data, Business Analytics, Big Data
Harsh Keswani, Product Manager: Machine Learning, Splunk Inc.
Anomaly or outlier detection is a method for identifying events or metric records that do not follow an expected pattern or range in a dataset. This method has many applications in various domains: In the security realm, it could help detect fraud; in medicine, it could help identify a tumor; in manufacturing, it could help find structural defects. Currently, the Detect Numerical Outlier assistant helps you identify outliers in a metric using machine learning algorithms. But when we detect large numbers of outliers, which ones should we look at first? This is the question I will answer using two methods: multivariate outliers and co-related multivariate outliers. In this session, we will detect outliers for all the metrics and then combine them for each time unit to discover which instance produces the highest outlier count. The higher the count, the higher the priority level.
Recruit Technologies Automated Its Cybersecurity Actions Using Splunk
Tuesday, September 26, 2017 | 4:15 PM-4:30 PM Advanced
Industries: Media & Entertainment, Online Services, Technology | Products: Splunk Enterprise Security | Role: CISO, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, CIO, Business Manager, CTO, Developer, Security Analyst, Operations Manager, Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Forensics | Session Type: Community Theater Session | Solutions: Security & Fraud
Mitsuhiro Nakamura, Senior Security Engineer, Recruit Technologies Co.,Ltd.
Recruit set out to identify fraud by cyberattacks. Splunk helped to eradicate it with our behavior analysis logic and visualization technology. After Recruit shifted to using Splunk’s Unmanned Automatic Protection System, they drastically reduced losses. Let's find out which core elements you need in order to accurately identify fraudulent acts and see how Recruit’s incident response improved and evolved.
Removing the Barriers to Adoption and Value
Thursday, September 28, 2017 | 11:00 AM-11:15 AM Advanced
Industries: Technology, Travel & Transportation, Aerospace & Defense, Public Sector, Retail, Online Services, Non-Profit, Higher Education, Healthcare, Communications, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities | Products: Splunk Enterprise | Role: Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, Administrator, Developer, Architect, Business Manager, CISO, CIO, siteReliabilitySystemsEngineer, Operations Manager, CTO | Track: IT Operations | Session Focus: Splunk Administration & Scaling | Other Topics: Best Practices | Session Type: Community Theater Session | Solutions: Log Management, Big Data
Stuart Hirst, Principle Solutions Architect, Converging Data
This session will focus on removing the barriers to Splunk adoption by drawing on the implementation experience of multiple large organizations. We will discuss solutions such as multi-tenancy, data policy routing, data cataloging, continuous integration and continuous delivery using centralized configuration management — all solutions that target common issues in complex situations. Further, many Splunk deployments reach a certain size and fail to either keep pace with demand or remain flexible enough to accommodate all use cases. This session will provide advice, guidance and solutions to removing the barriers to true enterprise adoption and value.
Rising to the Challenge: Adoption of Splunk As a Business-Critical Tool for Risk and Compliance Departments in the Banking Industry
Tuesday, September 26, 2017 | 5:00 PM-5:15 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Security Analyst, Operations Manager, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Developer, Administrator, Architect, Business Manager, CTO, CIO, CISO | Track: Security / Compliance / Fraud | Session Focus: Security Use Case Development | Other Topics: Best Practices | Session Type: Community Theater Session | Solutions: Security & Fraud
Sanja Zeljkovic, Product owner, Infigo IS d.o.o.
In the age of rapidly increasing volumes of data, big data analytics are becoming essential to tracking money laundering activities and terrorist financing in the finance industry. This session will discuss how Splunk supports risk and compliance departments by combining anti-fraud, anti–money laundering and counterterrorism financing tools in the same platform. Discover how existing Splunk-based anti-fraud platforms were extended for use against money laundering and learn about challenges encountered along the way.
Running Splunk Enterprise Within Docker
Tuesday, September 26, 2017 | 3:45 PM-4:00 PM Beginner
Industries: Technology | Products: Splunk Enterprise Security | Role: CISO, siteReliabilitySystemsEngineer, Administrator, Developer, Security Analyst, Operations Manager, Data Scientist/Analyst, Splunk Technical Champion, CTO, Business Manager, CIO, Architect | Track: IT Operations | Session Focus: DevOps | Other Topics: Containers (Docker, etc.) | Session Type: Community Theater Session | Solutions: IT Operations
Michael Clayfield, Consultant, JDS Australia
Few know there is an official Docker container for running Splunk within Docker. Attendees will come away from this session with an understanding of the basic commands needed to run the official Splunk Docker image and how to set up a basic Splunk cluster using “docker-compose” — perfect for use in development environments and Splunk configuration testing. I will also go over some tips, tricks and things to watch out for when using the Splunk Docker image.
Scaling Up and Creating a Secure Multi-Tenant Enterprise-Wide Splunk Deployment
Wednesday, September 27, 2017 | 4:15 PM-4:30 PM Intermediate
Industries: Technology, Higher Education | Products: Splunk Enterprise Security | Role: Architect, siteReliabilitySystemsEngineer, Splunk Technical Champion, Security Analyst, Data Scientist/Analyst, Operations Manager, CTO, Developer, CIO, CISO, Business Manager, Administrator | Track: IT Operations | Session Focus: Infrastructure Troubleshooting & Monitoring | Other Topics: Best Practices | Session Type: Community Theater Session | Solutions: Security & Fraud, Log Management, IT Operations
Steven Bochniewicz, Sr. Security Architect, University of Maryland, College Park
Kevin Shivers, Maryland, University of Maryland, College Park
University of Maryland, College Park, set out to expand their small Splunk install from their central IT organization to all campus divisions and departments — a multi-terabyte scenario. To overcome design limitations in Splunk, departments needed their own apps. But by using the university’s single sign-on solution (Shibboleth) combined with Grouper, UMD was able to create a role and application management infrastructure that allows departments to manage their own access.
Self-Adapting Standard Operations Dashboards at NY ITS
Tuesday, September 26, 2017 | 12:00 PM-12:15 PM Intermediate
Industries: Public Sector | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Administrator, Architect, Business Manager, CISO, CIO, CTO, Operations Manager, Developer, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer | Track: IT Operations | Session Focus: What the Splunk?!?! | Other Topics: Best Practices, Customer Success Story, Visualizations, Using Splunk, Security Use Case Development, Investigation, What's New, Managing Splunk | Session Type: Community Theater Session | Solutions: Application Delivery
Barry Krawchuk, New York, New York State Office of Information Technology Services
The New York State Office of Information Technology Services (NYS ITS) uses Splunk for security, operations and business intelligence, supporting 10,000 servers, 55 agencies and 144,000 employees. To date 67 apps are in place for services like MotorVoter (voter registration), Pub1075 (IRS compliance) and NYResponds (disaster response), displaying KPIs for CPU, memory, disk and network performance. NYS ITS needed to provide a consistent, standard portfolio of dashboards that could quickly adapt to a variety of environments. Learn how they did it.
Social Media Analytics: Driving Customer Engagement Through Twitter Feed Enrichment
Tuesday, September 26, 2017 | 4:45 PM-5:00 PM Beginner
Industries: Public Sector, Travel & Transportation, Retail, Manufacturing, Technology, Energy & Utilities, Financial Services, Media & Entertainment, Online Services, Non-Profit, Higher Education, Aerospace & Defense, Communications, Healthcare | Products: Splunk Enterprise Security | Role: Architect, Security Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Business Manager, CISO, CIO, Developer, CTO, Operations Manager, Data Scientist/Analyst | Track: Business Analytics | Session Focus: Business Innovation | Other Topics: Visualizations | Session Type: Community Theater Session | Solutions: Big Data, Business Analytics
Alok Agarwal, Business Consultant, POSITKA FSI PTE
If your organization has a social media presence – on Twitter for example – the Splunk platform allows you to facilitate and enable easy integration of the social media feed for detailed analysis. But the real power of social media analytics is unlocked only through methodical data enrichment and post-processing. In this session, you will learn how to tap into your Twitter feed to effectively engage with your customers by segregating spam from legitimate tweets, evaluating changing sentiments and de-anonymizing Twitter user handles to connect with actual users.
Splunk Catching Rogue Traders: How a multinational bank used Splunk to catch rogue traders in financial markets
Tuesday, September 26, 2017 | 1:45 PM-2:00 PM Good for all Skill Levels
Industries: Financial Services | Products: Splunk Enterprise | Role: Developer, Administrator, Security Analyst, Operations Manager, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Splunk Technical Champion, Architect, CIO, Business Manager, CTO, CISO | Track: Business Analytics | Session Focus: Fraud | | Session Type: Community Theater Session | Solutions: Security & Fraud, Business Analytics, Big Data
Aleksey Eremenko, Head of Scenario Development - Markets Surveillance, ANZ Banking Group
Vincent Leycuras, Head of Tech Development, ANZ
There has been no shortage of well-publicized and highly damaging misconduct scandals within the financial services industry over the past decade. A large number of customers have claimed sizable losses and there has been a significant reputational and brand damage to firms. Delloitte has estimated that global banks have paid out more than $275 billion in legal costs since 2008. This session will highlight how we have implemented Splunk at a large multi-national bank to detect a myriad of misconduct & fraudulent scenarios. We leverage Splunk to detect & mitigate these events in real-time by aggregating multiple data sources including system access, order information, trade information, anomaly detection & behavioral analytics. Splunk has allowed us to interactively analyze incidents and manage risks in real-time compared to many vendor T+1 & 2 systems.
Splunk Community 101: Where, Why, and How to Connect with Users Worldwide to Set Yourself Up for Success with All Things Splunk
Tuesday, September 26, 2017 | 11:45 AM-12:00 PM
Wednesday, September 27, 2017 | 2:15 PM-2:30 PM Good for all Skill Levels
Industries: Online Services, Communications | Products: Splunk Enterprise Security | Role: Administrator, Developer, Operations Manager, Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Architect, Business Manager, CISO, CIO, CTO | Track: IT Operations | Session Focus: Splunk Administration & Scaling | | Session Type: Community Theater Session | Solutions: Big Data
Alexa Araneta, Community Content Specialist, Splunk Inc.
Patrick Pablo, Community Content Manager, Splunk Inc.
Got Splunk questions? Get answers, fast! Learn all about Splunk Community resources to connect you with our open, fun, passionate, and incredibly helpful users worldwide. Make use of the years of experience and expertise of customers, partners and Splunkers by engaging with thousands of peers, virtually or in person. Regardless of your experience or role using the Splunk platform, knowing how and where to get help from the best and brightest is essential to your success.
Splunk Dashboard Design Guidelines
Tuesday, September 26, 2017 | 5:45 PM-6:00 PM Good for all Skill Levels
Industries: Technology, Travel & Transportation, Aerospace & Defense, Public Sector, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Healthcare | Products: Splunk Enterprise Security | Role: Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Security Analyst, Business Manager, CISO, CIO, Developer, CTO, Operations Manager, Data Scientist/Analyst, Architect | Track: Developing | Session Focus: Business Analytics | Other Topics: Visualizations | Session Type: Community Theater Session | Solutions: Cloud Strategies, IoT & Industrial Data, Big Data, Application Delivery, Security & Fraud, IT Operations, Log Management, Business Analytics
Ru Ge, Senior UX Designer, Splunk Inc.
In this session, we’ll discuss principles, a case study and best practices in Splunk dashboard design for customers and app developers.
Splunk Machine Learning Capabilities and Condition-Based Maintenance: Train Doors on the German Public Rail Transport System
Thursday, September 28, 2017 | 11:30 AM-11:45 AM Good for all Skill Levels
Industries: Travel & Transportation, Technology | Products: Splunk Enterprise | Role: Security Analyst, Business Manager, Architect, CIO, CTO, CISO, Developer, Operations Manager, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Splunk Technical Champion, Administrator | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story | Session Type: Community Theater Session | Solutions: Business Analytics, IoT & Industrial Data
Henning Brandt, Data Analyst, ESE GmbH
Daniel Pal, Data Analyst, ESE GmbH
In Europe, especially in Germany, trains are among the leading means of public transportation. Security-relevant subassemblies of passenger train features, such as entry doors, are always given the highest priority – which leads to costly maintenance. In an attempt to reduce these costs, two trains have been equipped with Multifunction Vehicle Bus (MVB) units in a proof of concept to track door control actions in real-time. The MVB unit monitors the power consumption of an open/close door event and divides it into 256 measuring points. The main goal of our project is to replace the static maintenance cycle of targeted subassemblies with an optimized and condition-based maintenance system. To achieve this, we set up a Splunk dashboard, which brings together machine data, geo data and weather data by using machine learning algorithms like DBSCAN. We are able to detect anomalies like increased power consumption and event length to predict failing parts.
Splunk Reactions Tumblr: Community GIFs and Memes That Make You Go OMG, LOL, SMH, FTW!
Wednesday, September 27, 2017 | 12:15 PM-12:30 PM Good for all Skill Levels
Industries: Communications | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Security Analyst, Operations Manager, CTO, Developer, siteReliabilitySystemsEngineer, CISO, Administrator, Architect, CIO, Business Manager | Track: IT Operations | Session Focus: What the Splunk?!?! | Other Topics: Best Practices, Platform Extensibility, Basic Content, App Ecosystem, Visualizations, What's New | Session Type: Community Theater Session | Solutions: IT Operations
David Shpritz, MD, Aplura, LLC
David Shpritz, MD, Aplura, LLC
We've all been there. The feeling of getting a regex right and no one around wants to answer your high-five. Or maybe you just realized there are ways to nullQueue on a Universal Forwarder (yeah, that's a thing) and almost fell out of your chair. If you've felt the highs and lows of working with Splunk, the Splunk Reactions Tumblr might be your kind of place. Join us for a lighthearted look at the world of Splunk and the community that never takes itself too seriously while having a laugh, or maybe a cry – accompanied, of course, by GIFs.
Splunk Sees All! How Getting to the Root Cause Helped Hennepin Discharge the ‘Simon BOFH’ Myth and Reestablish Healthy Relationships
Thursday, September 28, 2017 | 1:15 PM-1:30 PM Beginner
Industries: Public Sector | Products: Splunk Enterprise, Splunk Enterprise Security | Role: CIO, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Administrator, Architect, Business Manager, CISO, CTO, Developer | Track: IT Operations | Session Focus: Threat Detection | Other Topics: Using Splunk, Anomaly Detection, What's New, Managing Splunk, SecOps, Security Use Case Development | Session Type: Community Theater Session | Solutions: IT Operations
Jeff Greene, IT Technical Services Supervisor, Hennepin County
When the Hennepin County Business Finance PeopleSoft group began mysteriously losing published eLearning content, they assumed IT systems administrators were deleting it. After the third occurrence, a highly visible and expensive meeting was called to demand answers of the IT Operations team. This is the story of how Splunk saved the day and reestablished a healthy working relationship.
Splunking the 2016 Presidential Election Data Panel
Wednesday, September 27, 2017 | 11:00 AM-11:45 AM Good for all Skill Levels
Industries: Non-Profit | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Administrator, Architect, CIO, Business Manager, CTO, CISO, Developer, Operations Manager, Security Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer | Track: Business Analytics | Session Focus: What the Splunk?!?! | Other Topics: Customer Success Story | Session Type: Community Theater Session | Solutions: Business Analytics, Big Data, IoT & Industrial Data
Satoshi Kawasaki, CA, Splunk Inc.
Corey Marshall, , Splunk Inc.
During the 2016 presidential election, the Federal Election Committee exposed a vast array of election data, including independent expenditures, which are large sums primarily used by super PACs to influence elections. This session will cover all the steps in creating the elections.splunk4good.com site, including the proper on-boarding of the JSON, searching and analyzing, creating interesting visualizations, and finally setting up the infrastructure to create a public-facing site while minimizing disruption to the Splunk instance.
Splunking the Farm – Agriculture, Powered by Splunk
Thursday, September 28, 2017 | 1:00 PM-1:15 PM Good for all Skill Levels
Industries: Manufacturing | Products: Splunk Enterprise | Role: Security Analyst, CISO, CIO, Developer, Architect, Operations Manager, Administrator, CTO, Data Scientist/Analyst, Business Manager | Track: IoT | Session Focus: IoT & Industrial Data | Other Topics: Customer Success Story | Session Type: Community Theater Session | Solutions: IoT & Industrial Data
Dennis Mohn, Technical Account Manager, magellan netzwerke GmbH
"Splunking the Farm" showcases an exceptional and innovative use case where the Splunk platform is used to collect meteorological data, from public open-source APIs and individual sensors, to optimize plant growth at a small 12-acre fruit farm. The presentation will give a brief overview of the use case, explain why meteorological data is important to farmers, and show how the data analysis was done in pre-Splunk times and how it's done now. This use case highlights how even the smallest installations of the Splunk platform can provide high satisfaction.
Stats 101: What Makes Good Predictions
Wednesday, September 27, 2017 | 11:45 AM-12:00 PM Beginner
Industries: Healthcare, Communications, Energy & Utilities, Financial Services, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Technology, Travel & Transportation, Higher Education | Products: Splunk Enterprise | Role: Security Analyst, Developer, Operations Manager, CISO, CTO, Business Manager, CIO, Architect, Administrator, Splunk Technical Champion, siteReliabilitySystemsEngineer, Data Scientist/Analyst | Track: Business Analytics | Session Focus: Business Analytics | Other Topics: Best Practices | Session Type: Community Theater Session | Solutions: Business Analytics
Rich Mahlerwein, Senior Information Systems Security & Database Architect, Forest County Potawatomi Community
“Standard deviation.” You’ve heard of it. You know it’s important. You also know it involves some complicated math. But did you know that the concept is pretty easy to understand and that the concept is all you need to know in order to determine the quality of your predictions? Splunk can do all the hard math for you, and this session will explain what to look for to figure out whether your predictions will be good.
TA/App Release Tool: How a Product Team Integrated AppInspect Into the Release Process
Thursday, September 28, 2017 | 1:45 PM-2:00 PM Good for all Skill Levels
Industries: Technology | Products: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud | Role: Administrator, Splunk Technical Champion, siteReliabilitySystemsEngineer, Data Scientist/Analyst, Architect, CIO, Business Manager, CTO, CISO, Developer, Security Analyst, Operations Manager | Track: Developing | Session Focus: DevOps | | Session Type: Community Theater Session | Solutions: Application Delivery
Dmitrii Zakharov, Senior Engineering Services Manager, Splunk Inc.
Our product team built the http://tart.sv.splunk.com web console which displays results from AppInspect, Cloud Vetting and Security Scan, and can be used by our engineers to sign off on releases. The term “tart” stands for TA/App Release Tool. The roadmap for using this console includes integration with Cigital Portal and Splunkbase.
Take a Walk Into the Art of Night Photography With a Splunk Ninja
Wednesday, September 27, 2017 | 6:15 PM-6:30 PM Good for all Skill Levels
Industries: Media & Entertainment, Travel & Transportation, Technology | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator, Business Manager, Data Scientist/Analyst, CISO, CIO, Developer, CTO, Operations Manager, Security Analyst, siteReliabilitySystemsEngineer | Track: IoT | Session Focus: IoT & Industrial Data | | Session Type: Community Theater Session | Solutions: IoT & Industrial Data
John Barnett, Sales Engineer, GKC Auckland
Michael Uschmann, Splunk Architect / Senior Consultant, GKC
The perfect nighttime photo often eludes even the most skilled photographer – it relies on the right combination of weather, location and moon phase. Using the power of the Splunk platform, you can nail that dark-sky photo every time by combining NASA satellite data, Sky Quality Meter data and moon phase and weather data.
Taking Splunk inside the Classroom for Automatic Grading
Wednesday, September 27, 2017 | 5:15 PM-5:30 PM Intermediate
Industries: Higher Education | Products: Splunk Enterprise | Role: Security Analyst, siteReliabilitySystemsEngineer, Architect, Data Scientist/Analyst, Administrator, CTO, Developer, CIO, CISO, Business Manager, Splunk Technical Champion, Operations Manager | Track: Business Analytics | Session Focus: Business Innovation | Other Topics: Behavioral Analytics and Machine Learning | Session Type: Community Theater Session | Solutions: Business Analytics, Big Data, Application Delivery
Ryan O'Connor, Splunk & Security Consultant, Hurricane Labs
If you’re a teacher, professor, or instructor of any kind with some Splunk experience, this session is for you. We will cover a case study of how Splunk was used in the classroom at the University of Connecticut. We will cover everything from automated grading to running analytics on how well your assignments are performing (and how to improve the results). This can make life easier for you and your students, and it gives you more time for student engagement. It’s all made possible by Splunk Pledge.
Threat Hunting with Deceptive Defense and Splunk Enterprise Security
Wednesday, September 27, 2017 | 12:45 PM-1:00 PM Intermediate
Industries: Technology, Travel & Transportation, Aerospace & Defense, Public Sector, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Media & Entertainment, Financial Services, Energy & Utilities, Communications, Healthcare | Products: Splunk Enterprise Security | Role: siteReliabilitySystemsEngineer, Business Manager, Splunk Technical Champion, CTO, CISO, Developer, Administrator, Architect, CIO, Data Scientist/Analyst, Operations Manager, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Security Analytics and Machine Learning | Other Topics: Applying Threat Intelligence / Context | Session Type: Community Theater Session | Solutions: Security & Fraud
Satnam Singh, Chief Data Scientist, Acalvio Technologies
According to a 2017 survey on threat hunting by the SANS Institute, threat hunting is the newborn child in IT security. Currently, 45 percent of organizations hunt on an ad hoc basis; therefore, there is a need for a systematic approach for threat hunting. In this talk, we share our research on the triage of deceptive security with Splunk Enterprise Security (ES) notable events for threat hunting. Using data science, we identify various types of notables that need to be hunted and automatically deploy contextual deceptions around the suspicious hosts. When an adversary bumps into a deception, it validates the presence of a threat. This talk is a must for security analysts to learn about a unique approach for threat hunting that can be replicated in your networks.
Understanding the Splunk Maturity/Adoption Model to Sell Splunk at the C-Level
Wednesday, September 27, 2017 | 12:00 PM-12:15 PM Good for all Skill Levels
Industries: Non-Profit, Online Services, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Communications, Retail, Manufacturing, Media & Entertainment, Financial Services, Energy & Utilities | Products: Splunk Enterprise | Role: CIO, Business Manager, CTO, CISO, Data Scientist/Analyst, Administrator, Security Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer, Operations Manager, Architect, Developer | Track: Foundations | Session Focus: Splunk Administration & Scaling | Other Topics: Using Splunk | Session Type: Community Theater Session | Solutions: Big Data, Security & Fraud, Application Delivery, Business Analytics, Log Management, IT Operations, IoT & Industrial Data, Cloud Strategies
Steve Fritzinger, Virginia, Splunk Inc.
In this session, we’ll take a business-side look at what drives adoption for Splunk across the enterprise. We will cover how IT and security leads should consider prioritizing and managing their portfolios, as well as approaches for driving new business and services. We’ll also look at some of the tools Splunk has developed to quantify and qualify a Splunk investment for management. Additionally, we’ll explore some basic concept models. We hope you leave seeing new possibilities in capabilities, expanded services offerings, new service areas and completely new offerings altogether. Splunk has developed several tools to support our customers and account teams in qualifying and quantifying the problems the Splunk platform addresses. We’ll conclude with an overview of these tools and the outputs they generate to give the audience a sense of the “art of the possible” for their own C-level pitch.
Using Active Robot Monitoring With Splunk to Improve Application Performance
Tuesday, September 26, 2017 | 5:15 PM-5:30 PM Beginner
Industries: Online Services | Products: Splunk Enterprise | Role: Administrator, Architect, Business Manager, CIO, CISO, CTO, Developer, Operations Manager, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion, siteReliabilitySystemsEngineer | Track: IT Operations | Session Focus: Application Performance & Analytics | Other Topics: Dev Tools | Session Type: Community Theater Session | Solutions: Application Delivery, IT Operations
Michael Clayfield, Consultant, JDS Australia
After this presentation, participants will have a greater understanding of what active robot monitoring (also known as synthetic monitoring) is and how it can provide further visibility into the end-user experience. Specifically, I will show how Splunk, combined with open source tools and some simple development ingenuity, can provide an adaptable platform to synthetically monitor applications. Further, Splunk's ability to combine machine data from multiple sources means it can do things that other tools can't, namely use synthetic data with existing passive data sources to improve application monitoring and performance.
Using Splunk Enterprise to optimize tailored long-term data retention
Thursday, September 28, 2017 | 10:45 AM-11:00 AM Intermediate
Industries: Technology, Media & Entertainment | Products: Splunk Enterprise | Role: Architect, CIO, Business Manager, CISO, Developer, CTO, Administrator, Operations Manager, Security Analyst, Data Scientist/Analyst, siteReliabilitySystemsEngineer, Splunk Technical Champion | | Session Focus: Splunk Administration & Scaling | Other Topics: Using Splunk | Session Type: Community Theater Session | Solutions: Security & Fraud, Log Management
Tomasz Bania, Incident Response Lead, Dolby
Eric Krieser, Professional Services Consultant, Splunk Inc.
Many organizations make the difficult decision to limit retention periods shorter than preferred due to storage and cost considerations. In this session, we will present how Splunk Enterprise is being used to address this challenge by minimizing long-term retained data from full retention of large datasets to retaining specific subsets of information. Common uses for this optimization include Compliance and Security, and allows organizations to reap the benefits of reduced storage costs, increased retention periods, and improved performance.
Visualizing the Health of Your Mobile App
Tuesday, September 26, 2017 | 5:30 PM-5:45 PM Good for all Skill Levels
Industries: Financial Services, Technology | Products: Splunk Enterprise | Role: siteReliabilitySystemsEngineer, Business Manager, CISO, CIO, CTO, Developer, Security Analyst, Operations Manager, Data Scientist/Analyst, Splunk Technical Champion, Administrator, Architect | Track: IT Operations | Session Focus: Application Performance & Analytics | Other Topics: Mobile App Monitoring | Session Type: Community Theater Session | Solutions: Application Delivery, Big Data
Jay Tamboli, Software Engineer, Capital One
This session will demonstrate how Splunk can monitor mobile app activity and health. It will include advice for narrowing down large data sets into manageable results. The session will also cover useful SPL commands for filtering and summarizing events and include advice for creating dashboards that are useful and not overwhelming.
Wrangling Events with Machine Learning in ITSI
Tuesday, September 26, 2017 | 4:30 PM-4:45 PM Good for all Skill Levels
Industries: Higher Education, Non-Profit, Online Services, Retail, Manufacturing, Media & Entertainment, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Financial Services, Communications, Energy & Utilities | Products: Splunk IT Service Intelligence | Role: CIO, Operations Manager | Track: IT Operations | Session Focus: itsi | Other Topics: Managing Splunk, Machine Learning, Best Practices, What's New, Search, Using Splunk | Session Type: Community Theater Session | Solutions: IT Operations
Laura Snow, , Splunk Inc.
Tired of event management tools that only filter and de-dupe, leaving you with alert fatigue from having to sift through all the false positives? Learn how the latest features in Splunk IT Service Intelligence (ITSI) can help by applying machine learning to events so you can identify and prioritize issues faster.

Panel Discussion

Digital Transformation is Here - Progress Report and Lessons Learned from Cloud-First Initiatives in the Public Sector
Wednesday, September 27, 2017 | 4:35 PM-5:20 PM
Industries: Aerospace & Defense, Higher Education, Non-Profit | | | Track: Developing | | | Session Type: Panel Discussion | Solutions: Log Management, IT Operations, Application Delivery, Cloud Strategies
Nick Murray, Manager, Cloud and Technology Alliances, Splunk Inc.
A recent survey of IT decision makers and staff across public sector and educational institutions revealed an overall loss in confidence with respect to cloud migrations. Respondents felt it was complicating their day-to-day role in managing IT operations. The inability to monitor and troubleshoot applications, availability and performance of applications and lack of visibility into workloads were cited as major concerns in this transformation. Spending patterns for cloud based initiatives are slated to grow, indicating that the effort to remedy this is underway. This session will explore strategies and approaches to overcoming some of the challenges and risks in moving workloads to the cloud, handling the complexity of migrations with granular visibility and ensuring efficiencies. It will feature real-world examples and a discussion with a panel of experts across the most common cloud platforms.
Gaining Confidence in Your IT Operations - Meet SLAs Consistently and Resolve Issues in Minutes
Wednesday, September 27, 2017 | 12:05 PM-12:50 PM Intermediate
Industries: Public Sector, Aerospace & Defense, Higher Education, Non-Profit | | | Track: IT Operations | | | Session Type: Panel Discussion | Solutions: IT Operations
Bill Babilon, Global ITOA Solutions Architect, Splunk Inc.
Public sector IT operations are becoming increasingly complex. As helpful as advancements like mobility, apps, virtualization, cloud and software-defined models can be, they also contribute to a highly complex IT environment. These systems also need resources to monitor them and make sure they’re running smoothly. In addition, current troubleshooting and monitoring solutions are often disparate point tools, each monitoring a piece of the puzzle, but not seeing the system as a whole. This gap in data sharing leaves little time for organizational learning or efficient improvements since the majority of IT’s time is spent just keeping the lights on. So how can this be improved? Join us for this lively panel session to hear from multiple customers who are leveraging Splunk to integrate data from all sources to create actionable insights.
Legacy Compliance Is Dead - Leveraging Continuous Monitoring with Splunk to support the NIST Framework
Wednesday, September 27, 2017 | 3:30 PM-4:15 PM Good for all Skill Levels
Industries: Media & Entertainment, Online Services, Higher Education, Healthcare, Travel & Transportation, Technology, Aerospace & Defense, Public Sector, Manufacturing, Retail, Financial Services, Energy & Utilities, Communications | | | Track: Security / Compliance / Fraud | | | Session Type: Panel Discussion | Solutions: Security & Fraud
Scott Armstrong, Chief Strategy Officer, Qmulos
The Trump Administration has called for a tighter focus on risk management measures, reporting, and agency implementation of the NIST Cybersecurity Framework. Compliance is no longer a ""check the box"" activity. In fact, the renewed focus represents a huge opportunity for organizations to rethink their strategy. Join this panel session to gain insight into how organizations can apply an automated solution to enable continuous monitoring of security controls, and how initiatives from NIST are helping to harmonize security and compliance efforts for private industry and public sector organizations. The session will include insights from NIST, industry practitioners and executives, as well as a live demo of the Qmulos Enterprise Compliance app that uses real-time data to create dashboards that enable timely analysis and accurate reporting to support the requirements of multiple frameworks.
Ready, Set, Go! Learn from others - The First 30 day Experiences of ITSI customers
Tuesday, September 26, 2017 | 12:05 PM-12:50 PM Good for all Skill Levels
Industries: Energy & Utilities, Technology, Aerospace & Defense, Public Sector, Media & Entertainment, Manufacturing, Retail, Online Services, Non-Profit, Higher Education, Financial Services, Travel & Transportation, Communications, Healthcare | Products: Splunk IT Service Intelligence | Role: Splunk Technical Champion | Track: IT Operations | Session Focus: itsi | Other Topics: Best Practices, Customer Success Story | Session Type: Panel Discussion | Solutions: IT Operations
Bill Babilon, Global ITOA Solutions Architect, Splunk Inc.
This session will feature a panel discussion of customers’ initial 30-day experiences with Splunk ITSI. Topics covered will include their paths to success, the challenges they faced and how they overcame them and the benefits they gained from adopting ITSI. They will also discuss their future plans for ITSI. Questions and comments welcome in this interactive session!
The CISO Level View: Innovative Strategies to Confront the Changing Threat Landscape
Wednesday, September 27, 2017 | 2:15 PM-3:00 PM Good for all Skill Levels
Industries: Aerospace & Defense, Public Sector, Healthcare, Higher Education, Non-Profit | | | Track: Security / Compliance / Fraud | | | Session Type: Panel Discussion | Solutions: Security & Fraud
Adilson Jardim, Area Vice President, Public Sector, Splunk Inc.
The objective of security is to keep the organization safe. The goal is not to deter business velocity but to help organizations innovate and transform to meet mission objectives and navigate risks confidently. But despite significant investments, the adversary seems to be always one step ahead and organizations are struggling to keep up. Is our approach still relevant in the face of a changing threat landscape? What are leading organizations doing to reduce analyst fatigue, overcome resource constraints and become proactive with their security posture? This session brings together an esteemed panel of executives who will share their strategies and insights for resiliency in today’s dynamic threat environment. We will look into the tools, methodologies, and the best practices that public sector organizations are leveraging to consolidate, conserve and maximize existing dollars and resources to make the biggest impact and get the most out of their investments.