Sessions

Breakout Sessions

ICS and Splunk – Security By Obscurity No Longer
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Good for all Skill Levels | Industries: Energy & Utilities | Products: Splunk Enterprise | Role: Security Analyst, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Customer Success Story, Getting Data In
Speakers
Chris Duffey, SCADA Coordinator, Enterprise Product Partners L.P.
Industrial control systems (ICS) are responsible for controlling some of most critical processes and infrastructure on the Earth. Designed primarily around availability, these systems are increasingly interconnected with business networks and, in some cases, public networks like the Internet. In days past, the security mantra for these systems was simply “security by obscurity.” The truth is that ICS vendors and operators had little or no visibility into security within these systems. Modern attacks like StuxNet and the attack recently on a Ukranian power company have shown this is no longer a safe assumption. In addition, many conventional IT tools are not designed with the constraints necessary to operate properly within these environments without impacting operations. However, the Splunk platform provides the needed customization necessary to gain real insights into the security of the ICS environment. This presentation will focus on an actual implementation of Splunk within an Industrial control system (specifically SCADA) and the insights it has provided to this once “obscure” system.

Anomaly Detection on Business Items with Machine Learning Algorithms
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Intermediate | Industries: Retail, Online Services | Products: Splunk Enterprise, Other, Splunk IT Service Intelligence | Role: Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Machine Learning
Speakers
Andre Pietsch, Product Manager, OTTO (GmbH and Co. KG)
Stefan Scholz, Senior Consultant Data Analytics, LC Systems GmbH
You have a LOT of events. You have beautiful dashboards and reports. They are even in real time. But who should sit in front of them with the trigger finger on the mouse waiting for something interesting to happen? We want to show you what to consider to be able to detect anomalies with the help of machine learning algorithms.

Machine Learning Using Splunk and R
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Advanced | Industries: Energy & Utilities | Products: Other, Splunk Enterprise | Role: Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Data Science Machine Learning | Other Topics: Platform extensibility, Best Practices, Machine Learning, Thought Leadership
Speakers
Marianne Faro, Itility
Daniel Koops, MSc, Itility
Gijs Wobben, Itility
Splunk's machine learning toolkit, in combination with R, provides a powerful tool for real predictive and prescriptive analytics. Each month Itility hosts a machine learning hackathon to dig into large data sets and create new value from them. In this session, Itility will share examples, experiences, algorithms and use cases.

Splunk for Donuts: Optimizing the Customer Experience at Dunkin' with Splunk
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Intermediate | Industries: Retail | Products: Other, Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Machine Learning, Customer Success Story
Speakers
Matthew Kraft, Director Consumer Technology and Mobile, Dunkin' Brands
Brian Nash, Architect, Business Analytics and IoT, Splunk
If you like your coffee hot and your donuts fresh, then you want a donut shop powered by Splunk! Learn how Dunkin' Donuts has improved their guests' experience using Splunk to gain value from their machine data, and explore some inspirational ideas on optimizing operations and real-time digital marketing in the retail sector.

Splunk at a Telco: Assessing Outages and Improving Customer Experience with Machine Learning
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Intermediate | Industries: Communications | Products: Other, Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, Architect | Track: Splunk for Operational Intelligence | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning, Thought Leadership, Customer Success Story, What's New?!
Speakers
Andrew Phillips, Senior Sales Engineer, Splunk
Learn how a leading Mobile Telco was able to utilize Splunk's Machine Learning capabilities to identify patterns of repeated problems across thousands of cell towers. This presentation will detail how the customer analyzed alarms generated by known "repeat offenders" to create a mathematical model which was then applied to other alarms to identify cells with similar root cause problems, reducing MTTR, workload, truck rolls and maintenance.

What's New: The Unification of Splunk Enterprise and Analytics on Hadoop
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Intermediate | Industries: Technology | Products: Splunk Enterprise, Other | Role: Security Analyst, Splunk Technical Champion, Developer, Data Scientist/Analyst, Administrator, Architect | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: Big Data Architecture, Getting Data In, What's New?!
Speakers
James Hodge, Principal Product Manager, Splunk
Keith Schon, Principal Software Engineer, Splunk
Come learn what’s new with Splunk Enterprise and Hunk and how we’re making it easier than ever for Splunk Enterprise customers to leverage Hadoop.

Splunk as an Intelligent Platform: From Log Aggregation to Machine-assisted Analysis at Nordstrom
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Advanced | Industries: Retail | Products: Splunk Enterprise | Role: Architect, Developer, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: Business Innovation | Other Topics: Customer Success Story
Speakers
Gopal Brugalette, Senior Architect, Nordstrom
Ashwin Kothari, Nordstrom
In this session we will explore the evolution of Splunk analytics in an enterprise, progressing from log aggregation to dashboarding and finally machine-assisted analysis. This is where Splunk software becomes an intelligent platform, calculating and displaying complex information, beyond just log data. Learn how Nordstrom has gone beyond graphing simple log data to increase the efficiency of performance testing cycles and to help predict, prevent, identify and resolve production issues faster. Nordstrom is using Splunk for partial analysis, enabling their people to focus on areas that require insight and context. We'll discuss how the methodologies and concepts of this approach to machine-assisted human analysis can be implemented for any system.

Real-Time Monitoring of a Cloud-Based Micro-Service Architecture Using Splunk Cloud and the HTTP Event Collector
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Beginner | Industries: Financial Services | Products: Splunk Cloud, Splunk Enterprise | Role: Business Manager, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: Cloud Strategies | Other Topics: Amazon Web Services, httpEventCollector
Speakers
Matt Poland, Senior Sales Engineer, Splunk
Mike Sclimenti, Sr. Systems Engineer, Experian
In this session Experian Consumer Services will discuss how they migrated a legacy 3 tier web architecture to a full cloud based architecture, in AWS, using microservices. They will review the architecture and lessons learned from deploying Splunk Cloud using the Splunk App for AWS, S3, Kinesis, Lambda functions, and the HTTP Event Collector. It will also show how they went from 15 minutes of latency on production dashboards, to sub-5 seconds of latency sending the logs directly from Kinesis, via Lambda, to the HTTP Event Collector.

Best Practices for Working with Splunk Cloud
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Intermediate | Industries: Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Operations Manager, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Cloud Strategies | Other Topics: Best Practices
Speakers
Dennis Bourg, Cloud Adoption, Splunk
Eric Six, Cloud Adoption, Splunk
This session will cover best practices when working with Splunk Cloud. We'll review common cloud and hybrid deployment architectures, effectively on-boarding data, creating apps that will pass the vetting process, submitting ticket requests and working with cloud adoption and cloud operations.

Splunking AWS for End-to-end Visibility
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Beginner | Industries: Technology, Energy & Utilities | Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: Cloud Strategies | Other Topics: Amazon Web Services, Customer Success Story
Speakers
Patrick Shumate, Solution Architect, Amazon
Randall Young, Principal Product Manager, Splunk
Qianjie Zhong, Director, Software Engineering, Splunk
Whether you’re moving to cloud—or already there—you need to address lack of visibility into cloud infrastructure and the security challenges that come with it. In this session, you'll hear from Splunk about how to address these challenges using the Splunk App for AWS to help you gain end-to-end visibility into operations and security behaviors within your AWS environments — enabling you to move your mission-critical workloads to AWS with agility and security. We'll show you how the Splunk App for AWS integrates with AWS CloudTrail, AWS Config, Amazon CloudWatch, Amazon VPC Flow Logs, Amazon S3, Amazon CloudFront, Amazon ELB and AWS billing, and how pre-built dashboards in the app help you visualize critical information on the health, usage and security of your AWS environments.

Real-world Advantages of Choosing a 'Lean SOC’ Approach Over a 'Legacy SOC'. Lessons Learned from the UK’s Largest Home Improvement Retailer.
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Intermediate | Industries: Retail | Products: Splunk Cloud, Splunk Enterprise, Splunk Enterprise Security | Role: Architect, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Cloud Strategies | Other Topics: Best Practices, Customer Success Story
Speakers
Nick Bleech, Head of Information Security, Travis Perkins
Travis Perkins has a complex hybrid IT infrastructure and is in midst of migrating to the cloud. This session will outline the pitfalls from their initial infrastructure-heavy legacy SOC approach and the success they gained when they moved to a cloud-based ‘lean SOC’. You will learn how they found “Explosions in the Sky” and integrated Splunk Cloud and Splunk Enterprise Security on their journey to secure their hybrid digital enterprise. You will also learn how their business process now leverage the Splunk platform, as well.

Splunk Cloud at BBC Worldwide: Operational and Business Analytics to Support a New Digital Service
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Good for all Skill Levels | Industries: Media & Entertainment | Products: Splunk Cloud | Role: Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story
Speakers
Zoe Bolton, Head of Service Operations, BBC
Discover how BBC Worldwide successfully launched a new digital service – BBC Store – based on analytics generated using Splunk Cloud. This session will show how BBCW created critical insights in a tight time frame and with limited technical resources. Learn how to translate business insights into impact for operations, maximizing value from your data.

Gaining Business Analytics to Build a Data-Driven Airport – from Vision to Reality at Gatwick Airport
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Beginner | Industries: Travel & Transportation | Products: Splunk Cloud | Role: CISO, CIO, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Platform extensibility
Speakers
Chris Howell, Head of Business Systems, Gatwick Airport
Using Splunk, Gatwick Airport is able to get 95% of passengers through airport security in 5 minutes or less. Attend this session to learn how Gatwick Airport instrumented data from the airport environment to gain a real-time view into operational efficiency and improve passenger experience. You will learn about their journey from vision to implementation, and how they drove adoption across business (non-technical) users. You will also hear how Gatwick designed a successful data strategy, created new data-driven services and got buy-in from the business.

Using Splunk to Create the First HIPAA Cloud Compliant Infrastructure at Harvard to Secure Clinical and Genetic Patient Data on AWS
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Beginner | Industries: Healthcare, Higher Education | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, CISO | Track: Security / Compliance / Fraud | Session Focus: Compliance | Other Topics: Thought Leadership, Amazon Web Services, Customer Success Story
Speakers
Paul Avillach, Assistant Professor, Harvard University
This session will describe the strategy and implementation for creating the first approved HIPAA compliant research infrastructure on AWS at Harvard University. This wouldn’t have been possible without the Splunk platform. Integrating clinical data with genetic data is crucial to discover new drug treatments. This data is very sensitive as it contains all names of patients with their detailed genetic results. Working on AWS, we created a HIPAA compliant, fully monitored, secured infrastructure. We'll discuss all steps, from how we installed Splunk on our dedicated VPC on AWS to how we configured the Splunk forwarders, to creating alerts, reports and dashboards to monitor our infrastructure and custom research applications running on Tomcat and JBoss.

Building Splunk Visualizations with the New Custom Visualization API
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Advanced | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Splunk Technical Champion, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, customVisualizations, What's New?!, Platform extensibility
Speakers
Marshall Agnew, Senior Software Engineer, Splunk
This session will be an in-depth look at the new Splunk Custom Visualization API. It will cover how and why to use custom visualizations in the Splunk platform, and show how to build a visualization from scratch in JavaScript. The talk will go over getting started with building custom visualizations, formatting data for visualization, rendering using JavaScript and D3, and best practices for producing clean visualizations. In addition, it will show how to surface visualizations in Splunk and make them available to the community on Splunkbase.

HTTP Event Collector in Splunk - More Super Powers!
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Advanced | Products: Splunk Enterprise, Splunk Cloud | Role: Splunk Technical Champion, Architect, Developer, Administrator | Track: Developing | Session Focus: Splunk Enterprise Whats New | Other Topics: Getting Data In, What's New?!, Platform extensibility, Dev Tools, Logging Frameworks, httpEventCollector
Speakers
Shakeel Mohamed, Software Engineer, Splunk
Itay Neeman, Director of Engineering, Splunk
In Splunk 6.5, we've enhanced HTTP Event Collector with more super powers! You can now send raw data directly rather than having to use our JSON event protocol. With indexer acknowledgment you can ensure critical events are indexed. And this is just the beginning. In this demo-packed session see how you can unlock these powers within your Splunk development.

Faster Splunk App Certification with Splunk AppInspect
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Products: Splunk Enterprise, Splunk Cloud, Other | Role: Splunk Technical Champion, Architect, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, App Ecosystem, Development Best Practices, Best Practices, Platform extensibility, What's New?!
Speakers
Grigori Melnik, Director, Product Management, Splunk
Andrew Nortrup, Product Manager, App Certification, Splunk
The Splunk App Certification Program provides assurances to YOU that apps have been examined and found to conform to best practices for Splunk app development, including review for security vulnerabilities. This session will explain the benefits of the certification program for app developers and consumers. We will detail the process and demonstrate how to achieve app certification quickly and efficiently. We will also introduce our new static analysis tool, Splunk AppInspect, which validates apps for structure, configuration best practices, readiness for cloud deployment, basic security reviews, and more!

Monitoring the Industrial Internet of Things: A Guide to Application Performance Management with Splunk
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Good for all Skill Levels | Industries: Technology, Energy & Utilities | Products: Splunk Enterprise | Role: Operations Manager, Architect, Administrator, Splunk Technical Champion, Developer | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Best Practices, Customer Success Story, Dev Tools, Development Best Practices
Speakers
Chris Winkler, Performance Engineering Team Lead, EnerNOC
Application performance management is a cornerstone to site reliability. Tracking, trending and alerting on application performance is required in all environments. When coupled with properly instrumented applications and test automation tools, the Splunk platform is a robust application performance management solution. This session will provide techniques to monitor application performance with Splunk.

MQTT, CEP and the other LMNOP's of the IoT
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Advanced | Industries: Manufacturing, Retail, Technology, Travel & Transportation, Energy & Utilities, Aerospace and Defense, Healthcare | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Splunk Technical Champion, Data Scientist/Analyst, Administrator, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Thought Leadership, Getting Data In, What's New?!, httpEventCollector, Platform extensibility
Speakers
Brian Gilmore, Director, Solution Architecture, IoT and Big Data Ecosystem, Splunk
The IoT is literally becoming an alphabet soup of protocols, technology trends, and analytics approaches. Join this session to learn how M2M protocols like MQTT are being leveraged in the IoT, how popular technology trends like PaaS and SaaS are utilized in consumer and enterprise IoT solutions, and also how analytics strategies like CEP and ML are helping companies realize value from their IoT and IIoT projects. We’ll cover the acronyms and cut through the hype - demonstrating exactly how IoT can positively impact your business

Business Analytics With Splunk - The Secret Behind our SaaS Growth Success
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Beginner | Industries: Financial Services | Products: Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Developer, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story
Speakers
Hamish Purdey, Chief Executive, Intelliflo
Robert Walton, COO, Intelliflo
At Intelliflo our systems enable clients to manage over $400 billion of assets. This means giving the right advice, appropriate deployment and best service – so we need to know what’s happening in real-time within our business. Splunk software's business analytics functionality allows us to see the information we need in real time across all disciplines within the business.

Splunking SAP – Provide Instant Business Value by Unlocking SAP Data for IT, OT and Security Use Cases Across Your Enterprise
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Intermediate | Industries: Healthcare, Financial Services, Manufacturing, Retail, Communications, Aerospace and Defense, Energy & Utilities, Travel & Transportation | Products: Splunk Enterprise | Role: Architect, Business Manager, Operations Manager, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Thought Leadership, Getting Data In
Speakers
Warwick Chai, Managing Director, BNW Consulting
This session describes how PowerConnect for Splunk enables you to efficiently and securely unlock the extensive operational data within SAP systems for IT, OT and security use cases. This session will explain how to gain greater insight into your SAP landscape’s operational health, compliance to government regulations and overall security posture.

Monitor Your Business Transactions with Splunk to Gain Real-Time Insights Into Your Business Performance
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Intermediate | Industries: Financial Services, Online Services, Technology, Communications, Retail, Healthcare | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Business Manager | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Getting Data In, Thought Leadership
Speakers
Stephane Lapie, Sales Engineer, Splunk
Romain Testu, Senior Presales Consultant, Splunk
When you set up an ESB, there are three monitoring levels you should consider: technical, functional and business. Good news, you can address all of them within a single solution, Splunk. This is the purpose of this session, monitor your ESB infrastructure and leverage its central position in your business transactions to build business KPI and monitor in real time your business berformance.

Splunk Improving Soldier’s Efficiency and Healthcare Logistics in the Battlefield
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Good for all Skill Levels | Industries: Healthcare, Public Sector, Aerospace and Defense | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Architect | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Getting Data In, customVisualizations, Thought Leadership, Machine Learning
Speakers
Justin Boucher, Senior Sales Engineer, Splunk
Ramik Chopra, Senior Sales Engineer, Splunk
Militaries around the world continue to adopt cutting-edge technology to ensure operational mission success. Soldiers returning home safe is considered priority 1. Complete real-time situational awareness in operations and continuous monitoring of health of soldiers are both critical for this initiative. In this session, we will show how Splunk improves the efficiency of soldier and medical logistics in the battlefield.

Gaining New Insight Into the Payment Business Process
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Beginner | Industries: Financial Services | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Operations Manager, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, customVisualizations
Speakers
Markus Sprunck, Senior IT Architect, UniCredit Business Integrated Solutions S.C.p.A.
Developing a business activity monitoring solution for a complex payments infrastructure had many challenging requirements - this talk focuses on the lessons learned from the project. Users requested insight into varying business functions, as well as the ability to complete new searches and UI customization through testing, advanced use of the Splunk platform and a focus on quality.

Tracking Trading (FIX) Environments with Splunk
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Intermediate | Industries: Financial Services | Products: Other, Splunk Enterprise | Role: Architect, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning, Getting Data In, Customer Success Story, Thought Leadership
Speakers
Duncan Turnbull, EMEA Analytics and IoT Technical Lead, Splunk
This session will detail real-world experiences in monitoring trading (FIX) environments including decoding FIX messages to make them usable, stitching together multiple identifiers across disparate systems to tell them complete story of a trade and using this information to gain Operational Intelligence in a trading setting. Other advanced use cases include alerting-by-exception and using statistical and machine learning techniques from the Machine Learning Toolkit and modular alerting.

“Listen to the Wind, It Talks” - Monitoring Wind Energy Production from SCADA Systems with Splunk
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Intermediate | Industries: Energy & Utilities | Products: Splunk Enterprise | Role: Operations Manager, Architect, Business Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Customer Success Story, Getting Data In
Speakers
Victor Sanchez, Information and Application Architect, Infigen Energy
Infigen is a renewable energy company in Australia that generates a massive amount of data from the wind turbines controlled by SCADA systems. Infigen’s Control Centre operates on a 24x7 basis constantly monitoring not only windfarm events and weather forecast, but also energy demand, price and market conditions. Splunk is Infigen’s monitoring platform across its business-critical systems.

How Splunk Can Provide Real-Time Operational Insights to Drive Performance & Customer Excellence in a Call Center Environment
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Good for all Skill Levels | Industries: Communications | Products: Splunk Enterprise | Role: Architect, Business Manager, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Getting Data In, Customer Success Story
Speakers
Tracy Leighton, Head of Planning and Quality, 2degrees mobile
Understand how 2degrees uses the Splunk platform to enable real-time management of customer care performance to evolve one of New Zealand’s best customer experiences. Reaping the rewards of ‘fingertip’ information, Splunk moved us toward proactive management of customer interactions and provided deeper insight into underlying trends. This included driving efficiency and productivity but making a positive difference to engagement for both our customers and staff.

Splunk on the Shopfloor: Improving Plant Operations with Splunk
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Good for all Skill Levels | Industries: Manufacturing | Products: Splunk Enterprise | Role: Splunk Technical Champion, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Customer Success Story, Getting Data In, Platform extensibility
Speakers
Lin Stokes, Business Intelligence Analyst III, Supply Chain Business Solutions, Shaw Industries Group Inc.
Erika Swartz, Sr. Process Engineer, Shaw Industries Group Inc.
The sophisticated environment of a modern manufacturing plant demands that workers and management constantly synthesize data sources from different systems to optimize operations. Data comes not only from industrial sensors but also from worker observations. We show how the use of Splunk software to collect, analyze, and report this information in real time drives continuous improvement and business metrics.

Leveraging Splunk Analytics for Business Intelligence and DevOps: API Activity and Performance
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Beginner | Industries: Financial Services | Products: Splunk Enterprise | Role: Architect, Business Manager, Splunk Technical Champion | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, ODBC, Getting Data In, customVisualizations
Speakers
Tim Watkins, Senior Consultant, Platform Architecture and Support, MasterCard
You have Splunk software, now extend its value and your ROI. The Splunk Enterprise native analytics functionality can often save funding allocated for analytics software systems like Tableau®, Looker® or the like. This track will explain how as we explore Splunk analytics for BI & DevOps with a use case covering consumer market response behavior, customer activity and API performance for DevOps.

From IT Troubleshooting and Service Monitoring to Predicting Student Achievement: An Operations-Research Love Story
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Intermediate | Industries: Higher Education, Public Sector | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Business Manager | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story, Getting Data In
Speakers
Matthew Bernacki, Assistant Professor, UNLV
Cam Johnson, Operations Center Manager, UNLV
Liz Whitaker-Freitas, Senior Solutions Engineer, Splunk
Come hear the story of a typical Splunk user who learned how troubleshooting and service monitoring could be used not just with machines and their data, but with people and theirs. When operations teamed up with researchers and used LMS data that was there all along, they learned important lessons about their students – and found that students’ own data could help them learn better.

Lesser Known Search Commands
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Intermediate | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Administrator, Security Analyst | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Kyle Smith, Integration Developer, Aplura
An overview with examples of SPL search commands that are new or of a more advanced nature that people may not know about or use often. This is an updated presentation of the talk I gave at .conf2014 and at several Splunk events since. Commands I cover include contingency, makeresults, map, noop, etc.

Behind the Magnifying Glass: How Search Works
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Developer, Administrator, Data Scientist/Analyst, Splunk Technical Champion, Architect, Security Analyst | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Jeff Champagne, Staff Architect, Splunk
What actually happens when you click the search button? Why should I use search criteria like index, sourcetype, or source? Is it REALLY that bad if I just use all time? This session will answer those questions and more! We will help you write better searches by explaining exactly what's going on behind the scenes and how different search terms can improve performance.

Fields, Indexed Tokens and You
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Advanced | Products: Splunk Enterprise | Role: Operations Manager, Splunk Technical Champion, Data Scientist/Analyst, Architect, Developer, Administrator, Security Analyst | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Martin Muller, Consultant, Consist Software Solutions GmbH
Splunk software does many things to make your searches run fast. Most importantly, Splunk has to narrow down the set of potentially matching events. The fewer events Splunk has to scan, the faster your search will run. In this session we will explore how Splunk software uses fields and indexed tokens to achieve this, and how you can leverage them to your advantage. You will learn how to detect optimization potential in your searches and how to make meaningful changes. Additionally, we will cover how common configurations can have great impact on search performance.

It's 10PM - Do You Know Where Your Data Is?
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: Best Practices, Getting Data In
Speakers
Jason Timlin, Engagement Manager, Professional Services, Splunk
Data in Splunk is based on time. If event times are wrong, statistics can be inaccurate and data from searches can be missed! In this talk, we will review how to check if event times and timezones are correct in your Splunk environment and how to fix them if they aren't.

Architecting Splunk for High Availability and Disaster Recovery
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Intermediate | Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion, Operations Manager | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices
Speakers
Dritan Bitincka, Principal Architect, Splunk
As Splunk software becomes more critical to organizations and business functions, it becomes more important to maximize the uptime of the service. We'll talk about general principles of high availability and disaster recovery with Splunk software. We'll also discuss the various mechanisms for providing them, the levels of availability, relative advantages and costs of each of them.

Observations and Recommendations on Splunk Performance
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Advanced | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Architect | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices
Speakers
Dritan Bitincka, Principal Architect, Splunk
A session on Splunk indexing and search performance analysis under various conditions and environments (physical vs. virtual). Focus will be around debunking common misconceptions and presenting best practices.

Shop Smart at the KV Store: Best Value Tricks from the Splunk KV Store and REST API
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Intermediate | Products: Other, Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Developer, Architect, Data Scientist/Analyst, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: What's New?!, Best Practices
Speakers
George Starcher, Senior Security Engineer, Defense Point Security
Duane Waddle, Senior Security Engineer, Defense Point Security
Duane Waddle, Senior Security Engineer, Defense Point Security
This year we bring you code and fun use cases for the Splunk KV Store for both security and IT ops. Topics include syncing relational DB tables into KV Store, synchronizing collections across different search heads, manipulation of ES asset/threat intel, and using KV Store plus some external code to give the security team the ability to block traffic flows automatically from within Splunk software.

The Chargeback App
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Operations Manager, Business Manager | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Big Data Architecture, Best Practices
Speakers
James Donn, Senior Sales Engineer, Splunk
If you are running Splunk software in a medium to large environment, you are probably sharing your instance with other groups. In many places, this results in one group running Splunk software as a service for any number of internal customers. The challenge then becomes sharing the maintenance costs and run rates of the infrastructure and ensuring that no one abuses your license! The Charge Back App is used to calculate run rates for Splunk software and audit your customers usage, resolving these problems. In this talk, I will cover the history, strategy, and additional features of the app before showing a quick demo.

"Splunking" Your z/OS Mainframe
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Good for all Skill Levels | Industries: Manufacturing, Retail, Other, Energy & Utilities, Communications, Healthcare, Financial Services, Higher Education | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Operations Manager, CIO, CISO, CTO | Track: IT Operations | Session Focus: Big Data Architecture | Other Topics: Platform extensibility, Logging Frameworks, Getting Data In, Big Data Architecture
Speakers
Ed Hallock, Director, Product Management, Syncsort, Inc.
If you are responsible for z/OS systems – or applications that run on z/OS – getting insight on security and IT operations data is critical. In this session, you will get an overview of how Syncsort Ironstream® can be used to forward critical IBM z/OS mainframe system security and IT operational data to Splunk Enterprise and Splunk Enterprise Security for analysis and an integrated 360 degree view of your entire enterprise.

Quis Custodiet Ipsos Custodes? (Who watches the watchmen?) OR How do you know when Splunk stops searching?
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Good for all Skill Levels | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Operations Manager, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Tim Baldwin, Senior Splunk Implementation Engineer, Hurricane Labs
Tom Kopchak, Director of Technical Operations, Hurricane Labs
Splunk is now part of your critical infrastructure. Whether you’re using Splunk software for security alerting, business operations, or Operational Intelligence, any failure will have a significant impact on any or all of these areas. In this presentation, Tim and Tom will provide a deep-dive into techniques for effectively monitoring Splunk deployments of all varieties.

Superspeeding Transaction Monitoring with the kvtransaction Command
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Products: Splunk Enterprise | Role: Security Analyst, Splunk Technical Champion, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: customSearchCommands
Speakers
Mika Borner, Management Consultant, LC Systems
Christoph Dittmann, Senior Consultant, LC Systems
Processing long-term transactions spanning over hours and days within millions of events is a complex challenge, and the built-in transaction and stats commands within Splunk software are sometimes not up to the task. Our customers often face perfomance issues tracking these kinds of transactions. We will describe the current challenges and our solution, which enables large scale transaction, process and service monitoring.

Internet of (Big Rolling) Things at DB Cargo’s European Rolling Stock: Increased Customer Satisfaction Through Higher Availability and Reliability
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Good for all Skill Levels | Industries: Travel & Transportation | Products: Splunk Enterprise | Role: Architect, Business Manager, Splunk Technical Champion, Data Scientist/Analyst, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: httpEventCollector, Getting Data In, Customer Success Story
Speakers
Marcus Goessl, Project Manager for TechLOK and Hybridization, DB Cargo AG
Asmus Hammer, Senior Account Manager, Consist Software Solutions GmbH
Mathias Sebastian Thomas, Head of Asset and Technology Strategy, DB Cargo AG
DB Cargo is Europe's leading provider of innovative transportation and logistics solutions. Next to energy efficiency and automation, digitization and IoT the main levers to DB Cargo’s asset strategy to optimize locomotive availability, its utilization leading towards more stable production and higher customer satisfaction. Learn how Splunk software is enabling DB Cargo to meet these goals with near-time fleet visibility to create smarter vehicles improve maintenance processes, and reduce unproductive downtime.

Indexer Clustering Internals, Scaling, and Performance
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Intermediate | Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Big Data Architecture | Other Topics: Big Data Architecture
Speakers
Da Xu, Senior Software Engineer, Splunk
Chloe Yeung, Software Engineer, Splunk
This session will discuss indexer clustering internals: inspecting what our cluster master and indexers are actively doing as well as explaining various configurations settings. We'll also discuss scaling out a large cluster and the bottlenecks that cluster experience. Finally, we'll give some of our internal performance testing numbers for large clusters!

Multi-tenant Architecture: Securing Splunk to Combat Snooping Users
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Intermediate | Industries: Higher Education | Products: Splunk Enterprise | Role: Security Analyst, Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices, Customer Success Story
Speakers
Daniel Daily, Splunk Administrator, Indiana University
Allen Tucker, Manager, HELPnet Technology Services, Indiana University
Do you have dozens of departments using Splunk software? Do you want to scope user access so that they only see information relevant to their job role? The Indiana University Splunk Team will discuss the security layers within the Splunk platform, the possible user errors that could circumvent the security, and data isolation best practices.

Using Data Anonymization Algorithms to Leverage Sensitive Data with Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Beginner | Industries: Travel & Transportation | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Architect, CIO, CTO, Security Analyst, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Machine Learning, Customer Success Story, Best Practices
Speakers
Markus Bonisch, General Manager, BMW AG
Marco Fischer, Head of Business Analytics, Robotron Datenbank-Software GmbH
Matthias Ilgen, Pre Sales Engineer, Robotron Datenbank-Software GmbH
The use of sensitive data is limited by operational compliance rules and legal regulations, but this data can still be valuable to your organizations. To use such data for analysis purposes, we need modern methods for anonymization to ensure compliance. In this session, we present a framework based on a Splunk main index, which can be used to generate anonymized data analysis views for different user groups and use cases.

Dashboard Wizardry
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Intermediate | Products: Splunk Enterprise | Role: Splunk Technical Champion, Developer, Administrator, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Using Splunk
Speakers
Nicholas Filippi, Product Management, Splunk
Siegfried Puchbauer, Senior Software Engineer, Splunk
Splunk dashboards and forms provide a solid framework to quickly compose static content for showing and visualizing data from search results. Tapping into the full power of SimpleXML enables you to go beyond that and build rich interactions and workflows into your dashboards without resorting to code. In this session you'll learn how to take a rudimentary dashboard and advance it step by step to provide a rich and interactive user experience, covering hooks and building blocks available in SimpleXML, including new ones introduced in the latest versions of Splunk Enterprise.

Dashboards, Alerting, Reporting and Visualization - What’s New
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Intermediate | Industries: Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Data Scientist/Analyst, Splunk Technical Champion, Operations Manager, CIO, Developer, Administrator, Business Manager | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: customVisualizations, What's New?!, customAlertActions
Speakers
Nicholas Filippi, Product Management, Splunk
Michael Porath, Product Manager, Splunk
This session will walk through the latest features aimed at Splunk use cases for reporting and dashboards. Attendees will learn about visualization capabilities that help them create meaningful and actionable dashboards and reports. Specific examples and a live demo will showcase capabilities and reporting workflows.

What's New – Custom Visualizations
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Intermediate | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Business Manager, CIO, Splunk Technical Champion, Administrator, Developer | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: customVisualizations
Speakers
Michael Porath, Product Manager, Splunk
This session introduces the Custom Visualizations framework that expands the library of visualizations available to Splunk users. The session will go into depth about framework capabilities, and how to find, install, and use these visualizations. A live demo will demonstrate some of these visualizations in action.

Keeping the Junk Out of Splunk – Maximizing the Value of Your Splunk License and Being Prepared for Floods of Data.
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Beginner | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Getting Data In, Best Practices
Speakers
Sandy Voellinger, Principal Consultant, Crypsis Group
In this session, we'll walk through some strategies you can use to improve the signal to noise ratio and focus on what is important to your business needs. We’ll also talk about strategies to help you manage a sudden burst of data indexing while maximizing the value of your Splunk license! Learn tips and tricks starting at the OS level, on tools like rsyslog, and find out how to filter at indexers and forwarders before the data hits the wire.

Solve Big Problems with Machine Learning
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Advanced | Industries: Other | Products: Splunk IT Service Intelligence, Splunk User Behavior Analytics, Splunk Cloud, Splunk Enterprise, Other | Track: Splunk for Operational Intelligence | Other Topics: Machine Learning
Speakers
W. Julian Andre, Staff Sales Engineer, Splunk
Tom LaGatta, Staff Sales Engineer, Splunk
Sometimes problem-solving feels like fighting fires with no relief. Leverage machine learning to help solve the problem of problem solving. We will introduce general ML concepts & workflows, and guide you through the long slog of exploratory data analysis to figure out what relates to what. Then we'll walk you through how to develop a systematic architecture to leverage ML models and improve your team's problem-solving capabilities. We'll talk about big data architectures, how to fit models on historical data and apply them in real time. We will close with a demonstration of ML capabilities in Splunk.

Search Optimization
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Good for all Skill Levels | Industries: Technology | Products: Splunk Enterprise Security, Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Administrator | Track: Splunk for Operational Intelligence | Session Focus: Search Language | Other Topics: What's New?!, Best Practices
Speakers
Alex James, Principal Product Manager, Splunk
Learn about ways that Splunk can optimize your searches and make them run faster. Get a peek under the covers to review the technology used to build these optimizations.

Using the Splunk Machine Learning Toolkit to Create Your Own Custom Models
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Advanced | Industries: Other | Products: Splunk Enterprise, Splunk Cloud | Role: Operations Manager, Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning, What's New?!
Speakers
Adam Oliner, Director of Engineering, Splunk
Manish Sainani, Principal Product Manager, Splunk
This session will introduce the Splunk Machine Learning Toolkit and demonstrate the key features for guided model building without SPL. We’ll also review typical use cases and real-world customer examples of using the Toolkit to drive business results.

Splunk and Open Source Integrations with Spark, Solr, Hadoop and NoSQL Storage
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Advanced | Industries: Technology | Products: Splunk Enterprise | Track: Splunk for Operational Intelligence | Session Focus: Big Data Architecture | Other Topics: Thought Leadership, Big Data Architecture, Platform extensibility
Speakers
Raanan Dagan, Staff Big Data Architect, Splunk
May Long, Big Data Architect, Splunk
Many Splunk customers enhance dashboards with data from Spark, Solr, Lucene, MongoDB, Cassandra, and HBase. In this session we will dive into the technical details of these integrations as well as discuss use cases like mobile, transaction, web analytics, and fraud.

Confidence in Conclusions: Leveraging Splunk for Data Driven Insights
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Beginner | Industries: Online Services, Technology, Media & Entertainment | Products: Splunk Enterprise | Role: Data Scientist/Analyst | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story
Speakers
David Uslan, Lead Data Analyst, ICF Technology
How deeply do you understand your product? How often do you use data derived conclusions to definitively answer important business questions? Learn the ways an industry leader in live adult video streaming uses Splunk to establish baselines for evaluating the success of iterative development cycles and quarterly goals.

Predicting Incidents with Supervised and Unsupervised Machine Learning on Splunk
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Advanced | Industries: Communications | Products: Other, Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst | Track: Splunk for Operational Intelligence | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning, Customer Success Story
Speakers
Shin-ichiro Takahashi, Managing Director, NTT DOCOMO
This session will discuss how Japan's largest telecommunications company, NTT DOCOMO, has applied supervised and unsupervised machine learning technology alongside Splunk software and 3rd party solutions to create an advanced analytics security platform. This session will discuss how NTT DOCOMO has used this approach to detect cyber attacks and predict incidents. This is applicable for a variety of use cases across a range of industries.

SCADA and Splunk – Soul Mates Forever
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Good for all Skill Levels | Industries: Energy & Utilities | Products: Splunk Enterprise | Role: Operations Manager, Security Analyst | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Getting Data In, Customer Success Story, Platform extensibility
Speakers
Chris Duffey, SCADA Coordinator, Enterprise Product Partners L.P.
William Gage, Supervisor, SCADA Infrastructure and Cyber Security, Enterprise Product Partners L.P.
Industrial Control Systems (ICS) are very complex and critical environments that are used every day by manufacturing, energy/utilities, oil & gas, and transportation companies to run their business. Some control HVAC systems, some control pipelines, and some control making chocolate candy. Many times the data produced by these systems cannot be correlated together easily. This can make seeing the large picture very challenging. Making things even more difficult is the sensitivity of the ICS environments. Traditional IT approaches to ICS or OT (operational technology) environments can lead to service disruptions and data loss. This easily leads to financial impacts that affect the company’s bottom line. So, how can you get the data that is already available, plus enrich your operations? Well, attend this presentation to find out ways to deploy Spunk into an ICS environment and help you become a “super star” in your organization.

How to Build a Solution from Scratch: A Case Study of Partner Engagement and Co-Development
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Intermediate | Industries: Healthcare | Products: Splunk Enterprise, Other | Role: CTO, Developer, Architect, CIO, Splunk Technical Champion, Business Manager, CISO | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: App Ecosystem, Thought Leadership, Platform extensibility, Customer Success Story
Speakers
Vladimir Melnik, Senior Director of Strategy, Office of the CTO, Splunk
Igal Vainer, Senior Director, Head of Software and High-tech Practice, EPAM Systems
In this session, we will give you an overview of the Splunk Dev Ignite Program, including the benefits ISVs and SIs can receive from building solutions on the Splunk platform. We will take you on a co-development journey with one partner, EPAM Systems, who started from scratch. EPAM was able to build a compelling solution in the area of healthcare compliance in just under 3 months. We will then deep dive into the solution itself, technology behind it and lessons learned. “Insightful” is a real-time data analytics engine focused on clinical data (static or in transition). The solution adds business insight discovery capabilities for healthcare providers, insurance companies and business integrators without requiring heavy modeling and pre-building schemas upfront. Care costs and quality of care insights are just few examples. The engine utilizes advanced Splunk platform features for real time data monitoring and reporting, ad-hoc configurability, predictive analytics and unmatched performance and scalability. “Insightful” is yet another step in EPAM’s strategy of delivering flexible, domain specific, minimal implementation cycle solutions and accelerators to enterprise customers.

Extending SPL with Custom Search Commands and the Splunk SDK for Python
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Intermediate | Products: Splunk Cloud, Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, Architect, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Best Practices, Getting Data In, Dev Tools, Platform extensibility
Speakers
Jacob Leverich, Director of Engineering, Splunk
Splunk's Search Processing Language, SPL, is both powerful and versatile. Nevertheless, some use cases exceed the capabilities of SPL. For these cases, SPL can be extended with "custom search commands". This talk covers implementation details of the custom search command feature, and teaches you how to build new commands using the Splunk SDK for Python.

Splunk App Lifecycle Management – With More Peace, Love and Rock-n-Roll!
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Intermediate | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Platform extensibility, Development Best Practices, Dev Tools, What's New?!
Speakers
Cecelia Campbell, Software Engineer, Splunk
Grigori Melnik, Director, Product Management, Splunk
The Splunk platform is maturing and bringing new advanced app lifecycle capabilities, including app installation and uninstallation targeting specific workloads of your distributed deployments, dependency management, app well-formedness validation, and more! Whether you are an admin who wants to easily and reliably install and manage Splunk apps across your entire Splunk deployment from a single point, or a developer who wants to lower your development and maintenance costs, come to this session to learn about the new app model and start onboarding your apps!

Leveraging Splunk’s Ecosystem for Your Own Products
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Beginner | Products: Splunk Enterprise, Splunk Cloud | Role: CIO, Developer, Architect, Splunk Technical Champion, CTO, Business Manager, CISO | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Thought Leadership, Platform extensibility, Customer Success Story, App Ecosystem
Speakers
Michael Franke, Senior Director Product Management, SecureAuth Corporation
Luke Netto, Consulting Engineer, Splunk, GTRI
As the adoption of Splunk software increases, the demand for products leveraging Splunk’s ecosystem will also increase. When SecureAuth customers began asking to use Splunk software for their access control panel, the company enlisted GTRI to help create their first Splunkbase app. In this session GTRI and SecureAuth join together to discuss the value Splunk brought to SecureAuth.

STEP Up Your App Dev Game
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Good for all Skill Levels | Products: Splunk Cloud, Splunk Enterprise | Role: Developer, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: What's New?!, Development Best Practices, Dev Tools, Logging Frameworks, Platform extensibility, Getting Data In, App Ecosystem
Speakers
Tedd Hellmann, Product Manager, Splunk
David Poncelow, Senior Software Engineer, Splunk
Want to build an amazing Splunk app but don't know where to start? Join us for an interactive tutorial on how to design, develop and deploy Splunk apps using reference apps and playbooks. We’ll focus on several key concepts including data ingestion, searching, data visualization, alerting, app testing, packaging and deployment. The participants will be the first ones to experience the updated Splunk Developer Guidance. The session will both challenge and inspire you! The session targets both novice and experienced Splunk app developers.

Fast Time to Extraordinary Value: Quickly Add Powerful Machine Learning to Your Splunk Apps and Dashboards with Splunk's New Machine Learning Toolkit
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Advanced | Products: Splunk Cloud, Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Architect, Security Analyst, Operations Manager, Developer, Data Scientist/Analyst, Administrator | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: App Ecosystem, customSearchCommands, Machine Learning, Big Data Architecture, Platform extensibility, Dev Tools, Thought Leadership
Speakers
Mike Cormier, Managing Director, Concanon LLC
William Thackrey, Managing Director, Concanon LLC
Machine learning experts from Scianta Analytics chose Splunk's new Machine Learning Toolkit to accelerate time to market of their new Extreme Vigilance security app for Splunk. The Scianta dev team will discuss their decision to leverage the ML Toolkit, and will walk the audience through real-world ML use cases in the Splunk platform. Attendees will receive a free eval copy of Scianta Extreme Vigilance, a new app that uses advanced behavioral analytics to detect fraud, security threats and other anomalous behavior with Splunk.

Agency Chargeback Models to Enable Splunk Enterprise Deployments
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: CIO, Operations Manager, Splunk Technical Champion, Business Manager, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Adilson Jardim, AVP Sales Engineering, Public Sector, Splunk
Mike Wilson, Sales Engineer, Splunk
As many government agencies expand their Splunk use cases, they invariably need to find solutions to chargeback and cross-charging requirements. This session will review different options to understanding Splunk internal metrics for usage, capacity, IO and other resource consumption. Mapping these back to chargeback and G/L integration will provide a framework to enable agencies to define chargeback and utilization, further supporting Splunk Enterprise and cross-organizational adoption.

How to Extend Splunk with an AI Assistant for Pattern Recognition
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Intermediate | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Splunk Technical Champion, Data Scientist/Analyst, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Thought Leadership, Dev Tools, Platform extensibility, Getting Data In
Speakers
Greg Olsen, SVP of Products, Falkonry
This session will explain how powerful pattern recognition capabilities can be added to Splunk software through an easy to use add-on service. It will discuss how these capabilities are used with sensor, log and other forms of time series data to support diverse application needs including: predictive maintenance, IT Ops, APM, quality, and security applications. The session will include a live demonstration of a Splunk application that uses the embedded AI Assistant, and will show details of how this application was constructed.

Extending Splunk's REST API For Fun And Profit
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Advanced | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Dev Tools, Platform extensibility, Best Practices, Development Best Practices
Speakers
James Ervin, Principal Engineer, Splunk
This developer-focused session will present an overview of the options available for extending Splunk's REST API with app-specific content. Topics to be explored include EAI REST handlers, management of custom configuration files, the new protocol for writing more performant "persistent" REST handlers, and debugging using common IDEs.

Scaling Security Incident Investigations with Interactive Event Graphs and Spark
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Intermediate | Industries: Energy & Utilities, Aerospace and Defense, Communications, Financial Services, Healthcare, Technology | Products: Splunk Enterprise, Splunk Cloud | Role: Splunk Technical Champion, Security Analyst, Data Scientist/Analyst, Architect, CTO, CISO, CIO, Business Manager | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: customVisualizations, Platform extensibility, Big Data Architecture
Speakers
Leo Meyerovich, CEO, Graphistry, Inc.
Joshua Patterson, Principal Data Scientist, Accenture
How well we respond to an incident hinges upon our ability to investigate it. However, dashboards and manual search have long been our primary exploration interfaces. The result is that, when facing billions of different types of events from many sources, it is hard to gather the context, correlate all the hits, interpret the result, and iterate... and all without missing anything. This talk shares how Graphistry and Accenture Labs have been streamlining deep incident investigations for Splunk client data by enabling large-scale interactive event graphs.

Universal Forwarder Security: Don't Input More Than Data Into Your Splunk Environment
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Beginner | Products: Splunk Enterprise | Role: Administrator, Security Analyst, Splunk Technical Champion, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Matt Uebel, Security Engineer, Defense Point Security
Protect the most exposed part of your Splunk infrastructure, the universal forwarder. In this session I will cover UF hardening best practices to protect against the abuse and privilege escalation that potentially comes from the default settings. You will learn not only the risks, but will go home with automated solutions to secure your systems.

You Can’t Protect What You Can’t See: AWS Security Monitoring and Compliance Validation from Adobe
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Intermediate | Industries: Technology | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst, Operations Manager | Track: Security / Compliance / Fraud | Session Focus: Cloud Strategies | Other Topics: Best Practices, Amazon Web Services, Customer Success Story
Speakers
Scott Pack, Senior Security Engineer, Adobe
Ensuring security and compliance across a globally distributed, large-scale AWS deployment requires a proper set of technologies. In this session, you will hear about the tooling and processes used at Adobe to perform security monitoring and ensure best practices across a huge fleet of AWS accounts. This session details a method using a combination of AWS services and Splunk TAs for collecting security data across hundreds of AWS accounts en masse.

What's New For Splunk Enterprise and Splunk Cloud
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: CTO, Splunk Technical Champion, CIO, Business Manager, Architect, Administrator, Developer | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: What's New?!
Speakers
Todd Untrecht, VP of Product Management, Splunk
In 2016 we have delivered two new releases loaded with features to make data analysis faster and easier, lower TCO, and extend the flexibility and value of the platform. This session will provide a brief overview of these latest features and help you choose which drill-down sessions to attend.

Worst Practices... and How to Fix Them
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Intermediate | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices
Speakers
Jeff Champagne, Staff Architect, Splunk
We've all slowed down to get a glimpse of a car crash on the freeway or tuned in to hear about a celebrity scandal. This session will analyze the Splunk equivalent of a 16 car pile-up from an architecture and search workload management perspective. Come hear about real-life Splunk deployments that went bad and how you can avoid those same pitfalls.

Let Stats Sort Them Out: Building Complex Result Sets That Use Multiple Source Types
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Advanced | Industries: Other | Products: Splunk Enterprise | Role: Administrator, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Nick Mealy, CEO, Sideview, LLC
This talk covers the pitfalls and best practices for the tricky transition you make from running simple reports in Splunk software to complex reports that draw knowledge from disparate data sets. We'll walk through some simple reporting examples and show how to construct the report for core commands like eval and stats and avoid edge-case commands like append and join.

Best Practices for Developing Splunk Apps and Add-ons
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Intermediate | Products: Splunk IT Service Intelligence, Splunk Enterprise, Splunk Cloud | Role: Administrator, Architect, Splunk Technical Champion, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Development Best Practices, App Ecosystem, Best Practices, Getting Data In, Dev Tools, Platform extensibility, Logging Frameworks
Speakers
Jason Conger, Staff Solution Architect, Splunk
There are numerous ways to get data into Splunk software and create applications around the data. There is also a wealth of documentation on these topics. This session will guide you on various easy-to-implement best practices for both apps and add-ons. These best practices come from real-world field experience and will detail both the why and the how.

Jiffy Lube Quick Tune-up for Your Splunk Environment
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Intermediate | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices
Speakers
Jeff Champagne, Staff Architect, Splunk
Sean Delaney, Principal Architect, Splunk
The odometer just hit 3,000 miles on your Splunk instance and you're ready for a tune-up. Come learn about some key items that will keep your deployment running at top speed. We'll teach you how to ensure data is being indexed quickly and efficiently, how to keep an eye on search performance, the Distributed Management Console, and more!

Best Practices for Deploying Splunk on Amazon Web Services
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Beginner | Products: Splunk Enterprise, Splunk Cloud | Role: Architect, Administrator, Operations Manager, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices, Amazon Web Services, Customer Success Story
Speakers
William Bartlett, Senior Sales Engineer, Splunk
Nathan Kwong, Senior Sales Engineer, Splunk
Simeon Yep, Director, Splunk
More companies are looking to use the AWS Cloud to deploy new applications, migrate existing workloads, and create hybrid clouds. The AWS Cloud is quickly becoming the new data center for many companies. In this discussion, we’ll share how to architect a highly available and resilient Splunk Enterprise on the AWS Cloud by leveraging best practices from both Splunk and AWS technologies.

Deploying Splunk Enterprise on Microsoft Azure Cloud
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Beginner | Industries: Online Services, Technology | Products: Splunk Enterprise | Role: Operations Manager, Architect, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Big Data Architecture, Customer Success Story, Best Practices
Speakers
Roy Arsan, Solutions Architect, Splunk
Pramit Gupta, Senior Software Engineer, Microsoft
Microsoft Azure has seen a hyper growth over recent years. This session will cover how to architect and deploy Splunk Enterprise on Azure by leveraging best practices from both Splunk and Azure IaaS. You'll also learn directly from Microsoft Office team, a Splunk customer, who will share operational learnings from deploying and scaling Splunk Enterprise to over 100TB/day on Microsoft Azure.

Making the Most of the Splunk Scheduler
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Beginner | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Paul Lucas, Principal Software Engineer, Splunk
The ability to generate reports on a periodic schedule is one of the core features of Splunk Enterprise. Scheduling many reports without having the necessary experience or expertise can lead to some getting skipped. That, in turn, can lead to having incomplete information upon which to take action. Learn the details of how the scheduler works, including new features (auto windows, priority increases) so that you can use your existing hardware resources to generate reports more effectively.

Building a Crystal Ball: Forecasting Future Values for Multi-Cyclic Time Series Metrics in Splunk
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Intermediate | Products: Splunk Enterprise | Role: Administrator, Security Analyst, Splunk Technical Champion, Data Scientist/Analyst, Architect | Track: Splunk Foundations | Session Focus: Using Splunk
Speakers
Michael Fisher, Monitoring and Operational Intelligence Team Lead, A Large Financial Firm
Forecasting daily transaction volume is one thing, but what do you do when you're asked to generate an alert if transaction volume doesn't look normal for any given 10-minute period during the day or night? How do you find "normal"? This session will present a method for quickly and efficiently generating multi-day forecast values with 10-minute resolution for multi-cyclic time series metrics in Splunk software.

Become a Regular Expressions Ninja and Unlock Your Splunk Potential
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Intermediate | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Security Analyst, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Using Splunk
Speakers
Gabriel Vasseur, Senior Cyber Security Analyst, Thales
You can't call yourself a true Splunk ninja if you don't have regular expressions under your belt. Come to this talk to demystify them and see their power demonstrated in Splunk use cases inspired by real-life examples. No previous knowledge required, especially if you don't mind a steep learning curve!

Integrating with Third-Party Tools using Splunk Alert Actions
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Advanced | Products: Splunk Enterprise Security, Splunk Enterprise, Splunk Cloud, Splunk IT Service Intelligence | Role: Administrator, Splunk Technical Champion, Architect, Developer | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: Best Practices, What's New?!, Dev Tools, Platform extensibility, customAlertActions
Speakers
Nicholas Filippi, Product Management, Splunk
Siegfried Puchbauer, Senior Software Engineer, Splunk
Custom alert actions are a great way to take advantage of the modular Splunk web platform to initiate an action from Splunk, such as sending search details to a chat window or opening a trouble ticket. Much better than an alert script, the custom alert actions API provides access to a configuration UI, flexible alert-time variable injection, and more. This session will provide an in-depth look at the Splunk custom alert actions API. It will cover how and why to use these actions in Splunk software, as well as show how to build a simple action from scratch in Python. We will cover how to set up your build environment, package the alert action as an app, create a UI for user inputs, troubleshoot custom alert actions, and more.

Architecting Splunk for Epic Performance at Blizzard Entertainment
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Intermediate | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Customer Success Story, Best Practices
Speakers
Mason Morales, Sr. Security Engineer, Blizzard Entertainment
Want to level-up Splunk's performance at your organization? This in-depth technical session will teach you how Blizzard Entertainment built one of the world's fastest Splunk clusters. You will learn about specific configuration changes that yield massive performance gains, as well as how to identify bottlenecks and prevent performance problems down the road.

How to Scale: From _raw to tstats
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Intermediate | Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Enterprise Security | Role: Architect, Administrator, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices
Speakers
David Veuve, Staff Security Strategist, Splunk
You know the use cases. You understand stats. You might strut through the halls of .conf2016 as an advanced SPLer. But you’ve heard a whisper on the wind, a next-level approach to building queries in Splunk software with upwards of 1000x performance improvements: tstats. tstats is the most powerful tool for taking your Splunk queries (of all kinds) to ludicrous speed, but there’s a learning curve. This talk will explain how and when to leverage acceleration for all kinds of use cases in a simple way, taking it from the highest echelons of SPL Ninjutsu and bringing it to everyone.

Onboard Your Data Faster Using the Splunk Add-on Builder
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Intermediate | Products: Splunk IT Service Intelligence, Splunk Enterprise Security, Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Developer, Architect | Track: Developing | Session Focus: Splunk As A Platform | Other Topics: What's New?!, Dev Tools, Getting Data In, Best Practices, Logging Frameworks
Speakers
Elias Haddad, Sr. Product Manager, Splunk
Guodong Wang, Senior Software Engineer, Splunk
Sometimes you need to do work to gather your data, and once that data is collected, you may need it transformed into more useful formats and then mapped to data models for easier reporting. An add-on is a reusable Splunk component, much like an app, that helps to collect, transform, and normalize data feeds from specific sources in your Splunk environment. In this session, we’ll present an overview of the Splunk Add-on Builder and show you just how easy it can be to build powerful add-ons, often without writing any code. We’ll use a real-world example to demonstrate the UI-driven, step-by-step process, from data collection to validation. Highlights include automated code generation and field extraction, as well as Common Information Model mapping with the click of a button. Finally, we will show how the Add-on Builder validates your add-on for best practices.

User Hygiene: Gaining Greater Insight Into User Habits and Activity in Your Splunk Environment
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Beginner | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Operations Manager, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Rupak Pandya, Technical Manager, Function1
Monitoring how users interact with the Splunk platform and understanding their tendencies when it comes to search and dashboard structure can provide great insight into the performance of your Splunk environment. Using the REST API and internal Splunk data, you can report on a variety of specific metrics. You can see how many searches are on a dashboard, how many post process or input searches are on a dashboard and how those searches are structured, how often dashboards or saved searches are used, etc. These types of metrics will allow you to keep your Splunk environment running cleanly and efficiently.

Puppet Enterprise and Splunk Platform: Improve Your Application Delivery Velocity
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Good for all Skill Levels | Industries: Travel & Transportation, Energy & Utilities, Aerospace and Defense, Communications, Retail, Public Sector, Manufacturing, Healthcare, Technology, Media & Entertainment, Financial Services, Higher Education, Non-Profit, Online Services | Products: Other, Splunk Enterprise, Splunk Cloud | Role: CTO | Track: IT Operations | Session Focus: DevOps
Speakers
Deepak Giridharagopal, CTO and Chief Architect, Puppet
Stela Udovicic, Senior Product Marketing Manager, Splunk
Automated configuration management and proactive monitoring are two DevOps practices that are even more powerful when combined. Automation gives you confidence that your services, middleware, and applications are running as expected, and monitoring provides fast feedback loops to help you diagnose and resolve issues faster. You can use Puppet to deploy and manage your Splunk infrastructure, and use Splunk platform to monitor the health of your Puppet infrastructure and correlate it with other elements of your build pipeline for faster application delivery. In this session, we’ll demonstrate how Puppet and Splunk are better together with two key integrations: ·Puppet Splunk module - Automate the installation and management of Splunk software and the Splunk Universal Forwarder to ensure that services maintain a running state. ·Puppet Enterprise App for Splunk - Analyze performance metrics for Puppet Enterprise services such as PuppetDB, Puppet Server, and console services ensure that the services are running correctly. The Puppet Enterprise App for Splunk helps you diagnose issues and solve problems faster, so you can deploy critical changes with confidence.

The Impossibles - A Story From a DevOps Team
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Beginner | Industries: Technology, Media & Entertainment, Manufacturing, Public Sector, Retail, Communications, Aerospace and Defense, Energy & Utilities, Travel & Transportation, Online Services, Non-Profit, Higher Education, Financial Services, Healthcare | Products: Splunk Enterprise, Splunk Cloud | Track: IT Operations | Session Focus: DevOps
Speakers
Brooke Gravitt, Chief Software Architect, VeriStor
Rashad Neloms, Practice Lead-DevOps, VeriStor
Asked to reduce 22 week delivery to 30 minutes: daunting! Allowing anyone to click the deploy button: outlandish! Getting development and operations to work together: insanity! However, some 5000 environment provisioning requests a week later, that is exactly what this agile/DevOps team did. Here's the story...

Biz-PMO-Dev-QA-Sec-Build-Stage-Ops-Biz: Shared Metrics as a Forcing Function for End-To-End Enterprise Collaboration
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Intermediate | Industries: Public Sector, Retail, Healthcare, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Travel & Transportation, Energy & Utilities, Manufacturing, Media & Entertainment, Technology, Online Services | Products: Splunk Cloud, Splunk Enterprise | Track: IT Operations | Session Focus: DevOps
Speakers
Andi Mann, Chief Technology Advocate, Splunk
Especially in larger enterprises, DevOps doesn’t start with Dev or end with Ops. Many more teams are part of a ‘whole system’ view of application delivery. Unfortunately, they don’t always see eye-to-eye with each other – or even see each other at all! This session will focus on how sharing ‘metrics that matter’ can help drive alignment across a ‘systems view’ of application delivery that both engages and reflects the whole enterprise – including the PMO, development, QA, security, build engineering, operations, and others in IT; and perhaps even more importantly, key business stakeholders.

Splunks of War: Creating a Better Game Development Process Through Data Analytics
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Enterprise | Track: IT Operations | Session Focus: DevOps
Speakers
Phil Cousins, Principal Software Engineer, The Coalition, Microsoft
Learn how the makers of Gears of War adopted Splunk software to take it from a simple integration for monitoring tools, to a multi-tiered deployment, covering everything from build server monitoring to an application created to improve the whole game development process. Discover how Splunk software was used to unify data gathered during the development of Gears of War 4 and how visualizing that data in new and exciting ways helped the team focus on what mattered, when it mattered.

Building a Smarter Strategy for Alarms with Machine Learning!
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Good for all Skill Levels | Industries: Technology, Communications | Products: Other, Splunk Enterprise | Role: Data Scientist/Analyst, Splunk Technical Champion, CIO, Business Manager | Track: Splunk for Operational Intelligence | Session Focus: Using Splunk | Other Topics: Machine Learning
Speakers
Matthew Modestino, Splunk Advisory Engineer, Splunk
Jason Rombough, Manager, Planning and Engineering, TELUS
In the world of assurance, detecting deviations in your KPI can be the difference between stoping an issue before it starts and suffering impact to customer experience. Splunk's machine learning (ML) capabilities can move your traditional alerting schemes to the next level of Operational Intelligence, customizing alerts that tell the real story about what is going on in your environment. No more war room bridges full of impact guesstimates and questions with no answers! Find out how Splunk's ML capabilities can help make you the hero of your next war room, or stop them from even happening at all!

Hunting Adversaries with Pictures - Splunk, OSINT and Visualization
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Intermediate | Industries: Public Sector, Aerospace and Defense, Communications, Healthcare, Financial Services, Technology, Energy & Utilities | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Jake Babbin, Director of Threat Intelligence, The Crypsis Group
In today’s security operations centers, incident response teams and even hunt teams are drowning in ever growing volumes of data and are being tasked to identify and stop threats at faster and faster speeds. This presentation will provide you with working examples taken from real-world incidents and highlight some of the methods and newer visualizations available to the Splunk community.

Hunting the Known Unknowns: The Powershell Edition
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Advanced | Industries: Other | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Steve Brant, Senior Security Strategist, Splunk
Ryan Kovar, Minister of the OODALoopers, Splunk
This year’s “Hunting” session will describe how to detect the malicious use of Powershell in your network. The talk will cover new ways to log PowerShell and also show how to find attacks like Mimikatz, PowerWare, and PowerSploit. Throughout this session we will show you how these attacks work and how to detect them using Splunk software with new PowerShell Splunk Enterprise Security content pack.

Conquering the IDS Alert Challenge with Splunk
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Intermediate | Industries: Financial Services | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Brennan Lodge, Security Analyst, Bloomberg
This session will cover the onboarding of IDS signatures, breaking up signatures into categories, using a Splunk IDS dashboard and using statistical anomaly detection to make sense of benign and malicious IDS alerts. This implementation will help security analysts dig through the trenches of IDS alerts and provide a clearer context to cybersecurity events.

Advanced Techniques for Detecting Fraud Using Splunk
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Intermediate | Industries: Financial Services | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Fraud | Other Topics: Best Practices
Speakers
Kirsty Phillips, Professional Services Consultant, Splunk
Jason Timlin, Engagement Manager, Professional Services, Splunk
Fraud is a constantly changing landscape, and a proactive investigation approach is essential to keep up with the changing behavior of those trying to stay ahead of the curve. As such, data needs to be investigated through proactive searches alongside analysis of historical patterns, peer group analysis and behavioral changes over time. The discovery phase will cover concepts such as the stats, where and lookup commands, as well as how to utilize the KV store - to demonstrate how Splunk software can be used for fraud detection and compliance. This will include rule-based behavior detection, geographical searches and anomalies and how this can all be translated into an entity score using the KV store.

Anomaly Hunting with Splunk Software
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Intermediate | Industries: Technology | Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: hunting | Other Topics: Best Practices
Speakers
Macy Cronkrite, Professional Services, Splunk
Anthony Tellez, Sr. Consultant - Public Sector, Splunk
Splunk has enabled big data on the security practitioner's desktop, but the security knowledge worker is not a data scientist by training. SOC engineers need easy-to-implement machine learning tools. Learn about existing machine learning toolkits available in the Splunk platform and how they can be applied to data exfiltration, port/traffic analysis security and advanced threat use cases.

Splunking the Endpoint: Hands On!
Wednesday, September 28, 2016 | 3:30 PM-5:00 PM
Thursday, September 29, 2016 | 12:25 PM-1:55 PM
Intermediate | Industries: Other | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
James Brodsky, SE Manager, Southwest Majors, Splunk
Dimitri McKay, Jedi Master, Splunk
This is a hands-on session. Laptop required to participate! As a follow-up to the "Splunking the Endpoint" talk at .conf2015, come learn the latest techniques in use for endpoint monitoring with Splunk Enterprise. As part of our session, we will all log into some cloud-hosted systems and do some hunting for IOCs and malicious endpoint behavior, focusing on 2016’s most hyped InfoSec topic, Windows-based ransomware.

Detecting the Adversary Post-Compromise with Threat Models and Behavioral Analytics
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Advanced | Industries: Financial Services, Media & Entertainment, Public Sector, Aerospace and Defense, Energy & Utilities, Healthcare | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Michael Kemmerer, Senior Cyber Security Engineer, MITRE Corporation
Revisiting the .conf2014 presentation titled: "Uncover Compromised Systems by Collecting Data From Existing Endpoint Solutions and Observing Patterns of Behaviors." The talk will focus on the ATT&CK framework, the soon to be released Cyber Analytic Repository (CAR) and updates to how we use Splunk for Endpoint Security.

Autonomous Threat Hunting with Niddel and Splunk Enterprise Security: Mars, Inc. Customer Case Study
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Intermediate | Industries: Aerospace and Defense, Travel & Transportation, Manufacturing, Non-Profit, Healthcare, Higher Education, Communications, Retail, Online Services, Public Sector, Energy & Utilities, Media & Entertainment, Technology, Financial Services | Products: Splunk Cloud, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Alex Pinto, Chief Data Scientist, Niddel
Gregory Poniatowski, Information Security Lead, Mars, Inc.
Threat hunting is now considered state-of-the-art for response, but it's nearly impossible without a dedicated team to investigate and sift through the log data. Join us in this session to see how Mars, Inc. integrated Niddel, the autonomous threat hunting system that mimics the skills of a well-trained analyst, with their Splunk Cloud and Splunk Enterprise Security to supercharge their IR process.

Forwarder Management in Splunk Cloud
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Beginner | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Administrator, CIO | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Amazon Web Services, What's New?!, Best Practices
Speakers
Jeff Bernt, Software Engineer, Splunk Inc.
Patrick Ogdin, Product Manager, Splunk Inc.
Michael Papale, Principal Software Engineer, Splunk Inc.
Whether you are a first-time Splunk Cloud user or a seasoned veteran, you'll benefit from this session as we'll be discussing new additions to the Splunk Cloud interface that supports the management of forwarders. See how to get securely connected, create groups of Splunk forwarders, add forwarder data inputs, and have fine-grained control over Splunk forwarder settings. We'll touch on topics such as migration considerations, working with deployment queues, and auditing changes to forwarders sending data into Splunk Cloud.

I’m a Windows Girl, In a Red Hat World: Reducing the Splunk Learning Curve
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Beginner | Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Adopting Splunk
Speakers
Kelly Zimmerman, Splunk Admin, Indiana University
If you are a Windows admin, the learning curve of administering Splunk running on Red Hat can be extensive. Go beyond the graphical user interface (GUI) and explore Splunk under the hood by using the Linux command line. Get what you need to deploy your apps, understand how config files are written, deploy apps to your endpoints, and understand the DR benefits while never opening a single webpage. Jumpstart the learning curve.

Show the Board the Value of Your Incident Response Team – Detect a Live Attack With Splunk and Knock Their Socks Off!
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Intermediate | Industries: Financial Services | Products: Splunk Enterprise Security, Splunk Enterprise | Role: CISO, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices, analyzingNetworkData, analyzingEndpointData, customVisualizations, attackScenarios
Speakers
Philip Mire, Senior Information Security Analyst, Capital Group
Erin Nichols, Senior Information Security Analyst, Capital Group
Charles Robertson-Adams, SIRT Manager, Capital Group
In this session the audience will learn an approach for showing the value of information security and the value and role of Splunk. We will demonstrate the high ROI achieved and help justify the investments in the security program and in Splunk solutions. The session will describe: how to create a demo network with a fictitious HR victim, and a remote hacker; how to set up Splunk solutions to detect each step of attack, including a dashboard that maps to the kill chain; what to consider when presenting technical material to the board; how to maximize the impact of the demonstration by making it “real”; how to take this conversation to the board; how we did it and our board's reaction to the brief and how (magically) we had board level excitement in Splunk afterwards.

Through the Security Looking Glass: Operationalizing Cloud Enterprise Security – an Adaptive Response Approach
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Intermediate | Industries: Public Sector, Energy & Utilities | Products: Splunk IT Service Intelligence, Splunk User Behavior Analytics, Splunk Enterprise Security, Splunk Enterprise, Splunk Cloud | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Peter Hefley, Manager, Information Security, Republic Services
Nate Smalley, Staff Sales Engineer, Splunk
Have you struggled with how to take your information security engineering efforts and operationalize them for adaptive response? Has your security team tried to understand the security kill chain and how threat intelligence, APT identification, and behavioral analytics all interact with these steps to aid proactive response? Join Peter Hefley and Nate Smalley as we discuss their journey from engineering to operationalizing their security team with a focus on integration and adaptive response.

Exploring the Frameworks of Splunk Enterprise Security
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Beginner | Industries: Media & Entertainment, Higher Education, Communications, Energy & Utilities, Aerospace and Defense, Healthcare, Non-Profit, Technology, Financial Services, Manufacturing, Public Sector, Retail, Online Services, Travel & Transportation | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Administrator | Track: Security / Compliance / Fraud | Session Focus: Using Splunk | Other Topics: Best Practices
Speakers
Kyle Champlin, Senior Sales Engineer, Global Strategic Alliances, Splunk
David Herrald, Security Architect, Splunk
You might know Splunk Enterprise Security (ES) as a comprehensive analytics-driven SIEM platform that can power your security operations team from end to end, but did you know that ES is actually made up of distinct frameworks that can each be leveraged independently to meet specific security use cases? In this session we will cover the major frameworks of ES including: asset and identity correlation framework, notable event framework, threat intelligence framework, and the risk analysis framework. Technical details, real-world examples, and customer anecdotes will be provided.

PowerShell Power Hell: Hunting for Malicious Use of PowerShell with Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Intermediate | Industries: Other | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Ryan Chapman, Computer Incident Response Analyst, Bechtel
Lisa Tawfall, Security Unicorn, Bechtel
Bechtel Corporation is the largest construction and civil engineering company in the U.S., which makes it a target-rich environment. We have noticed a trend involving use of malicious PowerShell within our environment. This talk reviews enabling PowerShell logging and parsing, covers a few interesting PowerShell incidents we had recently, and discusses how we used Splunk software in these scenarios.

Maturing Workday’s SOC with Splunk
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Beginner | Industries: Other | Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Jordan Perks, Manager, Security, Workday
Ravi Shah, Security Analyst, Workday
How Workday leverages Splunk Enterprise and Splunk Enterprise Security as its tier-0 security monitoring tool in order to build a mature, robust Security Operations Center (SOC) through cross-functional teams, aggressive training and a robust feedback and documentation loop.

Speeding Up Incident Response Using Splunk
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Intermediate | Industries: Online Services, Technology, Communications | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Using Splunk | Other Topics: Best Practices
Speakers
Pal Mathisen, Senior Solutions Architect, Sopra Steria
Halvar Myrmo, Senior Security Engineer, Telenor
Working as a security practitioner in the CERT of a large enterprise provides a unique set of challenges. Keeping track of ever-changing networks and systems is a nearly impossible task. We will show and release code for mapping assets, identities and other key information related to security events, using a fully custom approach in order to improve the CERT's efficiency and capacity.

Live Demonstration: Bypassing Application Whitelisting and Stealing Your Data
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Beginner | Industries: Public Sector | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Administrator, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Andrew Goodall, Account Manager, Splunk
Domenico Perre, Sales Engineer, Splunk
How confident are you that application whitelisting stops malicious activity on your endpoints? Are you curious to see how attackers bypass controls like application whitelisting, establish persistence, and exfiltrate data in enterprise networks? Live demonstration: watch an attack from the perspective of an attacker, as we identify and respond to each stage of the attack with Splunk solutions.

End-to-End Splunk Use Case Development: Requirements, Testing, and Execution
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Intermediate | Industries: Public Sector, Retail, Healthcare, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Travel & Transportation, Energy & Utilities, Manufacturing, Media & Entertainment, Technology, Online Services | Products: Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Robert Boyce, Managing Director, Accenture
John Rubey, Senior Security Analyst, Accenture
How do I know my use case works before an incident occurs? When developing use cases, we look for anomalous or prohibited behavior, which may not occur without a breach. In this session, we discuss our approach to identifying use case data requirements, verifying that the use case detects the targeted behavior, and transitioning new use cases to operations teams for execution.

Search Head Clustering – Basics to Best Practices
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Beginner | Products: Splunk Enterprise | Role: Splunk Technical Champion, Administrator, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Big Data Architecture, Best Practices
Speakers
Manu Jose, Senior Software Engineer, Splunk
Yuan Xu, Senior Software Engineer, Splunk
This session will provide an overview of search head clustering and include best practices for managing a search head cluster. Search head clustering is Splunk's horizontal scaling solution for searches. As enterprises on-board more users onto Splunk deployments and the need for dashboards and alerts goes up, search heads must be scaled out to manage the search load. Search head clustering solves this problem by providing a highly available and scalable search.

Beyond “Regular” Regular Expressions
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Beginner | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Administrator, Security Analyst | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: Getting Data In
Speakers
Cary Petterborg, Senior Monitoring Engineer, The Church of Jesus Christ of Latter-day Saints
Splunk's field extraction tool is very handy. But what if you have some odd data, or mixed data types in fields, or more than one field that looks like another, or a Twitter feed with just too many date fields to properly extract the true timestamp? You may have to dig into regular expressions. Perhaps even field extraction doesn't work properly so you have to configure delimiters instead of field extraction. Using applied real-world examples, learn when to use the field extractor tool, third party tools, how to create your own advanced regular expressions, and how to extract fields using the rex command.

Search: Under the Hood
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Advanced | Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Splunk Classics
Speakers
Christopher Pride, Director of Engineering, Core Search, Splunk
Join us for an advanced deep-dive whiteboard Q&A and discussion session with Chris Pride, engineering director for Search at Splunk. He'll cover the underlying details of distributed search, what happens inside a search command, and then show you how to apply your newfound knowledge to interpreting the Search Inspector. Come ready with your deep search questions!

Global Enterprise Security Without Security Analysts…Yes You Can!
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Beginner | Industries: Public Sector | Products: Splunk Enterprise Security | Role: Administrator | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Jason Bareiszis, Incident Response Manager, Tetra Tech
This presentation will walk through the basics of an incident response process, the progression from two former SIEMs to Splunk Enterprise Security, and an in-depth demonstration on how you can achieve documented IR success without security analysts.

Splunking the User Experience: Going Beyond Application Logs
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Doug Erkkila, PAS Capacity Management Analyst, CSAA Insurance Group
A good user experience is key for any growing and successful company, but user experience involves far more than the arrangement of pixels on a screen. Everything you do impacts user experience, from ensuring high-performance code to a well-tuned server. All these different layers can add complexity and trip you up when an issue arises. In this session, we'll share how the policy administration system (PAS) application team at CSAA Insurance Group uses Splunk software to gain better visibility into everything from the end user's browser all the way to the central processing unit (CPU) on the database. By using Splunk software to merge APM tools like Dynatrace, application logs, and traditional IT ops monitoring tools, the PAS App was able to focus on how technical metrics translated to customer satisfaction. Feeding production performance metrics back into the development and testing process along with improved capacity planning, changes the focus from infrastructure growth back to business growth.

Demystifying Machine Learning and Anomaly Detection: Practical Applications in Splunk for Insider Threat Detection and Security Analytics
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Intermediate | Industries: Technology, Retail, Public Sector, Manufacturing, Financial Services, Aerospace and Defense, Energy & Utilities | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Tobias Ryan, Manager, Behavioral Analytics, Emerson
With all the buzz around machine learning and anomaly detection, how should a CISO or IT Security Manager implement a Splunk solution that uses these concepts? This session covers practical use cases for detecting insider threats and malicious actors. Strategic enough for senior leaders and technical enough for users, this how-to guide provides numerous use cases and the steps necessary to implement advanced techniques for security applications in the Splunk platform.

From Chaos to Extreme Insight in 30 days: Transforming Threat Management with UBA
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Beginner | Industries: Other | Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
DJ Goldsworthy, Senior Manager, Threat and Vulnerability Management, Aflac
Threat management and security operations can be chaotic. Many security teams are stuck in the never ending spin-cycle of tuning and pruning correlation searches but still have too many false positives to sift through at the end of the day. With security talent in high demand, we simply cannot afford to throw bodies at noisy SIEM alarms anymore, and many managers are grappling to find a better way to focus the attention of their valuable security staff. Attend this session to learn how Aflac bucked this trend by leveraging the power of Splunk User Behavior Analytics (UBA) in lieu of endless rule-writing and dead-end alarms.

Splunk UBA – A Data Scientist in a Box
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Beginner | Products: Other | Track: Security / Compliance / Fraud
Speakers
Bob Pratt, Director, Product Management for UBA, Splunk
Cyberthreats have evolved over time, and so has the process for detecting them, but what is behavior based detection and why is it so important to leverage machine learning and data science to detect modern day attacks? If you are looking for a solution that can simplify the complexity behind machine learning, detect unknown threats, and produce results in a humanly digestible manner, then you need Splunk User Behavior Analytics. Learn how Splunk UBA can accelerate detection of unknown threats within your organization by leveraging existing security and access management products, and by incorporating data science, multi-dimensional behavior baseline, and machine learning into a single solution that delivers the same results as an on-staff security data scientist without the need to locate and hire that scarce person.

The Practical Benefits of a Behavioral Solution for Enterprise Cybersecurity
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Beginner | Industries: Online Services, Media & Entertainment, Technology, Travel & Transportation, Energy & Utilities, Aerospace and Defense, Communications, Healthcare, Financial Services, Higher Education, Non-Profit, Manufacturing, Retail, Public Sector | Products: Splunk User Behavior Analytics | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Jon Papp, Splunk Ninja, Creative Artists Agency
Threats can manifest within any entity – human user accounts, sys/admin/privileged accounts, devices or even apps. Given the ever-advancing sophistication of bad actors and the ever-growing percentage of human errors, it's important to have a holistic approach to threat detection rather than individual trigger-based alerts which can be exceedingly noisy. In addition, machine learning is an important component in learning and baselining entity behavior and surfacing up suspicious patterns which processes and procedures like human analysis, rules or signatures will not catch. This session will discuss how Splunk User Behavior Analytics (UBA) can augment your SIEM to catch unknown threats specifically related to insider activities and external/malware influences.

Finding Straw in a Hay Field - The Art of DevOps Log Farming
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Beginner | Industries: Healthcare, Online Services | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Randyl Longmire, Senior Operations Engineer, Surescripts, LLC
Billions of previously cumbersome log entries are now a valuable DevOps resource. In this session you will learn how queries and alerts can be used to identify and troubleshoot application errors. Jumbled SMTP logs are transformed into a readable format using transactions. Automation is enhanced using the Splunk REST API.

Data-Driven DevOps Using Splunk Software and Ansible Tower
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Good for all Skill Levels | Industries: Other, Healthcare | Products: Splunk Enterprise | Track: IT Operations | Session Focus: DevOps
Speakers
Michael Perzel, DevOps Engineer, Surescripts
Dylan Silva, Product Manager, Red Hat, Inc
Ansible Tower is an automation tool used by many of today’s top companies. This session describes how the Ansible Tower App for the Splunk platform can help enterprises increase visibility across their infrastructure and improve the speed and quality of their application build pipeline. The session will cover specific areas such as system tracking analytics and data-driven automation.

From DevOps to BizOps
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Good for all Skill Levels | Industries: Financial Services | Products: Splunk Enterprise | Track: IT Operations | Session Focus: DevOps
Speakers
Adegbenga Amusa, Calculation Engines, BNP Paribas
Stephane Lapie, Sales Engineer, Splunk
Which team should be involved in "Dev"? Where does "Ops" end? Agility suggested by the "DevOps" movement aims to fluidly consolidate and accelerate the IT Solutions delivery pipeline but for what end? In this session we'll try to see how far we can go in breaking organization silos through data democratisation and we'll talk about the emergence of "business operations centers".

How to Use Splunk to Detect and Defeat Fraud, Theft and Abuse
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Intermediate | Industries: Manufacturing, Public Sector, Healthcare, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Energy & Utilities, Technology, Travel & Transportation, Online Services, Retail | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Fraud | Other Topics: Best Practices
Speakers
Gleb Esman, Senior Product Manager, Splunk
Joseph Goldberg, Director, Product Marketing, Splunk
This session will include both slides and a live demo. In this session, we will cover how and why the patterns of fraud, theft and abuse are often found in machine data, log files and structured datastores. We will introduce you to innovative ways to harness all of this data to better detect, investigate and visualize fraud and will provide specific examples of the patterns of fraud across many industries and discuss the data required to detect these patterns. In our discussion, we will introduce case studies on how organizations use Splunk software to fight fraud, theft and abuse, will discuss the advanced Splunk technologies like key-value store, Splunk Stream and Splunk DB Connect that help fight fraud, and will provide a live demo of a prototype Splunk for Fraud Detection App.

How to Use Splunk For Automated Regulatory Compliance
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Intermediate | Industries: Healthcare, Manufacturing, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Travel & Transportation, Energy & Utilities, Media & Entertainment, Technology, Online Services, Retail, Public Sector | Products: Other, Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Compliance | Other Topics: Best Practices
Speakers
Joseph Goldberg, Director, Product Marketing, Splunk
John Stoner, Security Architect, Splunk
This session will include both slides and a live demo. Splunk software can help organizations comply with a wide range of regulations and mandates, including PCI, HIPAA, FISMA, NERC, CIS 20, ISO and the GDPR/EU Data Directive. In this session we will teach how a centralized logging/SIEM solution can help with a variety of compliance use cases, including continuous monitoring, measuring compliance technical controls and satisfying auditor data/report requests. We will present a deep dive and demo on how both the Splunk App for PCI Compliance and Splunk Enterprise Security help with compliance, discuss case studies on how organizations use Splunk software for regulatory compliance, and show sample Splunk searches that can help with compliance.

Building the Pipeline Presented by CSAA Insurance Group: Featuring DevOps and Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Intermediate | Industries: Other | Products: Splunk Enterprise, Splunk IT Service Intelligence | Track: IT Operations | Session Focus: DevOps
Speakers
Domnick Eger, Senior Sales Engineer, Splunk
Doug Erkkila, PAS Capacity Management Analyst, CSAA Insurance Group
CSAA Insurance Group is using the Splunk platform to drive down technical debt and streamline its release management processs. As a company that is driven by big data, CSAA is using the Splunk platform to reduce downtime, decrease build failure and help internal teams maintain high availability in their application stacks. CSAA will also be showing how it is using Splunk software to manage build pipelines and help move to a more DevOps-centric workflow.

Securing Splunk with Proxy SSO, SAML and Multi-Factor Authentication
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Beginner | Industries: Technology | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Security Analyst, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: What's New?!
Speakers
Rama Gopalan, Principal Engineer, Splunk
Murugan Kandaswamy, Software Engineer, Splunk
Learn ways in which you can make the Splunk platform more secure by using SAML, multi-factor authentication like Duo, or new ways of authenticating and authorizing users based on proxy SSO. You can now choose Okta, Azure AD, Novell from a growing list of SAML identity providers. We will talk about configuring Splunk software so that you can add multi-factor authentication provided by Duo. This secondary layer of authentication makes the Splunk platform more secure against phishing attacks and credential exploitation. We will also discuss the new support for Proxy SSO which helps leverage existing authentication services for securing access to Splunk software.

Rebalancing Data Across an Indexer Cluster
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Enterprise, Splunk Cloud | Role: Administrator | Track: Splunk for Operational Intelligence | Session Focus: Splunk Enterprise Whats New | Other Topics: What's New?!
Speakers
Bharath Aleti, Sr. Product Manager, Splunk
Da Xu, Senior Software Engineer, Splunk
This session will walk through the latest Splunk features that enable you to automatically balance data across an indexer cluster. Attendees will also learn about related best practices that result in better utilization of newly added indexers and improved search performance.

Enriching Your Data Using the Latest Features of Splunk DB Connect
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Beginner | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Architect, Developer | Track: Splunk for Operational Intelligence | Session Focus: Using Splunk | Other Topics: DB Connect, What's New?!
Speakers
Jack Coates, Director, Product Management, Splunk
Samuel Ni, Software Engineer, Splunk
Come learn about how to use Splunk DB Connect to access structured data from within the Splunk platform. We will discuss the latest features, high-value use cases, common challenges, and technical solutions. Learn how to use DB Connect to access structured data to build dashboards, add context, and interact with legacy systems.

TCO Savings Through Storage Reduction
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk for Operational Intelligence | Session Focus: Managing Splunk | Other Topics: Best Practices, Big Data Architecture
Speakers
Mustafa Ahmed, Product Management Director, Splunk
James Hodge, Principal Product Manager, Splunk
Ashish Mathew, Software Engineer, Splunk
In the past year we’ve introduced new ways for on-premises customers to reduce historical data storage costs by up to 80% while maintaining search access. This session will detail and demonstrate how customers can minimize their Splunk data footprint directly or roll historical data to Hadoop for economical storage.

JavaScript Dashboards for Fun and Profit
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Intermediate | Products: Splunk Enterprise | Role: Architect, Administrator, Developer, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: Best Practices
Speakers
Ashley Holtz, Technical Operations, CrowdStrike
Joel Weever, Senior Consultant, CrowdStrike
Splunk dashboards provide a lot of capability out-of-the-box. Let’s take it further by introducing custom JavaScript elements. In this session, we will cover how to access result set elements with JavaScript. We will demo our annotation and flagging dashboard used for IR hunting and real-time collaboration. Do you think custom JavaScript on your dashboards is too complicated for your team? Think again! Code samples will be provided.

Data Analysis Made Simple
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Business Manager, Splunk Technical Champion, Administrator, CIO, Operations Manager, Developer | Track: Splunk for Operational Intelligence | Session Focus: Using Splunk | Other Topics: What's New?!
Speakers
Jesse Miller, Staff Sales Engineer, Splunk
Hema Mohan, Senior Product Manager, Splunk
The next release of Splunk Enterprise and Splunk Cloud will include new ways to make data analysis and reporting faster and easier for a wider range of users. This session will provide in-depth information and demos on these new features.

Easing Into Clustering
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Beginner | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Big Data Architecture, Best Practices
Speakers
Lisa Guinn, Senior Instructor, Splunk
Indexer clustering brings benefits besides data replication; it provides ease of management and configuration. The cluster master provides a list of indexers to search heads and indexers obtain their configurations from the cluster master. Even forwarders can use indexer discovery to configure forwarder outputs automatically. This talk will cover how to set up a cluster without data replication, and how to move to replication and multi-site clustering over time.

Time After Time – Comparing Time Ranges in Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Beginner | Products: Splunk Enterprise | Role: Administrator, Security Analyst, Data Scientist/Analyst, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Lisa Guinn, Senior Instructor, Splunk
How do today's events compare with yesterday's? Last week's? The average of all Mondays over the last 6 months? This talk will cover a variety of techniques for comparing, analyzing and charting data from different time ranges. Using SPL and the timewrap app, we will see how the different techniques work and compare their use, especially for large data sets.

Anatomy of a Successful Splunk IT Service Intelligence Deployment
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Beginner | Industries: Retail, Higher Education, Manufacturing, Media & Entertainment, Healthcare, Financial Services, Communications, Public Sector, Non-Profit, Online Services, Aerospace and Defense, Energy & Utilities, Travel & Transportation, Technology | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Bill Babilon, IT Operations Solutions Architect, Splunk
Martin Wiser, ITOA Practitioner, Splunk
Your company bought ITSI - now what? This session focuses on how to get started and what steps are required to get the first couple of services deployed with ITSI. It addresses prerequisites, key activities (like service decomposition), the overall ITSI implementation process and common pitfalls customers run into.

Modernizing Enterprise Monitoring at the World Bank Group Using Splunk IT Service Intelligence
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Beginner | Industries: Financial Services | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Michael Makar, Sr. Manager, Enterprise Monitoring, World Bank Group
World Bank Group is undergoing tremendous transformation of IT across the Group throughout the 186 countries in which it operates. Enterprise monitoring is one of the key areas undergoing modernization as part of this transformation. Come hear how Splunk IT Service Intelligence (ITSI) is helping World Bank on this journey through a combination of ITSI’s end-to-end service visibility and its events & alert framework.

It Seemed Like a Good Idea at the Time...Architectural Anti-Patterns
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices
Speakers
David Paper, Senior Splunk Advisory Engineer, Splunk
Duane Waddle, Senior Security Engineer, Defense Point Security
An anti-pattern is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive. Several of these exist within common Splunk architectures. Having committed many of these ourselves, we'll discuss what they are, what makes them ineffective and counterproductive, and give you advice for avoiding them in your own environment.

Buckets Full of Happy Tiers – Scale-Out Enterprise Infrastructure and Splunk Apps for Deploying Massive and Efficient Splunk Environments
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Good for all Skill Levels | Industries: Technology | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Jenny Hollfelder, Sales Engineer, Global Strategic Alliances, Splunk
Cory Minton, Principal SE, Dell EMC
FREE BEER!!! Bring the tissues and be ready for buckets of happy tiers (of scale out infrastructure for Splunk, that is!). We are going to show you how to build efficient, high performance Splunk deployments on enterprise infrastructure. These deployments intelligently leverage Splunk designs for data management and allow you to Splunk all that infrastructure too…feels like we just made a full circle there. That’s kind of the point. We will show you the enterprise-class Splunk solutions EMC has built across its storage and converged platforms portfolios, give you a real-world demonstration on how to use the freely available EMC apps for Splunk Enterprise to troubleshoot and gain additional operational insight into your environment, AND give you some great best practices we’ve learned to make your Splunk and EMC environments perform at their very best. Seriously, come join us to find out more!

The Truthiness of Wire Data: Using Splunk App for Stream for Performance Monitoring
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Advanced | Industries: Retail, Aerospace and Defense, Communications, Media & Entertainment, Financial Services, Online Services | Products: Splunk IT Service Intelligence | Track: IT Operations
Speakers
David Cavuto, Product Manager, Stream, Splunk
For performance monitoring, most solutions turn to log files generated by the application itself. But what if the application is, either mistakenly or intentionally, reporting inaccurate information about its own performance? Wire data provides an “outside the application” view into the performance of application transactions and network performance in ways that logs are unable to do alone. In this session, you’ll learn how to use wire data to complement application and infrastructure logs to gain additional insight – and even find some hidden truths on how application transactions and networks are really performing.

Data Preparation Deep Dive
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Intermediate | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion, Administrator, CIO, Business Manager, Developer | Track: Splunk for Operational Intelligence | Session Focus: Using Splunk | Other Topics: What's New?!
Speakers
Jeff Lloyd, Software Engineer, Splunk
Jesse Miller, Staff Sales Engineer, Splunk
The next release of Splunk Enterprise and Splunk Cloud will include new ways to make data analysis and reporting faster and easier for a wider range of users. This session will provide in-depth information and demos on these new features.

How to Run Splunk as a Docker Image?
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Big Data Architecture, Best Practices
Speakers
Marc Chene, IT Markets Product Manager, Splunk
Denis Gladkikh, Principal SDE, Splunk
Increase the time-to-value by running Splunk in your Docker ecosystem. Learn the best practices of running Splunk Enterprise and the Splunk Universal Forwarder to unify logs and monitor the performance of your Docker ecosystem.

Monitoring and Troubleshooting Docker Across Cloud and On-Prem Environments
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Good for all Skill Levels | Industries: Retail, Online Services, Public Sector, Manufacturing, Healthcare, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Energy & Utilities, Media & Entertainment, Technology, Travel & Transportation | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Marc Chene, IT Markets Product Manager, Splunk
Denis Gladkikh, Principal SDE, Splunk
Delivering your apps in Docker containers? Better yet, are you running those Docker containers in Google Cloud Platform or Amazon EC2 Container Service? Are you running Docker in both the cloud and your data center? In this session, we will outline the challenges, steps and outcomes of monitoring your container environment, leveraging both capabilities that are part of Docker, such as the Splunk Logging Driver for Docker, and capabilities found in the leading cloud PaaS systems.

Splunk IT Service Intelligence: Keep Your Boss and Their Bosses Informed and Happy (and Still Have Time to Sleep at Night)!
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Advanced | Industries: Technology, Financial Services | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Jonathan LeBaugh, ITOA Architect, Splunk
Have you ever had “that boss”? You know the one. The one who knows everything about the systems you’re responsible for, for better or worse, and asks all the questions. Where “let me research that” is not an acceptable answer. I’ve been that guy. Join me to hear some of my war stories and talk about how Splunk IT Service Intelligence would have, could have, and SHOULD have made life much better for me...and will for you.

Ransomware Wrangling with Splunk
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Products: Other, Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: applyingThreatIntelligenceContext, Best Practices, ransomware
Speakers
Kenneth Westin, Security Market Specialist, Splunk
Over the past few years, ransomware has moved from a threat targeting consumers to a serious threat to businesses and government agencies. The sophistication of ransomware is expected to increase, as criminal syndicates are generating millions of dollars as a result of their exploits. In this presentation, we will show how Splunk solutions helps organization both prevent and respond to this emerging threat.

How Anaplan Used Splunk Cloud and ITSI to Monitor its Cloud Platform
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Intermediate | Industries: Technology | Products: Splunk IT Service Intelligence, Splunk Cloud, Splunk Enterprise | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Martin Hempstock, Monitoring and Metrics Architect, Anaplan
At Anaplan, Splunk evolved into a tool used for everything from development to business analytics. This session will cover examples of how use of the Splunk platform has evolved over time - from debugging issues to helping customers with performance problems. Come and see examples of how Anaplan uses apps, integrates Splunk into Salesforce and monitors its services running on the cloud platform and makes best use of IT Service Intelligence for real-time insights into services and security posture.

Incident Detection and Response at CERT EU – Experiences From the Field
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Intermediate | Industries: Higher Education, Public Sector, Manufacturing, Media & Entertainment, Technology, Travel & Transportation, Energy & Utilities, Aerospace and Defense, Communications, Healthcare, Financial Services, Retail, Non-Profit, Online Services | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Dimitrios Margaritis, Team Leader, CERT-EU
Learn how the Computer Emergency Response Team for EU institutions (CERT-EU) analyzes cyber threat intelligence data in the Splunk platform to detect malicious activities. Discover which data sources CERT-EU uses for early detection and why Splunk is our key platform for the incident response process. Learn about our journey with Splunk over 4 years, as well as what our Splunk architecture looks like.

Great, We Have Splunk at Yahoo!… Now What?
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Industries: Online Services, Media & Entertainment, Technology | Products: Splunk Enterprise | Track: IT Operations | Session Focus: DevOps
Speakers
Dileep Eduri, Production Engineering - Mail Tools Engineer, Yahoo
Indumathy Rajagopalan, Service Engineer at Yahoo!, Yahoo
Francois Richard, Senior Engineering Director, Yahoo
Tripati Kumar Subudhi, Tech Yahoo Sr. (DevOps), Yahoo
Yahoo Communications, inclusive of products like Yahoo Mail, Yahoo Messenger, Yahoo Contacts, Xobni and the Antispam team, had implemented Splunk software but was not maximizing their deployment. Attend this session to hear how they corrected the situation and were able to process and search more than 450TB of logs on a daily basis while satisfying their obligations to their product manager and software engineers.

Security Ninjutsu Part Three: Real-World Correlation Searches
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Intermediate | Industries: Financial Services, Manufacturing, Higher Education, Non-Profit, Healthcare, Communications, Energy & Utilities, Aerospace and Defense, Media & Entertainment, Technology, Travel & Transportation, Online Services, Retail, Public Sector | Products: Splunk Cloud, Splunk Enterprise Security, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
David Veuve, Staff Security Strategist, Splunk
Throughout the Security Ninjutsu series, we used real world searches created by Splunk technical resources working with their customers. Now we will discuss the reverse: actual correlation searches built by customers on their own (easy, medium, hard). For each, we will explain what caused them to create the use case, how they built the query, tweaked and filtered and what action they took as a result. What happens when attackers stop being nice, and start being real? Come find out. (Optional: View prior Security Ninjustu series talks here: https://dvsplunk.com/ninjustsu)

Find a Hay in Haystack! How Splunk Helped Recruit Detect 0.000001% Threat and More…
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Advanced | Industries: Media & Entertainment | Products: Splunk Enterprise | Role: Data Scientist/Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Mitsuhiro Nakamura, Senior Security Engineer, Recruit Technologies Co., Ltd.
Recruit, the leading internet service company in Japan that is similar to Expedia, has adopted a user behavior analytics approach for their cyber security platform to detect password breaches. In this presentation, we will show specific examples of how search building blocks enable a replay of the behavior of attackers to identify normal user behavior patterns and distinguish them from noises and threats, as well as how to detect anomalies. We will also introduce the use case which prevents mileage service fraud.

SAF-ICS: Using Splunk for Dynamic Risk Monitoring and Protection of ICS, SCADA and other Critical Infrastructure
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Industries: Manufacturing, Energy & Utilities | Products: Other, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: IoT Industrial Data | Other Topics: Best Practices
Speakers
Terry McCorkle, Global IoT Architect, Splunk
Kyle Miller, Industrial Cyber Security Engineer, Booz Allen Hamilton
Scott Stables, Director of Industrial Cyber Security, Booz Allen Hamilton
In this session we will discuss and demonstrate how Splunk can be used in order to monitor technical indicators, vulnerabilities, and the constantly changing threat landscape in industrial cyber-security while also improving safety and compliance, and improving operations. Techniques will allow operators and engineers to assess, track, and manage cyber risks associated with their Industrial Control Systems. This session will use a joint solution from Splunk and Booz Allen Hamilton to describe and demonstrate the concepts and implementation details.

Calculated Risks: Continuous Diagnostics and Mitigation for the World’s Largest Enterprise
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Beginner | Industries: Other, Aerospace and Defense | Products: Splunk Enterprise, Splunk Enterprise Security | Track: Security / Compliance / Fraud
Speakers
Robert Allegar, Principal, Booz Allen Hamilton
Matthew Wycoff, Lead Associate, Booz Allen Hamilton
The Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program is improving the resilience of 4M+ devices across 66 federal departments/agencies. Come learn how Booz Allen Hamilton’s CDM solution – selected to cover over 70% of these devices – uses Splunk Solutions to give Agency leaders insight into, and make informed decisions about their organization’s cybersecurity risks.

Building a Next-Gen Security Analytics Engine in the Cloud
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Beginner | Industries: Energy & Utilities | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: Best Practices
Speakers
Chris Beard, Engineering Team Lead, Shell
This session will highlight a real-world program that leverages Splunk solutions in a cloud environment to detect malicious activity using searches and big data analytics. It will also detail examples of the current use cases in use, and why the decision was made to move to the cloud.

Splunk Gone Wild! – Innovating a Large Splunk Solution at the Speed of Management
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Good for all Skill Levels | Industries: Manufacturing | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Kevin Dalian, Team Lead - Tools and Automation, Ford Motor Company
Glen Upreti, Professional Services Consultant, Sierra-Cedar
What happens when IT executives shout "Innovation" and everyone turns to you? This session covers going from a moderate Splunk installation used for server support to a clustered, high-availability, enterprise implementation supporting a major cloud-based mobile app in just three short months. Attend this session to hear about lessons learned in architecture, security, capacity and chicanery.

How Practice Fusion Achieved Operational Visibility Using Advanced Splunk Search Processing Language (SPL)
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Advanced | Industries: Technology, Healthcare | Products: Splunk Enterprise, Splunk Cloud | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Prajakt Kadam, Site Reliabiliity Engineer, Practice Fusion Inc.
Practice Fusion, the largest cloud-based electronic health records company, solved the challenge of gaining end-to-end operational visibility using advanced features in Splunk search processing language (SPL). Attend this session to learn how Practice Fusion was able to proactively monitor the operational health and efficiency of the entire system and mitigate service impact. This session details how you can use Splunk software to build a low-cost, reliable and scalable solution that provides a single pane of glass view to reduce MTTR from hours to a few minutes.

How MD Anderson Cancer Center Uses Splunk to Deliver World Class Healthcare When Patients Need it the Most
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Beginner | Industries: Healthcare | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Ed Gonzalez, Manager - Web Operations, MD Anderson Cancer Center
Jeffrey Tacy, Senior Systems Analyst, MD Anderson Cancer Center
Today’s electronic health record (EHR) systems are increasingly used directly by patients and represent an amazing opportunity to improve healthcare. Learn how MD Anderson Cancer Center uses Splunk software to help deliver an outstanding patient experience with its new EHR system and patient portal, and how the project turned into a big win for the hospital's Splunk admins. Attend this session to learn about how delivering a Splunk initiative in a large scale organization can build momentum and deliver success.

An Ongoing Mission of Service Discovery
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Good for all Skill Levels | Industries: Technology, Public Sector, Manufacturing, Media & Entertainment, Healthcare, Financial Services, Higher Education, Non-Profit, Online Services, Communications, Aerospace and Defense, Retail, Travel & Transportation, Energy & Utilities | Products: Splunk IT Service Intelligence | Role: Developer | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Michael Donnelly, ITOA Solutions Architect, Splunk
Ross Lazerowitz, Product Manager, Splunk
Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session will get you thinking about your own environment and will cover best practices and techniques for designing and building an effective service model. And this is all done with a fun Star Trek metaphor. Join us on this logical journey to service intelligence!

Metrics-Driven DevOps with Jenkins and Splunk
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Good for all Skill Levels | Industries: Energy & Utilities, Public Sector, Manufacturing, Media & Entertainment, Technology, Healthcare, Financial Services, Higher Education, Non-Profit, Online Services, Travel & Transportation, Retail, Aerospace and Defense, Communications | Products: Splunk Enterprise, Splunk Cloud | Track: IT Operations | Session Focus: DevOps
Speakers
Brian Dawson, DevOps Evangelist, Cloudbees
Brad Johnson, VP, Product Marketing, CloudBees
Jenkins is the world's most popular open source solution for CI/CD pipeline automation. Its ability to connect every software delivery task, from build to deployment, make it a hub for the collection of data about quality, velocity, and production readiness. Learn which are the DevOps metrics that matter from the Enterprise Jenkins company and DevOps experts & how to use Splunk for CI/CD intelligence. In this session attendees will learn about: 1. The state of DevOps 2. Identifying the key DevOps metrics that matter to your business 3. Jenkins at the center of your CI/CD pipeline 4. How to utilize Splunk to collect pipeline data from enterprise-scale Jenkins pipelines 5. Use Splunk platform to deliver DevOps pipeline Intelligence Splunk’s Product Management Director, Panos Papadopoulos and CloudBee’s DevOps Evangelist, Brian Dawson will walk through examples and demo how Splunk and other Jenkins users are gaining deeper DevOps insight with Splunk software and CloudBees Jenkins.

Splunk Data Collection Best Practices
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Intermediate | Products: Splunk Enterprise, Other | Role: Administrator, Splunk Technical Champion, Architect | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices, Getting Data In
Speakers
Jack Coates, Director, Product Management, Splunk
Marianna Reynova, Solution Architect, Splunk
Are you ready to go to the next level with your add-on development or scale up your data collection efforts? Come to this deep technical dive into the best practices of data collection, covering push and pull scenarios, performance implications and data re-use. Learn about the new add-on builder, Splunk DB Connect, when to use specific tools, how to handle common problems and how to reduce maintenance efforts.

Advanced Machine Learning in SPL with the Machine Learning Toolkit
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Advanced | Products: Other, Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Machine Learning
Speakers
Jacob Leverich, Director of Engineering, Splunk
The new Splunk Machine Learning Toolkit includes two radically powerful SPL search commands: "fit" and "apply". These two commands add to SPL a new lingua franca that allow users and partners to build advanced Machine Learning analytics (including supervised and unsupervised learning) that deploy entirely within Splunk Enterprise. In this talk, we will pull back the curtain on "fit" and "apply" and describe how they are built, what you can accomplish with them and how to extend them with new algorithms.

Unified Open-Sourced Splunk Configuration Management System
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator, Operations Manager | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices, Customer Success Story, Thought Leadership
Speakers
Vincent Liggio, Site Reliability Engineer, Bridgewater Associates
Kal Patel, Software Engineer, Bridgewater Associates
Casey Pike, Information Systems Consultant, Aplura
Is your head spinning trying to manage your apps on deployers, deployment servers, master servers, license masters, indexers and search heads? Tired of trying to jury-rig various configuration management systems to control your Splunk environment? Do you have 30 copies of TAs with different configurations, all with the same version of the Splunk app? Come learn about a new open-sourced Splunk-specific configuration management system you can use to tame the configuration beast.

The Power of Data Normalization: A Look at CIM Under the Hood
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Intermediate | Industries: Other | Products: Splunk Enterprise | Role: Splunk Technical Champion, Data Scientist/Analyst, Administrator, Operations Manager, Developer, Architect, Security Analyst | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Getting Data In, Best Practices
Speakers
Mark Bonsack, Staff Sales Engineer, Splunk
Vladimir Skoryk, Sr. PS Consultant, Splunk
This session will cover the Splunk Common Information Model, its place in the Splunk ecosystem, and tips and tricks for optimizing performance when using CIM. We will cover how to make the schema-on-the-fly (search-time schema, or "schema on read" much more powerful, and seamlessly define relationships between disparate data sources. We will also cover what CIM is *not*, and some of the misconceptions around CIM and its concepts.

Harnessing Performance and Scalability with Parallelization
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Intermediate | Products: Splunk Enterprise | Role: Splunk Technical Champion, Architect, Administrator | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: What's New?!
Speakers
Tameem Anwar, Software Engineer, Splunk
Abhinav Nekkanti, Senior Software Engineer, Splunk
Sourav Pal, Principal Engineer, Splunk
Today's commodity servers contain lots of cores. How can we ensure that the Splunk indexer is making the most of the resources available on these servers? The next version of Splunk software introduces two features to improve its resource utilization and performance gains: 1) Parallel Ingestion PipelineSets: Spawning parallel PipelineSets increases the rate at which Splunk can read, parse and index data 2) Search parallelization: parallelizing the search pipelines and the summary indexing provides significant performance gains for reporting searches.

Splunking your Mobile Apps
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Beginner | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Track: IT Operations | Session Focus: Mobile Intelligence | Other Topics: httpEventCollector
Speakers
Bill Emmett, Director, Solutions Marketing, Splunk
Panagiotis Papadopoulos
In a cloud- and mobile-first world, mobile apps represent where users connect to your services. In this session, we will discuss how you can gain insight to mobile app crashes, transaction performance and user journeys. We will highlight how Splunk's iOS and Android SDKs for mobile apps, along with apps available in Splunkbase, will enable your mobile use cases. We will explore new turbo-charged SDK features and dive into the new EUM Module for ITSI where we can correlate end user experience data with IT performance metrics.

Earn a Seat at the Business Table with Splunk IT Service Intelligence
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Good for all Skill Levels | Industries: Online Services, Retail, Public Sector, Healthcare, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Travel & Transportation, Energy & Utilities, Manufacturing, Media & Entertainment, Technology | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Erickson Delgado, Architect, Development Operations, Carnival Corporation
Juan Echeverry, Application Automation Engineer, Carnival Corporation
Mark Franco, Manager, Web Operations, Carnival Corporation
Information technology powers business and IT departments have the data to provide critical information for business decisions. Come hear from Carnival Cruise Lines how a service-oriented architecture approach and IT Service Intelligence strengthened the partnership between IT and business organizations. Learn how best practices from Splunk helped to overcome budgetary and organizational obstacles to deliver significant business value with Splunk. This session covers lessons learned, best practices on how to get started with a service-oriented approach, and how to be successful with your ITSI deployment.

“Finding Your Faults Before Mom” - Deploying Splunk for IT Troubleshooting and Capacity Planning on Large Scale Integrated Datacenter Infrastructure
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Intermediate | Industries: Aerospace and Defense, Higher Education, Healthcare, Public Sector, Retail, Online Services, Technology | Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Enterprise Security | Track: IT Operations | Session Focus: Deploying Splunk
Speakers
Karthik Karupasamy, Technical Marketing Engineer, Cisco
Brian Wooden, Global Strategic Alliances, Splunk
Troubleshooting the entire stack (from logical services to physical devices) of large scale applications is hard and expensive. This session will cover how to build a Splunk-based IT ops analytics platform in your datacenter to quickly detect bottlenecks in your infrastructure. It will include a live demo of an automated deployment of Splunk on Cisco UCS and a live demo of Splunk for fast application stack troubleshooting and capacity planning. The session will also highlight the latest reference architectures of Splunk software on Cisco UCS, along with hardware sizing guidelines for IT ops and security.

Writing Actionable Alerts
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Splunk Technical Champion, Operations Manager, Administrator, Security Analyst | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Burch Simon, Senior Sales Engineer, Splunk
Do you receive too many alerts from your Splunk environment and don't know which to focus on? Do you have so many alerts that you no longer see through the noise? Do you fear that your Splunk is losing its purpose and value because users have no choice but to ignore it? I’ve been there. I inherited a system like that. And what follows is an evolution of how I matured those alerts from spams to saviors. Let it be known that Splunk software does contain a number of awesome search commands to help with anomaly detection. If you enjoy what you read here, be sure to check them out since they may simplify similar efforts

Best Practices and Better Practices for Users
Thursday, September 29, 2016 | 12:25 PM-1:10 PM
Beginner | Products: Splunk Enterprise | Role: Administrator, Data Scientist/Analyst, Splunk Technical Champion, Security Analyst | Track: Splunk Foundations | Session Focus: Using Splunk | Other Topics: Best Practices
Speakers
Burch Simon, Senior Sales Engineer, Splunk
Whether you're a n00b, an architect or anywhere in-between, you've probably Splunked something and thought "there's gotta be a better way to do this." Learn those better ways at this session as we explore best practices for everything Splunk. Attendees are invited to think critically and strengthen best practices into the bestest practices!

Best Practices and Better Practices for Admins
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Architect, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Burch Simon, Senior Sales Engineer, Splunk
Whether you're a n00b, an architect or anywhere in-between, you've probably Splunked something and thought "there's gotta be a better way to do this." Learn those better ways at this session as we explore best practices for everything Splunk. Attendees are invited to think critically and strengthen best practices into the bestest practices!

Splunking Azure: Gain Insights into your Microsoft Azure Data using Splunk
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Intermediate | Industries: Other | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Jason Conger, Staff Solution Architect, Splunk
Microsoft Azure offers many Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solutions. This session will demonstrate methods to extract valuable machine data from Microsoft Azure and how to get that data into the Splunk platform. We will then cover some of the use cases or questions to ask your machine data to gain insights into operations, SLAs and security.

Avoid Fines and Save Money! Automating Regulatory Compliance with Qmulos
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Beginner | Industries: Financial Services, Healthcare, Public Sector, Online Services, Technology, Media & Entertainment, Aerospace and Defense, Energy & Utilities, Other, Travel & Transportation, Higher Education, Communications, Manufacturing | Products: Other, Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Compliance | Other Topics: Best Practices
Speakers
Scott Armstrong, Chief Strategy Officer, Qmulos
Matt Coose, CEO and Founder, Qmulos
This session describes how the Qmulos Q-Compliance™ and Q-Audit™ applications cost effectively ensure that your organization maintains regulatory compliance by automating evidence collection and monitoring while simultaneously improving your security posture. Using real-world examples and customer use cases, this session will explain how to lower the cost of maintaining compliance and preparing for audits by automating the data collection and monitoring required to maintain compliance with standards, mandates, and frameworks such as FISMA, FedRamp, HIPAA, NIST CSF, and ISO 27001.

Monitoring Automated Genetic Diagnostic Laboratories
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Good for all Skill Levels | Industries: Healthcare, Technology | Products: Splunk Enterprise | Role: CISO, CIO, Data Scientist/Analyst, CTO, Business Manager | Track: Splunk for Operational Intelligence | Session Focus: Using Splunk
Speakers
Ben Miller, Operational Intelligence, Myriad Genetics
Larry Shatzer, Operational Intelligence Engineer, Myriad Genetics
Genetic diagnostic tests allow doctors and patients to better predict cancer genesis, progression and treatment. Myriad Genetics employs a large fleet of highly optimized laboratory instrumentation operating 24 hours a day. Instrument performance is monitored by several different software stacks developed both inside and outside Myriad. In this talk, we begin our journey towards making Splunk software a standard part of our operational DNA, detecting rare mutations in our sample-processing work-flows.

Analytics at Speed
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Intermediate | Industries: Travel & Transportation | Products: Splunk Enterprise | Role: Data Scientist/Analyst, Operations Manager | Track: Splunk for Operational Intelligence | Session Focus: IoT Industrial Data | Other Topics: Platform extensibility, Getting Data In
Speakers
Laura Vetter, VP of Analytics, Kinney Group
In the world of IoT, from the factory floor, to the MRI machine at a hospital, to the driver’s seat in a race car, there is a vast lake of untapped data. That data can achieve hard-dollar ROI efficiencies, improve quality, avoid downtime, and even provide visibility and competitive advantage to a spectator sport. In this presentation, we will be giving an overview of how to think about these use cases and more; lessons learned on how projects like this are scoped, planned, and executed and why it’s worth it; and how IoT data can be leveraged to provide ROI to your business and your customers. We will be deep-diving into the experience of identifying the IndyCar use case, tuning our thinking and understanding the data during practice runs, ingesting live feeds during the race and what we experienced seeing the live race data in race time formats. We will also cover the high-octane experience building dashboards and continually cleaning data to gain visibility throughout the race. We will share key insights into what it takes to handle that type of data, what volume and speed can be expected from true IoT data that has not been filtered or rolled up. Additionally, we will cover the experience of working alongside SMEs that are not from an IT background and how to find ways to collaborate on use cases that are understandable from both sides (Splunk + non-IT SMEs). Without disclosing specifics into what data we looked at or what we specifically correlated for the team, we will provide details on how these types of projects should be approached, what raw IoT machine data typically looks like and how to handle it. We will then share other use cases we have seen: Splunking the SamCar with Arrow’s new IoTConnect platform and gathering failure trends and telemetry specifics from MRI machines. We will discuss in detail how the Splunk architecture makes that easy, with fast time-to-value and the ability to provide real-time analytics in environments where the data is flowing so fast, if Splunk isn’t watching, the insights that drive your business might just pass you by…

Splunk Performance Reloaded - Best Practices for a Performant Splunk Deployment
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Beginner | Industries: Other | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Splunk Classics | Other Topics: Best Practices
Speakers
Stefan Sievert, Staff Architect, Splunk
This session provides an introduction to and overview of the dimensions of a Splunk deployment that affect performance. It will cover infrastructure architecture, product configuration and search aspects and provide links to tools resources that customers can use to get the optimal performance out of their Splunk deployment.

Power of SPL
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Good for all Skill Levels | Industries: All Industries, Other | Products: Splunk Enterprise | Track: Splunk Foundations
Speakers
Stephen Luedtke, Technical Product Marketing Manager, Splunk
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk's simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions, and finally data science and exploration. We'll begin with basic search commands and build up to more powerful advanced tactics to help you learn and harness your Splunk Fu!

Enterprise Security Multi-Tenant Fundamentals
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Intermediate | Products: Splunk Enterprise Security | Role: Administrator, Architect, Operations Manager, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Big Data Architecture
Speakers
Michael Barrie, Regional Architect - Professional Services, Splunk
Macy Cronkrite, Professional Services, Splunk
This talk will discuss an alternative architecture for customers who want, and can't have, a multi-tenant enterprise security (ES) installation. Several scenarios (a parent company with multiple child operating companies, a university of multiple distinct campuses and hospitals, or a small scale MSSP) will be described and a solution presented that builds on top of existing ES functionality.

How the Splunk Platform Supports 120 Million Monthly Active Users
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Intermediate | Industries: Media & Entertainment, Technology, Online Services | Products: Splunk Enterprise | Track: Splunk for Operational Intelligence | Session Focus: Business Analytics | Other Topics: Customer Success Story
Speakers
Chris Kammermann, Senior Infrastructure Engineer, Shazam
The Splunk platform is a Swiss army knife utility for Shazam. This session’s topics include business and end-user analytics, what songs are popular and why, live A/B testing, analysis of advertising that have been featured on Shazam, how users use the app, anomaly detection and alerting, machine learning and operational and DevOps intelligence

Splunk and Open Source: Build vs. Buy Decisionmaking
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Good for all Skill Levels | Industries: Applicable to all industries | Products: Splunk Enterprise, Splunk Cloud | Role: CTO, Architect, Splunk Technical Champion, Operations Manager, Business Manager, Data Scientist/Analyst, CIO, Administrator, CISO | Track: Splunk Foundations | Session Focus: Adopting Splunk | Other Topics: Customer Success Story
Speakers
Jon Webster, Manager, Competitive Intelligence, Splunk
The popularity of Open Source can present a challenge to Splunk adoption in your company. Splunk has worked with over 200 customers to gain a deep understanding of the challenges and costs associated with deploying open source and can help you build a business case to support your decision to grow with Splunk. We'll walk through some real-world, real-company examples of what the decision making process looks like, and the results. Come learn about the details of Splunk’s “Open Source Build vs. Buy Workshop." What it is, and when, why and how to request it.

Bucket Diversity: Choosing Your Search Mate Wisely
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Intermediate | Products: Splunk Enterprise | Role: Administrator, Architect, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices
Speakers
Dean Jackson, Principal Systems Engineer, Dell EMC
Simon O'Brien, Staff Sales Engineer, Splunk
800 IOPs? How do I design for that? Splunk buckets now have so many infrastructure options (local or shared, “flashy” or not, and now even data reduction), that it can be a bit confusing. We will reveal the anatomy of a Splunk bucket from the storage perspective, discuss what kind of workload the Splunk platform truly generates between ingestion and search, and ultimately, arm you with the knowledge to size your buckets wisely.

Machine Learning and Anomaly Detection in Splunk IT Service Intelligence
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Advanced | Industries: Technology, Online Services | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Alex Cruise, Senior Developing Manager and Architect, Splunk
Fred Zhang, Senior Data Scientist, Splunk
Splunk is bringing its anomaly detection capabilities in Splunk ITSI to a whole new level. The new anomaly detection engine learns the normal patterns of KPIs continuously in real time, and detects when a KPI departs from its own historical behavior (univariate) or diverges from its peers that are expected to behave cohesively (multivariate). This new Splunk ITSI anomaly detection service specializes in anomaly detection in dense, numeric, evenly spaced time series. We'll describe this use case and contrast it with other kinds of analysis. We'll also discuss time-series feature engineering, and the inescapable tradeoffs and challenges that come with it.

Introduction to Splunk IT Service Intelligence
Tuesday, September 27, 2016 | 10:30 AM-11:15 AM
Wednesday, September 28, 2016 | 1:10 PM-1:55 PM
Good for all Skill Levels | Industries: Other | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Alok Bhide, Principal Product Manager, Splunk
David Millis, Staff Architect, IT Operations Analytics, Splunk
The status quo of old solutions and approaches can't handle today's complex, highly distributed service-oriented architectures. Learn how to gain service context by combining event and performance data, get the big picture of your environment, streamline operations, accelerate root-cause analysis and get ahead of customer-impacting outages. Understand how analytics and machine learning can enhance service intelligence. Join us for a live demo to see how Splunk ITSI takes operations and service intelligence to the next level and how the product has evolved over the last year, guided by your input.

A Shift from Tools Driven to Data Driven Operations
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Beginner | Industries: Travel & Transportation, Energy & Utilities, Aerospace and Defense, Communications, Retail, Public Sector, Manufacturing, Media & Entertainment, Technology, Higher Education, Financial Services, Healthcare, Non-Profit, Online Services | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Kevin Donahoe, Principal Splunk Architect, ATT Entertainment Group
How are you using your operational data? Is it to confirm the choices you've already made for your infrastructure and services? Or are you using Data to drive the choices? See the shift at DirecTV from a tools driven to a data driven monitoring and analytics practice. Take a look before and after and see how an ITOA strategy, using Splunk and IT Service Intelligence, has shifted DirecTV to using Data to drive the choices we make about our infrastructure and services.

Satellites, Choropleth Maps and ITSI… Oh My!
Tuesday, September 27, 2016 | 3:15 PM-4:00 PM
Advanced | Industries: Retail, Travel & Transportation, Public Sector, Manufacturing, Financial Services, Higher Education, Non-Profit, Online Services, Healthcare, Communications, Energy & Utilities, Aerospace and Defense, Media & Entertainment, Technology | Products: Splunk IT Service Intelligence | Role: Architect | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Jeff Trujillo, Performance Engineer, ViaSat
ViaSat is using Splunk solutions to help monitor its satellite-based internet service with choropleth maps and other advanced visualizations. But watching and correlating hundreds of different metrics in near real time is impossible for any NOC. Come see how ViaSat is using Splunk IT Service Intelligence (ITSI) to effectively model these services, using advanced thresholding and multi-KPI capabilities to generate intelligent alerts based on "normal" vs. "not normal" in a complex and fascinating environment.

Scaling Splunk Forwarders with Mesos & Marathon
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Industries: Technology, Online Services | Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Cloud | Track: IT Operations | Session Focus: IT Troubleshooting | Other Topics: What's New?!, Logging Frameworks, Getting Data In, App Ecosystem
Speakers
Charles Guenther, SRE, Yelp
Kristopher Wehner, VP Engineering, Yelp Inc
This talk will cover how Yelp scales its fleet of Splunk forwarders using Apache Mesos & Marathon for consuming diverse, high-throughput data sources. When dealing with a mix of legacy apps and micro-services that involve heterogeneous inputs and bursty data rates, maintaining and scaling your forwarder fleet can be a major challenge. Yelp's approach to this problem is to utilize Apache Kafka and a fleet of Splunk forwarders in Docker containers managed by Mesos & Marathon to allow for rapid scaling, immediate rollback of deployments and self-service empowerment for developers to monitor what they build. We'll discuss the pitfalls we encountered building out this solution, our approach to monitoring our forwarder fleet using Splunk solutions and details of our build process and developer workflow.

Operations and Log Analytics on Google Cloud Platform (GCP) With Splunk Software
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Industries: Technology | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting
Speakers
Marc Chene, IT Markets Product Manager, Splunk
Deepak Tiwari, Sr. Product Manager, Google
When it comes to your apps running on Google Cloud Platform (GCP), you want to know the “who, what and when” to optimize the usage and performance of your GCP investment and your apps running on it. In this session, Splunk and Google team up to discuss how you can monitor latency, application availability and changes impacting service reliability. You will also learn how to investigate and troubleshoot errors generated in your GCP environment. We’ll show you a range of cool capabilities of the GCP/Splunk integration, including how to collect and analyze both logs exported to GCP using the PubSub API and GCP Stackdriver time series metrics. In addition, we will walk through some best practices for hooking up the firehose and setting up alerts and dashboards to get valuable insights from the data.

A (VERY) Brief Introduction to Machine Learning for ITOA
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Beginner | Industries: Financial Services, Technology, Media & Entertainment, Manufacturing, Public Sector, Retail, Communications, Aerospace and Defense, Energy & Utilities, Travel & Transportation, Healthcare, Online Services, Non-Profit, Higher Education | Products: Splunk IT Service Intelligence | Role: Data Scientist/Analyst, CIO, Architect, Operations Manager, CTO | Track: IT Operations | Session Focus: Service Monitoring | Other Topics: Machine Learning, Thought Leadership, analyzingNetworkData, anomalyDetection
Speakers
Toufic Boubez, VP, Engineering, Splunk
What is machine learning? What is clustering, classification and anomaly detection? How do you separate the trends and hype from meaningful, powerful techniques that can transform the way organizations of all sizes and types work with data? Splunk’s VP of Engineering, Toufic Boubez, will step you through what machine learning is and why it matters, particularly in the field of IT operations, where organizations are looking to move from reactive root-cause analysis to proactive, predictive analytics.

You Cannot Manage What You Don’t Monitor: Correlated Monitoring of an Enterprise ALM Environment at Bosch
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Industries: Manufacturing | Products: Splunk Enterprise | Track: IT Operations | Session Focus: IT Troubleshooting | Other Topics: App Ecosystem
Speakers
Raffael Eiler, Senior Engineer, Bosch
Juergen Magiera, ITOA Architect, Splunk
At Bosch, unplanned system outages had to be minimized and the team needed a way to monitor their application lifecycle management (ALM) environment. Attend this session to learn how Bosch uses Splunk software to build management-friendly reports and dashboards, find root causes on-the-fly, and monitor its enterprise ALM environment in an all-in-one solution. Learn how Splunk software informs the team of early warnings before users can complain about performance issues.

Faster Time to Value with ITSI Modules
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Advanced | Industries: Technology, Travel & Transportation, Retail, Manufacturing | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Nicholas Tankersley, Product Manager, IT Markets, Splunk
Modules are a powerful way to accelerate insights in Splunk IT Service Intelligence (ITSI), with immediate data access and pre-packaged dashboards. Join us in this session to learn more about modules, how to provide valuable service and KPI templates for your organization, and easily build custom modules and third-party integrations into Splunk ITSI.

Splunk ITSI at Cox Automotive: Wrapping Intelligence Around Noise
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Beginner | Industries: Travel & Transportation | Products: Splunk IT Service Intelligence | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Steven Hatch, Manager - Enterprise Logging Services, Cox Automotive
Steven Hatch, from Cox Automotive, manages a complex IT infrastructure and is responsible for ensuring that their largest wholesale car auctions, conducted onsite and on the web, operate without a snag. Join us in this session to learn how he leverages Splunk and Splunk IT Service Intelligence to collect events and metrics data from the auction lanes, cameras, microphones, network footprint and much more, and delivers real-time insights into their auction services. You will also learn how he’s adopted Splunk enterprise and Splunk Cloud over time by embracing and delivering a Splunk Center of Excellence.

Welcome to Tomorrow ... Today! Why You Need to Merge IT and Security in Today's Connected World
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Intermediate | Industries: Public Sector, Healthcare, Financial Services, Higher Education, Non-Profit, Aerospace and Defense, Communications, Travel & Transportation, Energy & Utilities, Manufacturing, Media & Entertainment, Technology, Online Services, Retail | Products: Splunk Enterprise Security, Splunk IT Service Intelligence, Splunk Cloud | Track: IT Operations | Session Focus: Service Monitoring
Speakers
Timothy Lee, CISO, City of Los Angeles
Ernie Welch, Senior Sales Engineer, Public Sector, Splunk
Zero day attacks are, by definition, the ones that do not yet have a published attach signature. Often IT first notices something 'odd' with one of their systems, then security is notified and an investigation begins. All of this takes time, time that is never regained. Join us in this session to hear about the City of Los Angeles's Critical Asset Protection (CAP) program and the collaborative relationship that has developed between their SOC and NOC teams to enable better operations using Splunk IT Service Intelligence.

From 30 Minutes to 40 Seconds: Applying Adaptive Response to Automate Human Event Triage With Splunk ES & Phantom
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Beginner | Industries: Online Services, Travel & Transportation, Retail, Public Sector, Manufacturing, Healthcare, Financial Services, Higher Education, Aerospace and Defense, Energy & Utilities, Media & Entertainment, Technology | Products: Splunk Enterprise Security, Splunk Enterprise, Splunk Cloud | Track: Security / Compliance / Fraud
Speakers
Oliver Friedrichs, CEO and Founder, Phantom
John Stoner, Security Architect, Splunk
75% of enterprises admit to routinely ignoring security events. While Splunk Enterprise Security (ES) provides a tremendous amount of information to the security analyst, almost all events still require manual triage. This session demonstrates how to integrate Splunk ES with Phantom’s Security Automation & Orchestration Platform to automate investigation, hunting, enrichment, containment and recovery.

When Recommendation Systems Go Bad (The Hidden Biases in Machine Learning, sponsored by Splunk Women in Technology)
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Good for all Skill Levels | Products: Other | Track: Splunk Foundations | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning
Speakers
Evan Estola, Lead Machine Learning Engineer, Meetup
Machine learning and recommendations systems have changed the way we interact with not just the internet, but some of the basic services that we use to organize and run our life. As the people that build these systems, we have a social responsibility to consider how these systems affect people, and furthermore, we should do whatever we can to prevent these models from perpetuating some of the prejudice and bias that exist in our society today. This talk will cover some of the recommendation systems that have gone wrong across various industries, and attempt to provide some solutions for raising awareness and prevention.

How splunkd Works
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Splunk Classics
Speakers
Amritpal Bath, Senior Engineering Manager, Splunk
Abhinav Nekkanti, Senior Software Engineer, Splunk
Learn details of how splunkd receives data and how data is parsed, indexed and forwarded. Learn how to debug Splunk the way Splunk engineers debug.

Splunk Cloud: A Peek Under the Hood
Tuesday, September 27, 2016 | 5:25 PM-6:10 PM
Good for all Skill Levels | Products: Splunk Cloud | Role: Architect, Splunk Technical Champion, Administrator, CIO, Business Manager, Operations Manager | Track: Splunk Foundations | Session Focus: Cloud Strategies | Other Topics: Best Practices, Big Data Architecture
Speakers
Rajiv Battula, Cloud Engineer, Splunk
Nikhil Mungel, Senior Software Engineer, Splunk
We will explore how the Splunk Cloud provisioning system is engineered to take advantage of AWS Availability Zones along with Splunk’s multi-site clustering technology for the indexing and search tiers. This session will also cover how Splunk Cloud’s comprehensive security architecture and hybrid topologies are deployed in a public cloud.

The Hidden Biases in Machine Learning and Big Data: Lightning Talks – Sponsored by Splunk Women in Technology
Wednesday, September 28, 2016 | 4:35 PM-5:20 PM
Good for all Skill Levels | Products: Other | Track: Splunk Foundations | Session Focus: Data Science Machine Learning | Other Topics: Machine Learning
Speakers
Archana Ganapathi, Director of Data Strategy and Analytics, Splunk
Laura Vetter, VP of Analytics, Kinney Group
Lilian Wong, Data Scientist, Splunk
Lightning Talk #1: Machine Learning 101 What is machine learning? What does Splunk have to do with it? This talk will discuss the fundamentals of machine learning and its applications to solve business problems that Splunk clients face every day. It is a primer that does not assume any machine learning background from the audience. Lightning Talk #2: Data Quality: How to Overcome Nature with Nurture Machine learning analysis is only as good as the data fed into the algorithms, and data is created by humans or human-generated processes. Humans (and their biases) influence data creation, data interpretation and the interpretation of data analysis. This talk will discuss data quality issues introduced by the “human in the loop” and discuss how to avoid or overcome some of the consequent challenges. Lightning Talk #3: Using the Splunk Machine Learning (ML) Toolkit for Racing Use Cases We’ll be taking a brief tour of how we used the Splunk ML Toolkit for some racing and race car use cases and what we learned in doing so. There are some basic rules of the road that we learned that will empower others who are looking to use the toolkit in how to think about ML. When are you ready for ML, what should you know going in, what are some caveats that you can prepare for and thus steer the ship in a better direction for quicker ROI?

Infrastructure Analytics: Driving Outcomes Through Practical Use Cases and Applied Data Science with Splunk at Cisco
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Administrator, Architect, Data Scientist/Analyst, Splunk Technical Champion, Operations Manager | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Machine Learning, analyzingNetworkData, Best Practices
Speakers
Matt Birkner, Distinguished Engineer, Cisco
Ian Hasund, Director/Chief Architect, Cisco
Robert Novak, Consulting Systems Engineer, Cisco
This session offers an in-depth view into how Cisco Services is using Splunk software for proper planning, designing and intelligent operational activities for today's complex Service Provider and Enterprise Next Generation Networks (NGNs) for our Optimization and Assessment Services. We’ll cover how Cisco Services built custom apps covering Syslog Analytics, “Key Performance Indicators,” Network Topology and Capacity Management; including the application of machine learning, predictive analytics and correlation. Sample scenarios will include impact of software/hardware changes, traffic growth, impact of topology changes, network upgrades and fault analytics based on data collected daily from infrastructure devices around the world. The session will wrap up with an overview of the deep partnership between Cisco and Splunk, including infrastructure deployment, multi-platform Cisco monitoring and management and how to make the most of the interactions between Cisco and Splunk in your own datacenter environment.

Using Splunk With Threat Intelligence to Detect Threats at Every Stage of the Kill Chain
Thursday, September 29, 2016 | 11:20 AM-12:05 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: applyingThreatIntelligenceContext
Speakers
Hugh Njemanze, CEO, Anomali
Trevor Welsh, VP Sales Engineering, Anomali
In today’s digital world, cyberattacks are mounting at an unprecedented rate. It typically takes more than half a year for an organization to detect a cyber intrusion, which can potentially cause irreparable material damage and put the business at critical risk. Fortunately, tools and techniques are emerging to more quickly detect and prevent cyberattacks. In this talk, we will discuss and demonstrate how to apply the Cyber Kill Chain® using Splunk software to detect adversaries at any stage, and ultimately break the chain of attack and protect your business.

Taking your AWS Logging to the Next Level
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Architect, Administrator | Track: IT Operations | Session Focus: Cloud Strategies | Other Topics: Best Practices, Amazon Web Services
Speakers
David Potes, Partner Solutions Architect, Amazon
Amazon Web Services (AWS) has many services with rich instrumentation and auditing, which provide customers a wealth of information for security, performance and cost optimization. In this session, join David Potes from AWS to explore best practices for getting the most out of AWS CloudTrail, AWS Config, AWS VPC Flow Logs and AWS billing reports, as well as a few other services. We’ll also look at how customers such as Adobe and Autodesk use Splunk solutions to provide a unified window into their AWS activities.

Palo Alto Networks and Splunk Team Up to Prevent Attacks and Protect Your Data
Wednesday, September 28, 2016 | 11:00 AM-11:45 AM
Good for all Skill Levels | Products: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security | Role: Data Scientist/Analyst, Security Analyst, CISO | Track: Security / Compliance / Fraud | Session Focus: incidentResponse | Other Topics: attackScenarios, applyingThreatIntelligenceContext, adaptiveResponse, Best Practices
Speakers
Brian Torres-Gil, Solutions Architect, Palo Alto Networks
Ransomware is top of mind for enterprises, their security teams as well as board members. With valuable data at risk, organizations need a security platform that correlates data and automatically implements protections. Watch a demo of a ransomware attack, and observe how the Adaptive Response ecosystem can provide the viability and insight necessary to keep your organization from becoming the next victim. Palo Alto Networks continually develops new features into the App and Add-on for Splunk Enterprise and Splunk Cloud, including recent features like integration with the latest Adaptive Response standards, improved interoperation with Splunk Enterprise Security, focused workflows for secure SaaS enablement and analytics of Palo Alto Networks GlobalProtect data. The Palo Alto Networks App and Add-on are certified by the Splunk App Certification team with utmost attention to quality and security.

Architecting and Sizing Your Splunk Deployment
Wednesday, September 28, 2016 | 3:30 PM-4:15 PM
Beginner | Industries: Technology, Other | Products: Splunk Enterprise | Role: Architect, Developer, Operations Manager, Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices
Speakers
Deep Bains, SE Manager, Splunk
Simeon Yep, Director, Splunk
Sure, Splunk is a flexible product that can be deployed to meet almost any scale and redundancy requirements. But as with any other high-performance application, you need to define your goals and requirements, then plan your architecture carefully. Number of users? Daily index? Hot, warm, cold storage? High availability? This session will walk through a checklist of items to consider before choosing hardware and deploying Splunk software in a manner that best meets your goals.

How to Migrate from Legacy SIEM to Splunk
Tuesday, September 27, 2016 | 12:40 PM-1:25 PM
Advanced | Products: Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: securityAnalyticsAndMachineLearning | Other Topics: analyzingEndpointData, attackScenarios, anomalyDetection, analyzingNetworkData, applyingThreatIntelligenceContext, adaptiveResponse
Speakers
Girish Bhat, Director, Security Product Marketing, Splunk
The role of the SIEM is more critical now than ever before. With the evolution in customer expectation and requirements it is time to leverage the rapid advancement in modern SIEMs, such as the Splunk Enterprise Security.

A Framework for Developing and Operationalizing Security Use Cases
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Good for all Skill Levels | Industries: Public Sector, Aerospace and Defense, Retail, Travel & Transportation, Media & Entertainment, Communications, Technology, Financial Services, Higher Education, Non-Profit, Online Services, Other, Energy & Utilities, Healthcare, Manufacturing | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst | Track: Security / Compliance / Fraud | Session Focus: securityUseCaseDevelopment | Other Topics: Best Practices
Speakers
Ryan Faircloth, Security Consultant, Splunk
This session will walk attendees through a best-practice framework to developing security use cases for Splunk. The session includes how to identify, define, and map business problems and other motivating factors to specific security and compliance narratives, from which use cases and response plans can be developed, including derivation of key data source requirements, enrichment options, and implementation details.

Increasing Engineering Productivity in Micro Services World
Wednesday, September 28, 2016 | 12:05 PM-12:50 PM
Good for all Skill Levels | Industries: Financial Services | Products: Splunk Enterprise | Track: IT Operations | Session Focus: DevOps
Speakers
Sumit Nagal, Principal Engineer in Quality, Intuit
I would be sharing how Splunk helped in our platform journey, where we have produces many services for our platform. We have increased developer productivity by nailing down environment stability and dependent service vulnerability by bringing data out via Splunk latest technology. We have used data-model and advance charting along with standard and best practice in logging. This well complimented with our continuous pipeline for test,chef,Jenkins,git and Jira. Splunk not only help in service Quality and Root cause Analysis, but also on customer support and production issues.

What If Anyone Could Query Splunk Using Natural Language?
Tuesday, September 27, 2016 | 11:35 AM-12:20 PM
Good for all Skill Levels | Industries: Healthcare | Products: Splunk IT Service Intelligence, Splunk Enterprise Security | Role: Security Analyst, Splunk Technical Champion, Administrator, CISO, Operations Manager | Track: Splunk Foundations | Session Focus: Search Language | Other Topics: Platform extensibility
Speakers
Matt Parks, Security Analytics Lead, Kaiser Permanente
Grant Wernick, CEO, Insight Engines
Today, querying log data for enterprise security use is something that few people in any organization can do well. What if everyone could quickly investigate voluminous data sets via Splunk software using simple natural language queries? Productivity and accessibility would increase, MTTR would decrease, onboarding of new hires would take days and organizations would extract a lot more value from their Splunk implementations. Imagine a future where, instead of constructing complex queries for a question like, “Have we seen an increase in traffic from North Korean IPs today vs. last week?” you could just ask in normal English and instantly get relevant results. It’s now possible—at least for those who join the Insight Engines intro program here at .conf2016! In this session, you will get a glimpse of how the Kaiser Permanente Cyber Risk Defense Center (CRDC) is using natural language search to optimize investigations, analysis and reporting of data via its multi-TB Splunk instance. You’ll learn firsthand how it enables them to do ad hoc searches in seconds, teach their team how to understand and write optimized SPL, and develop correlation searches in a fraction of the time.

Security Special Interest Group
Wednesday, September 28, 2016 | 5:30 PM-7:00 PM
Products: Other | Track: Security / Compliance / Fraud | Session Focus: soc
Informally share your ideas with your peers on various cybersecurity and Security Operations Center (SOC) topics. Each topic has its own room and the conversation is facilitated by Splunkers. Topics are: - Implementing Adaptive Response (aka “automated remediation”) in a modern SOC - How do you achieve maturity in SOC? - Complementing SIEM with User Behavior Analytics

Indexer Clustering Basics, Internals and Debugging
Thursday, September 29, 2016 | 10:15 AM-11:00 AM
Intermediate | Industries: Other | Products: Splunk Enterprise, Splunk Cloud | Role: Architect, Splunk Technical Champion, Administrator | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices, Big Data Architecture
Speakers
Dhruva Kumar Bhagi, Sr. Software Engineer, Splunk
This session discusses the important internals of indexer clustering like data replication, generation, fix-ups, and configuration pushes etc. It also sheds some light on how to debug the cluster, what to look for in log files etc.

Troubleshooting Splunk Forwarder Issues
Thursday, September 29, 2016 | 2:35 PM-3:20 PM
Beginner | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion | Track: Splunk Foundations | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Victor Ebken, Software Engineer, Splunk
Maciek Wojcik, Senior Software Engineer, Splunk
Forwarders are vital components of any Spunk deployment, consuming the data and sending it to Spunk indexers for processing. Most of the time they require very little attention and work out-of-the-box. In this session we will be looking at some of the most common problems: throughput and latency issues as well as duplicated and dropped events. We are going to show how administrators can diagnose and fix these problems themselves and how to collect the necessary troubleshooting data for Splunk Support if their help is needed.

An Integrated Approach to Cybersecurity
Tuesday, September 27, 2016 | 4:20 PM-5:05 PM
Good for all Skill Levels | Products: Splunk Enterprise Security | Role: CISO, Security Analyst | Track: Security / Compliance / Fraud | Session Focus: Threat Detection | Other Topics: ransomware
Speakers
Monzy Merza, Director of Cyber Research and Chief Security Evangelist, Splunk
Bret Newman, TAM, Tanium Inc.
Kevin Oswald, Accenture Leadership
Terry Ramos, VP, Business Development, Palo Alto Networks
Bad things happen to good people, ransomeware is a systemic problem, it involves a wide range of attacks that are encryption based, CryptoLocker and CryptoWall have done serious damage, targeting one of the enterprises most prized assets, their data. Ransomeware resolved, Palo Alto Networks + Splunk + Tanium + Accenture, has come together to deliver security maturity, combining best in class technology and services. This panel session will bring together leaders of each organization, the discussion will detail out the ransomeware use case.

Managing Your Data for the Long Term
Wednesday, September 28, 2016 | 2:15 PM-3:00 PM
Good for all Skill Levels | Products: Splunk Enterprise | Role: Architect, Administrator | Track: Splunk Foundations | Session Focus: Deploying Splunk | Other Topics: Best Practices
Speakers
Steve Fritzinger, Pursuit Business Dev Manager, NetApp
Splunk users ingest a lot of data. Being able to store and manage that data cost-effectively can be a limiting factor on how much data you can index and what you can do with it. As Splunk moves from a tool to an integrated, mission-critical platform, avoiding these limits becomes even more important. This session will discuss the limits of using commodity servers and internal disk drives for Splunk solutions. It will also show how using tiered external storage can reduce your overall storage costs, increase performance of your Splunk searches, reduce the size, power consumption and cooling costs for your Splunk cluster and, most importantly, avoid inconvenient and high-cost data migrations as your cluster ages.

Security Track Kickoff
Tuesday, September 27, 2016 | 10:15 AM-10:30 AM
Good for all Skill Levels | Products: Splunk Enterprise, Splunk Enterprise Security | Role: Security Analyst, Architect, CISO | Track: Security / Compliance / Fraud
Speakers
Robert Ma, Product Marketing, Splunk
Join us for a 15 minute overview of how we’ve constructed the security track by skill level, role and tags to help you make the most of your .conf2016 Experience. We’ll also cover the additional programming related to security, including the hands-on sessions, demo pavilion, Boss of the SOC, a realistic security simulation which will run across several days of the conference and so much more!

Boss of the SOC De-brief
Thursday, September 29, 2016 | 1:30 PM-2:15 PM
Good for all Skill Levels | Products: Splunk Cloud, Splunk Enterprise | Role: Security Analyst, CISO, Data Scientist/Analyst, Administrator | Track: Security / Compliance / Fraud | Session Focus: soc
Speakers
David Herrald, Security Architect, Splunk
Ryan Kovar, Minister of the OODALoopers, Splunk
Join us for the de-brief of the Boss of the SOC competition at .conf2016! We'll announce the winners and review the data sets, tactics and tips the players and winners employed to drop their breaches and secure future success. Let me know thoughts.

Community Theater

Managing a Large-Scale, Multi-Site, Distributed Deployment Without Going Insane
Wednesday, September 28, 2016 | 12:00 PM-12:15 PM
Advanced | Industries: Media & Entertainment | Products: Splunk IT Service Intelligence, Splunk Enterprise | Role: Administrator, Architect | Track: Community Theater | Session Focus: Managing Splunk | Other Topics: Best Practices, Big Data Architecture
Speakers
Kevin Donahoe, Principal Splunk Architect, ATT Entertainment Group
In this discussion, we will discuss our growing pains and the solutions we came up with to scale out from a single instance to a multi-site indexer cluster with cross-site replication. Learn how we've empowered a tier 1 group to reliably and consistently execute configuration changes on our behalf using Git and RunDeck, how we use ITSI, configuration and change management and lessons we've learned along the way.

How Fast is Fast Enough? Improving Splunk Performance with Batch Mode Search
Tuesday, September 27, 2016 | 3:00 PM-3:15 PM
Intermediate | Industries: Online Services | Products: Splunk Enterprise | Role: Administrator, Splunk Technical Champion | Track: Community Theater | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Becky Burwell, Production Engineer, Yahoo Inc.
Learn why Flickr chose to turn on batch mode search, how we did it, and what we learned.

Real-World Role-Based Access Controls in a Decentralized Environment
Wednesday, September 28, 2016 | 5:00 PM-5:15 PM
Intermediate | Industries: Other, Higher Education | Products: Splunk Enterprise | Role: Administrator, Architect | Track: Community Theater | Session Focus: Managing Splunk | Other Topics: Best Practices
Speakers
Joshua Buysse, Security Developer, University of Minnesota
Brandon Lattin, Security Engineer, University of Minnesota
In a new Splunk implementation for a decentralized IT organization at a large university, we wanted to collect all logs in a central service that security can access. In order to get buy-in from the rest of the organization, we needed to implement granular access controls. Our solution using a hierarchy of groups gives us the ability to quickly grant or revoke access for a group to an index while minimizing administrative overhead.

Splunk To A Cure: Be Inspired by a Lifesaving, Use Case of Managing T1 Diabetes
Tuesday, September 27, 2016 | 5:00 PM-5:15 PM
Good for all Skill Levels | Industries: Non-Profit, Healthcare, Technology | Products: Splunk Cloud, Splunk Enterprise | Role: Splunk Technical Champion | Track: Community Theater | Session Focus: IoT Industrial Data | Other Topics: Getting Data In
Speakers
Steve Hogan, Staff Sales Engineer, Splunk
See how Splunk software is being leveraged to intelligently overcome daily obstacles through critical alert notifications, strategic real-time to historical trending analysis, and correlating cross-data to reach the goal of a Type 1 cure. You will view real world mining of elusive IoT data, how intelligent alerting can cut through the noise to provide lifesaving responses, and how correlating cross-data can be leveraged for reaching an ultimate resolution.

2016 National SPLing Bee
Tuesday, September 27, 2016 | 3:30 PM-4:30 PM
Intermediate | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Splunk Technical Champion, Operations Manager, Architect | Track: Community Theater | Session Focus: Search Language | Other Topics: Best Practices
Speakers
Stephen Luedtke, Technical Product Marketing Manager, Splunk
We're back for you to put your Splunk-fu to use in our 2nd Annual SPL'ing Bee! The SPLing Bee is a competition that will be held during .conf2016. This is your opportunity to learn new commands, show off your Splunk ninja skills and compete with your fellow Splunkers to solve Search challenges using Splunk's Search Processing Language (SPL). Like a spelling bee there will be multiple rounds that will get more challenging as you progress. Entrants will utilize a Splunk instance with a sample data set to run their searches on and answers will be tracked and judged by a master instance. Results will be Splunked real time and on display! There will be prizes!

2016 National Security SPLing Bee
Wednesday, September 28, 2016 | 3:30 PM-4:30 PM
Intermediate | Products: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security | Role: Administrator, Splunk Technical Champion, Data Scientist/Analyst, Security Analyst, Architect | Track: Community Theater | Session Focus: Search Language
Speakers
Young Cho, Technical Marketing Manager, Security, Splunk
Stephen Luedtke, Technical Product Marketing Manager, Splunk
Want to show us your security-specific Splunk-fu? Join us for the inaugural 2016 National Security SPL'ing Bee! The Security SPL'ing Bee is a competition that will be held during .conf2016. This is your opportunity to learn new security specific commands, show off your Splunk ninja skills and compete with your fellow Splunkers to solve Search challenges using Splunk's Search Processing Language (SPL). Entrants will utilize a Splunk instance with a sample data set to run their searches on and answers will be tracked and judged by a master instance. Results will be Splunked in real time and on display! There will be prizes!

Intelligence-Driven Computer Network Defense Using Dynamic Block Lists
Wednesday, September 28, 2016 | 3:00 PM-3:15 PM
Beginner | Industries: Retail, Technology, Higher Education, Public Sector, Financial Services, Online Services | Products: Splunk Enterprise | Track: Community Theater | Session Focus: Threat Detection
Speakers
Albert Ball, Security Analyst, Rice University
Peseng Yu, Security Analyst, Rice University
You are absolutely unique, just like everyone else. This session will focus on leveraging the existing data from the intrusion detection system or NGFW to generate a course of action (dynamic block lists) with atomic indicators (IP addresses). You will learn how to create an intelligence feedback loop to decrease an adversary’s likelihood of success with each subsequent intrusion attempt.

It’s a Family Affair – Splunk and the Art of Home IoT
Wednesday, September 28, 2016 | 11:30 AM-11:45 AM
Intermediate | Industries: Other | Products: Other, Splunk Cloud | Role: Splunk Technical Champion, Administrator | Track: Community Theater | Session Focus: IoT Industrial Data | Other Topics: Getting Data In
Speakers
Jane Gow, Customer Success Manager, Splunk
Todd Gow, Sales Engineering Manager, Splunk
How would you like to take all of that home-based IoT data and search it from the cloud? This session will be focused on different methods of data collection at home and best practices for getting that data into Splunk Cloud. Once the data is in SplunkCloud the real fun begins. Let's see how easy it is to gain insight into IoT data using Splunk's searching, reporting and alerting easy-to-use interface.

Deception-Triggered Security Data Science to Detect Adversary Movements
Wednesday, September 28, 2016 | 1:00 PM-1:15 PM
Intermediate | Industries: Other, Technology | Products: Splunk Enterprise, Splunk User Behavior Analytics, Splunk Enterprise Security | Track: Community Theater | Session Focus: Threat Detection
Speakers
Satnam Singh, Chief Data Scientist, Acalvio Technologies
Deception-triggered security data science is a novel paradigm where we marry deception and security data science to enhance security incident analysis. We deploy deception sensors (consisting of multiple low and high honeypots) that can emulate at various stages e.g. network, endpoint, application, data and servers. Whenever an adversary trips over these sensors, we initiate an alert and correlate with other data sources to construct an adversary trajectory graph. The audience will be walked through case studies and shown how to track adversary movements.

Help! (Part 1) How Do I get Help with All Things Splunk?
Wednesday, September 28, 2016 | 1:30 PM-1:45 PM
Good for all Skill Levels | Industries: Other | Products: Splunk Cloud, Splunk Enterprise | Role: Administrator, Splunk Technical Champion | Track: Community Theater | Session Focus: Adopting Splunk | Other Topics: Best Practices
Speakers
Patrick Pablo, Community Content Manager, Splunk
Laura Stewart, Senior Technical Writer, Splunk
Got Splunk questions? Get answers. Fast. In this two-part session, see why our customers rave about the Splunk docs. Learn the best techniques to optimize your results from Splunk Answers. Leverage the experience of customers, partners, and Splunkers by connecting to Splunk chat rooms and user groups. Discover how to talk directly with Splunk engineers during “office hours” and be the first to see a demo of the latest Splunk Web features that help you learn and parse search syntax. Regardless of your experience or role using Splunk software, knowing how and where to get help is essential to your success.