SlideShare a Scribd company logo

SFBA Splunk Usergroup meeting Nov 20, 2024

B
Becky Burwell

Two talks: 1. Splunk and IPv6 2. Splunk Data Management Processing

1 of 43
Download to read offline
© 2024 SPLUNK INC. IPv6 & Splunk November, 2024 Martin Misciagna Solutions Engineer mmisciag@cisco.com mmisciagna@Splunk.com
© 2024 SPLUNK INC. Forward-looking statements The preceding constitutes Splunk’s Confidential Information and is intended to outline Splunk’s general product direction, which is subject to change at any time without notice. The contents of this document are intended for informational purposes only and are not to be incorporated into any contract. This document includes plans and forward-looking statements. These statements are based on Splunk’s current expectations and involve many factors and uncertainties that could cause actual results or timing to differ materially from those expressed or implied in such statements. These statements should not be interpreted as a commitment from Splunk to deliver any material, code, or functionality and should not be relied upon in purchasing decisions. The development, release, and timing of any features or functionality described for Splunk’s products remain at Splunk's sole discretion.
© 2024 SPLUNK INC. Presentation logistics - What? - Why? - How? - When? - Road Map
© 2024 SPLUNK INC. What? - IPv4 address example: 17.172. 224.47 - IPv6 address example: 2001:db8:3333:4444:5555:6666:7777:8888
© 2024 SPLUNK INC. What are the differences?
© 2024 SPLUNK INC. It’s better! Right!!! ● New header format ● Extensibility ● Large address space ● Better security. ● Stateless and stateful host addressing (SLAAC) ● More efficient LAN interactions ● Multiple IPv6 addresses per device ● New address types
© 2024 SPLUNK INC. Why? - M-21-07 Memorandum: “At least 80% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2025” - Global IPv6 adoption at ~42% as of Nov 13, 2024 - Faster - Cheaper - More secure
© 2024 SPLUNK INC. How? - Ingress and egress - Dual Stack - Network Load Balancer - Configuration change - Feature flag - Maintenance window and Splunk update might be required
© 2024 SPLUNK INC. Architecture
© 2024 SPLUNK INC. When? ● November 25, 2024: Early Access Program ‒ 7 Government and private sector Entities ‒ End of Q1: GA ● If you want to enroll in early access please contact: mtatusko@splunk.com ‒ Runbooks are available ‒ https://lantern.splunk.com/Splunk_Platform/Product_Tips/Administration/Splunk_over_IPv6_Runboo k_for_Splunk_Enterprise_Customers ‒ https://lantern.splunk.com/Splunk_Platform/Product_Tips/Administration/Splunk_over_IPv6_Runboo k__for_Splunk_Cloud_Platform_Customers
© 2024 SPLUNK INC. - Lengthy internal processes on the customer side - Firewall update required - Assess IPv6 readiness - Splunk is working with Cisco, AWS and following NIST Guidelines Early-access feedback
© 2024 SPLUNK INC. Next Later Azure FedRAMP GCP FedRAMP Splunkbase ecosystem Accelerated by customers’ feedback Splunk IPv6 Roadmap © 2024 SPLUNK INC. Early access & GA Splunk Enterprise Splunk Cloud Platform AWS Commercial AWS FedRAMP Moderate AWS FedRAMP High Enterprise Security Splunk IT Service Intelligence AWS IL5 Azure Commercial GCP Commercial Splunk User Behavior Analytics Splunk SOAR Dedicated IPv6 Splunkbase app IPv6-only deployments Federated Search
© 2024 SPLUNK INC. Let’s ride the IPv6 wave
© 2024 SPLUNK INC. © 2024 SPLUNK INC. | Splunk Confidential and Internal - Do Not Distribute The Splunk you love will get even better.
© 2024 SPLUNK INC. © 2024 SPLUNK INC. SPLUNK CONFIDENTIAL Data Management (formerly GDI) Product Management Splunk Platform
Forward- looking statements © 2024 SPLUNK INC. This presentation may be deemed to contain forward-looking statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words “will,” “believes,” “plans,” “anticipates,” “expects,” “estimates,” “strives,” “goal,” “intends,” “may,” “endeavors,” “continues,” “projects,” “seeks,” or “targets,” or the negative of these terms or other comparable terminology, as well as similar expressions) should be considered to be forward-looking statements, although not all forward-looking statements contain these identifying words. Readers should not place undue reliance on these forward-looking statements, as these statements are management’s beliefs and assumptions, many of which, by their nature, are inherently uncertain, and outside of management’s control. Forward-looking statements may include statements regarding the expected benefits to Cisco, Splunk and their respective customers from the completed transaction, the integration of Splunk’s and Cisco’s complementary capabilities and products to create an end-to-end platform designed to unlock greater digital resilience for customers, our expectations regarding greater resiliency and better product outcomes, including for security and observability, plans for future investment, our development and use of AI and the role that our innovation plays as our customers adopt AI. Statements regarding future events are based on Cisco’s current expectations, estimates, and projections and are necessarily subject to associated risks related to, among other things, (i) the ability of Cisco to successfully integrate Splunk’s market opportunities, technology, personnel and operations and to achieve expected benefits, (ii) Cisco’s ability to implement its plans, forecasts and other expectations with respect to Splunk’s business and realize expected synergies, (iii) the outcome of any legal proceedings related to the transaction, (iv) the effects on the accounting relating to the acquisition of Splunk, (v) legislative, regulatory, and economic developments, (vi) general economic conditions, and (vii) the retention of key personnel. Therefore, actual results may differ materially and adversely from the anticipated results or outcomes indicated in any forward-looking statements. For information regarding other related risks, see the “Risk Factors” section of Cisco’s most recent report on Form 10-Q filed on February 20, 2024 and its most recent report on Form 10-K filed on September 7, 2023, as well as the “Risk Factors” section of Splunk’s most recent reports on Form 10-Q filed with the SEC on February 20, 2024 and November 21, 2023, respectively. The parties undertake no obligation to revise or update any forward-looking statements for any reason, except as required by law. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in beta or in preview (used interchangeably), or to include any such feature or functionality in a future release. Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2024 Splunk Inc. All rights reserved.
© 2024 SPLUNK INC. The Data Challenge By 2026, large enterprises will triple their unstructured data capacity across their on-premises, edge and public cloud locations, compared to 2023*. ● Logs, Metrics, Traces, ● Events Cloud, On-prem, IOT ● Troubleshooting ● Threat detection/investigation ● Compliance Explosive Data Growth Proliferation of Data Sources and Types Disparate Use Cases *Source: Gartner 2023 Hype Cycle
© 2024 SPLUNK INC. The Data Management Landscape Ingestion Processing Landing Manageability ●Unlimited Sources and Patterns ●Ever Increasing Complexity In Splunk, as well as Data Lakes ●Swivel Chair and Toil Heavy
© 2024 SPLUNK INC. © 2024 SPLUNK INC. Not All Data Is The Same Data Age and Use Case Applicability Increasingly Important Age of Data Forensics, Audit & Compliance <1 sec <1 min <10 sec 1 week 1 year 1 month 1 hour 1 day 10 year Prevention, Detection, Monitoring Incident Review, Investigations, Threat Hunting Real and Near-Real Time Archive Ad Hoc
© 2024 SPLUNK INC. What Do The Best Splunk Admins Want? For ingest, configuration, processing, and management across Splunk products Unified Approach Setup in minutes, not hours. Modern UI with smart defaults and best practices Lower TTV Centralized data pipelines monitoring & troubleshooting. Alerts. Agent management. E2E Visibility Plug into DevOps automation. Build on top with APIs, tools and frameworks Empowered Developers And What Are We Doing to Give Them That! Be Hyper Productive Deliver Faster Be in Control Build and Automate
© 2024 SPLUNK INC. © 2024 SPLUNK INC. Splunk Data Management (DMX) Unified data configuration, processing, and management Filter Normalize Mask Enrich Logs to Metrics Aggregate Public Cloud Private Cloud On Premise Data Lake Splunk Cloud Splunk Enterprise Data Management Experience (DMX) Runs on the Edge and Cloud End to End Monitoring (incl. Agent Management) UF, HEC, OTel Metrics Logs Routing Traces Events Splunk O11y Cloud Amazon S3
© 2024 SPLUNK INC.
© 2024 SPLUNK INC. © 2024 SPLUNK INC. Choice and Efficiency Without Sacrifice DMX and Federated Search powering Federated Analytics Splunk Data Management Splunk Federated Search Splunk Cloud Data Lake Splunk O11y Cloud Amazon S3 Splunk Enterprise
© 2024 SPLUNK INC.
© 2024 SPLUNK INC. © 2024 SPLUNK INC. SPLUNK CONFIDENTIAL Data Processing Data Acquisition (Forwarders, HEC/S2S, Data Manager, Pull Connectors, Stream, SC4* Connectors) Data Processing (Edge & Ingest Processing, Ingest Actions, SPL2) Content (TAs, CIM, SPL2 templates, UCC Framework, Gold Standard) Manageability (Unified Agent Management, Deployment Server, Monitoring & Troubleshooting, Alerts) Data Management / GDI
© 2024 SPLUNK INC. Gain access to the right data, at the right time to accelerate insights while optimizing cost and managing compliance.
© 2024 SPLUNK INC. Data Management Flexible filtering, masking, and routing capabilities for your growing data volumes Choice of how processing is deployed: at the edge with Edge Processor or at ingest with Ingest Processor GA ANNOUNCING 13
© 2024 SPLUNK INC. Edge Processing at Splunk Powerful and performant edge processing New UI to quickly and easily author and deploy ingest or edge transformations and routing Edge processing, with UI to quickly and easily author, deploy and manage edge transformations and routing Heavyweight Forwarders Ingest Actions Edge Processor
© 2023 SPLUNK INC. Quick recap - Edge Processor New pipeline authoring experience - SPL2 - delivers efficient, flexible data transformation Use cases include filter, mask, and route to Splunk platform or S3 Customers enjoy real-time visibility into and control over their data in motion Customers can derive more value from and generate new insights into their data Simplified data processing near the source of data Service offering delivered through cloud control plane, available on Splunk Cloud Platform Customer supplies hosts on which edge processors are deployed, with flexibility to scale How’s it work? What’s this? So what?
© 2024 SPLUNK INC. Extending Processing Capabilities to Splunk Cloud Customers
© 2024 SPLUNK INC. Splunk® Ingest processor is a New Capability on Splunk® Cloud Platform Fully hosted and managed by Splunk Integrated with Splunk Indexes Scalable service Splunk Cloud <> Observability
© 2024 SPLUNK INC. Logs Ingestion & Metricization on Splunk Cloud Splunk Cloud Mask PII Route Filter Noise Splunk Observability Cloud Splunk Data Management Ingest processor Convert Logs to Metrics Splunk Cloud Index Ingest logs data and generate metrics to power real-time dashboards and alerts HEC S2S Ingest Layer +other sources AWS S3
© 2024 SPLUNK INC. © 2024 SPLUNK INC. Architecture Overview Splunk Cloud Index Splunk® Cloud Platform Ingestion Endpoint Data Management Ingest processor host, source, sourcetype SPL2™ processing engine Pipeline Authoring UI Observability S3
© 2024 SPLUNK INC. Sources DMX Edge Processor DMX Control Plane (UI) (Pipeline Design, Monitoring etc) ` DMX Ingest Processor ` HEC UF/HF Customer Edge Configuration and telemetry Configuration Execution Data transport Configuration and telemetry Data transport Cloud Ingestion (Parsed Data) DMX Processing - Edge & Ingest S3 Observability cloud Splunk® Cloud Platform indexers host, source, sourcetype Collection & Forwarding Extending pre-processing capabilities to Splunk Cloud Customers
© 2024 SPLUNK INC. SPLUNK CONFIDENTIAL When should I use which product? Comparing Splunk’s pre-index data processing capabilities Edge Processor Ingest Processor Ingest Actions Filter, mask, and route data before indexing SPL2-based pipelines UI over props and transforms Splunk Cloud (AWS) Splunk Cloud (AWS/GCP) & Splunk Enterprise Process data on customer-managed edge using SPL2 processing engine Process data using Splunk-managed SPL2 processing engine Process data on HWF or Indexer using rulesets Ingest data from S2S, HEC, Syslog, & Preview sample data (copy/paste & file upload) Ingest data from any Splunk Cloud (Victoria) input, Preview sample data (copy/paste & file upload), Live Capture of incoming data Ingest data from any Splunk supported data input, Live Capture, Output Name Partitioning, & Output Support for Fed Search on S3 Route to Splunk Cloud Platform, Splunk Enterprise, & Amazon S3 Route to Splunk Cloud Platform, Amazon S3, & Splunk Observability Cloud Route to Splunk Cloud Platform, Splunk Enterprise, Amazon S3, & File System
© 2024 SPLUNK INC. Takeaways Optimize your data where you need Get started with zero infrastructure Prerequisites to get started ● Pre-ingest processing (Edge) ● Cloud hosted event processing (Ingest Processor) ● Shares the same SPL2 pipeline authoring ● DMX on CMP (On-prem only customers).... coming soon ● Faster Time to Insights ● Filter verbose or low-value sources ● Extract just the critical data ● Mask PII ● Available in Splunk Cloud AWS, stacks upgraded 9.1.2312.202, 203 ● Available across AMER, EMEA, APAC regions ● Supported on NOAH stacks ONLY (not supported on Classic exp) ● CCF compliant
© 2024 SPLUNK INC. Let’s See in Action!
© 2024 SPLUNK INC. Kubernetes Logs: Audit, Proxy and More (Q2 GA) Create metrics to tell you WHEN to look at logs Instead of looking for errors in audit logs… Create a metric that is the count of errors!
© 2024 SPLUNK INC. Windows Logs: Perfmon and wineventlog (Q2 GA) Creating performance metrics from legacy Windows sources Instead of searching through logs to find the event code you need… Metricize your event codes and filter by host!
© 2024 SPLUNK INC. Azure: Activity and Resource Logs (Q2 GA) Extract additional metrics from Azure event hubs and Storage Blobs to enrich your observability Instead of taking time to configure verbose logging Convert to metrics at ingest time!
© 2024 SPLUNK INC. Useful Links Where can we get more information? Resource links? #gdi-ingest-processor-public General Q&A: ● #dm-ingest-processor-public ● How to request IP Essentials Create metricization rules for your data Connect to Splunk Observability cloud Create an ingest processor pipeline Deploy ingest processor pipeline
© 2024 SPLUNK INC. As a Splunk admin, I want to drop verbose onboarding data from z-scaler logs, SaaS based firewalls, reduce all the reductant texts and then send actionable data to Splunk. So I can reduce cost and storage space. As a SRE/Developer, I want to ingest event logs into Splunk Enterprise Cloud for endpoint security monitoring in ES and I would like to enrich (add additional fields/info) the logs before sending them to Enterprise Cloud. So I can make informed decisions with more the access to right contextual information. As a business owner, I want to investigate the security threats on logins and IPs ranges to make some investments on process so that I can protect So I can improve threat monitoring and protect overall security posture of the company As a IT admin, I want to mask all PII information from HR functions before indexing So I can improve adhering to compliance standards, improve security monitoring and maintenance of customer trust As a IT admin, I want to send two audit files that was too chatty windows audit logs and Linux audit logs so that I can get visibility into data that I missed before. However, this now increases their Splunk license, together it would be data sets from 7k servers. So I can better monitor for unapproved permissions escalation on both Linux and Windows. Use-Cases
© 2022 SPLUNK INC. Thank You
Ad

Recommended

Splunk Cloud Platform's Cross-Region Disaster Recovery.pdf
Splunk Cloud Platform's Cross-Region Disaster Recovery.pdfSplunk Cloud Platform's Cross-Region Disaster Recovery.pdf
Splunk Cloud Platform's Cross-Region Disaster Recovery.pdf
willmorekanan
 
March 2023 PNW User Group
March 2023 PNW User GroupMarch 2023 PNW User Group
March 2023 PNW User Group
Amanda Richardson
 
Splunk PNW User Group - Seattle - 2023-06-28.pdf
Splunk PNW User Group - Seattle - 2023-06-28.pdfSplunk PNW User Group - Seattle - 2023-06-28.pdf
Splunk PNW User Group - Seattle - 2023-06-28.pdf
Amanda Richardson
 
Splunk configuration file for the cloud automation
Splunk configuration file for the cloud automationSplunk configuration file for the cloud automation
Splunk configuration file for the cloud automation
willmorekanan
 
SFBA Splunk User Group Meeting February 2023
SFBA Splunk User Group Meeting February 2023SFBA Splunk User Group Meeting February 2023
SFBA Splunk User Group Meeting February 2023
Becky Burwell
 
sfbaug20230215-230310221623-88beae19.pdf
sfbaug20230215-230310221623-88beae19.pdfsfbaug20230215-230310221623-88beae19.pdf
sfbaug20230215-230310221623-88beae19.pdf
JeffForrest8
 
Splunk4Rookies - Attendee - May 2023.pdf
Splunk4Rookies - Attendee - May 2023.pdfSplunk4Rookies - Attendee - May 2023.pdf
Splunk4Rookies - Attendee - May 2023.pdf
djdhhdddhhd
 
Building Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public SectorBuilding Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public Sector
Splunk
 
SFBA Splunk Usergroup meeting July 17, 2024
SFBA Splunk Usergroup meeting July 17, 2024SFBA Splunk Usergroup meeting July 17, 2024
SFBA Splunk Usergroup meeting July 17, 2024
Becky Burwell
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk Solution overview testing versi 1
Splunk Solution overview testing versi 1Splunk Solution overview testing versi 1
Splunk Solution overview testing versi 1
yulitasarahhh
 
2022 09 March Splunk PNW User Group
2022 09 March Splunk PNW User Group 2022 09 March Splunk PNW User Group
2022 09 March Splunk PNW User Group
Amanda Richardson
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
November 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupNovember 2021 Splunk PNW User Group
November 2021 Splunk PNW User Group
Amanda Richardson
 
SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022
Becky Burwell
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
Splunk
 
Splunk ES 8 mission controle data analytic
Splunk ES 8 mission controle data analyticSplunk ES 8 mission controle data analytic
Splunk ES 8 mission controle data analytic
willmorekanan
 
Intro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdfIntro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdf
PremDomingo
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
Introduction to Snowflake for Multi-cloud Data World
Introduction to Snowflake for Multi-cloud Data WorldIntroduction to Snowflake for Multi-cloud Data World
Introduction to Snowflake for Multi-cloud Data World
XiaoweiChen24
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
Ulf Thornander
 
Accelerate Observability of the Database Foundations Underpinning.pdf
Accelerate Observability of the Database Foundations Underpinning.pdfAccelerate Observability of the Database Foundations Underpinning.pdf
Accelerate Observability of the Database Foundations Underpinning.pdf
willmorekanan
 
HCE204: The Wonderful World Of Containers
HCE204: The Wonderful World Of ContainersHCE204: The Wonderful World Of Containers
HCE204: The Wonderful World Of Containers
NEXTtour
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024
Becky Burwell
 
SFBA Splunk Usergroup Meeting, August 14, 2024
SFBA Splunk Usergroup Meeting, August 14, 2024SFBA Splunk Usergroup Meeting, August 14, 2024
SFBA Splunk Usergroup Meeting, August 14, 2024
Becky Burwell
 
Ad

More Related Content

Similar to SFBA Splunk Usergroup meeting Nov 20, 2024 (20)

SFBA Splunk Usergroup meeting July 17, 2024
SFBA Splunk Usergroup meeting July 17, 2024SFBA Splunk Usergroup meeting July 17, 2024
SFBA Splunk Usergroup meeting July 17, 2024
Becky Burwell
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk Solution overview testing versi 1
Splunk Solution overview testing versi 1Splunk Solution overview testing versi 1
Splunk Solution overview testing versi 1
yulitasarahhh
 
2022 09 March Splunk PNW User Group
2022 09 March Splunk PNW User Group 2022 09 March Splunk PNW User Group
2022 09 March Splunk PNW User Group
Amanda Richardson
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
November 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupNovember 2021 Splunk PNW User Group
November 2021 Splunk PNW User Group
Amanda Richardson
 
SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022
Becky Burwell
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
Splunk
 
Splunk ES 8 mission controle data analytic
Splunk ES 8 mission controle data analyticSplunk ES 8 mission controle data analytic
Splunk ES 8 mission controle data analytic
willmorekanan
 
Intro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdfIntro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdf
PremDomingo
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
Introduction to Snowflake for Multi-cloud Data World
Introduction to Snowflake for Multi-cloud Data WorldIntroduction to Snowflake for Multi-cloud Data World
Introduction to Snowflake for Multi-cloud Data World
XiaoweiChen24
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
Ulf Thornander
 
Accelerate Observability of the Database Foundations Underpinning.pdf
Accelerate Observability of the Database Foundations Underpinning.pdfAccelerate Observability of the Database Foundations Underpinning.pdf
Accelerate Observability of the Database Foundations Underpinning.pdf
willmorekanan
 
HCE204: The Wonderful World Of Containers
HCE204: The Wonderful World Of ContainersHCE204: The Wonderful World Of Containers
HCE204: The Wonderful World Of Containers
NEXTtour
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SFBA Splunk Usergroup meeting July 17, 2024
SFBA Splunk Usergroup meeting July 17, 2024SFBA Splunk Usergroup meeting July 17, 2024
SFBA Splunk Usergroup meeting July 17, 2024
Becky Burwell
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk Solution overview testing versi 1
Splunk Solution overview testing versi 1Splunk Solution overview testing versi 1
Splunk Solution overview testing versi 1
yulitasarahhh
 
2022 09 March Splunk PNW User Group
2022 09 March Splunk PNW User Group 2022 09 March Splunk PNW User Group
2022 09 March Splunk PNW User Group
Amanda Richardson
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
November 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupNovember 2021 Splunk PNW User Group
November 2021 Splunk PNW User Group
Amanda Richardson
 
SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022
Becky Burwell
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
Splunk
 
Splunk ES 8 mission controle data analytic
Splunk ES 8 mission controle data analyticSplunk ES 8 mission controle data analytic
Splunk ES 8 mission controle data analytic
willmorekanan
 
Intro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdfIntro To Observability-March-2023.pdf
Intro To Observability-March-2023.pdf
PremDomingo
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
Introduction to Snowflake for Multi-cloud Data World
Introduction to Snowflake for Multi-cloud Data WorldIntroduction to Snowflake for Multi-cloud Data World
Introduction to Snowflake for Multi-cloud Data World
XiaoweiChen24
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
Ulf Thornander
 
Accelerate Observability of the Database Foundations Underpinning.pdf
Accelerate Observability of the Database Foundations Underpinning.pdfAccelerate Observability of the Database Foundations Underpinning.pdf
Accelerate Observability of the Database Foundations Underpinning.pdf
willmorekanan
 
HCE204: The Wonderful World Of Containers
HCE204: The Wonderful World Of ContainersHCE204: The Wonderful World Of Containers
HCE204: The Wonderful World Of Containers
NEXTtour
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 

More from Becky Burwell (14)

SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024
Becky Burwell
 
SFBA Splunk Usergroup Meeting, August 14, 2024
SFBA Splunk Usergroup Meeting, August 14, 2024SFBA Splunk Usergroup Meeting, August 14, 2024
SFBA Splunk Usergroup Meeting, August 14, 2024
Becky Burwell
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
Becky Burwell
 
SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023
Becky Burwell
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdf
Becky Burwell
 
SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023
Becky Burwell
 
SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022
Becky Burwell
 
SF Bay Area Splunk User Group Meeting October 5, 2022
SF Bay Area Splunk User Group Meeting October 5, 2022SF Bay Area Splunk User Group Meeting October 5, 2022
SF Bay Area Splunk User Group Meeting October 5, 2022
Becky Burwell
 
SFBA Splunk User Group Meeting August 10, 2022
SFBA Splunk User Group Meeting August 10, 2022SFBA Splunk User Group Meeting August 10, 2022
SFBA Splunk User Group Meeting August 10, 2022
Becky Burwell
 
SFBA Splunk Usergroup meeting July 13, 2022
SFBA Splunk Usergroup meeting July 13, 2022SFBA Splunk Usergroup meeting July 13, 2022
SFBA Splunk Usergroup meeting July 13, 2022
Becky Burwell
 
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdfdesigning-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
Becky Burwell
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
Becky Burwell
 
Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021
Becky Burwell
 
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Becky Burwell
 
SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024SFBA Splunk Usergroup meeting September 4, 2024
SFBA Splunk Usergroup meeting September 4, 2024
Becky Burwell
 
SFBA Splunk Usergroup Meeting, August 14, 2024
SFBA Splunk Usergroup Meeting, August 14, 2024SFBA Splunk Usergroup Meeting, August 14, 2024
SFBA Splunk Usergroup Meeting, August 14, 2024
Becky Burwell
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
Becky Burwell
 
SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023
Becky Burwell
 
SFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdfSFBA_SUG_2023-08-02.pdf
SFBA_SUG_2023-08-02.pdf
Becky Burwell
 
SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023
Becky Burwell
 
SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022
Becky Burwell
 
SF Bay Area Splunk User Group Meeting October 5, 2022
SF Bay Area Splunk User Group Meeting October 5, 2022SF Bay Area Splunk User Group Meeting October 5, 2022
SF Bay Area Splunk User Group Meeting October 5, 2022
Becky Burwell
 
SFBA Splunk User Group Meeting August 10, 2022
SFBA Splunk User Group Meeting August 10, 2022SFBA Splunk User Group Meeting August 10, 2022
SFBA Splunk User Group Meeting August 10, 2022
Becky Burwell
 
SFBA Splunk Usergroup meeting July 13, 2022
SFBA Splunk Usergroup meeting July 13, 2022SFBA Splunk Usergroup meeting July 13, 2022
SFBA Splunk Usergroup meeting July 13, 2022
Becky Burwell
 
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdfdesigning-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
Becky Burwell
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
Becky Burwell
 
Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021
Becky Burwell
 
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Becky Burwell
 
Ad

Recently uploaded (20)

How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136
illuminati Agent uganda call+256776963507/0741506136
 
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.pptJust-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
ssuser5f8f49
 
LLM finetuning for multiple choice google bert
LLM finetuning for multiple choice google bertLLM finetuning for multiple choice google bert
LLM finetuning for multiple choice google bert
ChadapornK
 
chapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.pptchapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.ppt
justinebandajbn
 
DPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdfDPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdf
inmishra17121973
 
Calories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptxCalories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptx
TijiLMAHESHWARI
 
md-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptx
md-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptxmd-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptx
md-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptx
fatimalazaar2004
 
chapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptxchapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptx
justinebandajbn
 
Conic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptxConic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptx
taiwanesechetan
 
computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
VKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptxVKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptx
Vinod Srivastava
 
Deloitte Analytics - Applying Process Mining in an audit context
Deloitte Analytics - Applying Process Mining in an audit contextDeloitte Analytics - Applying Process Mining in an audit context
Deloitte Analytics - Applying Process Mining in an audit context
Process mining Evangelist
 
1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf
1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf
1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf
Simran112433
 
04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story
ccctableauusergroup
 
Medical Dataset including visualizations
Medical Dataset including visualizationsMedical Dataset including visualizations
Medical Dataset including visualizations
vishrut8750588758
 
VKS-Python Basics for Beginners and advance.pptx
VKS-Python Basics for Beginners and advance.pptxVKS-Python Basics for Beginners and advance.pptx
VKS-Python Basics for Beginners and advance.pptx
Vinod Srivastava
 
Principles of information security Chapter 5.ppt
Principles of information security Chapter 5.pptPrinciples of information security Chapter 5.ppt
Principles of information security Chapter 5.ppt
EstherBaguma
 
How iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost FundsHow iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost Funds
ireneschmid345
 
Developing Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response ApplicationsDeveloping Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response Applications
VICTOR MAESTRE RAMIREZ
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136How to join illuminati Agent in uganda call+256776963507/0741506136
How to join illuminati Agent in uganda call+256776963507/0741506136
illuminati Agent uganda call+256776963507/0741506136
 
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.pptJust-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
Just-In-Timeasdfffffffghhhhhhhhhhj Systems.ppt
ssuser5f8f49
 
LLM finetuning for multiple choice google bert
LLM finetuning for multiple choice google bertLLM finetuning for multiple choice google bert
LLM finetuning for multiple choice google bert
ChadapornK
 
chapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.pptchapter3 Central Tendency statistics.ppt
chapter3 Central Tendency statistics.ppt
justinebandajbn
 
DPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdfDPR_Expert_Recruitment_notice_Revised.pdf
DPR_Expert_Recruitment_notice_Revised.pdf
inmishra17121973
 
Calories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptxCalories_Prediction_using_Linear_Regression.pptx
Calories_Prediction_using_Linear_Regression.pptx
TijiLMAHESHWARI
 
md-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptx
md-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptxmd-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptx
md-presentHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHation.pptx
fatimalazaar2004
 
chapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptxchapter 4 Variability statistical research .pptx
chapter 4 Variability statistical research .pptx
justinebandajbn
 
Conic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptxConic Sectionfaggavahabaayhahahahahs.pptx
Conic Sectionfaggavahabaayhahahahahs.pptx
taiwanesechetan
 
computer organization and assembly language.docx
computer organization and assembly language.docxcomputer organization and assembly language.docx
computer organization and assembly language.docx
alisoftwareengineer1
 
VKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptxVKS-Python-FIe Handling text CSV Binary.pptx
VKS-Python-FIe Handling text CSV Binary.pptx
Vinod Srivastava
 
Deloitte Analytics - Applying Process Mining in an audit context
Deloitte Analytics - Applying Process Mining in an audit contextDeloitte Analytics - Applying Process Mining in an audit context
Deloitte Analytics - Applying Process Mining in an audit context
Process mining Evangelist
 
1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf
1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf
1. Briefing Session_SEED with Hon. Governor Assam - 27.10.pdf
Simran112433
 
04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story04302025_CCC TUG_DataVista: The Design Story
04302025_CCC TUG_DataVista: The Design Story
ccctableauusergroup
 
Medical Dataset including visualizations
Medical Dataset including visualizationsMedical Dataset including visualizations
Medical Dataset including visualizations
vishrut8750588758
 
VKS-Python Basics for Beginners and advance.pptx
VKS-Python Basics for Beginners and advance.pptxVKS-Python Basics for Beginners and advance.pptx
VKS-Python Basics for Beginners and advance.pptx
Vinod Srivastava
 
Principles of information security Chapter 5.ppt
Principles of information security Chapter 5.pptPrinciples of information security Chapter 5.ppt
Principles of information security Chapter 5.ppt
EstherBaguma
 
How iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost FundsHow iCode cybertech Helped Me Recover My Lost Funds
How iCode cybertech Helped Me Recover My Lost Funds
ireneschmid345
 
Developing Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response ApplicationsDeveloping Security Orchestration, Automation, and Response Applications
Developing Security Orchestration, Automation, and Response Applications
VICTOR MAESTRE RAMIREZ
 
Classification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptxClassification_in_Machinee_Learning.pptx
Classification_in_Machinee_Learning.pptx
wencyjorda88
 
Ad

SFBA Splunk Usergroup meeting Nov 20, 2024

  • 1. © 2024 SPLUNK INC. IPv6 & Splunk November, 2024 Martin Misciagna Solutions Engineer [email protected] [email protected]
  • 2. © 2024 SPLUNK INC. Forward-looking statements The preceding constitutes Splunk’s Confidential Information and is intended to outline Splunk’s general product direction, which is subject to change at any time without notice. The contents of this document are intended for informational purposes only and are not to be incorporated into any contract. This document includes plans and forward-looking statements. These statements are based on Splunk’s current expectations and involve many factors and uncertainties that could cause actual results or timing to differ materially from those expressed or implied in such statements. These statements should not be interpreted as a commitment from Splunk to deliver any material, code, or functionality and should not be relied upon in purchasing decisions. The development, release, and timing of any features or functionality described for Splunk’s products remain at Splunk's sole discretion.
  • 3. © 2024 SPLUNK INC. Presentation logistics - What? - Why? - How? - When? - Road Map
  • 4. © 2024 SPLUNK INC. What? - IPv4 address example: 17.172. 224.47 - IPv6 address example: 2001:db8:3333:4444:5555:6666:7777:8888
  • 5. © 2024 SPLUNK INC. What are the differences?
  • 6. © 2024 SPLUNK INC. It’s better! Right!!! ● New header format ● Extensibility ● Large address space ● Better security. ● Stateless and stateful host addressing (SLAAC) ● More efficient LAN interactions ● Multiple IPv6 addresses per device ● New address types
  • 7. © 2024 SPLUNK INC. Why? - M-21-07 Memorandum: “At least 80% of IP-enabled assets on Federal networks are operating in IPv6-only environments by the end of FY 2025” - Global IPv6 adoption at ~42% as of Nov 13, 2024 - Faster - Cheaper - More secure
  • 8. © 2024 SPLUNK INC. How? - Ingress and egress - Dual Stack - Network Load Balancer - Configuration change - Feature flag - Maintenance window and Splunk update might be required
  • 9. © 2024 SPLUNK INC. Architecture
  • 10. © 2024 SPLUNK INC. When? ● November 25, 2024: Early Access Program ‒ 7 Government and private sector Entities ‒ End of Q1: GA ● If you want to enroll in early access please contact: [email protected] ‒ Runbooks are available ‒ https://lantern.splunk.com/Splunk_Platform/Product_Tips/Administration/Splunk_over_IPv6_Runboo k_for_Splunk_Enterprise_Customers ‒ https://lantern.splunk.com/Splunk_Platform/Product_Tips/Administration/Splunk_over_IPv6_Runboo k__for_Splunk_Cloud_Platform_Customers
  • 11. © 2024 SPLUNK INC. - Lengthy internal processes on the customer side - Firewall update required - Assess IPv6 readiness - Splunk is working with Cisco, AWS and following NIST Guidelines Early-access feedback
  • 12. © 2024 SPLUNK INC. Next Later Azure FedRAMP GCP FedRAMP Splunkbase ecosystem Accelerated by customers’ feedback Splunk IPv6 Roadmap © 2024 SPLUNK INC. Early access & GA Splunk Enterprise Splunk Cloud Platform AWS Commercial AWS FedRAMP Moderate AWS FedRAMP High Enterprise Security Splunk IT Service Intelligence AWS IL5 Azure Commercial GCP Commercial Splunk User Behavior Analytics Splunk SOAR Dedicated IPv6 Splunkbase app IPv6-only deployments Federated Search
  • 13. © 2024 SPLUNK INC. Let’s ride the IPv6 wave
  • 14. © 2024 SPLUNK INC. © 2024 SPLUNK INC. | Splunk Confidential and Internal - Do Not Distribute The Splunk you love will get even better.
  • 15. © 2024 SPLUNK INC. © 2024 SPLUNK INC. SPLUNK CONFIDENTIAL Data Management (formerly GDI) Product Management Splunk Platform
  • 16. Forward- looking statements © 2024 SPLUNK INC. This presentation may be deemed to contain forward-looking statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words “will,” “believes,” “plans,” “anticipates,” “expects,” “estimates,” “strives,” “goal,” “intends,” “may,” “endeavors,” “continues,” “projects,” “seeks,” or “targets,” or the negative of these terms or other comparable terminology, as well as similar expressions) should be considered to be forward-looking statements, although not all forward-looking statements contain these identifying words. Readers should not place undue reliance on these forward-looking statements, as these statements are management’s beliefs and assumptions, many of which, by their nature, are inherently uncertain, and outside of management’s control. Forward-looking statements may include statements regarding the expected benefits to Cisco, Splunk and their respective customers from the completed transaction, the integration of Splunk’s and Cisco’s complementary capabilities and products to create an end-to-end platform designed to unlock greater digital resilience for customers, our expectations regarding greater resiliency and better product outcomes, including for security and observability, plans for future investment, our development and use of AI and the role that our innovation plays as our customers adopt AI. Statements regarding future events are based on Cisco’s current expectations, estimates, and projections and are necessarily subject to associated risks related to, among other things, (i) the ability of Cisco to successfully integrate Splunk’s market opportunities, technology, personnel and operations and to achieve expected benefits, (ii) Cisco’s ability to implement its plans, forecasts and other expectations with respect to Splunk’s business and realize expected synergies, (iii) the outcome of any legal proceedings related to the transaction, (iv) the effects on the accounting relating to the acquisition of Splunk, (v) legislative, regulatory, and economic developments, (vi) general economic conditions, and (vii) the retention of key personnel. Therefore, actual results may differ materially and adversely from the anticipated results or outcomes indicated in any forward-looking statements. For information regarding other related risks, see the “Risk Factors” section of Cisco’s most recent report on Form 10-Q filed on February 20, 2024 and its most recent report on Form 10-K filed on September 7, 2023, as well as the “Risk Factors” section of Splunk’s most recent reports on Form 10-Q filed with the SEC on February 20, 2024 and November 21, 2023, respectively. The parties undertake no obligation to revise or update any forward-looking statements for any reason, except as required by law. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in beta or in preview (used interchangeably), or to include any such feature or functionality in a future release. Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2024 Splunk Inc. All rights reserved.
  • 17. © 2024 SPLUNK INC. The Data Challenge By 2026, large enterprises will triple their unstructured data capacity across their on-premises, edge and public cloud locations, compared to 2023*. ● Logs, Metrics, Traces, ● Events Cloud, On-prem, IOT ● Troubleshooting ● Threat detection/investigation ● Compliance Explosive Data Growth Proliferation of Data Sources and Types Disparate Use Cases *Source: Gartner 2023 Hype Cycle
  • 18. © 2024 SPLUNK INC. The Data Management Landscape Ingestion Processing Landing Manageability ●Unlimited Sources and Patterns ●Ever Increasing Complexity In Splunk, as well as Data Lakes ●Swivel Chair and Toil Heavy
  • 19. © 2024 SPLUNK INC. © 2024 SPLUNK INC. Not All Data Is The Same Data Age and Use Case Applicability Increasingly Important Age of Data Forensics, Audit & Compliance <1 sec <1 min <10 sec 1 week 1 year 1 month 1 hour 1 day 10 year Prevention, Detection, Monitoring Incident Review, Investigations, Threat Hunting Real and Near-Real Time Archive Ad Hoc
  • 20. © 2024 SPLUNK INC. What Do The Best Splunk Admins Want? For ingest, configuration, processing, and management across Splunk products Unified Approach Setup in minutes, not hours. Modern UI with smart defaults and best practices Lower TTV Centralized data pipelines monitoring & troubleshooting. Alerts. Agent management. E2E Visibility Plug into DevOps automation. Build on top with APIs, tools and frameworks Empowered Developers And What Are We Doing to Give Them That! Be Hyper Productive Deliver Faster Be in Control Build and Automate
  • 21. © 2024 SPLUNK INC. © 2024 SPLUNK INC. Splunk Data Management (DMX) Unified data configuration, processing, and management Filter Normalize Mask Enrich Logs to Metrics Aggregate Public Cloud Private Cloud On Premise Data Lake Splunk Cloud Splunk Enterprise Data Management Experience (DMX) Runs on the Edge and Cloud End to End Monitoring (incl. Agent Management) UF, HEC, OTel Metrics Logs Routing Traces Events Splunk O11y Cloud Amazon S3
  • 23. © 2024 SPLUNK INC. © 2024 SPLUNK INC. Choice and Efficiency Without Sacrifice DMX and Federated Search powering Federated Analytics Splunk Data Management Splunk Federated Search Splunk Cloud Data Lake Splunk O11y Cloud Amazon S3 Splunk Enterprise
  • 25. © 2024 SPLUNK INC. © 2024 SPLUNK INC. SPLUNK CONFIDENTIAL Data Processing Data Acquisition (Forwarders, HEC/S2S, Data Manager, Pull Connectors, Stream, SC4* Connectors) Data Processing (Edge & Ingest Processing, Ingest Actions, SPL2) Content (TAs, CIM, SPL2 templates, UCC Framework, Gold Standard) Manageability (Unified Agent Management, Deployment Server, Monitoring & Troubleshooting, Alerts) Data Management / GDI
  • 26. © 2024 SPLUNK INC. Gain access to the right data, at the right time to accelerate insights while optimizing cost and managing compliance.
  • 27. © 2024 SPLUNK INC. Data Management Flexible filtering, masking, and routing capabilities for your growing data volumes Choice of how processing is deployed: at the edge with Edge Processor or at ingest with Ingest Processor GA ANNOUNCING 13
  • 28. © 2024 SPLUNK INC. Edge Processing at Splunk Powerful and performant edge processing New UI to quickly and easily author and deploy ingest or edge transformations and routing Edge processing, with UI to quickly and easily author, deploy and manage edge transformations and routing Heavyweight Forwarders Ingest Actions Edge Processor
  • 29. © 2023 SPLUNK INC. Quick recap - Edge Processor New pipeline authoring experience - SPL2 - delivers efficient, flexible data transformation Use cases include filter, mask, and route to Splunk platform or S3 Customers enjoy real-time visibility into and control over their data in motion Customers can derive more value from and generate new insights into their data Simplified data processing near the source of data Service offering delivered through cloud control plane, available on Splunk Cloud Platform Customer supplies hosts on which edge processors are deployed, with flexibility to scale How’s it work? What’s this? So what?
  • 30. © 2024 SPLUNK INC. Extending Processing Capabilities to Splunk Cloud Customers
  • 31. © 2024 SPLUNK INC. Splunk® Ingest processor is a New Capability on Splunk® Cloud Platform Fully hosted and managed by Splunk Integrated with Splunk Indexes Scalable service Splunk Cloud <> Observability
  • 32. © 2024 SPLUNK INC. Logs Ingestion & Metricization on Splunk Cloud Splunk Cloud Mask PII Route Filter Noise Splunk Observability Cloud Splunk Data Management Ingest processor Convert Logs to Metrics Splunk Cloud Index Ingest logs data and generate metrics to power real-time dashboards and alerts HEC S2S Ingest Layer +other sources AWS S3
  • 33. © 2024 SPLUNK INC. © 2024 SPLUNK INC. Architecture Overview Splunk Cloud Index Splunk® Cloud Platform Ingestion Endpoint Data Management Ingest processor host, source, sourcetype SPL2™ processing engine Pipeline Authoring UI Observability S3
  • 34. © 2024 SPLUNK INC. Sources DMX Edge Processor DMX Control Plane (UI) (Pipeline Design, Monitoring etc) ` DMX Ingest Processor ` HEC UF/HF Customer Edge Configuration and telemetry Configuration Execution Data transport Configuration and telemetry Data transport Cloud Ingestion (Parsed Data) DMX Processing - Edge & Ingest S3 Observability cloud Splunk® Cloud Platform indexers host, source, sourcetype Collection & Forwarding Extending pre-processing capabilities to Splunk Cloud Customers
  • 35. © 2024 SPLUNK INC. SPLUNK CONFIDENTIAL When should I use which product? Comparing Splunk’s pre-index data processing capabilities Edge Processor Ingest Processor Ingest Actions Filter, mask, and route data before indexing SPL2-based pipelines UI over props and transforms Splunk Cloud (AWS) Splunk Cloud (AWS/GCP) & Splunk Enterprise Process data on customer-managed edge using SPL2 processing engine Process data using Splunk-managed SPL2 processing engine Process data on HWF or Indexer using rulesets Ingest data from S2S, HEC, Syslog, & Preview sample data (copy/paste & file upload) Ingest data from any Splunk Cloud (Victoria) input, Preview sample data (copy/paste & file upload), Live Capture of incoming data Ingest data from any Splunk supported data input, Live Capture, Output Name Partitioning, & Output Support for Fed Search on S3 Route to Splunk Cloud Platform, Splunk Enterprise, & Amazon S3 Route to Splunk Cloud Platform, Amazon S3, & Splunk Observability Cloud Route to Splunk Cloud Platform, Splunk Enterprise, Amazon S3, & File System
  • 36. © 2024 SPLUNK INC. Takeaways Optimize your data where you need Get started with zero infrastructure Prerequisites to get started ● Pre-ingest processing (Edge) ● Cloud hosted event processing (Ingest Processor) ● Shares the same SPL2 pipeline authoring ● DMX on CMP (On-prem only customers).... coming soon ● Faster Time to Insights ● Filter verbose or low-value sources ● Extract just the critical data ● Mask PII ● Available in Splunk Cloud AWS, stacks upgraded 9.1.2312.202, 203 ● Available across AMER, EMEA, APAC regions ● Supported on NOAH stacks ONLY (not supported on Classic exp) ● CCF compliant
  • 37. © 2024 SPLUNK INC. Let’s See in Action!
  • 38. © 2024 SPLUNK INC. Kubernetes Logs: Audit, Proxy and More (Q2 GA) Create metrics to tell you WHEN to look at logs Instead of looking for errors in audit logs… Create a metric that is the count of errors!
  • 39. © 2024 SPLUNK INC. Windows Logs: Perfmon and wineventlog (Q2 GA) Creating performance metrics from legacy Windows sources Instead of searching through logs to find the event code you need… Metricize your event codes and filter by host!
  • 40. © 2024 SPLUNK INC. Azure: Activity and Resource Logs (Q2 GA) Extract additional metrics from Azure event hubs and Storage Blobs to enrich your observability Instead of taking time to configure verbose logging Convert to metrics at ingest time!
  • 41. © 2024 SPLUNK INC. Useful Links Where can we get more information? Resource links? #gdi-ingest-processor-public General Q&A: ● #dm-ingest-processor-public ● How to request IP Essentials Create metricization rules for your data Connect to Splunk Observability cloud Create an ingest processor pipeline Deploy ingest processor pipeline
  • 42. © 2024 SPLUNK INC. As a Splunk admin, I want to drop verbose onboarding data from z-scaler logs, SaaS based firewalls, reduce all the reductant texts and then send actionable data to Splunk. So I can reduce cost and storage space. As a SRE/Developer, I want to ingest event logs into Splunk Enterprise Cloud for endpoint security monitoring in ES and I would like to enrich (add additional fields/info) the logs before sending them to Enterprise Cloud. So I can make informed decisions with more the access to right contextual information. As a business owner, I want to investigate the security threats on logins and IPs ranges to make some investments on process so that I can protect So I can improve threat monitoring and protect overall security posture of the company As a IT admin, I want to mask all PII information from HR functions before indexing So I can improve adhering to compliance standards, improve security monitoring and maintenance of customer trust As a IT admin, I want to send two audit files that was too chatty windows audit logs and Linux audit logs so that I can get visibility into data that I missed before. However, this now increases their Splunk license, together it would be data sets from 7k servers. So I can better monitor for unapproved permissions escalation on both Linux and Windows. Use-Cases
  • 43. © 2022 SPLUNK INC. Thank You