SlideShare a Scribd company logo

SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

Download as PPTX, PDF
Splunk
Splunk

The document provides an agenda for a SplunkLive! presentation on installing and using Splunk. It includes downloading required files, importing sample data, conducting searches on the data, and exploring various Splunk features through a live demonstration. Common installation problems are also addressed. The presentation aims to provide attendees with the knowledge and skills to get started using Splunk through hands-on learning and a question and answer session.

1 of 64
Downloaded 37 times
SplunkLive! Dirk Beerbohm | Senior Sales Engineer München, 20. März 2018
Set Up Before You Can Play Download the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
Getting Started With Splunk Enterprise
© 2018 SPLUNK INC. 1. Splunk Overview 2. Using Splunk – Live Demonstration/Walk-Through • Installing & Onboarding Data • Searching • Field Extraction • Dashboards • Alerting • Analytics 3. Wrap-up/Q&A Agenda
Big Data Comes From Machines Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Splunk’s Mission: Make machine data accessible, usable, and valuable to everyone
What Does Machine Data Look Like? Order Processing Twitter Care IVR Middleware Error ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} SOURCES
Machine Data Contains Critical Insights Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID SOURCES
Machine Data Contains Critical Insights SOURCES Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID
Industry Leading Platform For Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source No back-end database Schema on-the-fly No need to filter data Quick time to value Agile reporting and analytics Real-time architecture
Installing and Using Splunk Live Demonstration & Walk-Through
Set Up Before You Can Play Get the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
▶ IMPORT THE ZIP FILE, not individual files within it: http://www.splunkbook.com (sample data is located under ‘related links’ section – *same tutorialdata.zip from first page) ▶ Log in to Splunk – http://127.0.0.1:8000 username=admin password=changeme ▶ To add the file to Splunk: • Click Add Data • Click Upload files from my computer • Drag and drop your sample data zip file • Review and finish Getting Data Into Splunk We will import sample web e-commerce store events
▶ License expired (already had older version installed) • Close browser, empty cache, open browser. If that doesn’t work: • Stop Splunk • Uninstall all Splunk versions • Windows Control Panel->Uninstall programs->Splunk • OS X. Finder->Applications->Right click Splunk, Move to trash • Reinstall • Start Splunk ▶ Can’t start Splunk • Windows, Search Control panel ->Services->Splunk start • Linux; cd <SPLUNK dir>/splunk/bin;./splunk start Common Problems at This Point
Let’s Dive In
© 2018 SPLUNK INC. ▶ See Slide Note at right about adding in step-by-step instructions here. Dashboard
▶ buttercupgames ▶ buttercupgames 400 ▶ buttercupgames 400 OR 500 ▶ buttercupgames status=400 OR status=500 ▶ buttercupgames status=400 OR status=500 | timechart count by status limit=10 ▶ buttercupgames status=* ▶ buttercupgames status=* | timechart count by status limit=10 ▶ buttercupgames status=* AND status!=200 | timechart count by status limit=10 ▶ index=* sourcetype=access_combined_wcookie Searches Used
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
▶ index=* sourcetype=access_combined_wcookie | top limit=20 browser_type (field extraction necessary) ▶ buttercupgames status!=200 ▶ buttercupgames status!=200 | stats count by status | where count > 100 ▶ buttercupgames status=* | iplocation clientip ▶ buttercupgames status=* | iplocation clientip | geostats count by action Searches Used (Continued)
▶ SplunkLive! Presentations • http://splunklive.splunk.com/presentations.html ▶ Documentation • http://www.splunk.com/base/Documentation ▶ Technical Support • http://www.splunk.com/support ▶ Videos • http://www.splunk.com/videos ▶ Education • http://www.splunk.com/view/education/SP- CAAAAH9 ▶ Community • http://answers.splunk.com ▶ Splunk Book • http://splunkbook.com Time to Start SPLUNKING!!! Where do I go for help?
Thriving Community dev.splunk.com 75,000+ questions and answers 1,000+ apps Local user groups and SplunkLive! events
▶Save the Date 2018 October 1-4, 2018 ▶ 8,750+ Splunk Enthusiasts ▶ 300+ Sessions ▶ 100+ Customer Speakers Plus Splunk University: ▶ Three Days: September 29-October 1, 2018 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP Walt Disney World Swan and Dolphin Resort in Orlando conf .splunk.com SAVE THE DATE!
Wrap-Up/Q&A
© 2018 SPLUNK INC. Don't forget to rate this session in the SplunkLive! mobile app Thank You
Appendix: Detailed Walk-Through
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
© 2018 SPLUNK INC. Download Splunk Enterprise for your OS and architecture.
© 2018 SPLUNK INC. Download tutorialdata.zip
© 2018 SPLUNK INC. With Firefox, Chrome or Safari – head to http://127.0.0.1:8000 User = admin Password = changeme
© 2018 SPLUNK INC. You’ve successfully installed Splunk and logged in! Let’s add the tutorialdata.zip via “Add Data.”
© 2018 SPLUNK INC. You can also “Add Data” from Settings at the top.
© 2018 SPLUNK INC. Click on upload.
© 2018 SPLUNK INC. Let’s drag tutorialdata.zip into “Drop your data file here.”
© 2018 SPLUNK INC. Click Next
© 2018 SPLUNK INC. Splunk can auto detect the source type. Let’s change host field to buttercup-web01, and then click Review.
© 2018 SPLUNK INC. Looks good, click Submit.
© 2018 SPLUNK INC. Let’s Start Searching our data.
© 2018 SPLUNK INC. We’re brought into a search with filters applied to search the data we just uploaded.
© 2018 SPLUNK INC. Let’s type “buttercupgames” in the search bar, and double-click into a bar on the histogram.
© 2018 SPLUNK INC. Notice the time picker changed with our drill into the histogram bar.
© 2018 SPLUNK INC. Given that this data is web access, let’s do a string search for 400, which is a “Bad Request” code. Notice that there are 188 events returned (number will vary for you).
© 2018 SPLUNK INC. Let’s also add 500 into the mix, and notice that my event count is higher now.
© 2018 SPLUNK INC. We can see the 400 and 500 status codes, but other status codes also show up in our results. That’s because the string search doesn’t explicitly search for status values – it’ll string match any event that contains “400” or “500.”
© 2018 SPLUNK INC. Let’s explicitly search for status codes equaling values we want to see returned.
© 2018 SPLUNK INC. Great, we’ve now returned all the events containing the two status codes we searched for. Click on “Top values by time,” which will build out a timechart for us.
© 2018 SPLUNK INC. Notice how our search query changed, there’s a | (pipe), and a timechart command added. The pipe followed by a command allows further operation on your filtered data set.
© 2018 SPLUNK INC. Let’s change our search to: buttercupgames status=* And – drill into one bar on the histogram.
© 2018 SPLUNK INC. Click on “top values by time” under the status field on the left, which will produce the timechart at right.
© 2018 SPLUNK INC. Let’s exclude 200 status codes by adding AND status!=200, and change Line to Column.
© 2018 SPLUNK INC. After changing from Line to Column, let’s Stack the results (middle stack under Stack Mode). Much better!
© 2018 SPLUNK INC. Let’s now save this to a dashboard, a place we can go to view this search without having to remember what we had just searched for. Click Save AS -> Dashboard Panel. Fill in, and click Save. Then, View dashboard.
© 2018 SPLUNK INC. Click on Search to get us back to our Search bar, and let’s key in: buttercupgames. Development wants to know what web browsers are being used to access the site, but no fields currently exist. No problem – let’s extract the browser field. Find an event that contains a value that you’re looking for, and click the “>” arrow just to the left of “Time.” The event will expand with a down arrow, and Extract Fields will be under Event Actions. Click Extract Fields.
© 2018 SPLUNK INC. Click Regular Expression (Splunk will build a regular expression to extract our fields), and click Next. Highlight the value of the field you’d like to create, and let’s name the field: browser_type Click Add Extraction.
© 2018 SPLUNK INC. Let’s verify that the extracted field contains values that are indeed types of browsers. Good, click Next to proceed. Now, open the permissions to “App,” which will allow users of the App the ability to leverage this extraction. Click Next.
© 2018 SPLUNK INC. Success! Let’s explore the fields just created in Search, by clicking the link.
© 2018 SPLUNK INC. You’ll now be taken to Search, with the filter set to the sourcetype that the field extraction has been applied to. Note – field extractions are coupled to a sourcetype. Click on “Top values.”
© 2018 SPLUNK INC. Notice how the search changed. And, instead of a bar graph, we want a pie chart, so drop down the “bar” option and change it to pie.
Let’s add this search to our dashboard, and then view the dashboard. Click Edit -> Edit Panels to drag the different panels to different positions.
© 2018 SPLUNK INC. Let’s go back to search, and search for buttercupgames AND status!=200 (we want to see events that aren’t successful). Add the stats and where clause above, to return when there are more than 100 unsuccessful status codes.
© 2018 SPLUNK INC. Let’s create an alert. Save As -> Alert. Fill out the Title, Scheduled, Earliest + Latest, and Cron Expression. Instead of 48, change to minutes a few ahead of your current time (i.e., if it’s 9:00 a.m., change to 05).
© 2018 SPLUNK INC. Add to Triggered Alerts and Save.
© 2018 SPLUNK INC. You should see an alert trigger once your scheduled search runs at the Cron expression you defined. * Note – it was mentioned that alerts wouldn’t work on a trial license. * Correction – alerts will work until the trial license expires.
© 2018 SPLUNK INC. Let’s go back to search and: buttercupgames status=* | iplocation clientip We want to look up the clientip values against the MaxMind database to pull in City, Country, State, Lat, Lon of the IPs.
© 2018 SPLUNK INC. Now, business is interested in seeing plots on a map of web users and what they’re doing with the website. Let’s append a geostats command that counts the events by the values of the action field. Pretty cool! This is definitely dashboard worthy Let’s add to dashboard.
© 2018 SPLUNK INC. Awesome! Now we have a single pane of glass that Operations, Development and Business all care about – from one data source! Talk about value!
Ad

Recommended

SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
Splunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
Splunk
 
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
Splunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
Splunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk
 
SplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands On
Splunk
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Harry McLaren
 
Ad

More Related Content

What's hot (20)

SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
Splunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
Splunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
Splunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
Splunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk
 

Similar to SplunkLive! Munich 2018: Getting Started with Splunk Enterprise (20)

SplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands On
Splunk
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Harry McLaren
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications
Hortonworks
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydney
Splunk
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
Splunk
 
Exploring and Using the Python Ecosystem
Exploring and Using the Python EcosystemExploring and Using the Python Ecosystem
Exploring and Using the Python Ecosystem
Adam Cook
 
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Soroosh Khodami
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0
Sungho Yoon
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havoc
Tiago Henriques
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
sl2square
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
The Security of Things Forum
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
Splunk
 
Machine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for TestingMachine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for Testing
TechWell
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Yahoo!デベロッパーネットワーク
 
SplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands OnSplunkLive! Zurich 2018: Getting Started & Hands On
SplunkLive! Zurich 2018: Getting Started & Hands On
Splunk
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Harry McLaren
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications Pivotal - Advanced Analytics for Telecommunications
Pivotal - Advanced Analytics for Telecommunications
Hortonworks
 
Anz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydneyAnz summit 2015 http event collector - sydney
Anz summit 2015 http event collector - sydney
Splunk
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer LoggingSplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
Splunk
 
Exploring and Using the Python Ecosystem
Exploring and Using the Python EcosystemExploring and Using the Python Ecosystem
Exploring and Using the Python Ecosystem
Adam Cook
 
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...
Soroosh Khodami
 
SnorGen User Guide 2.0
SnorGen User Guide 2.0SnorGen User Guide 2.0
SnorGen User Guide 2.0
Sungho Yoon
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havoc
Tiago Henriques
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
Data Onboarding
Data Onboarding Data Onboarding
Data Onboarding
Splunk
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
sl2square
 
What is being exposed from IoT Devices
What is being exposed from IoT DevicesWhat is being exposed from IoT Devices
What is being exposed from IoT Devices
The Security of Things Forum
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
Splunk
 
Machine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for TestingMachine Data Is EVERYWHERE: Use It for Testing
Machine Data Is EVERYWHERE: Use It for Testing
TechWell
 
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016Cassandra @ Yahoo Japan | Cassandra Summit 2016
Cassandra @ Yahoo Japan | Cassandra Summit 2016
Yahoo!デベロッパーネットワーク
 
Ad

More from Splunk (20)

Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public SectorBuilding Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public SectorBuilding Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Ad

Recently uploaded (20)

Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 

SplunkLive! Munich 2018: Getting Started with Splunk Enterprise

  • 1. SplunkLive! Dirk Beerbohm | Senior Sales Engineer München, 20. März 2018
  • 2. Set Up Before You Can Play Download the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
  • 4. © 2018 SPLUNK INC. 1. Splunk Overview 2. Using Splunk – Live Demonstration/Walk-Through • Installing & Onboarding Data • Searching • Field Extraction • Dashboards • Alerting • Analytics 3. Wrap-up/Q&A Agenda
  • 5. Big Data Comes From Machines Volume | Velocity | Variety | Variability GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases, Sensors, Telematics, Storage, Servers, Security Devices, Desktops Splunk’s Mission: Make machine data accessible, usable, and valuable to everyone
  • 6. What Does Machine Data Look Like? Order Processing Twitter Care IVR Middleware Error ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} SOURCES
  • 7. Machine Data Contains Critical Insights Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID SOURCES
  • 8. Machine Data Contains Critical Insights SOURCES Order Processing Twitter Care IVR Middleware Error Customer ID Order ID ORDER, 2018-01-21T14:04:12.484,10098213, 569281734,67.17.10.12,43CD1A7B8322,SA-2100 JAN 21 14:04:12.996 wl-01.acme.com Order 569281734 failed for customer 10098213. Exception follows: weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: [BEA][Oracle JDBC Driver] Error establishing socket to host and port: ACMEDB-01:1521. Reason: Connection refused 01/21/18 16:33:11.238 [CONNEVENT] Ext 1207130 (0192033): Event 20111, CTI Num:ServID:Type 0:19:9, App 0, ANI T7998#1, DNIS 5555685981, SerID 40489a07-7f6e-4251-801a- 13ae51a6d092, Trunk T451.16 01/21/18 16:33:11:242 [SCREENPOPEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 CUSTID 10098213 01/21/18 16:37:49.732 [DISCEVENT] SerID 40489a07-7f6e-4251-801a-13ae51a6d092 {actor:{displayName: “Go Cowboys!!”,followersCount:1366,friendsCount:789,link: http://dallascowboys.com/,location:{displayName:“Dallas, TX”,objectType:“place”}, objectType:“person”,preferredUsername:“Cowb0ysF@n80”,statusesCount:6072},body: “Can’t buy this device from @ACME. Site doesn’t work! Called, gave up on waiting for them to answer! RT if you hate @ACME!!”,objectType:“activity”,postedTime:“2018-01-21T16:39:40.647-0600”} Order ID Customer’s Twitter ID Customer ID Customer ID Time waiting on hold Customer’s Tweet Company’s Twitter ID Product ID
  • 9. Industry Leading Platform For Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy MetersFirewall Intrusion Prevention Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing Machine Data: Any Location, Type, Volume Answer Any Question Any Amount, Any Location, Any Source No back-end database Schema on-the-fly No need to filter data Quick time to value Agile reporting and analytics Real-time architecture
  • 10. Installing and Using Splunk Live Demonstration & Walk-Through
  • 11. Set Up Before You Can Play Get the following at splunk.com ▶ Splunk Enterprise: • https://www.splunk.com/download ▶ Tutorial Data: • http://splk.it/2ey34P8 ▶ Search Tutorial • http://splk.it/2ePSYKB
  • 12. ▶ IMPORT THE ZIP FILE, not individual files within it: http://www.splunkbook.com (sample data is located under ‘related links’ section – *same tutorialdata.zip from first page) ▶ Log in to Splunk – http://127.0.0.1:8000 username=admin password=changeme ▶ To add the file to Splunk: • Click Add Data • Click Upload files from my computer • Drag and drop your sample data zip file • Review and finish Getting Data Into Splunk We will import sample web e-commerce store events
  • 13. ▶ License expired (already had older version installed) • Close browser, empty cache, open browser. If that doesn’t work: • Stop Splunk • Uninstall all Splunk versions • Windows Control Panel->Uninstall programs->Splunk • OS X. Finder->Applications->Right click Splunk, Move to trash • Reinstall • Start Splunk ▶ Can’t start Splunk • Windows, Search Control panel ->Services->Splunk start • Linux; cd <SPLUNK dir>/splunk/bin;./splunk start Common Problems at This Point
  • 15. © 2018 SPLUNK INC. ▶ See Slide Note at right about adding in step-by-step instructions here. Dashboard
  • 16. ▶ buttercupgames ▶ buttercupgames 400 ▶ buttercupgames 400 OR 500 ▶ buttercupgames status=400 OR status=500 ▶ buttercupgames status=400 OR status=500 | timechart count by status limit=10 ▶ buttercupgames status=* ▶ buttercupgames status=* | timechart count by status limit=10 ▶ buttercupgames status=* AND status!=200 | timechart count by status limit=10 ▶ index=* sourcetype=access_combined_wcookie Searches Used
  • 18. ▶ index=* sourcetype=access_combined_wcookie | top limit=20 browser_type (field extraction necessary) ▶ buttercupgames status!=200 ▶ buttercupgames status!=200 | stats count by status | where count > 100 ▶ buttercupgames status=* | iplocation clientip ▶ buttercupgames status=* | iplocation clientip | geostats count by action Searches Used (Continued)
  • 19. ▶ SplunkLive! Presentations • http://splunklive.splunk.com/presentations.html ▶ Documentation • http://www.splunk.com/base/Documentation ▶ Technical Support • http://www.splunk.com/support ▶ Videos • http://www.splunk.com/videos ▶ Education • http://www.splunk.com/view/education/SP- CAAAAH9 ▶ Community • http://answers.splunk.com ▶ Splunk Book • http://splunkbook.com Time to Start SPLUNKING!!! Where do I go for help?
  • 20. Thriving Community dev.splunk.com 75,000+ questions and answers 1,000+ apps Local user groups and SplunkLive! events
  • 21. ▶Save the Date 2018 October 1-4, 2018 ▶ 8,750+ Splunk Enthusiasts ▶ 300+ Sessions ▶ 100+ Customer Speakers Plus Splunk University: ▶ Three Days: September 29-October 1, 2018 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP Walt Disney World Swan and Dolphin Resort in Orlando conf .splunk.com SAVE THE DATE!
  • 23. © 2018 SPLUNK INC. Don't forget to rate this session in the SplunkLive! mobile app Thank You
  • 26. © 2018 SPLUNK INC. Download Splunk Enterprise for your OS and architecture.
  • 27. © 2018 SPLUNK INC. Download tutorialdata.zip
  • 28. © 2018 SPLUNK INC. With Firefox, Chrome or Safari – head to http://127.0.0.1:8000 User = admin Password = changeme
  • 29. © 2018 SPLUNK INC. You’ve successfully installed Splunk and logged in! Let’s add the tutorialdata.zip via “Add Data.”
  • 30. © 2018 SPLUNK INC. You can also “Add Data” from Settings at the top.
  • 31. © 2018 SPLUNK INC. Click on upload.
  • 32. © 2018 SPLUNK INC. Let’s drag tutorialdata.zip into “Drop your data file here.”
  • 33. © 2018 SPLUNK INC. Click Next
  • 34. © 2018 SPLUNK INC. Splunk can auto detect the source type. Let’s change host field to buttercup-web01, and then click Review.
  • 35. © 2018 SPLUNK INC. Looks good, click Submit.
  • 36. © 2018 SPLUNK INC. Let’s Start Searching our data.
  • 37. © 2018 SPLUNK INC. We’re brought into a search with filters applied to search the data we just uploaded.
  • 38. © 2018 SPLUNK INC. Let’s type “buttercupgames” in the search bar, and double-click into a bar on the histogram.
  • 39. © 2018 SPLUNK INC. Notice the time picker changed with our drill into the histogram bar.
  • 40. © 2018 SPLUNK INC. Given that this data is web access, let’s do a string search for 400, which is a “Bad Request” code. Notice that there are 188 events returned (number will vary for you).
  • 41. © 2018 SPLUNK INC. Let’s also add 500 into the mix, and notice that my event count is higher now.
  • 42. © 2018 SPLUNK INC. We can see the 400 and 500 status codes, but other status codes also show up in our results. That’s because the string search doesn’t explicitly search for status values – it’ll string match any event that contains “400” or “500.”
  • 43. © 2018 SPLUNK INC. Let’s explicitly search for status codes equaling values we want to see returned.
  • 44. © 2018 SPLUNK INC. Great, we’ve now returned all the events containing the two status codes we searched for. Click on “Top values by time,” which will build out a timechart for us.
  • 45. © 2018 SPLUNK INC. Notice how our search query changed, there’s a | (pipe), and a timechart command added. The pipe followed by a command allows further operation on your filtered data set.
  • 46. © 2018 SPLUNK INC. Let’s change our search to: buttercupgames status=* And – drill into one bar on the histogram.
  • 47. © 2018 SPLUNK INC. Click on “top values by time” under the status field on the left, which will produce the timechart at right.
  • 48. © 2018 SPLUNK INC. Let’s exclude 200 status codes by adding AND status!=200, and change Line to Column.
  • 49. © 2018 SPLUNK INC. After changing from Line to Column, let’s Stack the results (middle stack under Stack Mode). Much better!
  • 50. © 2018 SPLUNK INC. Let’s now save this to a dashboard, a place we can go to view this search without having to remember what we had just searched for. Click Save AS -> Dashboard Panel. Fill in, and click Save. Then, View dashboard.
  • 51. © 2018 SPLUNK INC. Click on Search to get us back to our Search bar, and let’s key in: buttercupgames. Development wants to know what web browsers are being used to access the site, but no fields currently exist. No problem – let’s extract the browser field. Find an event that contains a value that you’re looking for, and click the “>” arrow just to the left of “Time.” The event will expand with a down arrow, and Extract Fields will be under Event Actions. Click Extract Fields.
  • 52. © 2018 SPLUNK INC. Click Regular Expression (Splunk will build a regular expression to extract our fields), and click Next. Highlight the value of the field you’d like to create, and let’s name the field: browser_type Click Add Extraction.
  • 53. © 2018 SPLUNK INC. Let’s verify that the extracted field contains values that are indeed types of browsers. Good, click Next to proceed. Now, open the permissions to “App,” which will allow users of the App the ability to leverage this extraction. Click Next.
  • 54. © 2018 SPLUNK INC. Success! Let’s explore the fields just created in Search, by clicking the link.
  • 55. © 2018 SPLUNK INC. You’ll now be taken to Search, with the filter set to the sourcetype that the field extraction has been applied to. Note – field extractions are coupled to a sourcetype. Click on “Top values.”
  • 56. © 2018 SPLUNK INC. Notice how the search changed. And, instead of a bar graph, we want a pie chart, so drop down the “bar” option and change it to pie.
  • 57. Let’s add this search to our dashboard, and then view the dashboard. Click Edit -> Edit Panels to drag the different panels to different positions.
  • 58. © 2018 SPLUNK INC. Let’s go back to search, and search for buttercupgames AND status!=200 (we want to see events that aren’t successful). Add the stats and where clause above, to return when there are more than 100 unsuccessful status codes.
  • 59. © 2018 SPLUNK INC. Let’s create an alert. Save As -> Alert. Fill out the Title, Scheduled, Earliest + Latest, and Cron Expression. Instead of 48, change to minutes a few ahead of your current time (i.e., if it’s 9:00 a.m., change to 05).
  • 60. © 2018 SPLUNK INC. Add to Triggered Alerts and Save.
  • 61. © 2018 SPLUNK INC. You should see an alert trigger once your scheduled search runs at the Cron expression you defined. * Note – it was mentioned that alerts wouldn’t work on a trial license. * Correction – alerts will work until the trial license expires.
  • 62. © 2018 SPLUNK INC. Let’s go back to search and: buttercupgames status=* | iplocation clientip We want to look up the clientip values against the MaxMind database to pull in City, Country, State, Lat, Lon of the IPs.
  • 63. © 2018 SPLUNK INC. Now, business is interested in seeing plots on a map of web users and what they’re doing with the website. Let’s append a geostats command that counts the events by the values of the action field. Pretty cool! This is definitely dashboard worthy Let’s add to dashboard.
  • 64. © 2018 SPLUNK INC. Awesome! Now we have a single pane of glass that Operations, Development and Business all care about – from one data source! Talk about value!