Copyright 2014 Splunk Inc. Data On- Boarding. Andrew Duca Sr. Professional Services Consultant, Splunk
|
|
- Tracey Doyle
- 5 years ago
- Views:
Transcription
1 Copyright 2014 Splunk Inc. Data On- Boarding Andrew Duca Sr. Professional Services Consultant, Splunk
2 Disclaimer During the course of this presentagon, we may make forward- looking statements regarding future events or the expected performance of the company. We caugon you that such statements reflect our current expectagons and esgmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in the this presentagon are being made as of the Gme and date of its live presentagon. If reviewed aqer its live presentagon, this presentagon may not contain current or accurate informagon. We do not assume any obligagon to update any forward- looking statements we may make. In addigon, any informagon about our roadmap outlines our general product direcgon and is subject to change at any Gme without nogce. It is for informagonal purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligagon either to develop the features or funcgonality described or to include any such feature or funcgonality in a future release. 2
3 About Me! Senior Professional Services Consultant based in Boston, MA! 14+ Years of world- wide Professional Services ConsulGng with the last two at Splunk! Involved in 20+ deployments from 1GB to 5TB 3
4 Agenda! Data! Splunk Components! Index Data! Proper Parsing! Challenging Data! Advanced Inputs 4
5 Are You in The Right Room?! You have used Splunk at least once, or at least read about it! You are interested in Splunk best pracgces! You like to use Splunk s default parsing rules! You just took over a Splunk deployment and you re not sure what to do! This is not an educagon class; it s best pracgce 5
6 Data Splunk is the engine for machine data! Machine data is more than just logs - it's configuragon data, data from APIs and message queues, change events, the output of diagnosgc commands and more! Log types: ApplicaGon, Web Access and Proxy, Call Detail Records (CDR), Clickstream, Message Queues, Packet, Database audit and tables, File audit, Syslog, WMI, PerfMon! Manual: Gecng Data In hdp://docs.splunk.com/documentagon/splunk/latest/data/ WhatSplunkcanmonitor 6
7 Splunk Apps! Look to Splunk Apps first and uglize Technical Add- On (TA)! Applies the Common InformaGon Model (CIM)! CIM details the standard fields, event type tags, and host tags that Splunk uses when it processes most IT data! Example TAs: Windows Unix Exchange AcGve Directory VMware Vcenter WebSphere 7
8 Splunk Distributed Components Search Head Deployment Server Indexer Forwarder 8
9 Test Environment! Every Splunk deployment should have a test environment! It can be a laptop, virtual machine or spare server! Should have the same version of Splunk running in producgon! Accessible to other Splunk developers and administrators 9
10 One Shot! Easiest way to get data into your test environment! Components of the oneshot:./splunk add oneshot user_conf.txt index indexname sourcetype sourcetype name! Where to find more informagon: hdp://docs.splunk.com/documentagon/splunk/latest/data/ MonitorfilesanddirectoriesusingtheCLI 10
11 Data - Broken 11
12 Props! Always set these six parameters # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
13 Props! Defaults to empty # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
14 Props! strpgme Style format # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
15 Props! By default MAX_TIMESTAMP_LOOKAHEAD = 150 characters # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
16 Props! By default set to True # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
17 Props! By default set to ([\r\n]+); change to posigve lookahead # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
18 Props! By default set to bytes; set to 0 to never truncate # USER CONFERENCE [user_conf_2014] TIME_PREFIX = ^ TIME_FORMAT = %Y- %m- %d %H:%M:%S MAX_TIMESTAMP_LOOKAHEAD = 19 SHOULD_LINEMERGE = False LINE_BREAKER = ([\n\r]+)\d{4}- \d{2}- \d{2}\s\d{2}:\d{2}:\d{2} TRUNCATE =
19 Data - Fixed 19
20 6.2 Splunk Web Data On- Boarding
21 Why to Use Splunk Web to On- board? Quick and easy way to! Easily visualize the data into events rather then lines of text! Quickly get the data properly broken into events! Accurately get the Gme stamp extracted All in a wicked cool GUI Once everything is good you take your PROPS secngs and deploy 21
22 Splunk Web Data On- Boarding! Locate the source file on the Splunk Server s file system 22
23 Splunk Web Data On- Boarding! Validate event breaking and Gmestamp recognigon 23
24 Splunk Web Data On- Boarding! Resolve event breaking 24
25 Splunk Web Data On- Boarding! Set Gmestamp format even if Splunk figures it out automagcally 25
26 Splunk Web Data On- Boarding! Copy the props.conf secngs and deploy in a custom app 26
27 Challenging Data
28 Limit Indexed Data! Anonymize data: [source::.../accounts.log] SEDCMD- accounts = s/ssn=\d{5}(\d{4})/ssn=xxxxx\1/g s/cc=(\d{4}- ){3}(\d{4})/cc=xxxx- xxxx- xxxx- \2/g! Rewrite raw data: [source::.../sql.log] SEDCMD- sqllog = s/(.*?)command:execute[.\d\d\w\w]*/\1/g! Discard events: props [source::/var/log/user_conf.txt] TRANSFORMS- null= setnull transforms [setnull] REGEX = (?i)debug DEST_KEY = queue FORMAT = nullqueue 28
29 Limit Indexed Data! Anonymize data: [source::.../accounts.log] SEDCMD- accounts = s/ssn=\d{5}(\d{4})/ssn=xxxxx\1/g s/cc=(\d{4}- ){3}(\d{4})/cc=xxxx- xxxx- xxxx- \2/g! Rewrite raw data: [source::.../sql.log] SEDCMD- sqllog = s/(.*?)command:execute[.\d\d\w\w]*/\1/g! Discard events: props [source::/var/log/user_conf.txt] TRANSFORMS- null= setnull transforms [setnull] REGEX = (?i)debug DEST_KEY = queue FORMAT = nullqueue 29
30 Limit Indexed Data! Anonymize data: [source::.../accounts.log] SEDCMD- accounts = s/ssn=\d{5}(\d{4})/ssn=xxxxx\1/g s/cc=(\d{4}- ){3}(\d{4})/cc=xxxx- xxxx- xxxx- \2/g! Rewrite raw data: [source::.../sql.log] SEDCMD- sqllog = s/(.*?)command:execute[.\d\d\w\w]*/\1/g! Discard events: props [source::/var/log/user_conf.txt] TRANSFORMS- null= setnull transforms [setnull] REGEX = (?i)debug DEST_KEY = queue FORMAT = nullqueue 30
31 Limit Indexed Data 6.X or later Windows forwarders! Whitelist events or blacklist specific events! Inputs.conf ConfiguraGon 31
32 Index ExtracGons! Provides reliable and consistent indexing of data with headers.! Address issue on forwarder: INDEX_EXTRACTIONS = {CSV W3C TSV PSV JSON}! Supports custom header parsing and easy mode for common formats.! Extract IIS fields using Props.conf on Windows forwarder: [iis] INDEX_EXTRACTIONS = w3c 32
33 MulGple Timestamps 12- Sep- 2014,09:01:00,12- Sep- 2014,09:02:00,- 4 INFO Gtle="User Conference" msg="splunk hosted user conference in Las Vegas." 12- Sep- 2014,19:01:00,12- Sep- 2014,19:02:00,- 5 DEBUG Gtle="User Conference" msg="gecng Data In, Correctly is a solid session." datepme.xml <datetime> <define name= two_tz" extract="day, litmonth, year, hour, minute, second, zone"> <text><![cdata[^(\d+)- (\w+)- (\d+),(\d+):(\d+):(\d+),(?:[^,]*,){2}([\w\- ]*)]]></text> </define> <timepatterns> <use name= two_tz"> </timepatterns> <datepatterns> <use name= two_tz"> </datepatterns> </datetime> props.conf # USER CONF [user_conf] DATETIME_CONFIG = /etc/apps/splk_ps_user_conf_props/local/datetime.xml * Do not set TIME_FORMAT 33
34 Database Connect
35 Database Connect! Allows for indexing data from database sources directly! Allows for adding meta data to events from database sources using lookups Caveats! Java required on Splunk server! Search head pooling requires custom configuragon to share the DB connecgon passwords. Not meant for data input sources 35
36 Database Connect Best PracGces! Normalize Gmestamps nagvely inside the SQL Query! Filter results down in SQL Query to reduce garbage in Splunk index! Repeated DBLookups should be converted to stagc lookup! Search head pooling requires encrypted password replicagon 36
37 Modular and Scripted Inputs
38 Modular and Scripted Inputs Benefits! Almost any program that can output text can be used to index! Modular inputs allow for configuragon files and configuragon secngs inside Splunk Differences! Scripted inputs require configuragon to be done in the script! Modular inputs can be configured via deployed.conf files and accessed via REST API! Scripted inputs need are specific to the OS deployed on where modular inputs can support mulgple Examples vmstat, iostat, Checkpoint Opsec, Twider, Stream, Amazon S3 Online storage and more 38
39 Scripted Inputs Example! Shell script saved in /opt/splunk/bin/scripts/ OR in a specific app! Allows you to execute any program on Splunk forwarder and index STDOUT data.! UGlizing key value pairs makes for easier searching. Sample output from custom script /Applica3ons/Splunk/bin/scripts/FantasyFootball.sh 39
40 Scripted Inputs Example Shell script calls local system binary programs and can provide configuragon opgons. Use Inputs.conf to define INDEX, SOURCETYPE, and INTERVAL for the scripted input 40
41 ProducGon Deployment
42 ProducGon Environment! Complexity managing configuragons across tens, hundreds, or thousands of forwarders! Not all indexers and search heads receive the same configuragons! Should think about version control for deployment apps, e.g., GitHub SHP 42
43 Deployment Server Terminology! Deployment Server - A Splunk instance that acts as a centralized configuragon manager, grouping together and collecgvely managing any number of Splunk instances. Any Splunk instance can act as a deployment server, even one that is indexing data locally. Splunk instances that are remotely configured by deployment servers are called deployment clients.! Deployment Client - A Splunk instance that is remotely configured by a deployment server.! Server Class - Represents a configuragon of Splunk deployment clients. Server classes enable the management of a group of deployment clients as a single unit. A server class can be used to group deployment clients together by applicagon, OS, data type to be indexed, or any other feature of your Splunk deployment. 43
44 Deployment App! A deployment app (configuragon bundle) is a set of deployment content (including configuragon files) deployed as a unit to clients of a server class! Located in $SPLUNK_HOME/etc/deployment- apps and pushed to deployment client s $SPLUNK_HOME/etc/apps folder! DO NOT store configuragons in $SPLUNK_HOME/etc/system/local! Use deployment apps regardless of your deployment tool 44
45 Deployment App - Naming ConvenGon org group applicagon configuragon acme finance apache inputs acme markegng iis props splk all indexer Base splk ps user_conf inputs 45
46 Deployment App - Naming ConvenGon org group applicagon configuragon acme finance apache inputs acme markegng iis props splk all indexer base splk ps user_conf inputs 46
47 Deployment App - Naming ConvenGon org group applicagon configuragon acme finance apache inputs acme markegng iis props splk all indexer base splk ps user_conf inputs 47
48 Deployment App - Naming ConvenGon org group applicagon configuragon acme finance apache inputs acme markegng iis props splk all indexer base splk ps user_conf inputs 48
49 Deployment App - Naming ConvenGon org group applicagon configuragon acme finance apache inputs acme markegng iis props splk all indexer base splk ps user_conf inputs 49
50 Deployment App - Naming ConvenGon splk_ps_user_conf_inputs org group applicagon configuragon acme finance apache inputs acme markegng iis props splk all indexer base splk ps user_conf inputs 50
51 Deployment Apps mba13:apps $ ls - la! SplunkForwarder! SplunkLightForwarder! Splunk_for_AcGveDirectory! Splunk_for_Exchange! splk_all_deploymentclient! splk_all_forwarder_outputs! splk_all_indexer_base! splk_all_search_base! splk_ps_user_conf_inputs! splk_ps_user_conf_props! splk_ps_user_conf_web! splunk_app_was user- prefs 51
52 CollecGng Syslog! Send device, e.g., routers, firewalls to a syslog collector! Write files to this directory structure: /sourcetype/host/log.txt! Monitor the sourcetype level cisco_asa my.firewall.name # CISCO ASA [monitor:///data/cisco_asa/ /] sourcetype = cisco_asa host_segment = 3 index = firewall 52
53 Summary! Test in a non- producgon environment! Always use key props parameters: TIME_PREFIX TIME_FORMAT MAX_TIMESTAMP_LOOKAHEAD SHOULD_LINEMERGE LINE_BREAKER TRUNCATE! Deploy apps to /etc/apps; not /etc/system/local! Clear predictable naming convengon! When you re stuck, use Answers and Re- Use apps from Apps.Splunk.com 53
54 Resources! Get educated: hdp:// CAAAAH9! Download Splunk applicagons: hdp://apps.splunk.com/! Hire Splunk Professional Services: hdp:// services/sp- CAAABH9! Watch some videos: hdp:// 54
55 THANK YOU
Onboard Data into Splunk, Correctly
Copyright 2013 Splunk Inc. Onboard Data into Splunk, Correctly Ma:hew Se=pane Professional Services Manager, Splunk #splunkconf Legal NoJces During the course of this presentajon, we may make forward-
More informationData Onboarding. Where Do I begin? Luke Netto Senior Professional Services Splunk. September 26, 2017 Washington, DC
Data Onboarding Where Do I begin? Luke Netto Senior Professional Services Consultant @ Splunk September 26, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More information"I Want That Cool Viz in Splunk!"
Copyright 2014 Splunk Inc. "I Want That Cool Viz in Splunk!" Satoshi Kawasaki Consultant, Splunk Disclaimer During the course of this presentagon, we may make forward- looking statements regarding future
More informationCopyright 2015 Splunk Inc. The state of Splunk. Using the KVStore to maintain App State. Stefan Sievert. Client Architect, Splunk Inc.
Copyright 2015 Splunk Inc. The state of Splunk Using the KVStore to maintain App State Stefan Sievert Client Architect, Splunk Inc. Disclaimer During the course of this presentagon, we may make forward
More informationCopyright 2014 Splunk Inc. Taming Your Data. Mark Runals Sr Security Engineer The Ohio State University
Copyright 2014 Splunk Inc. Taming Your Data Mark Runals Sr Security Engineer The Ohio State University Disclaimer During the course of this presentafon, we may make forward- looking statements regarding
More informationPuppet Enterprise And Splunk PlaJorm: Improve Your ApplicaGon Delivery Velocity
Copyright 2016 Splunk Inc. Puppet Enterprise And Splunk PlaJorm: Improve Your ApplicaGon Delivery Velocity Deepak Giridharagopal CTO & Chief Architect, Puppet Stela Udovicic Product MarkeGng, Splunk Disclaimer
More informationTime ACer Time Comparing Time Ranges in Splunk Lisa Guinn
Copyright 2013 Splunk Inc. Time ACer Time Comparing Time Ranges in Splunk Lisa Guinn Sr Instructor, Splunk #splunkconf Legal NoGces During the course of this presentagon, we may make forward- looking statements
More informationKeeping The Junk Out Of Splunk (V2.0)
Copyright 2016 Splunk Inc. Keeping The Junk Out Of Splunk (V2.0) Sandy D. Voellinger Principal Consultant, The Crypsis Group 1 Keeping the Bean Counters Happy 2 GeJng the most out of your Splunk license
More informationUnderstanding Splunk AcceleraGon Technologies David Marquardt
Copyright 2013 Splunk Inc. Understanding Splunk AcceleraGon Technologies David Marquardt Senior So?ware Engineer #splunkconf Legal NoGces During the course of this presentagon, we may make forward- looking
More informationData Obfuscation and Field Protection in Splunk
Data Obfuscation and Field Protection in Splunk Angelo Brancato Security Specialist Dirk Nitschke Senior Sales Engineer 28 September 2017 Washington, DC 2017 SPLUNK INC. Agenda Protect Your Machine Data
More informationSplunk for Ad Hoc Explora2on of Twi6er (and more) Stephen Sorkin VP Engineering, Splunk
Splunk for Ad Hoc Explora2on of Twi6er (and more) Stephen Sorkin VP Engineering, Splunk Who am I Berkeley PhD dropout. LeH to work at HP Labs. At Splunk since 2005. VP Engineering since 2010. Run the core
More informationDB Connect Is Back. and it is better than ever. Tyler Muth Denis Vergnes. September 2017 Washington, DC
DB Connect Is Back and it is better than ever Tyler Muth Denis Vergnes September 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking statements
More informationBring Context To Your Machine Data With Hadoop, RDBMS & Splunk
Bring Context To Your Machine Data With Hadoop, RDBMS & Splunk Raanan Dagan and Rohit Pujari September 25, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More informationBest Prac:ces + New Feature Overview for the Latest Version of Splunk Deployment Server
Copyright 2013 Splunk Inc. Best Prac:ces + New Feature Overview for the Latest Version of Splunk Deployment Server Gen: Zaimi Professional Services #splunkconf Legal No:ces During the course of this presenta:on,
More informationHTTP Event Collector in Splunk 6.5 More Super Powers!
Copyright 2016 Splunk Inc. HTTP Event Collector in Splunk 6.5 More Super Powers! Itay Neeman Director of Engineering, Splunk Shakeel Mohamed SoJware Engineer, Splunk Disclaimer During the course of this
More informationCentrify for Splunk Integration Guide
July 2018 Centrify Corporation Abstract This guide is written for Centrify Infrastructure Services customers who want to integrate Centrify events with Splunk. Legal Notice This document and the software
More informationSplunk & Git. The joys and pitfalls of managing your Splunk deployment with Git. Copyright 2018
Splunk & Git The joys and pitfalls of managing your Splunk deployment with Git About me: Lowell Alleman Working with Splunk since 2008 Splunk consulting since 2013 Background Software development Systems
More informationPROVIDING YOU LOG INFRASTRUCTURE LOG COLLECTION SOLUTIONS TO BUILD A SECURE, FLEXIBLE AND RELIABLE
PROVIDING YOU LOG COLLECTION SOLUTIONS TO BUILD A SECURE, FLEXIBLE AND RELIABLE LOG INFRASTRUCTURE 01 ENTERPRISE EDITION NXLOG KEY FEATURES: DO YOU NEED TO COLLECT LOG DATA OF YOUR EVENTS? NXLOG ENTERPRISE
More informationMeasuring HEC Performance For Fun and Profit
Measuring HEC Performance For Fun and Profit Itay Neeman Director, Engineering, Splunk Clif Gordon Principal Software Engineer, Splunk September 2017 Washington, DC Forward-Looking Statements During the
More informationAmazon Mechanical Turk Hands on. Maribel Acosta
Amazon Mechanical Turk Hands on Maribel Acosta MTurk Basic Concepts (1) Requester Worker Source: h?ps://requester.mturk.com/tour/how_it_works Requester: creates and submit tasks to the pla5orm. Worker:
More informationMonitoring Docker Containers with Splunk
Monitoring Docker Containers with Splunk Marc Chéné Product Manager Sept 27, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking statements
More informationSplunk & Git. Managing Splunk deployments with Git and KSCONF. Copyright 2018
Splunk & Git Managing Splunk deployments with Git and KSCONF About me: Lowell Alleman Working with Splunk since 2008 Splunk consulting since 2013 Background Software development Systems integration Linux
More informationIntegrating Splunk with native Windows Event Collection (WEC) and Optional 2-Stage Noise Filtering
Integrating Splunk with native Windows Collection (WEC) and Optional 2-Stage Noise Filtering Sponsored by 2017 Monterey Technology Group Inc. Made possible by Thanks to 1 Preview of Key Points Nothing
More informationDomainTools for Splunk
DomainTools for Splunk Installation Guide version 2.0 January 2018 Solution Overview The DomainTools Technology Add-On (TA) for Splunk populates a whois index with DomainTools Whois and Risk Score data
More informationNetfilter Iptables for Splunk Documentation
Netfilter Iptables for Splunk Documentation Release 0 Guilhem Marchand Oct 06, 2017 Contents 1 Overview: 3 1.1 About the Netfilter Iptables application for Splunk........................... 3 1.2 Release
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2 This document supports the version of each product listed and supports all subsequent versions until the document
More informationFields, Indexed Tokens, And You
Fields, Indexed Tokens, And You Martin Müller Professional Services Consultant, Consist Software Solutions GmbH September 42 nd, 2017 Washington, DC Forward-Looking Statements During the course of this
More informationInside Secrets From Support- How to Solve the Top 10 Support Issues
Copyright 2014 Splunk Inc. Inside Secrets From Support- How to Solve the Top 10 Support Issues Barak Reeves Sales Engineer, Splunk Todd Gow Sales Engineer, Splunk Disclaimer During the course of this presentajon,
More informationSplunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk
Splunk & AWS Gain real-time insights from your data at scale Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk Forward-Looking Statements During the course of this presentation, we may
More informationSplunking the 2016 Presidential Election
Splunking the 2016 Presidential Election Corey Marshall Splunk4Good Director Satoshi Kawasaki Splunk4Good Ninja September 27 th, 2017 Washington, DC Forward-Looking Statements During the course of this
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationRunning Splunk Enterprise within Docker
Running Splunk Enterprise within Docker Michael Clayfield Partner Consultant 03/09/2017 1.1 Forward-Looking Statements During the course of this presentation, we may make forward-looking statements regarding
More informationIntroduc)on to Backup Exec 2012 Cloud DR Op)on
Introduc)on to Backup Exec 2012 Cloud DR Op)on Sean Derrington Director, Cloud Product Management Neelesh Kamkolkar Sr. Product Manager, Doyenz Forward Looking Statements This informagon is about pre-
More informationNetFlow Optimizer. Overview. Version (Build ) May 2017
NetFlow Optimizer Overview Version 2.4.9 (Build 2.4.9.0.3) May 2017 Copyright 2013-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents About NetFlow Optimizer...
More informationCopyright 2014 Splunk Inc. Splunk for VMware. Architecture & Design. Michael Donnelly, Sr. Sales Engineer
Copyright 2014 Splunk Inc. Splunk for VMware Architecture & Design Michael Donnelly, Sr. Sales Engineer Disclaimer During the course of this presentaeon, we may make forward looking statements regarding
More informationThe Power of Data Normalization. A look at the Common Information Model
The Power of Data Normalization A look at the Common Information Model Mark Bonsack, CISSP Vladimir Skoryk, CISSP, CCFE, CHFI, CISA, CISM, RGTT Staff Sales Engineer, Splunk PS Supreme Architect, Splunk
More informationSearch Language - Beginner Mitch Fleischman
Copyright 2013 Splunk Inc. Search Language - Beginner Mitch Fleischman Senior Instructor #splunkconf Legal NoDces During the course of this presentadon, we may make forward- looking statements regarding
More informationSMART TS XL DEPLOYMENT TIMELINE
SMART TS XL DEPLOYMENT TIMELINE August 11, 2008 A. SMART TS XL DEPLOYMENT TIMELINE The following is a guideline and a reference guide to the complete process of deploying SMART TS XL. Allocate hardware
More informationIncident Response Programming with R. Eric Zielinski Sr. Consultant, Nationwide
Incident Response Programming with R Eric Zielinski Sr. Consultant, Nationwide About Me? Cyber Defender for Nationwide Over 15 years in Information Security Speaker at various conferences FIRST, CEIC,
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationvcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7
vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationRelease Notes R3.0 (12/1/2017) 1. Connectivity. 2. Security. 3. Controller. 4. Modular Configuration. 5. Troubleshooting. Docs» Release Notes
Docs» Release Notes Release Notes R3.0 (12/1/2017) 1. Connectivity BGP Support BGP interoperability between Aviatrix gateway and AWS VGW. For use case details, check out the Transit Network with BGP Setup
More informationvcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7
vcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationForeScout Open Integration Module: Data Exchange Plugin
ForeScout Open Integration Module: Data Exchange Plugin Version 3.2.0 Table of Contents About the Data Exchange Plugin... 4 Requirements... 4 CounterACT Software Requirements... 4 Connectivity Requirements...
More informationUsing Splunk Enterprise To Optimize Tailored Long-term Data Retention
Using Splunk Enterprise To Optimize Tailored Long-term Data Retention Tomasz Bania Incident Response Lead, Dolby Eric Krieser Splunk Professional Services September 2017 Washington, DC Forward-Looking
More informationUnderstanding and Using Fields
Copyright 2015 Splunk Inc. Understanding and Using Fields Jesse Miller Product Manager, Splunk Clara Lee SoCware Engineer, Splunk Disclaimer During the course of this presentaion, we may make forward looking
More informationManageEngine EventLog Analyzer Quick Start Guide
ManageEngine EventLog Analyzer Quick Start Guide Contents Installing and starting EventLog Analyzer Connecting to the EventLog Analyzer server Adding devices for monitoring Adding Windows devices Adding
More informationKV Store: Hammer Time
Copyright 2016 Splunk Inc. KV Store: Hammer Time Nadine Miller Technical Support Engineer, Splunk aka 'vraptor' on IRC and Slack Disclaimer During the course of this presentation, we may make forward looking
More informationSecurity Content Update Getting Started Guide (Version: CCS 12.x)
Security Content Update Getting Started Guide (Version: CCS 12.x) Security Content Update Getting Started Guide Documentation version: 1.0 Legal Notice Copyright 2018 Symantec Corporation. All rights reserved.
More informationWrite On Aws. Aws Tools For Windows Powershell User Guide using the aws tools for windows powershell (p. 19) this section includes information about
We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer, you have convenient answers with write on aws. To get
More informationInputs: File, Network, Script, and More! Splunkd: Pipelines & Processors & Queues, Oh my!
Copyright 2014 Splunk Inc. Inputs: File, Network, Script, and More! Splunkd: Pipelines & Processors & Queues, Oh my! Amrit Bath Jag Kerai Disclaimer During the course of this presentanon, we may make forward
More informationSearch Head Clustering Basics To Best Practices
Search Head Clustering Basics To Best Practices Bharath Aleti Product Manager, Splunk Manu Jose Sr. Software Engineer, Splunk September 2017 Washington, DC Forward-Looking Statements During the course
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SER1906BU VMware and Chef - Leveraging the vsphere API Together #VMworld #SER1906BU Disclaimer This presentation may contain product features that are currently under development. This overview of new
More informationLCE Splunk Client 4.6 User Manual. Last Revised: March 27, 2018
LCE Splunk Client 4.6 User Manual Last Revised: March 27, 2018 Table of Contents Getting Started with the LCE Splunk Client 3 Standards and Conventions 4 Install, Configure, and Remove 5 Download an LCE
More informationBuilding Python Messaging Apps with Oracle Database
Building Python Messaging Apps with Oracle Database CON 7344 Anthony Tuininga ConsulGng Member of Technical Staff Data Access Development, Oracle Database October 3 rd, 2017 Safe Harbor Statement The following
More informationWindows PowerShell Scripting and Toolmaking
Windows PowerShell Scripting and Toolmaking Course 55039B 5 Days Instructor-led, Hands on Course Information This five-day instructor-led is intended for IT professionals who are interested in furthering
More informationDetects Potential Problems. Customizable Data Columns. Support for International Characters
Home Buy Download Support Company Blog Features Home Features HttpWatch Home Overview Features Compare Editions New in Version 9.x Awards and Reviews Download Pricing Our Customers Who is using it? What
More informationTechnical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.
Technical Overview Technical Overview Standards based Architecture Scalable Secure Entirely Web Based Browser Independent Document Format independent LDAP integration Distributed Architecture Multiple
More informationOUTLINE. NSLS-II control system environment Monitoring goals Splunk and Splunk Apps Unix, Nagios, Snort sflow and Cacti Putting it all together
OUTLINE NSLS-II control system environment Monitoring goals Splunk and Splunk Apps Unix, Nagios, Snort sflow and Cacti Putting it all together NSLS-II CONTROL SYSTEM ENVIRONMENT Private network no email,
More informationUsing Splunk to Protect Students, Faculty and the University
Copyright 2014 Splunk Inc. Using Splunk to Protect Students, Faculty and the University Chris Kurtz System Architect Arizona State University Disclaimer During the course of this presentagon, we may make
More informationForeScout CounterACT. Configuration Guide. Version 3.4
ForeScout CounterACT Open Integration Module: Data Exchange Version 3.4 Table of Contents About the Data Exchange Module... 4 About Support for Dual Stack Environments... 4 Requirements... 4 CounterACT
More informationIntroduction to Worklight Integration IBM Corporation
Introduction to Worklight Integration Agenda IBM Mobile Foundation Introduction to Worklight How to Integrate Worklight Adapters WebAPI HTTP & SOAP Database (SQL) WebSphere Message Broker Cast Iron 2 IBM
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationIntegration Service. Admin Console User Guide. On-Premises
Kony Fabric Integration Service Admin Console User Guide On-Premises Release V8 SP1 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and the
More informationCIS 612 Advanced Topics in Database Big Data Project Lawrence Ni, Priya Patil, James Tench
CIS 612 Advanced Topics in Database Big Data Project Lawrence Ni, Priya Patil, James Tench Abstract Implementing a Hadoop-based system for processing big data and doing analytics is a topic which has been
More informationCurriculum Guide. ThingWorx
Curriculum Guide ThingWorx Live Classroom Curriculum Guide Introduction to ThingWorx 8 ThingWorx 8 User Interface Development ThingWorx 8 Platform Administration ThingWorx 7.3 Fundamentals Applying Machine
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector Parser Update Release Notes 7.6.2.8023.0 July 14, 2017 HPE Security ArcSight SmartConnector Parser Update Release Notes 7.6.2.8023.0 July 14, 2017 Copyright
More informationTransport Gateway Installation / Registration / Configuration
CHAPTER 4 Transport Gateway Installation / Registration / Configuration This chapter covers the following areas: Transport Gateway requirements. Security Considerations When Using a Transport Gateway.
More informationOffline-first PWA con Firebase y Vue.js
Offline-first PWA con Firebase y Vue.js About me Kike Navalon, engineer Currently working at BICG playing with data You can find me at @garcianavalon 2 We live in a disconnected & battery powered world,
More informationCNIT 121: Computer Forensics. 13 Investigating Mac OS X Systems
CNIT 121: Computer Forensics 13 Investigating Mac OS X Systems Topics HFS+ and File System Analysis Hierarchical File System features: Nine Structures 1. Boot blocks 2. Volume header 3. Allocation file
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET3282BE The NSX Practical Path Brian Lazear, Sr. Director, NSX Product Management Brian Muita, CTO, Node Africa #VMworld #NET3282BE Disclaimer This presentation may contain product features that are
More informationWrangling Your IOT Data Into Splunk
Copyright 2016 Splunk Inc. Wrangling Your IOT Data Into Splunk Damien Dallimore IOT Dreamcatcher, Splunk Disclaimer During the course of this presentacon, we may make forward looking statements regarding
More informationSelf-driving Datacenter: Analytics
Self-driving Datacenter: Analytics George Boulescu Consulting Systems Engineer 19/10/2016 Alvin Toffler is a former associate editor of Fortune magazine, known for his works discussing the digital revolution,
More informationLogging. About Logging. This chapter describes how to log system messages and use them for troubleshooting.
This chapter describes how to log system messages and use them for troubleshooting. About, page 1 Guidelines for, page 7 Configure, page 8 Monitoring the Logs, page 26 History for, page 29 About System
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationExtending SPL with Custom Search Commands
Extending SPL with Custom Search Commands Jacob Leverich Director of Engineering 2017/08/11 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking
More informationGraphite and Grafana
Introduction, page 1 Configure Grafana Users using CLI, page 3 Connect to Grafana, page 4 Grafana Administrative User, page 5 Configure Grafana for First Use, page 11 Manual Dashboard Configuration using
More informationJOB SCHEDULING CHECKLIST
JOB SCHEDULING CHECKLIST MVP Systems Software / Phone: 1-800-261-5267 / Web: www.jamsscheduler.com 1 Using these Criteria The following is a detailed list of evaluation criteria that you can use to benchmark
More informationDB2 for z/os: Programmer Essentials for Designing, Building and Tuning
Brett Elam bjelam@us.ibm.com - DB2 for z/os: Programmer Essentials for Designing, Building and Tuning April 4, 2013 DB2 for z/os: Programmer Essentials for Designing, Building and Tuning Information Management
More informationIntegration Service. Admin Console User Guide. On-Premises
Kony MobileFabric TM Integration Service Admin Console User Guide On-Premises Release 7.3 Document Relevance and Accuracy This document is considered relevant to the Release stated on this title page and
More informationDOWNLOAD PDF CISCO IRONPORT CONFIGURATION GUIDE
Chapter 1 : Cisco IronPort E-mail Security Appliance Best Practices : Part 3 - emtunc's Blog Cisco IronPort AsyncOS for Email Security Advanced Configuration Guide (PDF - 9 MB) Cisco IronPort AsyncOS for
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationSplunking Your z/os Mainframe Introducing Syncsort Ironstream
Copyright 2016 Splunk Inc. Splunking Your z/os Mainframe Introducing Syncsort Ironstream Ed Hallock Director of Product Management, Syncsort Inc. Disclaimer During the course of this presentation, we may
More informationUCT Application Development Lifecycle. UCT Business Applications
UCT Business Applications Page i Table of Contents Planning Phase... 1 Analysis Phase... 2 Design Phase... 3 Implementation Phase... 4 Software Development... 4 Product Testing... 5 Product Implementation...
More informationvcenter CapacityIQ Installation Guide
vcenter CapacityIQ 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationTanium Asset User Guide. Version 1.3.1
Tanium Asset User Guide Version 1.3.1 June 12, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided as is and is believed
More informationThe LLRP RFID Protocol plugin PRINTED MANUAL
The LLRP RFID Protocol plugin PRINTED MANUAL LLRP RFID Protocol plugin All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including
More informationvcenter Server Appliance Configuration Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5
Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The VMware
More informationHow splunkd works. splunkd: Pipelines, Processors, Queues Inputs: File, Network, Script, HEC, S2S, Debugging: Metrics, Monitoring Console
How splunkd works splunkd: Pipelines, Processors, Queues Inputs: File, Network, Script, HEC, S2S, Debugging: Metrics, Monitoring Console by Amrit Bath, Abhinav Nekkanti Forward-Looking Statements During
More informationCisco Prime Network Services Controller 3.0 CLI Configuration Guide
Cisco Prime Network Services Controller 3.0 Configuration Guide January 29 2014 Chapter 1 Overview... 4 Information About Prime Network Services Controller... 4 Information About the Prime Network Services
More informationIntroduction to ArcGIS Server Architecture and Services. Amr Wahba
Introduction to ArcGIS Server 10.1 - Architecture and Services Amr Wahba awahba@esri.com Agenda Architecture Features Publishing Security Cloud Powerful GIS capabilities Delivered as Web services To help
More informationThe Z-Files: Field reports from the world of business critical PHP applications
The Z-Files: Field reports from the world of business critical PHP applications By Axel Schinke Senior Manager of Global Operations for Global Services About this webinar Field reports from Zend Consulting
More informationPrime Performance Manager Overview
1 CHAPTER The following topics provide an overview to Cisco Prime Performance Manager user operations: Prime Performance Manager Features and Functions, page 1-1 Prime Performance Manager Reports, page
More informationComponents. Screen Keyboard* Camera. Touch Pad. Mouse* Remote CPU. USB Port. * = wireless
Contents Components p.2 Power Up The System p.3 Record Camera Full Screen p.6 Record Computer Full Screen p.13 Record Audio Only p.20 Record Hybrid Computer/Camera p.25 MulG- Modality Recordings p. 36
More informationNetwork Operations Analytics
Network Operations Analytics Solution Guide Version 2.4.4 (Build 2.4.4.0.x) June 2016 Copyright 2012-2016 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 2 Solution
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationImprove Web Application Performance with Zend Platform
Improve Web Application Performance with Zend Platform Shahar Evron Zend Sr. PHP Specialist Copyright 2007, Zend Technologies Inc. Agenda Benchmark Setup Comprehensive Performance Multilayered Caching
More informationSierra- Cedar s Best PracDces for Building a Security OperaDons Center
Copyright 2015 Splunk Inc. Sierra- Cedar s Best PracDces for Building a Security OperaDons Center Robert Miller Manager Corporate Security, Sierra- Cedar, Inc. Disclaimer During the course of this presentadon,
More informationAtlassian s Journey Into Splunk
Atlassian s Journey Into Splunk The Building Of Our Logging Pipeline On AWS Tim Clancy Engineering Manager, Observability James Mackie Infrastructure Engineer, Observability September 2017 Washington,
More informationIBM DB2 Query Patroller. Administration Guide. Version 7 SC
IBM DB2 Query Patroller Administration Guide Version 7 SC09-2958-00 IBM DB2 Query Patroller Administration Guide Version 7 SC09-2958-00 Before using this information and the product it supports, be sure
More information