Onboard Data into Splunk, Correctly
|
|
- Austen Eaton
- 5 years ago
- Views:
Transcription
1 Copyright 2013 Splunk Inc. Onboard Data into Splunk, Correctly Ma:hew Se=pane Professional Services Manager, Splunk #splunkconf
2 Legal NoJces During the course of this presentajon, we may make forward- looking statements regarding future events or the expected performance of the company. We caujon you that such statements reflect our current expectajons and esjmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in this presentajon are being made as of the Jme and date of its live presentajon. If reviewed auer its live presentajon, this presentajon may not contain current or accurate informajon. We do not assume any obligajon to update any forward- looking statements we may make. In addijon, any informajon about our roadmap outlines our general product direcjon and is subject to change at any Jme without nojce. It is for informajonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligajon either to develop the features or funcjonality described or to include any such feature or funcjonality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respeccve owners Splunk Inc. All rights reserved. 2
3 About Me! Professional Services Manager! More than three years of Splunk experience! Involved in more than 300 deployments from 1GB to 10TB 3
4 Agenda! Data! Splunk Components! Index Data! Proper Parsing! Deploying in ProducJon! Deployment Apps and Naming ConvenJons! Challenging Data 4
5 Are You in The Right Room! You have used Splunk at least once, or at least read about it! You are interested in Splunk best pracjces! You like to use Splunk s default parsing rules! You just took over a Splunk deployment and you re not sure what to do! This is not an educajon class; it s best pracjce 5
6 Data Splunk is the engine for machine data! Machine data is more than just logs it's configurajon data, data from APIs and message queues, change events, the output of diagnosjc commands and more! Log types: ApplicaJon, Web Access and Proxy, Call Detail Records (CDR), Clickstream, Message Queues, Packet, Database audit and tables, File audit, Syslog, WMI, PerfMon! Manual: Ge=ng Data In: h:p://docs.splunk.com/documentajon/splunk/latest/data/ WhatSplunkcanmonitor 6
7 Splunk Distributed Components Search Head Deployment Server Indexer Forwarder 7
8 Test Environment! Every Splunk deployment should have a test environment! It can be a laptop, virtual machine or spare server! Should have the same version of Splunk running in producjon! Accessible to other Splunk developers and administrators 8
9 One Shot! Easiest way to get data into your test environment! Components of the oneshot:./splunk add oneshot user_conf.txt index indexname soucetype sourcetype name!! Where to find more informajon: h:p://docs.splunk.com/documentajon/splunk/latest/data/ MonitorfilesanddirectoriesusingtheCLI 9
10 Data Broken 10
11 Splunk Apps! Look to Splunk Apps first and ujlize Technical Add- On (TA)! Applies the Common InformaJon Model (CIM)! CIM details the standard fields, event type tags, and host tags that Splunk uses when it processes most IT data! Example TAs: Windows Unix Exchange AcJve Directory VMware Vcenter WebSphere 11
12 Props! Always set these six parameters # USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 12
13 Props! Defaults to empty # USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 13
14 Props! strpjme style format!# USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 14
15 Props! By default MAX_TIMESTAMP_LOOKAHEAD = 150 characters!!# USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 15
16 Props! By default set to True!# USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 16
17 Props! By default set to ([\r\n]+); change to posijve lookahead!!# USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 17
18 Props! By default set to bytes; set to 0 to never truncate!!# USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER = ([\n\r]+)(\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!truncate = ! 18
19 Props! By default set to bytes; set to 0 to never truncate!!# USER CONFERENCE!!![user_conf_2012]!!!TIME_PREFIX = ^!!!TIME_FORMAT = %Y-%m-%d %H:%M:%S!!!MAX_TIMESTAMP_LOOKAHEAD = 19!!!SHOULD_LINEMERGE = False!!!LINE_BREAKER=([\n\r]+)(?=\d{4}\-\d{2}\-\d{2}\s\d{2}:\d{2}:\d{2})!!!TRUNCATE = ! 19
20 Data Fixed 20
21 ProducJon Deployment
22 ProducJon Environment! Complexity managing configurajons across tens, hundreds, or thousands of forwarders SHP! Not all indexers and search heads receive the same configurajons! Should think about version control for deployment apps, e.g., GitHub 22
23 Deployment Server Terminology! Deployment Server A Splunk instance that acts as a centralized configurajon manager, grouping together and collecjvely managing any number of Splunk instances. Any Splunk instance can act as a deployment server, even one that is indexing data locally. Splunk instances that are remotely configured by deployment servers are called deployment clients! Deployment Client A Splunk instance that is remotely configured by a deployment server! Server Class Represents a configurajon of Splunk deployment clients. Server classes enable the management of a group of deployment clients as a single unit. A server class can be used to group deployment clients together by applicajon, OS, data type to be indexed, or any other feature of your Splunk deployment 23
24 Deployment App! A deployment app (configurajon bundle) is a set of deployment content (including configurajon files) deployed as a unit to clients of a server class! Located in $SPLUNK_HOME/etc/deployment- apps and pushed to deployment client s $SPLUNK_HOME/etc/apps folder! DO NOT store configurajons in $SPLUNK_HOME/etc/system/local! Use deployment apps regardless of your deployment tool 24
25 Deployment App Naming ConvenJon org group applicajon configurajon acme finance apache inputs acme markejng iis props splk all indexer Base splk ps user_conf inputs 25
26 Deployment App Naming ConvenJon org group applicajon configurajon acme finance apache inputs acme markejng iis props splk all indexer base splk ps user_conf inputs 26
27 Deployment App Naming ConvenJon org group applicajon configurajon acme finance apache inputs acme markejng iis props splk all indexer base splk ps user_conf inputs 27
28 Deployment App Naming ConvenJon org group applicajon configurajon acme finance apache inputs acme markejng iis props splk all indexer base splk ps user_conf inputs 28
29 Deployment App Naming ConvenJon org group applicajon configurajon acme finance apache inputs acme markejng iis props splk all indexer base splk ps user_conf inputs 29
30 Deployment App Naming ConvenJon splk_ps_user_conf_inputs org group applicajon configurajon acme finance apache inputs acme markejng iis props splk all indexer base splk ps user_conf inputs 30
31 Deployment Apps msettipane-mba13:apps msettipane$ ls -la!! SplunkForwarder! SplunkLightForwarder! Splunk_for_AcJveDirectory! Splunk_for_Exchange! splk_all_deploymentclient! splk_all_forwarder_outputs! splk_all_indexer_base! splk_all_search_base! splk_ps_user_conf_inputs! splk_ps_user_conf_props! splk_ps_user_conf_web! splunk_app_was! user- prefs 31
32 Challenging Data
33 Limit Indexed Data! Anonymize data: [source::.../accounts.log]!!sedcmd-accounts = s/ssn=\d{5}(\d{4})/ssn=xxxxx\1/g s/cc=(\d{4}-){3}(\d{4})/cc=xxxx-xxxx-xxxx-\2/g!! Rewrite raw data: [source::.../sql.log]!!sedcmd-sqllog = s/(.*?)command:execute[.\d\d\w\w]*/\1/g!! Discard events:!props!![source::/var/log/user_conf.txt]!!transforms-null= setnull! transforms! [setnull]! REGEX =!(?i)debug! DEST_KEY =!queue! FORMAT =!nullqueue! 33
34 Limit Indexed Data! Anonymize data:![source::.../accounts.log]!!sedcmd-accounts = s/ssn=\d{5}(\d{4})/ssn=xxxxx\1/g s/cc=(\d{4}-){3}(\d{4})/cc=xxxx-xxxx-xxxx-\2/g!! Rewrite raw data:![source::.../sql.log]!!sedcmd-sqllog = s/(.*?)command:execute[.\d\d\w\w]*/\1/g!! Discard events:!props!![source::/var/log/user_conf.txt]!!transforms-null= setnull! transforms! [setnull]! REGEX =!(?i)debug! DEST_KEY =!queue! FORMAT =!nullqueue! 34
35 Limit Indexed Data! Anonymize data:![source::.../accounts.log]!!sedcmd-accounts = s/ssn=\d{5}(\d{4})/ssn=xxxxx\1/g s/cc=(\d{4}-){3}(\d{4})/cc=xxxx-xxxx-xxxx-\2/g!! Rewrite raw data:![source::.../sql.log]!!sedcmd-sqllog = s/(.*?)command:execute[.\d\d\w\w]*/\1/g!! Discard events:!props!![source::/var/log/user_conf.txt]!!transforms-null= setnull! transforms! [setnull]! REGEX =!(?i)debug! DEST_KEY =!queue! FORMAT =!nullqueue! 35
36 CollecJng Syslog! Send device, e.g., routers, firewalls to a syslog collector! Write files to this directory structure: /sourcetype/host/log.txt! Monitor the sourcetype level cisco_asa my.firewall.name # CISCO ASA! [monitor:///data/cisco_asa/ /]! sourcetype = cisco_asa! host_segment = 3! index = firewall!! 36
37 Check for Header! Steps to fixing sourcetype- 2, 3, 4 problems (e.g., iis- 2, iis- 3)! Address issue on forwarder: CHECK_FOR_HEADER = False! Extract fields using delimiter: [sourcetype]! DELIM =,! FIELDS = one, two, three!! On search head rename already indexed events: rename = iis 37
38 MulJple Timestamps 12- Sep- 2012,09:01:00,12- Sep- 2012,09:02:00,- 4 INFO Jtle="User Conference" msg="splunk hosted user conference in Las Vegas." 12- Sep- 2012,19:01:00,12- Sep- 2012,19:02:00,- 5 DEBUG Jtle="User Conference" msg="ge=ng Data In, Correctly is a solid session." datelme.xml <datetime>! <define name= two_tz" extract="day, litmonth, year, hour, minute, second, zone">! <text><![cdata[^(\d+)-(\w+)-(\d+),(\d+):(\d+):(\d+),(?:[^,]*,){2}([\w\-]*)]]></text>! </define>! <timepatterns>! <use name= two_tz">! </timepatterns>! <datepatterns>! <use name= two_tz">! </datepatterns>! </datetime>! props.conf # USER CONF! [user_conf]! DATETIME_CONFIG = /etc/apps/splk_ps_user_conf_props/local/datetime.xml! * Do not set TIME_FORMAT 38
39 Summary! Test in a non- producjon environment! Always use key props parameters: TIME_PREFIX TIME_FORMAT MAX_TIMESTAMP_LOOKAHEAD SHOULD_LINEMERGE LINE_BREAKER TRUNCATE! Deploy apps to /etc/apps; not /etc/system/local! Clear predictable naming convenjon! When you re stuck, use Splunk Answers 39
40 Resources! Get educated: h:p:// CAAAAH9! Download Splunk applicajons: h:p://splunk- base.splunk.com/apps/! Hire Splunk Professional Services: h:p:// services/sp- CAAABH9! Watch some videos: h:p:// 40
41 Next Steps 1 2 Download the.conf2013 Mobile App If not iphone, ipad or Android, use the Web App Take the survey & WIN A PASS FOR.CONF2014 Or one of these bags! 3 Go to the Search Party! Marquee Nightclub at The Cosmopolitan Today, 7:30-10:30pm 41
42 THANK YOU
Copyright 2014 Splunk Inc. Data On- Boarding. Andrew Duca Sr. Professional Services Consultant, Splunk
Copyright 2014 Splunk Inc. Data On- Boarding Andrew Duca Sr. Professional Services Consultant, Splunk Disclaimer During the course of this presentagon, we may make forward- looking statements regarding
More informationData Onboarding. Where Do I begin? Luke Netto Senior Professional Services Splunk. September 26, 2017 Washington, DC
Data Onboarding Where Do I begin? Luke Netto Senior Professional Services Consultant @ Splunk September 26, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More informationIslands of Splunk. MulJple Splunk as a Service Architecture and ImplementaJon
Copyright 2014 Splunk Inc. Islands of Splunk MulJple Splunk as a Service Architecture and ImplementaJon Michael de Buin, Schuberg Philis mdebruin@schubergphilis.com Gert Kremer, Schuberg Philis gkremer@schubergphilis.com
More informationInside Secrets From Support- How to Solve the Top 10 Support Issues
Copyright 2014 Splunk Inc. Inside Secrets From Support- How to Solve the Top 10 Support Issues Barak Reeves Sales Engineer, Splunk Todd Gow Sales Engineer, Splunk Disclaimer During the course of this presentajon,
More informationBest Prac:ces + New Feature Overview for the Latest Version of Splunk Deployment Server
Copyright 2013 Splunk Inc. Best Prac:ces + New Feature Overview for the Latest Version of Splunk Deployment Server Gen: Zaimi Professional Services #splunkconf Legal No:ces During the course of this presenta:on,
More informationSearch Language - Beginner Mitch Fleischman
Copyright 2013 Splunk Inc. Search Language - Beginner Mitch Fleischman Senior Instructor #splunkconf Legal NoDces During the course of this presentadon, we may make forward- looking statements regarding
More informationCreate Dashboards that People Love
Create Dashboards that People Love Introducing Splunk Dashboard Design Guidelines Iryna Vogler User Experience Design September 26, 2017 Washington, DC Forward-Looking Statements During the course of this
More informationUsing Splunk Enterprise To Optimize Tailored Long-term Data Retention
Using Splunk Enterprise To Optimize Tailored Long-term Data Retention Tomasz Bania Incident Response Lead, Dolby Eric Krieser Splunk Professional Services September 2017 Washington, DC Forward-Looking
More informationCopyright 2014 Splunk Inc. Taming Your Data. Mark Runals Sr Security Engineer The Ohio State University
Copyright 2014 Splunk Inc. Taming Your Data Mark Runals Sr Security Engineer The Ohio State University Disclaimer During the course of this presentafon, we may make forward- looking statements regarding
More informationData Obfuscation and Field Protection in Splunk
Data Obfuscation and Field Protection in Splunk Angelo Brancato Security Specialist Dirk Nitschke Senior Sales Engineer 28 September 2017 Washington, DC 2017 SPLUNK INC. Agenda Protect Your Machine Data
More informationTime ACer Time Comparing Time Ranges in Splunk Lisa Guinn
Copyright 2013 Splunk Inc. Time ACer Time Comparing Time Ranges in Splunk Lisa Guinn Sr Instructor, Splunk #splunkconf Legal NoGces During the course of this presentagon, we may make forward- looking statements
More informationUnderstanding Splunk AcceleraGon Technologies David Marquardt
Copyright 2013 Splunk Inc. Understanding Splunk AcceleraGon Technologies David Marquardt Senior So?ware Engineer #splunkconf Legal NoGces During the course of this presentagon, we may make forward- looking
More informationSearch Language Intermediate Lincoln Bowser
Copyright 2013 Splunk Inc. Search Language Intermediate Lincoln Bowser Sr. Technical Instructor, Splunk #splunkconf Legal NoFces During the course of this presentafon, we may make forward- looking statements
More informationMeasuring HEC Performance For Fun and Profit
Measuring HEC Performance For Fun and Profit Itay Neeman Director, Engineering, Splunk Clif Gordon Principal Software Engineer, Splunk September 2017 Washington, DC Forward-Looking Statements During the
More informationDocker and Splunk Development
Docker and Splunk Development Empowering Splunk Development with Docker Ron Cooper & David Kraemer Booz Allen Hamilton 26 September 2017 Washington, DC Forward-Looking Statements During the course of this
More informationDB Connect Is Back. and it is better than ever. Tyler Muth Denis Vergnes. September 2017 Washington, DC
DB Connect Is Back and it is better than ever Tyler Muth Denis Vergnes September 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking statements
More informationBuilding Your First Splunk App with the Splunk Web Framework
Copyright 2013 Splunk Inc. Building Your First Splunk App with the Splunk Web Framework Itay Neeman Dev Manager, Splunk Sea@le #splunkconf Legal NoMces During the course of this presentamon, we may make
More informationRunning Splunk Enterprise within Docker
Running Splunk Enterprise within Docker Michael Clayfield Partner Consultant 03/09/2017 1.1 Forward-Looking Statements During the course of this presentation, we may make forward-looking statements regarding
More informationThe Power of Data Normalization. A look at the Common Information Model
The Power of Data Normalization A look at the Common Information Model Mark Bonsack, CISSP Vladimir Skoryk, CISSP, CCFE, CHFI, CISA, CISM, RGTT Staff Sales Engineer, Splunk PS Supreme Architect, Splunk
More informationDeploying Splunk on Amazon Web Services
Copyright 2016 Splunk Inc. Deploying Splunk on Amazon Web Services Simeon Yep Strategic Alliances Nate Kwong Senior SE Bill BartleC Senior SE Disclaimer During the course of this presentajon, we may make
More informationBring Context To Your Machine Data With Hadoop, RDBMS & Splunk
Bring Context To Your Machine Data With Hadoop, RDBMS & Splunk Raanan Dagan and Rohit Pujari September 25, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More informationNext Generation Dashboards
Next Generation Dashboards Stephen Luedtke Sr. Technical Marketing Manager September 27, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking
More informationIntroducing Splunk Validated Architectures (SVA)
Introducing Splunk Validated Architectures (SVA) Optimizing Your Path To Success With Splunk Sean Delaney Principal Architect Stefan Sievert Staff Architect September 2017 Washington, DC Forward-Looking
More informationFrom Zero to PreGy Robust Fraud DetecJon Tool
Copyright 2015 Splunk Inc. From Zero to PreGy Robust Fraud DetecJon Tool Tomasz Dziedzic CTO, Linux Polska Disclaimer During the course of this presentajon, we may make forward looking statements regarding
More informationDashboard Time Selection
Dashboard Time Selection Balancing flexibility with a series of system-crushing searches Chuck Gilbert Analyst, chuck_gilbert@comcast.com September 2017 Washington, DC Forward-Looking Statements During
More informationMonitoring Docker Containers with Splunk
Monitoring Docker Containers with Splunk Marc Chéné Product Manager Sept 27, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking statements
More informationKeeping The Junk Out Of Splunk (V2.0)
Copyright 2016 Splunk Inc. Keeping The Junk Out Of Splunk (V2.0) Sandy D. Voellinger Principal Consultant, The Crypsis Group 1 Keeping the Bean Counters Happy 2 GeJng the most out of your Splunk license
More informationData Models for Developers
Copyright 2013 Splunk Inc. Data Models for Developers Alice Neels So
More informationIntegraBng Splunk Data and FuncBonality Using the Splunk SDK for Java
Copyright 2013 Splunk Inc. IntegraBng Splunk Data and FuncBonality Using the Splunk SDK for Java Damien Dallimore Developer Evangelist @ Splunk #splunkconf Legal NoBces During the course of this presentabon,
More informationFields, Indexed Tokens, And You
Fields, Indexed Tokens, And You Martin Müller Professional Services Consultant, Consist Software Solutions GmbH September 42 nd, 2017 Washington, DC Forward-Looking Statements During the course of this
More informationFFIEC Cybersecurity Assessment Tool
FFIEC Cybersecurity Assessment Tool Cybersecurity Controls & Incidence Mappings for Splunk Enterprise, Enterprise Security, User Behavior Analytics Curtis Johnson Senior Sales Engineer & Security SME September
More informationSplunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk
Splunk & AWS Gain real-time insights from your data at scale Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk Forward-Looking Statements During the course of this presentation, we may
More informationVisualizing the Health of Your Mobile App
Visualizing the Health of Your Mobile App Jay Tamboli ios Engineer, Capital One September 26, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking
More informationScaling Indexer Clustering
Scaling Indexer Clustering 5 Million Unique Buckets and Beyond Cher-Hung Chang Principal Software Engineer Tameem Anwar Software Engineer 09/26/2017 Washington, DC Forward-Looking Statements During the
More informationSplunking with Multiple Personalities
Splunking with Multiple Personalities Extending Role Based Access Control to achieve fine grain security of your data Sabrina Lea Senior Sales Engineer, Splunk Shaun C Splunk Customer September 2017 Forward-Looking
More informationSearch Head Clustering Basics To Best Practices
Search Head Clustering Basics To Best Practices Bharath Aleti Product Manager, Splunk Manu Jose Sr. Software Engineer, Splunk September 2017 Washington, DC Forward-Looking Statements During the course
More informationSplunk N Box. Splunk Multi-Site Clusters In 20 Minutes or Less! Mohamad Hassan Sales Engineer. 9/25/2017 Washington, DC
Splunk N Box Splunk Multi-Site Clusters In 20 Minutes or Less! Mohamad Hassan Sales Engineer 9/25/2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking
More informationMetrics Analysis with the Splunk Platform
Metrics Analysis with the Splunk Platform How to work with metrics for Monitoring, Alerting, and ad-hoc analysis at scale Michael Porath Product Management, Splunk Allan Yan Principal Software Engineer,
More informationBest Practices and Better Practices for Users
Best Practices and Better Practices for Users while you get settled Latest Slides: https://splunk.box.com/v/blueprints-practices-user Collaborate: #bestpractices Sign Up @ http://splk.it/slack Load Feedback
More informationIndexer Clustering Fixups
Indexer Clustering Fixups Cluster recovery process Da Xu Engineering Splunk Forward-Looking Statements During the course of this presentation, we may make forward-looking statements regarding future events
More informationCentrify for Splunk Integration Guide
July 2018 Centrify Corporation Abstract This guide is written for Centrify Infrastructure Services customers who want to integrate Centrify events with Splunk. Legal Notice This document and the software
More informationSplunk for Ad Hoc Explora2on of Twi6er (and more) Stephen Sorkin VP Engineering, Splunk
Splunk for Ad Hoc Explora2on of Twi6er (and more) Stephen Sorkin VP Engineering, Splunk Who am I Berkeley PhD dropout. LeH to work at HP Labs. At Splunk since 2005. VP Engineering since 2010. Run the core
More informationAtlassian s Journey Into Splunk
Atlassian s Journey Into Splunk The Building Of Our Logging Pipeline On AWS Tim Clancy Engineering Manager, Observability James Mackie Infrastructure Engineer, Observability September 2017 Washington,
More informationBigtable: A Distributed Storage System for Structured Data
Bigtable: A Distributed Storage System for Structured Data Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, Robert E. Gruber ~Harshvardhan
More informationNeed for Speed: Unleashing the Power of SecOps with Adaptive Response. Malhar Shah CEO, Crest Data Systems Meera Shankar Alliance Manager, Splunk
Need for Speed: Unleashing the Power of SecOps with Adaptive Response Malhar Shah CEO, Crest Data Systems Meera Shankar Alliance Manager, Splunk September 27, 2017 Washington, DC Forward-Looking Statements
More informationIndexer Clustering Internals & Performance
Indexer Clustering Internals & Performance Da Xu Chloe Yeung September 28, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking statements
More informationBringing Sweetness to Sour Patch Tuesday
Bringing Sweetness to Sour Patch Tuesday Pacific Northwest National Laboratory Justin Brown & Arzu Gosney September 27, 2017 Washington, DC Forward-Looking Statements During the course of this presentation,
More informationDragons and Splunk Do Not Do Well In Captivity
Dragons and Splunk Do Not Do Well In Captivity Tame Splunk Dragons Before Winter Comes Kyle Prins & Keith Quebodeaux DellEMC Splunk Ninjas September 2017 Washington, DC Forward-Looking Statements During
More informationArchitecting Splunk For High Availability And Disaster Recovery
Architecting Splunk For High Availability And Disaster Recovery Sean Delaney Principal Architect, Splunk September 2017 Washington, DC Forward-Looking Statements During the course of this presentation,
More informationA Trip Through The Splunk Data Ingestion And Retrieval Pipeline
A Trip Through The Splunk Data Ingestion And Retrieval Pipeline Harold Murn Senior Systems Engineer 2017-09-27 Washington, DC Forward-Looking Statements During the course of this presentation, we may make
More informationDashboards & Visualizations: What s New
Dashboards & Visualizations: What s New Nicholas Filippi Product Management, Splunk Patrick Ogdin Product Management, Splunk September 2017 Washington, DC Welcome Patrick Ogdin Product Management, Splunk
More informationEssentials to creating your own Security Posture using Splunk Enterprise
Essentials to creating your own Security Posture using Splunk Enterprise Using Splunk to maximize the efficiency and effectiveness of the SOC / IR Richard W. McKee, MS-ISA, CISSP Principal Cyber Security
More informationModernizing InfoSec Training and IT Operations at USF
Modernizing InfoSec Training and IT Operations at USF Goodbye Tedious Tasks! A Novel Automation Framework Leveraging Splunk Tim Ip, Senior Security Engineer Nicholas Recchia, Director & Information Security
More informationExtending SPL with Custom Search Commands
Extending SPL with Custom Search Commands Jacob Leverich Director of Engineering 2017/08/11 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking
More informationDashboard Wizardry. Advanced Dashboard Interactivity. Siegfried Puchbauer Principal Software Engineer Yuxiang Kou Software Engineer
Dashboard Wizardry Advanced Dashboard Interactivity Siegfried Puchbauer Principal Software Engineer Yuxiang Kou Software Engineer September 25, 2017 Washington, DC Brought To You By Siegfried Puchbauer
More informationRSA NetWitness Logs. Cisco Adaptive Security Appliance Last Modified: Wednesday, November 8, Event Source Log Configuration Guide
RSA NetWitness Logs Event Source Log Configuration Guide Cisco Adaptive Security Appliance Last Modified: Wednesday, November 8, 2017 Event Source Product Information: Vendor: Cisco Event Source: Adaptive
More informationServiceMax Suite of Applications List of Fixed/Known Defects
of Applications List of Fixed/Known Defects Copyright 2016 ServiceMax, Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Fixed Issues For : 00054694
More informationHTTP Event Collector in Splunk 6.5 More Super Powers!
Copyright 2016 Splunk Inc. HTTP Event Collector in Splunk 6.5 More Super Powers! Itay Neeman Director of Engineering, Splunk Shakeel Mohamed SoJware Engineer, Splunk Disclaimer During the course of this
More informationMaking Sense of Web Fraud With Splunk Stream
Making Sense of Web Fraud With Splunk Stream An in-depth look at Stream use cases and customer success stories with a focus on stream:http Jim Apger Minister of Mayhem Senior Security Architect Matthew
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCopyright 2013 Splunk Inc. Hardening Splunk. Alex Eisen Chief Security Expat R&D Eng / Product Security #splunkconf
Copyright 2013 Splunk Inc. Hardening Splunk Alex Eisen Chief Security Expat R&D Eng / Product Security #splunkconf Legal NoIces During the course of this presentaion, we may make forward- looking statements
More informationLCE Splunk Client 4.6 User Manual. Last Revised: March 27, 2018
LCE Splunk Client 4.6 User Manual Last Revised: March 27, 2018 Table of Contents Getting Started with the LCE Splunk Client 3 Standards and Conventions 4 Install, Configure, and Remove 5 Download an LCE
More informationMaking the Most of the Splunk Scheduler
Making the Most of the Splunk Scheduler Paul J. Lucas Principal Software Engineer, Splunk September 25 28, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More informationSplunk & Git. Managing Splunk deployments with Git and KSCONF. Copyright 2018
Splunk & Git Managing Splunk deployments with Git and KSCONF About me: Lowell Alleman Working with Splunk since 2008 Splunk consulting since 2013 Background Software development Systems integration Linux
More informationSplunking the 2016 Presidential Election
Splunking the 2016 Presidential Election Corey Marshall Splunk4Good Director Satoshi Kawasaki Splunk4Good Ninja September 27 th, 2017 Washington, DC Forward-Looking Statements During the course of this
More informationSplunking Your z/os Mainframe Introducing Syncsort Ironstream
Copyright 2016 Splunk Inc. Splunking Your z/os Mainframe Introducing Syncsort Ironstream Ed Hallock Director of Product Management, Syncsort Inc. Disclaimer During the course of this presentation, we may
More informationTracking Logs at Zillow with Lookups & JIRA
Tracking Logs at Zillow with Lookups & JIRA Seth Thomas, Jon Wentworth September 27 Washington, DC Forward-Looking Statements During the course of this presentation, we may make forward-looking statements
More informationSplunk & Git. The joys and pitfalls of managing your Splunk deployment with Git. Copyright 2018
Splunk & Git The joys and pitfalls of managing your Splunk deployment with Git About me: Lowell Alleman Working with Splunk since 2008 Splunk consulting since 2013 Background Software development Systems
More informationSqueezing all the Juice out of Splunk Enterprise Security
Squeezing all the Juice out of Splunk Enterprise Security Marquis Montgomery, CISSP Sr. Staff Security Consultant, Splunk Jae Jung Professional Services Consultant, Splunk September 23 25, 2017 Washington,
More informationVARONIS APP FOR SPLUNK. User Guide
VARONIS APP FOR SPLUNK User Guide Publishing Information Software version Version 1.14 Document version 2 Publication date September, 2017 Copyright 2005-2017 Varonis Systems Inc. All rights reserved.
More informationSizing the Hardware and Database Required by an eg Manager
Sizing the Hardware and Database Required by an eg Manager Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document
More informationUnderstanding and Using Fields
Copyright 2015 Splunk Inc. Understanding and Using Fields Jesse Miller Product Manager, Splunk Clara Lee SoCware Engineer, Splunk Disclaimer During the course of this presentaion, we may make forward looking
More informationSETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS
White Paper SETTING UP AND RUNNING A WEB SITE ON YOUR LENOVO STORAGE DEVICE WORKING WITH WEB SERVER TOOLS CONTENTS Introduction 1 Audience 1 Terminology 1 Enabling a custom home page 1 Adding webmysqlserver
More informationSearch Optimization. Alex James. Karthik Sabhanatarajan. Principal Product Manager, Splunk. Senior Software Engineer, Splunk
Copyright 2016 Splunk Inc. Search Optimization Alex James Principal Product Manager, Splunk & Karthik Sabhanatarajan Senior Software Engineer, Splunk Session Outline Why Optimize SPL? What does optimization
More informationCisco Meeting Management
Cisco Meeting Management Cisco Meeting Management 1.1 User Guide for Administrators September 19, 2018 Cisco Systems, Inc. www.cisco.com Contents 1 Introduction 4 1.1 The software 4 2 Deployment overview
More informationIntegrating Splunk with native Windows Event Collection (WEC) and Optional 2-Stage Noise Filtering
Integrating Splunk with native Windows Collection (WEC) and Optional 2-Stage Noise Filtering Sponsored by 2017 Monterey Technology Group Inc. Made possible by Thanks to 1 Preview of Key Points Nothing
More informationTIBCO LogLogic Universal Collector Release Notes
TIBCO LogLogic Universal Collector Release Notes Software Release 2.3.0 November 2012 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO
More informationDomainTools for Splunk
DomainTools for Splunk Installation Guide version 2.0 January 2018 Solution Overview The DomainTools Technology Add-On (TA) for Splunk populates a whois index with DomainTools Whois and Risk Score data
More informationForeScout CounterACT. Configuration Guide. Version 1.2
ForeScout CounterACT Core Extensions Module: NetFlow Plugin Version 1.2 Table of Contents About NetFlow Integration... 3 How it Works... 3 Supported NetFlow Versions... 3 What to Do... 3 Requirements...
More informationSystem requirements for Qlik Sense. Qlik Sense September 2017 Copyright QlikTech International AB. All rights reserved.
System requirements for Qlik Sense Qlik Sense September 2017 Copyright 1993-2017 QlikTech International AB. All rights reserved. Copyright 1993-2017 QlikTech International AB. All rights reserved. Qlik,
More informationSystem requirements for Qlik Sense. Qlik Sense September 2018 Copyright QlikTech International AB. All rights reserved.
System requirements for Qlik Sense Qlik Sense September 2018 Copyright 1993-2018 QlikTech International AB. All rights reserved. Copyright 1993-2018 QlikTech International AB. All rights reserved. Qlik,
More informationIntel Unite Solution Intel Unite Plugin for WebEx*
Intel Unite Solution Intel Unite Plugin for WebEx* Version 1.0 Legal Notices and Disclaimers All information provided here is subject to change without notice. Contact your Intel representative to obtain
More informationSystem requirements for Qlik Sense. Qlik Sense April 2018 Copyright QlikTech International AB. All rights reserved.
System requirements for Qlik Sense Qlik Sense April 2018 Copyright 1993-2018 QlikTech International AB. All rights reserved. Copyright 1993-2018 QlikTech International AB. All rights reserved. Qlik, QlikTech,
More informationNetwork Operations Analytics
Network Operations Analytics Solution Guide Version 2.4.4 (Build 2.4.4.0.x) June 2016 Copyright 2012-2016 NetFlow Logic Corporation. All rights reserved. Patents Pending. Contents Introduction... 2 Solution
More informationSystem requirements for Qlik Sense. Qlik Sense June 2018 Copyright QlikTech International AB. All rights reserved.
System requirements for Qlik Sense Qlik Sense June 2018 Copyright 1993-2018 QlikTech International AB. All rights reserved. Copyright 1993-2018 QlikTech International AB. All rights reserved. Qlik, QlikTech,
More informationEdge Device Manager Quick Start Guide. Version R15
Edge Device Manager Quick Start Guide Version R15 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates
More informationCentrify Identity Services Platform SIEM Integration Guide
Centrify Identity Services Platform SIEM Integration Guide March 2018 Centrify Corporation Abstract This is Centrify s SIEM Integration Guide for the Centrify Identity Services Platform. Centrify Corporation
More informationNetwork Configuration Example
Network Configuration Example Configuring Private VLANs on a QFX Switch Using Extended Functionality Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000
More informationCopyright 2014 Splunk Inc. Splunk for VMware. Architecture & Design. Michael Donnelly, Sr. Sales Engineer
Copyright 2014 Splunk Inc. Splunk for VMware Architecture & Design Michael Donnelly, Sr. Sales Engineer Disclaimer During the course of this presentaeon, we may make forward looking statements regarding
More informationPrinting Solutions for Higher Education. Secure, on-premise mobile printing platform
Printing Solutions for Higher Education Secure, on-premise mobile printing platform PrinterOn Enterprise enables students and faculty to Print Simply Anywhere For more than a decade, PrinterOn has been
More informationVMware Identity Manager Connector Installation and Configuration (Legacy Mode)
VMware Identity Manager Connector Installation and Configuration (Legacy Mode) VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until
More informationSISTEMI EMBEDDED AA 2013/2014
SISTEMI EMBEDDED AA 2013/2014 System Interconnect Fabric Avalon- ST: Streaming Interface Video out: Pixel Buffer DMA component Federico BaronJ Avalon Streaming Interface Low latency, high throughput, unidirecjonal
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationDeployment Planning Guide for Cisco Security Manager 4.0
Deployment Planning Guide for Cisco Security Manager 4.0 Published: August 19, 2010 Last Updated: November 29, 2010 Introduction This document provides guidance on planning a deployment of Cisco Security
More informationHigh-performance. Enterprise Scale. Global Mobility.
WHAT S NEW NETMOTION MOBILITY 11 High-performance. Enterprise Scale. Global Mobility. Up to Twice as Fast Mobility 11 accelerates throughput and greatly enhances scalability. Enterprises can support more
More informationNetFlow Optimizer. Overview. Version (Build ) May 2017
NetFlow Optimizer Overview Version 2.4.9 (Build 2.4.9.0.3) May 2017 Copyright 2013-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents About NetFlow Optimizer...
More informationKaseya 2. User Guide. Version 1.0
Kaseya 2 Imaging & Deployment User Guide Version 1.0 August 16, 2011 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations.
More informationvcenter Server Appliance Configuration Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5
Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 You can find the most up-to-date technical documentation on the VMware Web site at: https://docs.vmware.com/ The VMware
More informationNetwrix Auditor Add-on for Privileged User Monitoring
Netwrix Auditor Add-on for Privileged User Monitoring Quick-Start Guide Version: 9.6 5/8/2018 Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationSchedules Can t Do That in Revit 2017
Schedules Can t Do That in Revit 2017 Michael Massey Senior AEC Application Consultant @mgmassey01 Join the conversation #AU2016 Presenting Today.. Mike Massey Senior AEC Application Specialist 25+ Years
More information