Splunk Discovery Day Milwaukee 9-14-17

© 2017 SPLUNK INC.
Welcome
Tom Peterson | Director of Sales, Splunk
September 14 | Milwaukee, WI

© 2017 SPLUNK INC.
100 +
Attendees
3
Sessions
Welcome to Splunk Discovery Day Milwaukee
1
Happy Hour

© 2017 SPLUNK INC.
Agenda
Splunk Discovery Day Milwaukee | September 14, 2017
Presentation Speaker
9:00 – 9:15 Welcome Tom Peterson, Director of Sales
9:15 – 12:15 Machine Data 101 Peter O’Neill, Senior Sales Engineer
12:15 – 1:30 Lunch
1:30 – 2:30
Delivering New Visibility and Analytics for
IT Operations
Mike Roman, Sales Engineer
2:30 – 2:45 Break
2:45 – 3:45
Get Back to Basics and Strengthen Your
Security Posture
Mike Walker, Sales Engineer
3:45 – 4:00 Closing Tom Peterson, Director of Sales
4:00 – 5:00 Happy Hour

© 2017 SPLUNK INC.
Take the Survey on Pony Poll
ponypoll.com/ddmilwaukee

© 2017 SPLUNK INC.
END-TO-END VISIBILTY ACROSS THE ORGANIZATION
REDUCING INVESTIGATION TIMES BY 50%
▶ 40% of the world’s
mail volume
▶ ~500,000 employees
▶ ~2000 employees in IT
▶ Data trapped in silos
▶ Lacked a holistic view
▶ Vulnerable to
operational and
security issues
▶ 239 data types
▶ 1000’s of systems
▶ ~134 billion events
indexed daily
USPS

© 2017 SPLUNK INC.
Democratizing Data: Yelp & Splunk
Streamlined processes
Visibility into uptime, response
time and MTTR
Unified view of customer experience
Optimized business operations

© 2017 SPLUNK INC.
Machine Data 101 (Hands-On)
Peter O’Neill | Senior Sales Engineer, Splunk

Machine Data 101:
Turning Data Into Insight
Peter O’Neill | Senior Sales Engineer
poneill@splunk.com
(614) 582-1585
Sept 14, 2017

© 2017 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.
Forward-Looking Statements

© 2017 SPLUNK INC.
▶ Wireless Network Setup
▶ Setting Up the Splunk Cloud Trial Instance
▶ Splunk Overview – what is Splunk?
▶ Searching – getting the basics out of the way
▶ Creating Apps – a place to store all your amazing work
▶ Fields – default, auto extracted, manual extraction, and other tools
• Field Aliases – simplify search and correlation
• Calculated Fields – shortcut complex/repetitive computations
▶ Tags – categorize and add meaning to data
▶ Event Types – group common events and share knowledge
▶ Enrichment – augment data with additional external fields using lookups
▶ Splunk’s User Interface
▶ Getting to Know Your Data
▶ Data Enrichment
▶ Level Up on Search and Reporting Commands
▶ Data Models and Pivot
▶ Custom Visualizations and the Web Framework
Agenda

© 2017 SPLUNK INC.
▶ Setup a splunk.com Account
▶ Install Splunk
▶ Setup an Instance of SplunkCloud (Optional)
▶ Upload data
▶ Install an Application
▶ Explore Data in Splunk
▶ Run a Search in Splunk
▶ Create an App
Bucket List
▶ Create a Dashboard
▶ Create a Report
▶ Learn some basic SPL
▶ Create a Manual Lookup
▶ Create and Automatic Lookup
▶ Create a Chart in Splunk
▶ Know where to go for more Splunk

© 2017 SPLUNK INC.
Workshop Setup

Wireless Network Information
SSID: CSH
Password: springs1

© 2017 SPLUNK INC.
Download Splunk or Sign Up For Splunk Cloud
www.splunk.com > Free Splunk > Splunk Enterprise or Splunk Cloud
1
2
3

© 2017 SPLUNK INC.
▶ Box > access_datasample_last4h.log
▶ Box > http_status.csv
Download Data Sample and Lookup
https://splunk.box.com/v/MD101Workshop

© 2017 SPLUNK INC.
Getting to know Splunk
And so we begin...

© 2017 SPLUNK INC.
Login to Splunk

© 2017 SPLUNK INC.
The Splunk Interface
Take some time to click
around for a few minutes...

© 2017 SPLUNK INC.
▶ Browser: http://localhost:8000
▶ Default username/password is admin/changeme
Index Data Sample
1
2

© 2017 SPLUNK INC.
Index Data Sample
3
2
1
4
5

© 2017 SPLUNK INC.
Index Data Sample
1
2

© 2017 SPLUNK INC.
Index Data Sample
1
2
You will need to refresh
the search after a few
moments for all events
to show up

© 2017 SPLUNK INC.
Optimizing Your Experience
Default User Settings

© 2017 SPLUNK INC.
Enhance Your Splunk Experience – User Settings

© 2017 SPLUNK INC.
Adjusting Your Global User Settings
Events will be displayed relative to your time zone
Context sensitive help at your fingertips
Searches are cleaned up and colorized
Line numbers are added to your searches for clarity

© 2017 SPLUNK INC.
Splunk Overview

© 2017 SPLUNK INC.
Industry Leading Platform For Machine Data
Custom
dashboards
Report and
analyze
Monitor
and alert
Developer
Platform
Ad hoc
search
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
DatabasesCall Detail
Records
Energy MetersFirewall
Intrusion
Prevention
Platform Support (Apps / API / SDKs)
Enterprise Scalability
Universal Indexing
Machine Data: Any Location, Type, Volume Answer Any Question
Any Amount, Any Location, Any Source
Schema
on-the-fly
Universal
indexing
No
back-end
RDBMS
No need
to filter
data

© 2017 SPLUNK INC.
Structured
RDBMS
SQL Search
Schema at Write Schema at Read
Traditional Splunk
Copyright © 2014 Splunk Inc.
Splunk Approach to Machine Data
34
ETL
Universal
Indexing
Volume Velocity Variety
Unstructured

© 2017 SPLUNK INC.
Ingests Data From Heterogeneous Data Sources
Agent-Less and Agent Approach for Flexibility and Optimization
Mounted File Systems
hostnamemount
syslog
TCP/UDP
Event Logs
Performance
Active
Directory
syslog hosts
and network devices
Unix, Linux and Windows hosts
Local File Monitoring
Splunk Forwarder
virtual
host
Windows
Scripted or Modular Inputs
shell scripts, API subscriptions
Mainframes*nix
Wire Data
Splunk App for Stream
DevOps, IoT,
Containers
HTTP Event Collector
shell
API
perf

© 2017 SPLUNK INC.
Structured View Into Unstructured Data
Product ID
Activity Log
Amount
Webserver ID
CPU threshold
Error event log
Event Log
Failed login
IP Addr
Table Datasets: Empower users with focused data views

© 2017 SPLUNK INC.
Enrich Raw Data to Make It More Meaningful
Create additional fields from
the raw data with a lookup
to an external data source LDAP, AD
Watch
Lists
CRM/ERP
CMDB
External Data Sources
Data goes in
Insight comes out

© 2017 SPLUNK INC.
Forwards Events to Third-Party Systems
Service Desk
Event Console
SIEM
Formatted
RAW

© 2017 SPLUNK INC.
▶ Alerts
• Create alerts based on any search
• Customize content and format of email alerts
• Trigger a script
• Custom Alert Actions
• Allows packaged integration
with third-party applications
• Enable custom workflows
• Developers can build, package
and publish alert actions
Actionable Alerting

© 2017 SPLUNK INC.
▶ Reports
• Visually represent the results
of a search
• Run on an ad hoc basis or save
the report to view later
• Share it with others on the team
or a different group
• Add reports to a new or
existing dashboard
Dynamic Reporting
Chart on any search
Choose
visualization
Save as a report

© 2017 SPLUNK INC.
Combine Reports to Create Dashboards
Use the built-in
dashboard editor
Or embed the reports into
external sites like a wiki

© 2017 SPLUNK INC.
It’s all about the data
Let’s participate in some data discovery.

© 2017 SPLUNK INC.
Sources of Data
HTTP Status Lookup Table
Access Log
access_datasample_last4h.log
http_status.csv

© 2017 SPLUNK INC.
▶ 141.146.8.66 - - [17/Nov/2016 12:17:52:155] "GET /oldlink?item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8 HTTP 1.1"
400 1271 "http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST-7&product_id=FI-FW-02" "Googlebot/2.1
( http://www.googlebot.com/bot.html) " 899
Unstructured Data - Access Log
access_datasample_last4h.log
JSESSIONID SD5SL5FF3ADFF8
_raw
141.146.8.66 - - [17/Nov/2016 12:17:52:155] "GET /oldlink?item_id=EST-
7&JSESSIONID=SD5SL5FF3ADFF8 HTTP 1.1" 400 1271
"http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST-
7&product_id=FI-FW-02" "Googlebot/2.1 ( http://www.googlebot.com/bot.html)
" 899
_time 2016-11-17T12:17:52.155-0500
action addtocart
bytes 1271
category_id
clientip 141.146.8.66
cookie
date_hour 12
date_mday 17
date_minute 17
date_month november
date_second 52
date_wday thursday
date_year 2016
date_zone local
eventtype
file oldlink
host gweaver-mbp
ident -
index main
itemId EST-7
item_id EST-7
linecount 1
method GET
other 899
product_id FI-FW-02
punct ..._-_-_[//_:::]_"_/?=-&=__."___"://../.?=&=-&=--"
referer
http://www.myflowershop.com/cart.do?action=addtocart&itemId=EST-
7&product_id=FI-FW-02
referer_domain http://www.myflowershop.com
req_time 17/Nov/2016 12:17:52:155
root
source access_datasample_last4h.log
sourcetype access_combined
splunk_server gweaver-mbp
splunk_server_group
status 400
timeendpos 42
timestartpos 18
uri /oldlink?item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8
uri_domain
uri_path /oldlink
uri_query item_id=EST-7&JSESSIONID=SD5SL5FF3ADFF8
user -
useragent Googlebot/2.1 ( http://www.googlebot.com/bot.html)
version 1.1

© 2017 SPLUNK INC.
http_status.csv
status status_description status_type
403 Forbidden Client Error
404 Not Found Client Error
405 Method Not Allowed Client Error
406 Not Acceptable Client Error
407 Proxy Authentication Required Client Error
408 Request Timeout Client Error
409 Conflict Client Error
410 Gone Client Error
411 Length Required Client Error
412 Precondition Failed Client Error
413 Request Entity Too Large Client Error
414 Request-URI Too Long Client Error
415 Unsupported Media Type Client Error
416 Requested Range Not Satisfiable Client Error
417 Expectation Failed Client Error
500 Internal Server Error Server Error
501 Not Implemented Server Error
502 Bad Gateway Server Error
503 Service Unavailable Server Error
504 Gateway Timeout Server Error
505 HTTP Version Not Supported Server Error
status status_description status_type
100 Continue Informational
101 Switching Protocols Informational
200 OK Successful
201 Created Successful
202 Accepted Successful
203 Non-Authoritative Information Successful
204 No Content Successful
205 Reset Content Successful
206 Partial Content Successful
300 Multiple Choices Redirection
301 Moved Permanently Redirection
302 Found Redirection
303 See Other Redirection
304 Not Modified Redirection
305 Use Proxy Redirection
307 Temporary Redirect Redirection
400 Bad Request Client Error
401 Unauthorized Client Error
402 Payment Required Client Error

© 2017 SPLUNK INC.
Search & Reporting
Let’s explore some data together

© 2017 SPLUNK INC.
Go to the Search & Reporting App

© 2017 SPLUNK INC.
The Default App Interface
Your Splunk Cloud instances already contain
data for today’s workshop.
How many
events were
indexed?
How old
are the
events?
Are events
still coming
in?

© 2017 SPLUNK INC.
Data Summary – Hosts
Two different hosts are sending their data into your Splunk
instance.
Data from
appserver and
fileserver hosts
Total counts of
events The last time
events were
received
Guess what this little
graphic means?

© 2017 SPLUNK INC.
Data Summary – Sources
Sources let you know the specific location or other
information about where the event originates.
Original source
location of logs
Event counts
continue to
grow.

© 2017 SPLUNK INC.
Data Summary – Sourcetypes
Sourcetypes provide categories and context, and are used to
extract fields, enrich data and so much more.
Categorize data
using sourcetypes!

© 2017 SPLUNK INC.
Searching in your app
Add a wildcard to the search bar and
hit return to see indexed events

© 2017 SPLUNK INC.
The Search Results Interface
Take some time and explore
all of the available options in
the Splunk search results
Key=“Value” fields are
automatically extracted from
raw events. We call this,
“schema on the fly”
Which fields will Splunk
automatically extract from
the events?
App Bar
Splunk Bar
Search Bar
Events Bar
Fields Sidebar
Search Action Buttons
Timeline
Search Results Tabs
Save As Menu
Time Range Picker
Search Mode Selector

© 2017 SPLUNK INC.
Exploring Fields
What values do you see
when you select the
sourcetype field?
Take some time to explore
the various field options on
the left

© 2017 SPLUNK INC.
Numeric Field Reports
Numeric
Fields
#
Select “Average over time” to generate a timechart

© 2017 SPLUNK INC.
Visualizing Data
Chart Types
Splunk Search Language (SPL)
Select Column Chart

© 2017 SPLUNK INC.
Statistical and Charting Functions
http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/CommonStatsFunctions
Add additional functions to transform results
Use, “AS” to rename the result fields
Remember , “CAPITALIZE”

© 2017 SPLUNK INC.
Formatting Visualizations
Stacked
http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/CommonStatsFunctions
Format

© 2017 SPLUNK INC.
ASCII Field Reports
ASCII
Fields
a

© 2017 SPLUNK INC.
Splunkbase.com

© 2017 SPLUNK INC.
Splunkbase.com
62
The Splunk platform imports and indexes virtually any machine data and provides
powerful search and analysis features that deliver immediate value to your
business. We also offer hundreds of apps and add-ons that can enhance and
extend the Splunk platform with ready-to-use functions ranging from optimized
data collection to monitoring security, IT management and more.

© 2017 SPLUNK INC.
Splunkbase.com – 6.x Dashboard Examples
63
The Splunk 6.x Dashboard app delivers examples that give you a hands-on way
to learn the basic concepts and tools needed to rapidly create rich dashboards
using Simple XML. This new app incorporates learn-by-doing Simple XML
examples, including extensions to Simple XML for further customization of layout,
interactivity, and visualizations.

© 2017 SPLUNK INC.
Installing Your First App

© 2017 SPLUNK INC.
Browse more apps on splunkbase.com

© 2017 SPLUNK INC.
Install Splunk 6.x Dashboard Examples

© 2017 SPLUNK INC.
Check out the App you installed

© 2017 SPLUNK INC.
Creating Your First App
Creating your MDW101 App
No Coding!

© 2017 SPLUNK INC.
Creating Your First App
• Apps are a collection of dashboards, panels and UI elements
• Powered by saved searches and packaged for specific
technologies or use cases.
• Provide useful and relevant information to many different roles.
• Help you stay organized
I am not an App
developer!!!!

© 2017 SPLUNK INC.
App Management Page
Select the “Create App” button

© 2017 SPLUNK INC.
Fill Out the App Form and Select Save
All of your saved objects are here:
$SPLUNK_HOME/etc/apps/MDW101
Apps are folders
where all of my
saved objects are
stored!

© 2017 SPLUNK INC.
Go to the Machine Data Workshop 101 App
That was
easy!

© 2017 SPLUNK INC.
The Machine Data 101 Workshop App
Why do we want you to stay within this
Machine Data 101 Workshop app today?

© 2017 SPLUNK INC.
Your First Dashboard
Pointing and Clicking

© 2017 SPLUNK INC.
Today You Will Be Building This

© 2017 SPLUNK INC.
SPL Overview
Search Processing Language

© 2017 SPLUNK INC.
SPL Overview
▶Over 140+ search commands
▶Syntax was originally based upon the Unix pipeline and SQL
and is optimized for time series data
▶The scope of SPL includes data searching, filtering,
modification, manipulation, enrichment, insertion and
deletion
77

© 2017 SPLUNK INC.
How Search Works

© 2017 SPLUNK INC.
SPL Examples

© 2017 SPLUNK INC.
Search and Filter
Examples
● Keyword search:
sourcetype=access* 200
81

© 2017 SPLUNK INC.
Search and Filter
Examples
● Keyword search:
● Filter:
sourcetype=access*
status=200
82

© 2017 SPLUNK INC.
Search and Filter
Examples
● Keyword search:
● Filter:
sourcetype=access*
status=200
● Combined:
sourcetype=access* GET
action=purchase
83

© 2017 SPLUNK INC.
Eval – Modify or Create New Fields and
ValuesExamples
● Calculation:
sourcetype=access*
85

© 2017 SPLUNK INC.
Eval – Modify or Create New Fields and
ValuesExamples
● Calculation:
sourcetype=access*
● Evaluation:
sourcetype=access*
| eval http_response =
if(status != 200, "Error", "OK")
86

© 2017 SPLUNK INC.
Eval – Just Getting Started!
Splunk Search Quick Reference Guide
87

© 2017 SPLUNK INC.
Stats, Chart, Timechart
89

© 2017 SPLUNK INC.
Stats – Calculate Statistics Based on Field
ValuesExamples
● Calculate stats
sourcetype=access*
| stats count
90

© 2017 SPLUNK INC.
Values
Examples
91
● Calculate stats
sourcetype=access*
| stats count
● Group by field
sourcetype=access*
| stats count by action

© 2017 SPLUNK INC.
Values
Examples
92
● Calculate stats and rename
sourcetype=access*
| stats count
● Group by field
sourcetype=access*
| stats count by action
● By multiple functions
sourcetype=access*
| stats avg(bytes) AS AVG_Bytes
sparkline(avg(bytes)) AS
Trend_Bytes by action

© 2017 SPLUNK INC.
Timechart – Visualize Statistics Over Time
Examples
● Visualize stats over time
sourcetype=access*
| timechart avg(bytes)
93

© 2017 SPLUNK INC.
Examples
94
sourcetype=access*
| timechart avg(bytes)
● Add a trendline
sourcetype=access*
| timechart avg(bytes) as
bytes | trendline sma5(bytes)

© 2017 SPLUNK INC.
Examples
95
sourcetype=netapp:perf
| timechart avg(read_ops)
● Add a trendline
sourcetype=access*
bytes | trendline sma5(bytes)
● Add a prediction overlay
sourcetype=access*
bytes | predict bytes

© 2017 SPLUNK INC.
Stats/Timechart – But Wait, There’s More!
Splunk Search Quick Reference Guide
96

© 2017 SPLUNK INC.
Transaction – Group Related Events
Spanning TimeExamples
● Group by session ID
sourcetype=access*
| transaction JSESSIONID
97

© 2017 SPLUNK INC.
Transaction – Group Related Events Spanning
Time
Examples
98
sourcetype=access*
● Calculate session durations
sourcetype=access*
| stats min(duration) max(duration)
avg(duration)

© 2017 SPLUNK INC.
Stats – Group Related Events Spanning Time
Examples
99
sourcetype=access*
● Calculate session durations
sourcetype=access*
avg(duration)
● Stats command
sourcetype=access*
| stats min(_time) AS earliest
max(_time)
AS latest by JSESSIONID
| eval duration=latest-earliest
avg(duration)

© 2017 SPLUNK INC.
Splunkbase.com – 6.x Dashboard Examples
100
This app incorporates learn-by-doing Simple XML examples, including extensions
to Simple XML for further customization of layout, interactivity, and visualizations.

© 2017 SPLUNK INC.
Data Enrichment

© 2017 SPLUNK INC.
▶ Add meaning/context/specificity to raw data
▶ Labels describing team, category, platform, geography
▶ Applied to field-value combination
▶ Multiple tags can be applied for each field-value
▶ Case sensitive
Tags

© 2017 SPLUNK INC.
Create TagsSHOW

© 2017 SPLUNK INC.
Search events with tag in any field
Search events with tag in a specific field
Search events with tag using wildcards
Find the Web Servers
▶ Tags in Action
tag=webserver
tag::host=webserver
tag=web*
Tag the host
as webserver
Tag the sourcetype
as web
1
2
3
4
5
SHOW
Back to
Slides

© 2017 SPLUNK INC.
▶ Normalize field labels to simplify search and correlation
▶ Apply multiple aliases to a single field
• Example: Username | cs_username | User à user
• Example: c_ip | client | client_ip à clientip
▶ Processed after field extractions + before lookups
▶ Can apply to lookups
▶ Aliases appear alongside original fields
Field Aliases

© 2017 SPLUNK INC.
Re-Label Field to Intuitive Name
Create Field Alias
SHOW
1
2
3

© 2017 SPLUNK INC.
Create field alias of clientip = customer
Search events in last 15 minutes, find
customer field
Field alias (customer) and original field
(clientip) are both displayed
Search using an Intuitive Field Name
Field Alias in Action
sourcetype=access_combined
SHOW
1
2
3

© 2017 SPLUNK INC.
▶ Shortcut for performing
repetitive/long/complex
transformations using eval
command
▶ Based on extracted or discovered
fields only
▶ Do not apply to lookup or
generated fields
Calculated Fields
1
2
3
3

© 2017 SPLUNK INC.
Compute Kilobytes from Bytes
Create Calculated Field
SHOW
1
2
3

© 2017 SPLUNK INC.
▶ Augment raw events with additional fields
• Provide context or supporting details
▶ Translate field values to more descriptive data
• Example: add text descriptions for error codes, IDs
• Example: add contact details to user names or IDs
• Example: add descriptions to HTTP status codes
▶ File-based or scripted lookups
Lookups

© 2017 SPLUNK INC.
Lookups to Enrich Raw Data
CRM/
ERP
External Data Sources
Data goes in
Create additional fields
from the raw data with
a lookup to an external
data source
Insight comes out
Watch
Lists
LDAP
AD
CMDB

© 2017 SPLUNK INC.
Convert a Code into a Description
Upload a Lookup Table file
1. Upload/create table

© 2017 SPLUNK INC.
Get the lookup from the Splunk Wiki (save to .csv file)
http://wiki.splunk.com/Http_status.csv
Lookup table files > Add new
• Name: http_status.csv
• Detination filename: http_status.csv
Verify lookup was created successfully
1. Create HTTP Status Table
1
2
3
| inputlookup http_status.csv

© 2017 SPLUNK INC.
Output from manual lookup

© 2017 SPLUNK INC.
Create a Lookup Definition
2. Assign table to lookup object

© 2017 SPLUNK INC.
Lookup definitions > Add new
• Name: http_status
• Type: File-based
• Lookup file: http_status.csv
Invoke the lookup manually
2. Add Lookup Definition
sourcetype=access_combined | lookup http_status
status OUTPUT status_description
1
2

© 2017 SPLUNK INC.
Create an Automatic lookup
3. Map lookup to data set

© 2017 SPLUNK INC.
Automatic lookups > Add new
• Name: http_status (cannot have spaces)
• Lookup table: http_status
• Apply to: sourcetype = access_combined
• Lookup input field: status
• Lookup output field: status_description
Verify lookup is invoked automatically
3. Configure Automatic Lookup
1
2

© 2017 SPLUNK INC.
Configure Automatic Lookup

© 2017 SPLUNK INC.
The Splunk Community
Creating your MDW101 App

© 2017 SPLUNK INC.
Answers
• Answers
• User Groups
• Splunkbase
• Blogs
• Developers
• Documentation
• Education
• SplunkLive!
• .conf2017
• Schwag Store
• SplunkTrust

© 2017 SPLUNK INC.
Free Splunk Fundamentals 1 Course

Thank You

© 2017 SPLUNK INC.
Delivering New Visibility and Analytics for
IT Operations (Hands-On)
Mike Roman | Sales Engineer, Splunk

© 2017 SPLUNK INC.
Delivering New Visibility and Analytics for IT Operations
Mike Roman | Sales Engineer
SEPTEMBER 14TH, 2017 | MILWAUKEE, WI

© 2017 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward-looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.
Forward-Looking Statements

© 2017 SPLUNK INC.
What will we be
covering today?
Agenda
1. Introduction to Splunk!
2. Real Use Cases with Hands-On Exercises
• Troubleshooting Website Errors
• Infrastructure Problems
• Mobile App Issues
• Using Data from Other Tools
3. Wrap-Up

© 2017 SPLUNK INC.
Escalating IT Complexity…
SaaS/PaaS
IaaS
VIRTUALIZATION
STORAGE
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
HR
Email
Finance
App Svr
DB
Web Svr
INFRASTRUCTURE
APPLICATIONS
VPN
IP Phone
Identify
SERVERS NETWORKING

© 2017 SPLUNK INC.
Escalating IT Complexity…
SaaS/PaaS
IaaS
VIRTUALIZATION
STORAGE
PACKAGED
APPLICATIONS
CUSTOM
APPLICATIONS
HR
Email
Finance
App Svr
DB
Web Svr
INFRASTRUCTURE
APPLICATIONS
VPN
IP Phone
Identify
SERVERS NETWORKING
Complex, silo-based technologies
Disconnected and outdated point solutions
Reactive brute-force problem resolution
Over 80% of time on maintaining, not innovating

© 2017 SPLUNK INC.
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
Records
Intrusion
Prevention
Industry-Leading Platform for Machine Data
Any Machine Data Operational Intelligence
Search and
Investigation
Proactive
Monitoring
Operational
Visibility
Real-Time
Business
Insights
Enterprise
Scalability

© 2017 SPLUNK INC.
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
Records
Intrusion
Prevention
Industry-Leading Platform for Machine Data
Any Machine Data Operational Intelligence
Search and
Investigation
Proactive
Monitoring
Operational
Visibility
Real-Time
Business
Insights
Enterprise
Scalability
Any amount, any location, any source
Schema
on-the-fly
Universal
indexing
No
backend
RDBMS
No need
to filter
data

© 2017 SPLUNK INC.
The Focus
APPLICATION
DELIVERY
SECURITY,
COMPLIANCE
AND FRAUD
BUSINESS
ANALYTICS
INTERNET OF THINGS
AND INDUSTRIAL
DATA
Developer Platform (REST API, SDKs)
IT
OPERATIONS

© 2017 SPLUNK INC.
Turning Machine Data Into Operational Intelligence
Search
and
Investigate
Proactive
Monitoring
and Alerting
Operational
Visibility
Real-Time
Business
Insight
Reactive
Proactive

© 2017 SPLUNK INC.
Index and Analyze Data Across Your Technology Stack
Splunk Add-Ons, Templates and Apps Accelerate Value From Machine Data
No rigid schemas–add in data from any other source.
App Performance
Monitoring
API
SDKs UI
Server, Storage,
Network
Server Virtualization Operating Systems
Custom
Applications
Business
Applications
Cloud Services
Ticketing / Other
Mobile Applications
Web IntelligenceStream

© 2017 SPLUNK INC.
Splunk Quick Starts
A quick and easy way to deploy Splunk Enterprise starting at $30K
+ + + =
Splunk Apps
+ Add-Ons
Expert
Guidance
Education Credits +
.conf Passes
Splunk Quick Start
Infrastructure Monitoring
Application
Management
Splunk License
More information: splunk.com/bundles

© 2017 SPLUNK INC.
Let’s Get Hands-On
▶ Cloud Instances
• https://od-troubleshooting-milwaukeediscoveryday-XX.splunkoxygen.com/
• Jan = 01
• Feb= 02
• March= 03
• Etc…
▶ Log in
• Credentials: user01 / changeme01

© 2017 SPLUNK INC.
▶ Click IT Operations
to get started using Splunk!
Welcome to Splunk

© 2017 SPLUNK INC.
Dashboards

© 2017 SPLUNK INC.
▶ Users are reporting 503 status codes
Our job: find the root cause!
Website Errors
Errors on the website!

© 2017 SPLUNK INC.
▶ At the top of the screen:
• click on Troubleshooting Examples
• then click on IT Troubleshooting
Basics 1 – Web Site Errors
Our Dashboard

© 2017 SPLUNK INC.
▶ Scroll to the Line by Line section,
▶ then click on Load search to this
point to load the search results in a
new tab.
Our Search

© 2017 SPLUNK INC.
Raw Events

© 2017 SPLUNK INC.
▶ Scroll to the Line by Line section
again, then click on Load search to
this point for the second search to
load the results in a new tab.
Analyzing the Data

© 2017 SPLUNK INC.
Search Results
Note: your search results may look different than the screen shot

© 2017 SPLUNK INC.
Wrapping Up on Web Errors
Scroll up to the Next Steps
section and click the link to
search.
We’ve found our problem server… Now what?
Note: your search results may look different than the screen shot

© 2017 SPLUNK INC.
Next Steps
We’ll be taking a shortcut:
click on Troubleshooting Examples, then
click IT Troubleshooting Basics 2 – Server Issues

© 2017 SPLUNK INC.
An Infrastructure Problem

© 2017 SPLUNK INC.
▶ Which fields might help us
find the problem?
Raw Events

© 2017 SPLUNK INC.
Analyzing the Data

© 2017 SPLUNK INC.
Visualizations

© 2017 SPLUNK INC.
▶ Click on Troubleshooting Examples,
then click IT Troubleshooting Basics
3 – Mobile App Errors
Mobile App Issues

© 2017 SPLUNK INC.
Mobile App Problems

© 2017 SPLUNK INC.
Mobile App Issue Wrap Up

© 2017 SPLUNK INC.
▶ Click on Troubleshooting
Examples, then click IT
Troubleshooting Basics 4 –
Using APM Data
Using Data from Other Tools

© 2017 SPLUNK INC.
▶ The Nightmare Scenario: Your boss asks you to send him a dashboard of the
website health at 9AM next Saturday…. What do you do?
Tying it all together
What have we learned so far?
Demo

© 2017 SPLUNK INC.
Kris Wehner, vice president of engineering, Yelp Reservations
“I don’t believe there is any other product on the
market that is able to quickly bring together
diverse data sets, offer a powerful language to
engineers for data analysis and then ultimately
deliver beautiful, visual, actionable reports to
the business users.”

© 2017 SPLUNK INC.
Mark Cook, Director of Enterprise Application Support, Academy Sports and Outdoors
“Notify the business of the
problem before they tell us.”
Academy Moves From Reactive to Proactive
Fast time-to-value at Academy Sports + Outdoors

© 2017 SPLUNK INC.
Download Splunk Enterprise or try Splunk Cloud for free:
www.splunk.com/download
Now What?
You’ve tried it with our data, now try it with your own

© 2017 SPLUNK INC.
What did we learn?
Wrapping Up
1. Splunk for Infrastructure Monitoring and
Application Management
2. Using Splunk for Troubleshooting and Monitoring
• Troubleshooting Website Errors
• Infrastructure Problems
• Mobile App Issues
• Using Data from Other Tools
3. How Customers Use Splunk and Next Steps

THANK YOU

© 2017 SPLUNK INC.
Get Back to Basics and Strengthen
Your Security Posture
Mike Walker | Sales Engineer
SEPTEMBER 14, 2017 | MILWAUKEE, WI

© 2017 SPLUNK INC.
1. Common Security Challenges
2. Methods to Strengthen Security Posture
3. How Splunk Can Help
What Can You
Expect From
This Session?

© 2017 SPLUNK INC.
▶ Security tools only deliver “alerts,” not “insights”
• Difficult to determine root cause → what’s the real issue
• Same issues keep surfacing despite config / policy changes
▶ Security process is not optimized to “improve posture”
• Not designed to provide big picture view of what’s really happening
• Process is complex, based on isolated views / tools
▶ Skilled people are performing mundane tasks
• Alert overload distracts from priority issues
• Reinventing wheel over and over again
▶ Unclear how to scale across heterogeneous environment
• Prem, cloud, MSSP, global
• New business reqs, technologies, changes in architecture
Security is Still a Reactive Game
Tools
Process
People
Scale

© 2017 SPLUNK INC.
What Tools Do You Have Today?
Problem Solution
Protect Endpoint Antiviruses: Symantec, McAfee
Protect Network: Unauthorized Traffic Firewalls/Web Filter: Palo Alto, Cisco
Control User Access Authentication/2-Factor: AD, RSA, Badges
Network Attacks, Stolen Information, Phishing IDS/IPS: Cisco, Palo Alto Email Filter: Cisco, Proofpoint
Unpatched Systems, Versions With Bugs Scanners/Patching: Nessus, SCCM
Threat IntelligenceIndicators of Malicious Activity

© 2017 SPLUNK INC.
Understanding Your Endpoints
Processes, File Info / Access, User Activity
Endpoints
End Point System:
Windows Sysmon,
Network, File Info
Endpoint Security:
Virus, Malware, Spyware,
Whitelisting, Behaviors
What You Discover
▶ Frequency of application executions, unique applications
▶ Non-corporate approved applications
▶ Known malicious executables
Benefit
▶ Visibility into application executions
▶ Understanding of unknown applications – whom and
where and frequency

© 2017 SPLUNK INC.
Solution Demo for Each Domain
Threat IntelligenceNetworkEndpoint
Custom
APP
Platform for Operational Intelligence
Access/Identity

Splunk
Demo

© 2017 SPLUNK INC.
Access and Identity
Who, Why and Credential Abuse
Access/Identity
Windows Security Events:
Active Directory and
Authentication Logs
What You Discover
▶ Credentials used in multiple locations, or shared by users
▶ Admin credential abuse
▶ Login frequencies, users moving around quickly
▶ Users failing authentications trying to discover
internal/external resources
Benefit
▶ Uncover unusual login patterns
▶ Track user behavior

© 2017 SPLUNK INC.
Network Activity
Detecting Exfiltration and Unusual Communication
What You Discover
▶ Who talked to whom, traffic volumes (in/out)
▶ Malware download/delivery, C2, exfiltration
▶ Horizontal and vertical movement
Benefit
▶ Determine how threats got in
▶ Systems and endpoints communicating internally
▶ Detect intellectual property theft, insiders
Network
Network Access:
ForeScout
Firewall:
Cisco, Palo Alto
Network:
DNS – Splunk Stream, DNS
Server

© 2017 SPLUNK INC.
Threat Intelligence
Known and Early Warning Indicators
What You Discover
▶ High risk behaviors and patterns
▶ Undetected / unblocked malware and command & control activities
▶ Known indicators of compromise
Benefit
▶ Early warning of malicious activity
▶ Detect indication of C2 channels
▶ Confirm whether traffic going to compromised or watch-listed sites
▶ Compromised systems communicating with each other
▶ Compromised endpoints
Threat Intelligence
Threat Feeds: Public, Free,
Private, Paid or Custom –
ThreatConnect, Anomali
Firewall: Cisco, Palo Alto
Neworks

© 2017 SPLUNK INC.
Alert
Indicator
Data
Possibilities:
▶ Data Breach
▶ Infection(s)
▶ Account Take Over
▶ Application Fault
▶ Misconfiguration
▶ Missing patch
▶ User Error
▶ Other (Ignore)
Security Technologies Are Designed to Detect
Bad/Suspicious Activity
Endpoint
Network
Threat
Intelligence
Access/Identity

© 2017 SPLUNK INC.
▶ Helps anyone handling alerts
▶ Gain control of posture
• Old way – “escalate or ignore”
• New way – find out what is actually going on
Importance of an Investigative Mindset
“Investigate” – gather data, analyze, pinpoint digital evidence
If each alert takes 10 min to investigate...
If you reduce to 5 min
If you handle 100 alerts a month
(5 alerts a day, 20 days in month)
100x10 = 1,000 min/60 = 16 hours
100x5 = 500 min/60 = 8 hours
You get a day back (8 hours)
* assumes 14 – 28 cases in a shift

© 2017 SPLUNK INC.
Developing an Investigative Mindset
What
happened?
Who was
involved?
When did it
start?
Where was
it seen?
How did it
get in?
How do I
contain it?
ALERT
What specific
questions
do I want
answered?
Where do I look?What is the logic /
methodology to
apply?
What’s an
example?

© 2017 SPLUNK INC.
The Investigation – Analytics Cycle
https://www.splunk.com/blog/2016/01/19/rapid-response-and-discovery-rrd-stop-chasing-alerts-and-start-raising-the-cost-for-the-adversary.html
What
happened?
Who was
involved?
Where did
it start?
How did it
get in?
Did an
infection
spread?
What
actions
should I
take?
What’s the normal device
function?
What are key activities associated
with the alert?
Are these activities normal or
abnormal?
Is the system actually
compromised?
When did a compromise occur?
What is the compromised system /
device?
Who is the system owner?
What accounts / users are associated
with that system?
What login activity happened around
the time of the alert?
Where is the system located?
What other devices are
associated with those users?
Is there a logical relationship to
other activities and systems?
Timeline of activities leading up
to and during the alert?
Has there been similar activity,
either in terms of time or other
logical relationship?
Have there been other alerts?
Is there a logical connection to
other activity, Ips, hosts,
malware, other alerts?
Has the attack progressed beyond
system infection?
What else has happened on that
system?
Are there logical connections to
other systems being modified?
Is there a logical connection to
other IPs, hosts, malware, other
alerts?
Is there any indication the
attacker has gained access to
the environment?
Is there any indication that the
attacker has found a way to get
data out?
Is there policy change that can
immediately isolate issue?
Is further investigation needed?
Alert à
Questions
You Need
Answered
Logic/
Method
Determine IP to asset to
identity mapping
Get alert, perform reference
to authentication log, look
up asset
Example
Jane Doe
IP = 10.10.200.20
Workstation running Win10
Data
Identity system
DNS log
Authentication logs
Asset repository
Integrate your asset system
Resolve the location via
reverse geo IP lookup
Search across all data to
match indicators with other
system events
Index logs and search for
matches against alert criteria
Endpoint logs
Authentication logs
Network logs
Threat intelligence
Verify malware detected alert on
host against known file hash
Identify unscheduled configuration
changes
Identify whether malware has
spread via statistical analysis
Identify any C&C
Identify lateral movement
Integrate asset system with high
business priority
Threat intelligence subscriptions
Network / FW / proxy
DNS
Wire data
Endpoint
Firewall
DHCP
Web proxy
Mail proxy
Wire data
Index event logs and trace
network hops to determine initial
entry
Mapped network diagram shows
vector in via mail proxy, user in
finance victim of spear phishing
Network devices
Firewall
Web proxy
Mail proxy
DNS
Authentication
VPN
Ransomware infection
spread goes undetected by
signature-based tools
Beaconing to known bad IP in
remote geo – add to dynamic
address group on FW

© 2017 SPLUNK INC.
Investigative Mindset – Questions to Ask
Why did an alert
trigger?
Has a system
actually been
compromised?
Question Logic Example Data
Search for events
that match alert
criteria and similar
events leading up to
the alert
Endpoint logs
Authentication logs
Network logs
Threat intelligence
Find all failed
authentication
attempts by a
user
What
happened?
Who was
involved?
When did it
start?
Where was
it seen?
How did it
get in?
How do I
contain it?
ALERT

© 2017 SPLUNK INC.
What
happened?
Who was
involved?
When did it
start?
ALERT
What accounts /
users are
associated with that
system?
Determine event
to identity
mapping
Identity system
Authentication logs
John’s account
attempted to access
a system it has never
logged into before
Where was
it seen?
How did it
get in?
How do I
contain it?

© 2017 SPLUNK INC.
What
happened?
Who was
involved?
When did it
start?
ALERT
What does the
timeline of activities
leading up to and
during the alert
look like?
Histogram and
timeline
All available dataWiden search to look
over a wider set of
historical data
Where was
it seen?
How did it
get in?
How do I
contain it?

© 2017 SPLUNK INC.
What
happened?
Who was
involved?
When did it
start?
ALERT
What devices /
assets are
associated with the
alert?
Determine event
to asset mapping
Endpoint
Network devices
CMDB/asset
IP 10.1.12.12 has the
hostname of DC-
Seltzer, is a Windows
10 workstation and
has 2 critical
vulnerabilities
Where was
it seen?
How did it
get in?
How do I
contain it?

© 2017 SPLUNK INC.
What
happened?
Who was
involved?
When did it
start?
ALERT
Is there a logical
connection to other
activity, IPs, hosts,
malware, or other
alerts?
Search network and
host event logs to
determine initial
entry
Endpoint
Network devices
Web proxy
Mail proxy
DNS
Authentication
USB key opened
an infected
ransomware file,
user email
indicates victim of
spear phishing
Where was
it seen?
How did it
get in?
How do I
contain it?

© 2017 SPLUNK INC.
What
happened?
Who was
involved?
When did it
start?
ALERT
Has the attack
progressed beyond
system infection?
Identify whether
malware has
spread
Threat intelligence
Endpoint
Firewall
Web proxy
Mail proxy
Wire data
Observe indicators
on other hosts or
on the network
Where was
it seen?
How did it
get in?
How do I
contain it?

© 2017 SPLUNK INC.
Try It Yourself
▶ What happened (verify alert)
• Login
• Exercise 2 – Assessment
▶ Where was it seen (did an infection spread)
• Endpoint
• Exercise 1 – Infection: Statistical Analysis
▶ How do I contain it (actions to take)
• Network
• Exercise 1 -- C&C activity detection

© 2017 SPLUNK INC.
It Takes a Village to Verify (But Doesn’t Have To)
What
happened?
Who was
involved?
When did it
start?
Where was
it seen?
How did it
get in?
How do I
contain it?
ALERT

© 2017 SPLUNK INC.
Single Source of Truth
What
happened?
Who was
involved?
When did it
start?
Where was
it seen?
How did it
get in?
How do I
contain it?
Endpoint
Network
Threat
Intelligence
Access/Identity

© 2017 SPLUNK INC.
Search and
Investigate
Start Basic.
Other Security-Relevant Data
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
Records
Energy Meters
Firewall
Intrusion
Prevention
Dashboards
and Reports
Analytics and
Virtualization
Threat
Intelligence
Threat
Intelligence
Network
Endpoint
Access/Identity
Add More Data for More Insights

© 2017 SPLUNK INC.
Getting updates?
Controls in place?
Patching level?
Privileged users?
Example: Need Quick, Cheap Way to Reduce Risk
Endpoint
Network
Threat
Intelligence
Access/Identity

© 2017 SPLUNK INC.
▶ Generated by consensus from experts in federal government and private
industry
▶ Can reduce the risk of currently-known high priority attacks
▶ Common security requirements on easy to understand and implement format
▶ Reasonably comprehensive and address the most important areas of concern
Critical Controls for Readiness
SOURCE: Center for Internet Security
https://www.cisecurity.org/critical-controls.cfm

© 2017 SPLUNK INC.
Answer: Start With Top 5 CIS Controls
Organizations that apply just the first five CIS Controls can reduce their risk of cyberattack by around 85 percent.
Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.
SOURCE: Center for Internet Security
https://www.cisecurity.org/critical-controls.cfm

© 2017 SPLUNK INC.
CIS Critical Security Controls
https://splunkbase.splunk.com/app/3064/#/overview
https://www.splunk.com/goto/Top20CSC

© 2017 SPLUNK INC.
1. Centralize Analysis of Key Activities
2. Use an Investigative Mindset
3. Operationalize Security Processes
Strengthen
Your Security
Posture

© 2017 SPLUNK INC.
Search and
Investigate
Analytics-Driven Security
Index Untapped Data:
Any Source, Type, Volume
On-Premises
Private Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
Records
Energy Meters
Firewall
Intrusion
Prevention
Splunk
Enterprise Security
500+
Security Apps
Splunk User
Behavior Analytics
Monitoring,
Correlations,
Alerts
Dashboards
and Reports
Analytics and
Virtualization
Adaptive
Response
Employee
Info
Asset and
CMDB
Threat
Intelligence
Applications Data Stores
External Lookups

© 2017 SPLUNK INC.
Analytics-Driven Security Platform and Apps
Splunk
Enterprise Security
500+
Security Apps
Splunk User
Behavior Analytics

© 2017 SPLUNK INC.
Analytics- Driven Detection
Behavior Baselining
& Modelling
Unsupervised
Machine Learning
Threat & Anomaly
Detection
Splunk
Enterprise Security
500+
Security Apps
Splunk User
Behavior Analytics

© 2017 SPLUNK INC.
Splunk Security Solutions
MORE
…
SECURITY AND
COMPLIANCE
REPORTING
REAL-TIME
MONITORING OF
KNOWN THREATS
INCIDENT
INVESTIGATIONS
AND FORENSICS
FRAUD
DETECTION
DETECT
UNKNOWN
THREATS
INSIDER
THREAT
Splunk
Enterprise Security
500+
Security Apps
Splunk User
Behavior Analytics

© 2017 SPLUNK INC.
Splunk Quick Starts for Security Investigation
Endpoint Quick Start Apps / Add-Ons Infrastructure Quick Start Apps / Add-Ons

© 2017 SPLUNK INC.
Q&A
Thank you
Join:
Our Community with
Apps, Ask Questions or
join a SplunkLive! event
https://www.splunk.com/en_us/community.html
Try:
Splunk Security Online
Experience (No Download)
https://www.splunk.com/en_us/solutions/solution-
areas/security-and-fraud/security-
investigation/getting-started.html
Explore:
Download the CIS Critical
Security Controls App
https://splunkbase.splunk.com/app/3064/

© 2017 SPLUNK INC.
REGISTER NOW
conf.splunk.com
September 25-28, 2017
Walter E. Washington Convention Center | Washington, D.C.
— 6,000 IT and Business Professionals
— 200+ Technical Sessions and Hands-On Labs
— Search Party!
GET CERTIFIED with Splunk University
— Three days: Sept 23-25, 2017
— Get Splunk Certified for FREE!
— Get CPE credits for CISSP, CAP, SSCP

THANK YOU!

© 2017 SPLUNK INC.
Get Quick Started Today!
Splunk Quick Start
+ + + =
Splunk Apps
+ Add-Ons
Expert
Guidance
Free Edu +
.conf Passes
Splunk Quick Start
Infrastructure
Monitoring
Application
Management
Service
Intelligence
SIEM
Visit www.Splunk.com/Bundles

Splunk Discovery Day Milwaukee 9-14-17

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (6)

Ähnlich wie Splunk Discovery Day Milwaukee 9-14-17

Ähnlich wie Splunk Discovery Day Milwaukee 9-14-17 (20)

Mehr von Splunk

Mehr von Splunk (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Splunk Discovery Day Milwaukee 9-14-17