splunk what's new - nov 2014
DESCRIPTION
Learn what Splunk has been up to in the past couple of months, including a recap of the .conf14 User Conference, and what's new in Splunk 6.2.TRANSCRIPT
Copyright © 2014 Splunk Inc.
.conf14 / What’s New
Hal Rottenberg
Agenda
Splunk News
.conf14 Recap
Splunk Enterprise 6.2 – What’s New?
Demos
2
Splunk News
What Have We Been Up To?
Splunk 6.2 Released
MINT Express launched & MINT Enterprise announced
Amazon AWS– New app for CloudTrail– Beta app for AWS Config service– Hunk-as-a-service integration with EMR
Partnerships & Integrations– IoT – Kepware– Service Now– SFDC
4
.conf14 Recap
conf.splunk.com
6
.conf14 – Top 5 Sessions
Security Ninjutsu – Using Splunk for Advanced Correlation, Anomaly Detection and Response Automation
Deep Dive Into Search Head Clustering
Curating User Experience: Dashboarding Tips and Tricks
Latest Version of Splunk Enterprise: New Feature Overview
Detecting Fraud and Suspicious Events Using Risk Scoring
7
.conf14 – Next 5
Splunk Monitoring Console - New Native Tools for Monitoring Your Splunk Deployment
Using Selenium and Splunk for Transaction Monitoring Insight
Dashboard Fun - Creating an Interactive Transaction Profiler
Getting Deeper Insights Into Your Virtualization and Storage With Splunk
Splunk Search Optimization
8
Copyright © 2014 Splunk Inc.
What Did You Learn?
9
Splunk Enterprise 6.2 – What’s New?
Copyright © 2014 Splunk Inc.
Introducing Splunk Enterprise 6.2
11
Getting Data In
Advanced Field Extractor
Instant Pivot
Event Pattern Detection
Prebuilt Panels
Search Head Clustering
Distributed Management Console
PowerfulAnalytics for Broader
Number of Users
Faster Data Onboarding
Breakthrough Scalability and
Centralized Mgmt.
Copyright © 2014 Splunk Inc.
Introducing Splunk Enterprise 6.2
12
Getting Data In
Advanced Field Extractor
Instant Pivot
Event Pattern Detection
Prebuilt Panels
Search Head Clustering
Distributed Management Console
PowerfulAnalytics for Broader
Number of Users
Faster Data Onboarding
Breakthrough Scalability and
Centralized Mgmt.
Getting Data InNew interface makes it easier and faster to onboard any data
• Intuitive wizard-style interface
• Configurable inputs on forwarders
• Improved data preview
• Context-specific FAQs
13
Advanced Field ExtractorSimplified field extractor enables rapid data analysis
• Highlight-to-extract multiple fields at once
• Apply keyword search filters
• Specify required text in extractions
• View diverse and rare events
• Validate extracted values with
field stats
14
Copyright © 2014 Splunk Inc.
Introducing Splunk Enterprise 6.2
15
Getting Data In
Advanced Field Extractor
Instant Pivot
Event Pattern Detection
Prebuilt Panels
Search Head Clustering
Distributed Management Console
PowerfulAnalytics for Broader
Number of Users
Faster Data Onboarding
Breakthrough Scalability and
Centralized Mgmt.
Instant PivotPivot directly on any search to discover relationships, build reports
• From any search, simply select the Statistics tab and click on the pivot icon
• Explore and analyze data from the Pivot interface
• Quickly discover relationships in the data and build powerful reports
16
Prebuilt PanelsBuild dashboards faster using reusable building blocks
• Enhanced dashboard edit workflow– Browse or search across reports,
panels, dashboards and more– Preview before adding to
dashboard
• Personalize your dashboards• Collaborate using a library of pre-
built panels• Convert panels to inline to further
customize
17
Event Pattern DetectionAuto-discover meaningful patterns in your data with a single click
• Search data without having to
know specific terms to search on
• No need to sift through similar
events, just select “Patterns” tab
• Intuitive interface
18
Screenshot or Image suggestion
Copyright © 2014 Splunk Inc.
Introducing Splunk Enterprise 6.2
19
Getting Data In
Advanced Field Extractor
Instant Pivot
Event Pattern Detection
Prebuilt Panels
Search Head Clustering
Distributed Management Console
PowerfulAnalytics for Broader
Number of Users
Faster Data Onboarding
Breakthrough Scalability and
Centralized Mgmt.
Search Head ClusteringBreakthrough scalability improvements and storage cost savings
• Increases the number of concurrent users and searches
• Uniform user experience among pooled search heads
• No single point of failure
• Search job failure aware
• Does not require external storage such as NFS
20
Distributed Management ConsoleEasily monitor health and performance of distributed deployments
• New Dashboards– Listing of Splunk instances and roles– Distributed indexing and search views– Resource usage views– Create logical groups
• Ships with Splunk, Nothing to install
• Platform Alerts - Splunk admins can receive emails on critical conditions
21
Copyright © 2014 Splunk Inc.
Introducing Splunk Enterprise 6.2
22
Getting Data In
Advanced Field Extractor
Instant Pivot
Event Pattern Detection
Prebuilt Panels
Search Head Clustering
Distributed Management Console
PowerfulAnalytics for Broader
Number of Users
Faster Data Onboarding
Breakthrough Scalability and
Centralized Mgmt.