Exciting News from Splunk .conf 2015
by Taylor Williams, on Sep 30, 2015 2:57:14 PM
As a Splunk Elite Partner and Authorized Training Center, GTRI once again sent a large contingent to Splunk .conf 2015, held September 21-25 in Las Vegas. Splunk .conf is an unmatched event in the industry for Splunk users and partners alike to learn about the great new features and add-ons Splunk is offering in the coming year, as well as network with countless others and learn of the vast use cases that companies and individuals accomplish with Splunk.
Each year, it seems that the depth and breadth of use cases seems to increase drastically from the previous year, and Splunk .conf 2015 was no exception to that rule! During the first night, all attendees are invited to participate in the large vendor showcase in which participating organizations demonstrate their products or various applications and use cases that help set Splunk apart from the rest of other solutions in the industry. This year, attendees saw everything from tracking race car metrics on the track, to monitoring a golfer’s swing and hits by “Splunking” a golf simulator. As always, the collection of use cases was more than enough to capture our attention and have us ogling for hours.
To me, though, the greatest part and biggest benefit to attending .conf this year was to learn of the massive improvements made to core Splunk, as well as new applications to be released to Splunk’s customers early in 2016. As with every Splunk .conf, a new version of the core Splunk software was announced and demonstrated both through the keynote speech, as well as through various technical and sales breakout sessions during the week. For those of you keeping score, the new release puts Splunk at version 6.3, and where it really shines is “under the hood.”
While 6.2’s release last year led mostly to massive improvements in the appearance and flow of the user interface, 6.3 is focused on efficiencies and the speed of returning crucial results to users. To the typical user, the interface remains exactly the same, which means no new training needed for this one (good news indeed!). However what users may notice is a drastic improvement in the speed of search results returned to them. Splunk made some drastic and fantastic changes in the underlying methodologies of their “Search Head” function, allowing the software to run more efficiently in both core searches and through applications. All-in-all, every user of Splunk for their day-to-day operations should and will be thoroughly pleased with the underlying improvements introduced in Splunk 6.3.
The next major introduction this year is technically a two-fold addition to the Splunk portfolio. The first piece of this deals with Splunk’s recent acquisition of a small company called Caspida. Many of us had heard of this company before, and now certainly more of us are aware of them since this acquisition. What Caspida brings to the Splunk table is what they call User Behavior Analytics, or UBA. The underlying statistics and predictive analytics that Caspida developed clearly caught the eye of Splunk, and they noticed one major application that could benefit greatly from the introduction of the Caspida engine. What’s that app you might ask? Take one guess…the Splunk App for Enterprise Security.
This introduces the second piece of this overall two-fold addition—the introduction of Enterprise Security 4.0 that incorporates the UBA to further broaden the immensely powerful capabilities that Splunk’s top tiered SIEM already offers. As a math and statistics guy myself, I’m eager to see what the UBA’s underlying algorithms entail. While Splunk’s Extreme Search and predictive analytics already existing in Enterprise Security are absolutely great, they have always seemed to me to be lacking in some sense. This Caspida acquisition may just be the cherry on top in creating a truly predictive analytics engine that sends Enterprise Security to that “sky-high” level!
The last major introduction at .conf this year is certainly not the least significant of those mentioned here, and in my opinion, it is exactly the opposite. Many of you had heard of this application coming for the better part of a year now, or even heard the acronym thrown around conversations here and there. This would be the introduction of the Splunk ITSI premium application. You may be asking, “ITSI…what does that stand for?” Information Technology Service Intelligence. While I would love to write a novel here for you to get your full introduction into this application, I think we may have to leave that for a later time where I can fully demonstrate the application to you and what it can do.
At its core, ITSI is Splunk’s answer for out-of-the-box real time operational service analytics, allowing users to compare real time statistics from literally any service on the network and correlate events from each key performance indicator (KPI) defined for each service. With the introduction of Glass Tables and Deep Dives, users are given both the ability to get a visual representation of their services with real time metrics being fed to the visual, and the ability to correlate all desired KPI’s from a single interface.
The use cases of this application, in my opinion, are endless, but what will be most beneficial from this application is its ability to troubleshoot in absolute minimal time. While this was always a capability of Splunk before, the ITSI application gives this functionality out of the box, saving vast amounts of time in development, as well as introducing visualization effects not possible in Splunk before. I cannot say enough about this application. I mean it when I say it that I will give a demonstration of this application to anyone at any time. Not only is it thrilling to every audience, it literally blows my mind every time I see it!
I thought last year’s Splunk .conf 2014 was going to be a hard one to beat with the introduction of Splunk 6.2 and MINT. But I must say that I have been happily disappointed. While I (and the rest of us who attended) surely anticipated the release of quite a few of these components, it is still more than thrilling to see the strides that Splunk is making in trying to make inroads into many silos of an organization. I’ll be thrilled to see where we can take ITSI this year and how the analytical capabilities of Enterprise Security evolve to making the product more than a simple SIEM (which it is not anymore as is). Maybe I’ll start a tradition here and think that Splunk .conf 2015 cannot be topped, only to be happily disappointed next year! I guess we’ll have to wait another year and find out, won’t we?