![]() ![]() The dashboard app provided a rich framework to display data, and the feedback from users was outstanding. The app was a risk, but it quickly became apparent that it was the answer. The team struggled with existing tools then settled on the Splunk Dashboard Beta App. ![]() The only option was dozens of visuals that were awkward and very slow. Unfortunately, Splunk’s legacy XML dashboarding was not up to displaying the breadth of data in easy-to-consume visualizations. The team built the data framework to drive the solution, and Cribl Stream was a pivotal component to drive ML by providing Splunk with high-speed optimized data, including turning logs to metrics. The TransUnion Splunk team presented how it created an advanced anomaly detection framework combined with per-service scoring to replace the need for expert-driven fault detection. PLA1690C – TransUnion: Using Anomaly Detection in Dashboard Studio To Reduce MTTR I am looking forward to hearing what they are going to do next. The AFS team did all of the above and more. You have to know your data, build tools to use the data, and then test your results constantly. Working with data is a development process and requires operations teams to adopt the developer mindset to be effective. Tools alone will not create a quality solution. Combining quality processes and great tools is the secret to success. What impressed me the most was the team created processes to continuously optimize data, build and test detections and finally deploy detections to drive better results faster than previously possible. Detection, response, and resolution metrics went from weeks and days to hours and minutes. The metrics the team presented after solution deployment were stunning. The AFS team needed a flexible solution to ingest a wide range of data at scale, and then shape the data in flight to optimize and enrich the data to work best with Splunk. The legacy solution was slow and not able to scale to meet current and future requirements. The Accenture Federal Services (AFS) team did an outstanding job describing how they replaced a legacy big data security platform with solutions that support unlimited scale, such as Splunk, data pipeline tools like Cribl Stream. PLA1484B – Big Data Platform (BDP) Replacement Through Splunk I get the best ideas from seeing customer presentations. I love hearing what customers are doing with Splunk. It offers options for storing high volume, low-value data at competitive rates to give teams more data management flexibility. A new Splunk cloud storage option called Flex Index was announced as well. This is a powerful feature that bridges silos and provides more flexibility. I am very interested in federated search since it supports searching both your on-premises and Splunk Cloud instances from one UI. Splunk also announced that a federated search was available. Of course, every customer must carefully evaluate its own particular details to determine if workload pricing is the right model. This model could save some customers money since they are not frequently searching their data, so metrics around CPU utilization will be relatively low and not trigger as many costs as a customer that runs hundreds of concurrent searches. You pay for what you use instead of how much data you ingest. Splunk’s most significant announcement around its core search products, Splunk Cloud and Splunk Enterprise expanded workload pricing options to shift to a more utilization-based model. I am interested to see how Splunk evolves this product offering. Being able to surge resources and address everyday needs across a broad range of customers could be very powerful. The best announcement was for Splunk SURGe, which Splunk calls “an elite team of cybersecurity experts,” whose goal is to provide technical guidance to customers “during high-profile, time-sensitive cyberattacks.” This could be a valuable service to customers since Splunk can see the scale of attacks given how many companies use Splunk ES. I would expect to see cloud-based Phantom and the fabled Mission Control shortly. The security-related announcements were a little more muted and included teases for more cloud-based Splunk security products. The product has been transformed since its acquisition and is a significant offering from Splunk. I like what Splunk has done with what was formerly known as SignalFx. Splunk made several exciting announcements around its observability platform, including always-on application profiling, enhanced database visibility to detect slow queries, and expanded OpenTelemetry support. conf has come to a close with several announcements and so many great customer presentations. ![]()
0 Comments
Leave a Reply. |