Transcript

Hi, I'm Gaurav Gupta, a Product Manager here at Splunk, and today I'm here to tell you a little about what's new in Splunk 4.1. If you’ve used Splunk before, you know that it is software that indexes data from any application, server or network device enabling you to search and analyze billions of events across your IT infrastructure from one location.
Version 4.1 has 14 new features, and 100’s of improvements that make searching, reporting, and alerting on your IT data even easier.
In this video I’ll walk through and demo 5 of the new features in this new release.
Real-time search and reporting
Real time is exciting new functionality in Splunk 4.1 that extends the model of search. Standard search in Splunk looks back in time. Real time search looks at data as it’s streaming in. This makes it easier to troubleshoot problems, identify trends, and calculate statistics as events stream in [cut to demo]
You can now select from a new time range option called "Real-time" that allows you to search forward in time instead of just searching over historical events.
[show real-time in time picker]
For example, here I’m looking a web access logs, and what errors are occurring on my system…I can watch them streaming in as they happen without the data ever having to hit disk.
[demo of search for errors in real-time]
You can also use Splunk’s search language and statistical commands in combination with real-time. For example, here I’m looking at a constantly updating table that shows me top uri’s accessed on my site.
[show top uri]
I can even turn real-time searches into constantly updating charts and dashboards. Here’s a dashboard that shows critical activity that might be useful for a network operations team, with charts and tables that show hits by http status code, traffic by host, and top IP addresses. This dashboard is running 4 concurrent real-time searches, and updates without the need to refresh my browser.
[show real-time dashboard]
The number of real-time searches you can run scales with the amount of hardware you dedicate to Splunk, and works in globally distributed environments.
Real-time allows an operations group, for example to watch an transaction in progress and troubleshoot a failure, or look at the average response time for a web application, or even allow marketing staff to track ad campaigns in real-time against an average

Automatic and configurable data drilldown
With our new drilldown capabilities, we’ve make it so you can now easily click through on a table or chart and get to the underlying events and understand the root-cause or “why” a problem might be occurring.
Here I’m drilling down on a particular time and host to see what a user has been doing on my system that caused a spike in activity.
[show highlight-over and drilldown on a simple timechart]
Or I can drill down on a particularly active IP address to investigate what the users has been doing.
[show highlight-over and drilldown on table]
I can even configure more complex drilldowns to different reports or follow-on searches.
Event-level workflows
Our new Event-level workflow feature allows you to create custom actions from your search results, allowing you to add workflow to your data. Let me show you what I mean.
For example, I can take this user’s ip address in my events, and from simple dropdown, do a whois lookup on an external database to get more information about a potential attacker.
[demo launching workflow action in a pop-up]
Or I could configure an action to send information about an error to my external ticketing system.
[show link to “File this as a ticket in Remedy”]
You can manually configure these actions by specifying a call to any URL, making integrating workflow easy and flexible.
WYSIWYG PDF report delivery
With WYSIWYG PDF report delivery, we’ve made it easier to share printable copies of reports on a regular basis with non-Splunk users or without having to log into Splunk.
For example you can email a PDF from any report you create within Splunk on a scheduled basis.
[show pdf option in save a search dialogue, error | timechart count by host]
[show example 1]
Or have an entire dashboard delivered to a team as a pdf via email.
[show example 2]
You can even skin these reports to send to an executive team
[show example 3]
Single Sign On
Splunk now supports pass-through authentication of third party credentials, allowing you to integrate Splunk with Single sign on systems such as IWA, Siteminder, Entrust and or any system that provides integration with Apache or IIS. This allows you to extend Splunk to more non-technical users while simplifying credential management. It even allows you to mash-up Splunk searches and reports with your other internal or external websites, bringing data to wherever your users need.
[use powerpoint of SSO from 4.1 deck]
Closing
In addition to the five features we’ve talked about today, we’ve made numerous other improvements in this release. Be sure to visit www.splunk.com and check out the release notes on our download page, or better yet, download Splunk 4.1 for free and experience it for yourself.
Happy Splunking!