Sure Splunk is a flexible product that can be deployed to meet almost any scale and redundancy requirement. But like any other high-performance application you need to define your goals and requirements then plan your architecture carefully. Number of users? Daily index? Hot, warm, cold storage? High availability? This session will walk through a checklist of items to consider before choosing hardware and deploying Splunk in a manner that best meets your goals.

Assess your IT search requirements, design a Splunk topology, perform capacity planning and decide on indexing, security, and data management strategies that best fit your environment and deployment goals. Splunk's professional services team has seen it all in the field and they're bringing that knowledge to the conference to help make your Splunk deployment be all that it can be.

Viacom recently rolled out 4,500 forwarders indexing to 12 R510s with mounted bundles, using search head pooling (built on VMs ready to scale by adding more at any time), deployment servers, and a farm of syslog servers for handling numerous networking and infosec devices. We'll re-cap the best practices we uncovered along the way, including:

• Deployment server, Puppet, and SCCM working together in harmony
• Scaling your search farm
• Search head pooling and mounted bundles
• Props.conf
• Naming conventions
• Examples of how quickly Splunk solved issues from asset tracking to cyber security

With Splunk one size does not fit all, so the goal of this session is to share best practices and seed ideas for tackling your own implementation.

Between indexers, search heads, and forwarders there's a lot of configuration to manage in an Enterprise Splunk installation. In this session we'll cover how to leverage Puppet to manage these configurations easily and efficiently. We'll also touch on using Foreman to gain greater visibility into your deployment.

In this session, we'll review best practices for organizing data as it comes into Splunk: ensuring host, timestamps, timezone offsets, sourcetypes, event breaking, etc. are correct. We'll help you understand how investing a bit of time on the front end, and testing in the sandbox environment, can prevent the need for cleaning event data or clearing forwarder fishbuckets later. We'll also review apps available on Splunkbase which help with field extraction in a way that supports extensibility, reporting, and security.

At Cricket Communications, Splunk started as a way to correlate all of our data into one view to help our operations team keep processes humming. Then we gave secured access to our developers--and they're addicted. In fact, Splunk is critical in helping us to speed deployment of new systems (like our recent multi-million dollar billing system implementation). Learn how we use Splunk to displaying key metrics for the business, track overall system health, track transactions, optimize license usage and support capacity planning.

Learn how to integrate Splunk into Active Directory and LDAP for SSO and role-based access leveraging your existing infrastructure. Then we'll walk through configuring Splunk to use trusted certificates issued by your internal CA. Sure, Splunk can use its own self-signed certificate for https, but by using trusted certs issued by your company's certificate authority, you get a better degree of trust, and none of those pesky certificate warnings. Finally, we'll configure some Active Directory based reporting, like changes to AD groups or Group Policy.

How do you promote Splunk internally to expand usage? Who is your audience? What do they need to know? Which messages work for them? What hasn't worked? We'll walk through different approaches one can take to tackle the, "How do I get approval to buy/expand Splunk?" question. This is a brainstorming session and open discussion, and Splunk will provide materials geared to help you drive Splunk usage across your organization.

As Splunk becomes more critical to people and to business functions, it becomes more important to maximize the uptime of the service. We'll talk about general principles of HA and DR with Splunk, about the various mechanisms for providing them, and the levels of availability, relative advantages, and costs of each of them.

Introducing SplunkIt the new Splunk Performance Test Kit--available for download for all users after the conference. The presentation describes the performance kit, how it works and how to use it. The kit allows for users to run with a standardized set of data and provide performance numbers from the end user perspective. The kit will produce a set of uniform results that can easily be shared so that all Splunkers can anticipate performance results moving forward.

Splunk's forwarding and receiving capability makes possible all sorts of interesting Splunk topologies to handle functions like data consolidation, load balancing, and data routing. We'll detail how using Splunk forwarders versus other methods can help with tagging of metadata, compression and SSL security. We'll review how to configure forwarding, create deployment topologies, and deploying universal, heavy and light forwarders and search across indexers.

Join us in a discussion around the challenges Federal agencies are facing on the path to continuous monitoring, situational awareness and FISMA compliance. We'll look to address the ways Federal Agencies can: Enable continuous Monitoring and drive operational efficiency; Address the machine data challenge and provide continuous monitoring; Provide dynamic situational awareness with real-time visibility; Scale "on the fly" and securely share relevant data across organizations; Bridge the gap between Operations and Security.

Did you know you can do crazy useful things with Splunk's search language? Sort, use fields, apply wildcards - but even better, it allows you to drill-down into the results using Splunk's Search interface timeline. This session will show some concrete examples of how to use Splunk with web access and other types of commonly used data so you can craft simple but powerful searches based on what's interesting in your data. Learn the basics of the Splunk search language in this beginner class, then move on to the Intermediate and Advanced classes to become a real pro.

Summary indexing in Splunk is the best way to report efficiently on large volumes of data. Rather than searching across your entire dataset, you can create a summary index related only to your most critical data or reports. Join us for this session to define the types of data you'll want to include on your summary index and how to craft the searches that derive the insight most interesting and critical to your business.

If you're a developer or have used any cloud services like Amazon Web Services, Rackspace, Heroku, EngineYard, Azure; this session will be of interest to you. Join this session to learn about a new product beta from Splunk.

Finding that needle in the haystack has never been easier. You ratcheted up your search language knowledge in the beginner session, now join us for the intermediate session to learn more about reporting commands, transactions, and adding knowledge to your events.

As we split our IT environments across public and private cloud, hosted and physical facilities, forensic analysis becomes more and more challenging. The ephemeral nature of the cloud can leave an incomplete view of our data, making it difficult to paint an accurate picture of a given point in time. This session will show how Splunk has become our platform for Situational Awareness, providing visibility across our infrastructure to assist with forensic investigations for operations, security and forensics, and application teams.

Splunk for Web Intelligence? Why not! This session is a plain-english tour of how NPR is using Splunk to track audio and video traffic across our web sites and digital apps (Android, iPhone, etc.). Intuit will share how they capture greater insight into visitor sessions and answer questions traditional web analytics tools can't provide. We'll cover a variety of use cases, taking each from the raw data through the Splunk under-the-hood to the strategic questions and answers.

We know Splunk helps us solve problems at the IT operations level. But more and more Splunk helps us to make IT data relevant for non-technical business users. With Splunk you can ask any question at any time, without planning questions or structures in advance. And once you've built initial dashboards, you can empower business users to access them so they can get instant, accurate data on their own. Join us for this session where we'll review how to build custom dashboards that provide both up-to-the-minute and long-term trending analysis that business users need to make the decisions that impact revenue.

Bridging the gap between Dev and Ops is crucial to deliver software faster and better. The world¹s largest and most reliable professional networking site, LinkedIn, shares its journey to building a successful DevOps culture. Building cooperation between developer and operations teams at LinkedIn required tools that would provide end-to-end operational visibility to help DevOps teams closely monitor KPIs for the services they manage. This session covers the enabling technologies used by LinkedIn to assemble a thriving DevOps team, helping it secure top ranking among PCMagazine¹s best performing social networking sites.

This session will examine how Intuit is using Splunk to prevent fraud and conduct forensic analysis. Splunk helps Intuit monitor for known fraudsters and fraudulent patterns and then speeds forensic investigations to understand which systems may have been compromised.

To keep our edge as the leading Software as a Service (SaaS) provider, we need real-time intelligence across our business. Splunk delivers the insight we need to more than 400 users enterprise-wide. Splunk helps us to stay on top of our systems, not only to ensure uptime, but for capacity planning and understanding user trends to develop and deliver new features and services. We'll walk through our implementation and share some of the successes we've seen using Splunk to improve our business operations.

We'll take a walk through common "approaches" our customers take to boost search performance, which can actually slow the presentation of your results. Join this session to learn 5 ways to really power up search performance--then how you can save these searches to build alerts and dashboards to truly boost the performance of your organization.

While traditionally used in a security context, event correlation can help to speed MTTR across your operations--fraud detection, user behaviors, root cause analysis and more. Universal indexing and search time extraction position Splunk as a natural for event correlation. We'll review several techniques for correlating events in Splunk and offer a number of examples to help you determine what method makes the most sense for your particular needs.

Splunk has empowered Tier 1 support to to significantly reduce MTTR, and provide the reports, dashboards, statistics and trending we need to address service crashes and capacity planning at Swisscom, the leading telco/ISP in Switzerland. A substantial part of running an ISP mail platform, handling more than 40 million emails a day, is fighting abuse and a substantial portion of abuse cases are caused by spammers. This session will investigate how we currently use Splunk's pattern-based capabilities to detect abuse on our platform, and what we do to fight it.

Tesco.com, a major UK-based online retailer, uses Splunk to provide dev teams with real-time, secure access to its large Java-based application clusters for monitoring and troubleshooting. In this session you will learn how Tesco are using Splunk to monitor its ecommerce platform, Tibco, and other critical applications; Tesco's setup and approach to log monitoring; Alert integration with SCOM; Splunk's use within engineering and non-production environments; and goals for future use of Splunk.

Long time Splunk user Christoph Wiederkehr and the PostFinance team rely on Splunk's drill down reports to turn "analytical" views into troubleshooting tools. The dashboards and views we've built for our teams to keep tabs on general security and operational health are also critical aids in troubleshooting. Spikes and anomalies are easy to drill into to pinpoint and resolve issues quickly, then create alerts for future occurrences or trigger specific actions to really boost productivity. Sean will walk you challenges and successes they've seen in the PostFinance environment and walk you through specific steps to help you reduce your MTTR and become more proactive too!

With Splunk and a userid, transaction code or purchase type, you can securely trace transactions of all varieties (purchases, emails, stock trades) across your network and application stack to ensure completion--or understand where something went off the rails. Once you understand where you may have failures, you can set up conditional alerts so you can avoid failure before it happens. Learn how Staples is tracking transactions across its infrastructure to ensure an optimal customer experience and support revenue generation. We'll review implementation best practices, using Splunk to piece together transactions as they traverse your infrastructure, and dashboards to visualize key metrics for your organization.

Splunk's search language is smart, it can evaluate conditional statements and help you spot patterns across events, across time, and all parts of the space time continuum. Using the eval and where commands you can make your searches and most importantly alerts much smarter. In this session we will dive deep into these powerful commands to help you get the most out of Splunk's powerful search language.

You know Splunk is great at helping you identify security issues, application errors or network problems. But once you've identified these issues, did you know you could create alerts to proactively address issues before they arise? Join us to learn the basics of saved searches and more complex threshold-based monitoring for predictive alerting.

We'll begin with a basic introduction into the object oriented nature of PowerShell. Next, we'll showcase our shiny new PowerShell Resource kit. Finally a demo of searching Splunk via PowerShell will demonstrate the power of piping objects from Splunk into the PowerShell ecosystem.

At Splunk, we drink our own champagne. So we'll share how we're implementing Splunk and gathering business insight from across our organization.

In this technical session, the Splunk Ninja will cover a basic overview of regular expression (RegEx) syntax, define how RegEx is used within Splunk for field extractions, filtering, finding and processing events, using the search language, and more. We'll provide an overview of how best to use RegEx to cleverly solve problems in Splunk. Join the Splunk Ninja to learn tips and tricks for "thinking in RegEx", desktop tools to help you, and the best ways and appropriate times to use RegEx in Splunk.

You know Splunk is great at helping you identify security issues, application errors or network problems. But once you've identified these issues, did you know you could create alerts to proactively address issues before they arise? Join us to learn the basics of saved searches and more complex threshold-based monitoring for predictive alerting.

Today, open source technologies are increasingly used to harness what is being termed 'big data'. It's data so vast, complex and non-standard that it becomes awkward to work with using traditional tools. As the insight derived from this data becomes increasingly mission-critical, the sheer time, complexity and effort involved in deploying open source-based solutions present real challenges. We'll discuss how Splunk is being used in big data environments and compare and contrast the differences between Splunk and open source big data technologies, and learn more about Splunk apps that interface with some of these technologies.

Maintaining a secure infrastructure without sacrificing the confidentiality, availability, or integrity of key information systems is an ongoing struggle that every security team faces. Security threats evolve quickly--the right tools to monitor for threats, breach, or inappropriate behavior are essential for mitigation and reducing risk. Many organizations have looked to Security Information Event Management (SIEM) solutions to help, but have found them to be difficult to use, customize, and ineffective. It's time for a new approach. A Splunk approach. Come to this session to see how Splunk can help provide an effective monitoring solution and keep your company name out of the headlines. We will provide a sneak peak at the latest version of the Splunk App for Enterprise Security (formerly "Enterprise Security Suite") and show how this app can help your security team proactively find patterns of activity in your data and increase your overall security posture.

This session will cover our experience/journey using Splunk as a global SIEM solution, including best practices we have implemented (such as the common information model) and some of our real world use cases.

We first brought Splunk in as one tool that could help us on both the network management and security front. But everyone who touched Splunk wanted more. This session will review how we've standardized on "Splunk as our platform" - how that term was born and why it stuck. We'll cover the technical bits of how we are able to provide Splunk as a service for other teams, and ways we help to drive adoption.

This session introduces two new apps that accelerate getting end-to-end visibility across all tiers of applications as well as facilitate monitoring of individual components of applications. This session will include an introduction and technical deep dive into the new Splunk App for Transaction Profiling that makes it easier to trace and monitor transactions across distributed application infrastructures. This app can be used across a broad set of industries and a variety of transaction types from mobile phone activations to stock trade executions. This session will also include an overview of the upcoming revisions to the Splunk App for WebSphere Application Server that will make it easier to install and deploy in large scale Websphere environments. Attend this session to learn how these Apps are applicable in your environment.

You can use Splunk to visualize the information you uncover through your searches to create compelling charts and reports. Just a few clicks and Voila, you've got your choice of 7 types of charts based on the best format for showcasing your data. Next we'll learn how to customize your charts based on everything from the axis labels to the chart colors. We'll discuss a few common customizations in both the simplified and advanced XML, and outline the complete list of all chart formatting options. You'll walk away knowing how to create basic charts, save them to dashboards and reports, and examples of interesting charts other customers are using today.

For 15+ years, SIEM vendors have delivered a single approach. Their method is to collect and normalize data from traditional security sources, provide canned reports then correlate a subset of the "security-relevant" data based on 'rules' that drive dashboards and alerts. This session will cover the challenges and limitations Cedar Crestone has encountered using the traditional SIEM approach and how they have gained new visibility and enhanced their operational security processes using the flexibility of the Splunk App for Enterprise Security.

Virtualized environments are complex, yet becoming increasingly widespread in datacenters. Come to this session to learn: The benefits of using Splunk with virtualization software; How to deploy Splunk in virtualized environments; How to use data in Splunk to troubleshoot common scenarios you may encounter; Proactive use of saved searches/ reports for virtualized environments; Correlation of data across various layers in virtualized environments

Did you know you can augment the data in your Splunk index with external data? This session will first cover the elementary way to use static lookups to enrich your data.. We'll then cover how dynamic lookups can enrich your data at search time with more fields. This session will cover three examples: accessing a relational database, using an in-memory database, and accessing a remote web site to enrich your data via dynamic lookups. All dynamic lookup examples will be made available to attendees for download. The session will also discuss best practices when performing dynamic lookups.

This session will review how A/B testing platform Optimizely scaled to processing billions of requests in real-time by using on Amazon Web Services and Splunk. We'll understand why Optimizely chose AWS + Splunk over Google App Engine, and best practices for building a scalable business in the cloud.

Using Splunk's correlation, query and analysis commands, we have prototyped products that quickly and accurately identify people. For cybersecurity, our prototype matches persons on the no-fly list with passenger manifests (and more). We've applied the same theory to other industries to correlate multiple files on the same person from different organizations into a single searchable data repository. This session will showcase these prototypes and review how Splunk's correlation, querying and analysis commands drove the creation of these prototypes.

You want to Splunk Microsoft Exchange? We've got an app for that. We'll demo the freshly-baked app and show how it supports message tracking, client management, general IT operations and capacity planning. This session will give you a detailed preview of the app with a technical explanation of features from the developer himself, Adrian Hall.

From the beginning, Splunk was designed to universally index data from a variety of sources; meaning Splunk can index data that is not necessarily meant for consumption by IT staff and has more of a business focus. Add Splunk's statistical analysis, aggregate reporting, and alerts, and you're adding real business value beyond IT's typical purview. In fact, more and more customers now use Splunk to gain better insight into their customer's web site experience, habits, preferences, or mapping call detail records (CDRs) for telecomms and law enforcement, or getting bad weather alerts in real time, or viewing the latest TV news. You can even use Splunk to pick your lottery numbers. This session will look at different types of data you can feed into Splunk, and how to think about and create more advanced searches to draw out the patterns and trends that can bring new enlightenment and truly add value as well as new opportunity to your business. So join us, expand your mind now, and start Splunking outside the box.