Log I Am Your Father - How Data & Splunk Would Have Changed Star Wars

Star Wars - A long time ago

Happy Star Wars Day this May 4th!


"Life creates it, makes it grow. Its energy surrounds us and binds us."

In this case – we could be talking about the force but also data. You should be aware that there are a lot of pretty awful dad jokes in this that are going to make you wish Darth Vader was your father. 

Let’s start with the most important question in Star Wars lore – Did Han shoot first? That one is pretty easy – try the free cloud version of Splunk, upload the weapon logs, check the timestamps. Easy proof that Han did indeed shoot first. 

Early on in 'A New Hope' Princess Leia sends a message hidden inside R2D2. There was no need for all that fuss. She could have just sent a secure, encrypted PDF to… (get ready) …Adobe Wan Kenobi (sorry) with no risk of a phishing attack (much like how the Dutch Tax Office protects their citizens). 

Luke destroying the Death Star is a famous moment in cinema. It would have been very different if the first X-Wing pilot to get to the exhaust port had used the Splunk AR app. He’d have hit the target and the story would have been very different.  

Star Wars Exploding Death Star

Another security breach caused by an open exhaust port in the Death Star Disney|Lucasfilm

On the other side of the same story – if the Empire had bothered to invest in a reasonable SIEM (Spacestation Information & Event Management) platform then they’d never have left that (exhaust) port open and we’d have had a very dark (side) ending to Episode IV when the baddies won.   

Whilst we’re on the topic of good cybersecurity practice – the CISO (Chief Imperial Security Officer) has got to be in trouble with Darth Vader. 

  • How many more times are the Empire going to leave such a huge hole in their security defence?  In 'The Force Awakens', after two planet-sized Death Star destructions due to a fatal flaw, just some basic ML and cybersecurity analytics should have been applied. This would have made sure that Starkiller base didn’t have the same zero-day vulnerability. 
  • Yet another problem with the Death Star - when Ben Kenobi turned off the tractor beam someone should have detected unusual behaviour and at least got a potential insider threat alert

Han didn’t do any better either – if he’d been using the sensor data from the Millenium Falcon better, he would have detected the tracking device from the Empire. That same data would have also prevented the failure of the hyperdrive (much like Zeppelin do with Splunk). 

Darth Vader had clearly invested in some solid cloud (city) monitoring in 'The Empire Strikes Back'. When you watch back that lightsaber fight again, he clearly had competitive advantage with some real-time cloud insights inside his helmet using the Splunk mobile app and SignalFX

In 'The Phantom Menace', Anakin SOAR-ed to victory in the pod race to get the parts from Watto to allow the Jedi to get home. If any of the spare parts vendors had any kind of data-driven supply chain or DHL had delivered to Tatooine (with the help of Splunk) then the pod race would never have happened, Anakin and his strength in the force would never have been detected and there’d be no Darth Vader. 

One of the key plot points of the most recent trilogy of Star Wars films was around the mystery surrounding Rey, her heritage, the Emperor looking for her etc. *Spoiler Alert* A simple Splunk search (below) and a bit of investigation would have uncovered she was a Palpatine, the Emperor’s granddaughter and that she was on Jakku the whole time:

index=starship_journies  passenger-surname=palpatine | planets=* | stats count by planet_name AS “planets visited” | sort - “planets visited”

A final, special award goes to the Ewoks who used their “logs” better than anyone in the history of Star Wars…

(great video from Wired :-) )

Thank you for reading and Happy Star Wars Day - May the Force Be With You.


Matt Davies

Posted by