Splunk [All Products] 2019 .conf Videos w/ Slides

Want to use your custom model with the data already in Splunk? Want to contribute to an open library for Machine Learning Toolkit (MLTK) algorithms? Want to use your favorite Machine Learning library? This session will help you to create custom algorithms and leverage the power of any ML algorithm you have ever wanted to use for your application. Traverse the entire process from building a custom algorithm, fitting the model to your data, testing your application, to contributing to the MLTK Algorithms library on Github. Speaker(s) Karthika Krishnan, Senior Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1540.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Intermediate

Never used Splunk before, have no Splunk admins and you’ve just bought Splunk Enterprise Security? That was us, and now we're using Splunk in ways that we could've only dreamed of using IBM QRadar. In this session we’ll share our implementation story, how we worked with Splunk to accelerate our learning curve, and how we went from 0 to 3TB in 3 months with no Splunk admins. We'll also cover how Splunk allows us to onboard data sources that we couldn't with QRadar. Speaker(s) Nick Ho, Sales Engineer, Splunk Ross Rutherford, Information Security Engineer, Western Union Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1264.pdf?podcast=1577146226 Product: Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

Does your small team also run a full-featured SOC that supports a global company? In this session we’ll show you how we’ve used Splunk Cloud and Splunk Enterprise Security to bring together all the relevant security intelligence from our technology stack, transforming our security operations from ad hoc and tactical to strategic and compliance-driven. We’ll discuss key takeaways from our journey, such as the benefits of ingesting data properly from the outset so you can reap the rewards as you scale; how we leverage multiple use cases out of single data sources; and how we created easy-to-understand visualizations that convey our firm’s security posture to management. Speaker(s) Edward Asiedu, Senior Professional Services Consultant, Splunk Craig Gilliver, Head Of SecOps, Johnson Matthey Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1511.pdf?podcast=1577146226 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Most of us have had (or still have) nightmares about an alert that someone's exfltrating data from our organization. We've lived that nightmare at Harris, and we've learned from it. In this session, we'll discuss how we used red and purple teaming to improve our security posture post-breach. Learn from our experience so that you can strengthen your team's alerting, staff comptency, and policies, and reduce the risk of a breach at your company. Speaker(s) Nate Piquette, Sr. Detection & Response Engineer, L3Harris Technologies Adam Parsons, Sr. Detection & Response Engineer, L3Harris Technologies Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1375.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Paychex’s goal of providing the best user experience for our clients has led to a significant investment in performance testing and monitoring of our applications. Currently all Paychex applications record the execution time for every task and subtask to logs. These are indexed by Splunk, allowing us to identifying areas where changes to code and database queries will have a positive impact on the overall user experience. This presentation will focus on combining this user experience data with client demographic data (such as the number of active employees) and using the Splunk Machine Learning Toolkit to build predictive models of user experience based on client demographic data. Speaker(s) Ken Tupper, Lead Performance Engineer, Paychex Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1631.pdf?podcast=1577146226 Product: Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate

Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146226 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

Finding anomalies in network data is no easy task, especially when you have terabytes of logs per day to analyze. But have no fear, we’re going to teach you how. In this session we will perform a technical deep dive into how a global content delivery network provider is using Splunk’s Machine Learning Toolkit to discover anomalies in network traffic. We’ll take you on a data science journey and show you how we tested multiple anomaly detection techniques, overcame challenges, fine-tuned detections, and ultimately arrived at meaningful alerts based on machine learning. Speaker(s) Jim Goodrich, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1390.pdf?podcast=1577146226 Product: Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Good for all skill levels

Vectra customers and security researchers respond to some of the world’s most consequential threats. And they tell us that there’s a consistent set of questions they must answer when investigating any attack scenario.Yet, security data today is broken and unable to effectively answer those questions. It is either incomplete or storage and performance intensive. Most teams don’t have the information necessary to properly answer the questions required to support their use cases; whether it be for threat hunting, investigations or supporting custom tools and models.In this session, hear about real-world use cases where security teams use machine learning engines to derive unique security attributes and how it is embedded into security workflows. Speaker(s) Kevin Sheu, Vectra Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2589.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Cloud Track: Security, Compliance and Fraud Level: Good for all skill levels

TalkTalk is the UK’s leading value telecommunications company with a strategy to become the UK’s most recommended connectivity provider. We need to intelligently use real-time data, analytics and automation in order to create a step-change improvement in customer experience and realize cost savings. This presentation explains how Splunk has helped us to use real-time network telemetry data to detect network problems, significantly improve the customer experience, and save TalkTalk money. Speaker(s) Matthew Wood, Head of TalkTalk Labs, TalkTalk Paul Emmett, Head of Network Operations, Talk Talk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1953.pdf?podcast=1577146226 Product: Splunk Enterprise Track: IT Operations Level: Good for all skill levels

As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security and how we have build an app in Splunk, including dashboard and a wizard to create the necessary DNS records to gain insight information about the abuse of our domains. Speaker(s) Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration Arnold Holzel, Senior Security Consultant, SMT Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1106.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

As more technology organizations pursue agility and move towards continuous delivery, a stable and reliable IT infrastructure is the foundation that enables the transformation. However, the increasing complexity of the underlying infrastructure also brings a lot of challenges. Splunk has built a variety of solutions on top of our platform to deal with this complexity and deliver analytics and troubleshooting data to our engineering teams and decision makers. We will share a bit about our continuous integration process for triaging automated tests using Splunk, how we build IT infrastructure monitoring/analytics system based on Splunk ITSI, and how we take corresponding actions via VictorOps. Speaker(s) Scott Lu, Senior Engineering Manager, Splunk Alfie You, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1962.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk IT Service Intelligence, VictorOps Track: IT Operations Level: Intermediate

Do you wish to modify your incoming data before ingestion? How about using Splunk's real-time search feature more efficiently? Splunk Data Stream Processor (DSP) can help. DSP allows you to analyze, transform and act on your data in real-time before it is indexed by Splunk indexers.Join us in this session to learn more about how you can use DSP as an alerting and action engine and transform your incoming data in real-time! Speaker(s) Dirk Nitschke, Staff Sales Engineer, Splunk Bashar Abdul-Jawad, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2033.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Cloud Track: Foundations/Platform Level: Intermediate

Learn how the T-Mobile Splunk Team uses Splunk Data Stream Processor (DSP) to provide advanced stream manipulation options to its user base. See how DSP is positioned in a large-scale Splunk as a service ecosystem. Speaker(s) Michael Guenther, Senior Advisory Engineer, Splunk Dave Cornette, Enterprise Monitoring Architect, T-Mobile Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1786.pdf?podcast=1577146226 Product: Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Good for all skill levels

Do you use Kafka but find yourself limited by what Kafka allows you to do with your data? Would you like to enrich, aggregate, and alert on your data as it moves through Kafka, but can’t figure out how? You can overcome these obstacles by integrating Kafka with the Splunk Data Stream Processor. The Splunk DSP is a data streaming platform that helps you transform and enrich your data. With DSP you can make data-driven decisions in real time as data is ingested. DSP also provides simple ways to build data pipelines, and gives you full control and visibility into your data as it flows through the platform. Apache Kafka is now widely adopted as a foundational element for data pipelines. DSP integrates seamlessly with Kafka clusters, and allows data to be read from Kafka, processed in highly scalable ways, and then written back to Kafka. Join us and see how to use DSP as a streaming engine for Kafka clusters. Speaker(s) Thor Taylor, Director of Product Management, Splunk Adam Lamar, Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1987.pdf?podcast=1577146226 Product: Splunk Data Fabric Search and Data Stream Processor Track: Foundations/Platform Level: Beginner

This session will discuss using Splunk to identify areas of improvement around the build and release of software by providing faster, continuous integration and delivery services for our development team at Splunk. Speaker(s) Eddie Shafaq, Release Engineer, Splunk Bill Houston, Senior Release Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT2098.pdf?podcast=1577146226 Product: Splunk Enterprise Track: IT Operations Level: Advanced

We helped our client use Splunk to disrupt theft rings plaguing its retail stores. We'll present how we took in public wifi data, tracked MAC addresses that appeared in multiple stores, and ultimately created a system in Splunk that alerted in-store loss prevention teams when individuals likely to be involved in theft rings entered the store. We'll go over the steps taken to operationalize our theft deterrence program so that you can adopt it in your organization or modify it to fit your needs. Speaker(s) Nic Haag, Splunk Professional Services Consultant, Aditum Partners Logan Foshee, Threat Analyst, Lowe's Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1336.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

Vagrant is virtualization technology that builds portable, virtual software development environments. Leveraging this technology for Splunk development allows agile and DevOps teams to easily collaborate in Splunk development in as way that tightly mirrors their production environment, even when working with a mix of environments such as Mac and Windows. Vagrant’s multi-machine environments can perfectly replicate any Splunk architecture, including complicated clustering and networking configurations, using a single Vagrantfile that can be shared directly or committed to a version control system. From the Forwarder to a search head cluster member, see how your configurations and code work in your environment across the entire data pipeline right on your machine, or test your Splunkbase app on every possible architecture from single server to distributed multi-site clusters, all with a single command: vagrant up. Speaker(s) Jason Rauen, Senior Lead Technologist, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1114.pdf?podcast=1577146226 Product: Splunk Enterprise Track: Developer Level: Intermediate

How about having an immersive data experience on your mobile device via augmented reality? Think about being in a data center where you just need to scan the QR code/NFC tag on your stacked devices to know the critical device metrics on your mobile. This session will show you how Splunk AR can be used to visualize the dashboard data that users create on the Splunk platform. Visit this session and you will learn how to create apps, dashboards and immersively reflect the data on your mobile using Splunk AR.  Speaker(s) Sulabh Agarwal, Network Consulting Engineer, Cisco Systems Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1486.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Cloud Track: Foundations/Platform Level: Intermediate

We believe that to best defend against global security threats, an organization needs defenders who represent the diverse world that we live in. Every business will benefit greatly by bringing more people to the table with varying skills, backgrounds, leadership and views to combat the diverse adversaries out there. Here at Splunk, we have created initiatives like the "Developing Superwomen in Cybersecurity" program that works to diversify and equalize the cybersecurity workforce to women and other underrepresented groups. Come hear how we are taking action by making cybersecurity accessible to all with this program and some practical advice on how you can do the same when you go back to your organization! You'll receive tips on how to make information security inclusive to all with ways of engaging your staff at various levels and receive a blueprint for running your own gamified security experiences, allowing you to up-level staff while embracing their unique talents and backgrounds. Speaker(s) Kelly Kitagawa, Customer Success Manager, Splunk Lily Lee, Staff Security Specialist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SECD2004.pdf?podcast=1577146226 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels

Do you want to help your developers waste less time on issues and spend more time optimizing build times using Splunk? Do you want to improve developer satisfaction while cutting build times by 35% on a long-established and entrenched code base? Then join us to hear how Jira developers at Atlassian, the world leader in software collaboration tools, did just that. We will explain how we used Splunk Enterprise to collect metrics as structured events from developer machines to improve our Maven build times for several hundred developers. We aggregated, analyzed, and visualized these events to not only identify and resolve performance bottlenecks as they occurred across our developer pipeline, but also to pinpoint the next big thing to tackle; a dream result for us. Not a Maven user? No worries. The approaches we will cover are good for any developer setup, allowing you to jump start build time improvements while generating the continuous insights you need to do more with less time and less waste. Speaker(s) Viktor Adam, Senior Software Engineer, Atlassian Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1785.pdf?podcast=1577146226 Product: Splunk Enterprise Track: IT Operations Level: Good for all skill levels

Business operations teams have relied on Splunk for operational intelligence, helping them to discover bottlenecks, fallout, and other issues in order to deliver more efficient business processes and customer experiences with higher conversions. In this session, learn about Splunk's latest innovations for business operations professionals. Speaker(s) Faya Peng, Senior Director, Product Management, Splunk Lizzy Li, Product Manager, Business Flow, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/BA2130.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Business Flow Track: Business Analytics Level: Good for all skill levels

This session will be all about exciting Foundations/Platform related content that we'll announce .conf19. We can't tell you about it now, but trust us — it's awesome.  Speaker(s) Alex James, Sr. Principal Architect, Splunk Andrew Peters, Senior Principal Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1740.pdf?podcast=1577146226 Product: Splunk Cloud Track: Foundations/Platform Level: Good for all skill levels

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146226 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

This session will detail new innovations and features included in the .conf19 release of Splunk Cloud and Splunk Enterprise. This is one of the most well-attended .conf19 sessions. Be sure to add it to your agenda. Speaker(s) Sundeep Gupta, Director, Splunk Cloud, Splunk Skip Bacon, VP, Enterprise Products, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2516.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Cloud Track: Foundations/Platform Level: Good for all skill levels

This session will be all about exciting Foundations/Platform-related content that we'll announce at .conf19. We can't tell you about it now, but trust us — it's awesome. Speaker(s) Geoffrey hendrey, Sr Principal Engineer, splunk Aditi Nath, Software Development Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1735.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Developer Cloud Track: Foundations/Platform Level: Intermediate

As customers add more and more data to Splunk, indexer clusters with large volumes of indexers, indexes, and buckets are becoming commonplace. In Splunk labs we run intensive tests to explore the boundaries of the largest indexer clusters. This session will discuss the lifecycle of a Splunk bucket, why it is a key metric in indexer scalability, and which indicators and tunables to monitor in a very large cluster. We'll also share how we do performance testing, the latest performance results, and best practices for scaling your Splunk Enterprise cluster to 20 million unique buckets and beyond. Speaker(s) Cher-Hung Chang, Principle Software Engineer, Splunk Brent Davis, Principal Performance Engineer, Splunk Justin Lin, Performance Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1635.pdf?podcast=1577146226 Product: Splunk Enterprise Track: Foundations/Platform Level: Intermediate

Too many tools, too many silos between data and collaboration, Outages take too long to Identify Root Cause and There is So Much Noise Abstract:  TIAA had a goal – to replace Legacy Monitoring with an AIOps approach.  What did that mean?  They had to find a better way to break down the silos between data and collaboration and start focusing attention on the right things with the right people.  Monitoring had become about MTTI (mean time to innocence) instead of fixing the fight issues more quickly and finding a way to move from ‘reacting’ to outages to ‘preventing’ them.  ITSI has become the ‘aggregator’ of monitoring data and will help TIAA move from the old Dinosaur Approach of being event driven to the AiOps approach of Service and Priority Driven.  Learn about the Journey, the Lessons Learned, and the Best Practices to Ensure Success.   Speaker(s) Emily Duncan, ITOA Specialist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1346.pdf?podcast=1577146226 Product: Splunk Enterprise, Splunk Cloud, Splunk IT Service Intelligence Track: IT Operations Level: Good for all skill levels

Monitoring infrastructure operations is easy with Splunk, but it takes more than great SPL skills to build and end to end view of infrastructure supporting your mission critical applications. In this session, you'll hear from an experienced Site Reliability Engineer how Dell EMC's investment in Splunk apps across their platforms makes it easier for Splunk users to monitor infrastructure and integrate these these insights into an overall application performance monitoring strategy. Speaker(s) Kyle Prins, Senior Systems Engineer , Dell Slides PDF link - https://conf.splunk.com/files/2019/slides/ITS2895.pdf?podcast=1577146225 Product: Splunk Enterprise Track: IT Operations Level: Good for all skill levels

DevOps adoption requires high performing teams. One of the biggest challenges organizations have when adopting a DevOps framework is how to get early wins, get value early in the process, and overcome plateaus in adoption. These improvements are typically achieved through the use of automation, improved responsiveness, better situational awareness, and increased sharing between teams. As you will see in this session, Splunk easily sits in the middle of all of this. Speaker(s) Josh Atwell, Sr Technology Advocate, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1717.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk IT Service Intelligence, VictorOps Track: IT Operations Level: Good for all skill levels

This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146225 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Business General Aviation (BGA) relies on multiple critical communications services, operating in flawless concert, for a safe and successful flight.  In-Flight Connectivity (IFC) is a critical BGA cabin service driving the industry. Learn how SatCom Direct is using Splunk to capture and cross-correlate live KPI feeds from various sources such as aircraft flight dynamics, satellites and ground stations to provide the ultimate in-air experience from a single aircraft to an entire managed fleet. Armed with Splunk, Satcom Direct can immediately detect and work to restore any service impacting events and from the same data, develop improved insights for ongoing performance enhancements. From the executive suite to the operations battleground, come learn how Splunk leverages data and insights at the speed of flight. Speaker(s) Q Damiano, Sr. Engineer, Systems Architecture, Satcom Direct Bill Babilon, USAF Account Executive and Splunk Solutions Architect, Splunk Paul Jeffery, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1937.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Marcus by Goldman Sachs is an online, consumer lending and savings platform, often referred to as a startup within the 150-year-old company. The Marcus platform was designed and built from the ground up using the latest technologies and following agile software practices. Splunk software is used to monitor application and infrastructure logs and supports not only DevOps but also Development, QA, Production Support, and Security teams. This session will cover the challenges and successes we have experienced during our first years of rapid growth, the products and capabilities that we added to our platform this year, and provide a glimpse at the potential role of Splunk Next products in online retail banking use cases in the future. Speaker(s) Yisroel Bongart, Senior Sales Engineer, Splunk Maria Loginova, Vice President, Goldman Sachs Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1931.pdf?podcast=1577146225 Product: Splunk Enterprise, AI/ML Track: IT Operations Level: Good for all skill levels

Imagine improving the speed of your searches over 500k times faster and breathe new life into your Splunk environment without more hardware investment.  Learn how to use both time and segmentation with fast subsearches to quickly filter events for fast, advanced data correlation.  Based on the .conf17 talk “Fields, Indexed Tokens, And You" Speaker(s) Andrew Landen, Sr Splunk Developer, Chevron Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1407.pdf?podcast=1577146225 Product: Splunk Enterprise Track: Foundations/Platform Level: Advanced

Blockchain scalability is one of the main barriers to adoption of this revolutionary new technology. Finance, supply chain, and e-commerce blockchain deployments often have peak throughputs that far exceed their baseline. For example, when tickets for a popular concert go on sale, the peak transaction throughput will result in unacceptable latency for the users. Samsung SDS Accelerator is a layer 2 scaling solution for Hyperledger Fabric that enables up to 10x transaction throughput during this burst of activity. Using Splunk MLTK, we’re able to detect and react to these bursts of activity without compromising the security guarantees of the underlying blockchain. Speaker(s) Jeff Wu, Senior Product Manager, Blockchain, Splunk Ted Kim, Samsung SDS Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2069.pdf?podcast=1577146225 Product: Splunk Enterprise, AI/ML Track: Foundations/Platform Level: Intermediate

To tame an event queue that's ballooning out of control, you need to know first which rules and data sources are generating a disproportionate number of alerts, and second the security value you're getting from those rules and data sources. Any changes made to rules or telemetry analyzed without that knowledge risk making your organization more vulnerable. In this session we'll discuss how Splunk empowers us to perform advanced analytics on everything from alert conversion rates to human time expenditure on alerts so that we can optimize all processes related to alerting. As long as we know what to measure and where to look, Splunk can help us tune our security operations centers to reduce monotony and false positives without diminishing our ability to detect actual threats. Speaker(s) Keshia LeVan, Detection Engineer, Red Canary Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2105.pdf?podcast=1577146225 Product: Splunk Cloud, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Advanced

Splunk’s metric index has changed a lot since we launched it back in Splunk Enterprise 7.0. In this latest iteration, we have upgraded our data model and metric index to natively ingest and store multiple metrics in a single event to further reduce its storage footprint and lower total cost of ownership. This session with provide a deep-dive into our latest metric index layout, its evolution since introduction in Splunk Enterprise 7.0, and how it varies from a log index storage layout. Speaker(s) Murugan Kandaswamy, Senior software engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2268.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Cloud Track: Foundations/Platform Level: Advanced

Curious about how to efficiently onboard and analyze metric data in Splunk? This talk will teach you the basic design and best practices for Splunk's Metric Indexes. Since they were introduced two years ago, Splunk's metric capabilities have quickly evolved. Now there is support for rollups, richer logs-to-metrics conversion capabilities, and a more efficient data representation formats. We also will discuss planned future enhancements and how you may best prepare for them today. Speaker(s) Steve Zhang, Chief Scientist, Splunk ILAM Siva, Product Management, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1266.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Cloud Track: Foundations/Platform Level: Beginner

Why is the queue for the women’s restroom always longer than the men’s at a concert or theater? Data is fundamental to the modern world. From business decisions to economic development and public policy, we rely on data to allocate resources and make critical decisions. However, because so much of the data fails to take into account bias, such as gender and race, bias and discrimination are baked into our systems. This results in missed economic opportunities and tremendous costs in time, in money and, in some cases, lives. In this session we will explore examples of data bias based on studies that are eye-opening, informative, and will change the way you look at the world. We will look at the pitfalls that lead to poor data-driven decisions, and their outcomes. We also will explore the steps you can take to inform your own data driven decisions. And, yes, we will answer the question, “Why is the women’s queue is longer than the men’s?” Speaker(s) Dipock Das, Senior Director, Product Management, Incubation, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FND1466.pdf?podcast=1577146225 Product: Splunk Enterprise Track: Foundations/Platform Level: Good for all skill levels

Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Today SOCs are in desperate need of a different alerting approach. Texas Instruments (TI) decided to transform its SOC by using risk-based alerting to generate fewer, higher fidelity alerts, and by aligning to the MITRE ATT&CK™ framework, which provides more situational awareness to analysts. This risk-based approach reduces false positives and the situational numbness associated with the legacy whitelisting process. Splunk and TI will walk you through TI's SOC successes as it transitioned to risk-based alerting. TI will detail a few real-life risk-based rule examples, discuss learning curves to fast track your transition, and discuss how MITRE ATT&CK™ fits in with this approach. After this session, you will have the foundation to embark on your risk-based alerting journey, allowing you to increase detection mechanisms, increase your coverage of the ATT&CK™ techniques, and improve the overall effectiveness of your SOC. Speaker(s) Jim Apger, Staff Security Architect, Splunk Jimi Mills, Security Operations Center Manager, Texas Instruments Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1803.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Attendees will see how Splunk Enterprise and Splunk Business Flow are used to monitor the order fulfilment process within an automated warehouse in real time. You also will see how proactive alerts inform the warehouse that a Key Performance Indicator (KPI) is under performing. Then, using process mining to investigate, find the root cause to solve issues before they become problems. This presentation will initially describe the workings of an automated warehouse and the data generated. It then will cover the process of ingesting this data into Splunk and configuring Splunk Business Flow to monitor processes and KPIs. Finally, the session will review the benefits to TGW and its customers from deploying Splunk Enterprise and Splunk Business Flow. Come to the session to see how the monitoring, alerting, and process mining functionality in Splunk Enterprise and Splunk Business Flow provides a deep insight into what is happening inside an automated warehouse. Speaker(s) Jamie Frost, Business Improvement Analyst, TGW Limited Slides PDF link - https://conf.splunk.com/files/2019/slides/BA1593.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Business Flow Track: Business Analytics Level: Beginner